FDIC Home - Federal Deposit Insurance Corporation
FDIC Home - Federal Deposit Insurance Corporation Skip Site Summary Navigation

 
Skip Site Summary Navigation   Home     Deposit Insurance     Consumer Protection     Industry Analysis     Regulations & Examinations     Asset Sales     News & Events     About FDIC  


Home > About FDIC > Privacy Program > Privacy Impact Assessments



Privacy Program

Federal Deposit Insurance Corporation Privacy Impact Assessment

Introduction
The objective of the Privacy Impact Analysis (PIA) is to determine the scope, justification, and Privacy Act applicability for systems collecting, storing or processing sensitive, personal data that may be considered private.  Upon completion of the questionnaire and acquisition of signatures, please return to DIT Information Security Staff located in Virginia Square, Room Number A7032.

Agency: Federal Deposit Insurance Corporation (FDIC)

System Name: Automated Loan Examination and Review Tool

System Acronym: ALERT

System Owner/Division or Office: Division of Supervision and Consumer Protection

A. Information and Privacy

To fulfill the commitment of the FDIC to protect personal data, the following requirements must be met:
  • Use of the information must be controlled.
  • Information may be used only for necessary and lawful purposes.
  • Information collected for a particular purpose must not be used for another purpose without the data subject's consent unless such other uses are specifically authorized or mandated by law.
  • Information collected must be sufficiently accurate, relevant, timely, and complete to ensure the individual's privacy rights.

Given the vast amounts of stored information and the expanded capabilities of information systems to process the information, it is foreseeable that there will be increased requests, from both inside and outside the FDIC, to share sensitive personal information.

B. Contact Information:
  1. Who is the person completing this PIA?

    Name: Michael R. Petermann
    Title: Acting Information Management Analyst
    Organization: Applied Technology Section, DSC
    Contact Information:  
    Address: 550 17th St; N.W. Rm F-3063, Washington, DC 20429
    Telephone number: (202) 898-6742


  2. Who is the Program Manager for this system or application?

    Name: J. Malcolm Jay
    Title: Examination Specialist
    Organization: Applied Technology Section, DSC
    Contact Information:  
    Address: 550 17th St., N.W., Rm F-3018, Washington, DC 20429
    Telephone number: (202) 898-6512


  3. Who is the Project Manager for this system or application?

    Name: Willitta D. Hawkins
    Title: IT Specialist (APPSW)
    Organization: Division of Information Technology
    Contact Information:  
    Address: 3501 N. Fairfax Dr., Rm VS-A5091, Arlington, VA 22226
    Telephone number: (703) 516-1124


  4. Who is the IT Security Manager for this system or application?

    Name: Beverly A. Smith
    Title: Acting Information Security Manager, DSC
    Organization: Applied Technology Section, DSC
    Contact Information:  
    Address: 550 17th St; N.W. Rm F-3063, Washington, DC 20429
    Telephone number: (202) 898-3503


  5. Who is the Chief Privacy Officer or designee who reviewed this document?

    Name: Michael E. Bartell
    Title: CIO and Director
    Organization: Division of Information Technology
    Contact Information:  
    Address: 3501 N. Fairfax Dr., Rm VS-A7032, Arlington, VA 22226
    Telephone number: (703) 516-5781


C. System Description

This section of the Privacy Impact Assessment (PIA) describes the application and the method used to collect, process, and store information.  Additionally, it includes information about the business functions the system supports.

ALERT was developed to facilitate loan review activity, by examiners, at safety and soundness examinations. The program enables examiners to access electronic loan trial balance data provided by banks via e-mail, floppy disc or CD. In addition to printing the loan line sheets, the program gives examiners a powerful analytical tool for assessing risk in the loan portfolio. All data within the application is III DES encrypted and the application is password protected and mounted on multi password protected laptops/desktops. The application is used by most state bank regulatory agencies and all of the other federal bank regulatory bodies.
D. Data in the System
  1. What personal information about individuals or other information that can personally identify an individual (name, social security number, date of birth, address, etc.) is contained in the system?  Explain.
    Information that could be contained in the data processed by the system include a bank's loan customers names, addresses, loan numbers, balances, interest rates, and payment information. It can also include such information as customers' social security numbers, tax identification numbers and non-public confidential bank loan classifications.
  2. Can individuals “opt-out” by declining to provide personal information or by consenting only to a particular use (e.g., allowing basic use of their personal information, but not sharing with other government agencies)?

    No   Explain:
    Data is provided by the financial institutions and provided to the examination staff pursuant to their statutory obligation to provide any and all financial records to the FDIC, on request, pursuant to the Corporation's statutory obligation insure the safety and soundness of the banking system. Such data is now routinely used in the examination process for that purpose. Financial institutions are not able to opt out of providing this data. The non-public personal customer data provided by the financial institutions customers was acquired from the customer by the bank in its routine business activities with such customers. The customers were able to exercise an option to opt out of providing such data to the bank, at the bank level prior to becoming a customer of the bank. Once such data is provided by the customer to the bank, the customers have no option to opt out of providing such data to the FDIC, and are generally unaware that such data is provided to the Corporation. The also applies when financial institutions provide such data to any of the other financial institution regulatory bodies at state or federal level whom also use the ALERT application in their examination process.
  3. What are the sources of the information in the system?  How are they derived?  Explain.
    Electronic loan data is requested from the financial institutions in the examination planning stage and this data is provide by the financial institution via e-mail attached file, floppy disc, CD or memory stick.
  4. What Federal agencies are providing data for use in the system? What is the purpose for providing data and how is it used? Explain.
    No federal agencies are involved in providing such data.
  5. What state and local agencies are providing data for use in the system? What is the purpose for providing data and how is it used? Explain.
    No state or local agencies are providing data to this application/system.
  6. What other third party sources will be providing data to the system?  Explain the data that will be provided, the purpose for it, and how will it be used.
    Financial institutions only provide data in the form of paper records and electronic files in the form of e-mail attached files, floppy disc, CD, or memory stick. The data will include their customer's names, addresses, bank identification numbers, loan numbers, all current loan terms, balances and payment information, and may include social security and taxpayer information numbers and internal bank loan classification assignments to such loans. The data is provided to allow examiners to better analyze the financial institutions loan portfolio and print the examiner's loan line sheets used in the on-site loan file review process during the examination.
E. Access to Data:
  1. Who will have access to the data in the system (e.g., users, managers, system administrators, developers, contractors, other)?  Explain their purpose for having access to this information.
    Data in the application/system is restricted to end users that could include the members of the examination team of the financial institution regulatory agency involved, their supervisors and managers, and FDIC examination supervisors and managers. Access is required to fulfill each regulatory agency's statutory and regulatory obligations to evaluate the loan portfolio as part of insuring the safe and sound operation of the banking system. In the case of the FDIC, the additional responsibility as the insurer of the deposits of all financial institutions necessitates access to such data to ascertain the safety and soundness of the institutions.
  2. How is access to the data determined? Are criteria, procedures, controls, and responsibilities regarding access documented? Does access require manager approval? Explain the process.
    Access is controlled by the mounting of the ALERT application/system with its built-in encryption controls, on the password protected and NTFS encrypted hard drives of laptops and desktops of examination personnel only and the distribution of such data is restricted to supervisors and managers of such examination personnel. Only examination staff are given this application and access rights to load such data into the application. By default, assignment as a member of the examination team by the supervisor/manager conveys approval for access, by management, to such data. This assignment entitles the individual to a laptop with the ALERT application mounted. The above access controls are applicable in the same manner for non-FDIC regulatory agency users and generally covered in inter-agency agreements.
  3. Will users have access to all data on the system or will the user’s access be restricted?  Explain.
    Users have access to all data in the application/system. Lead examiners and supervisors/managers need access to the full system in order to properly evaluate the loan portfolio and reach appropriate conclusions on which loans will be specifically reviewed once the examination staff moves on-site. The loan line sheets are printed out in the final step and provided to examiner personnel.
  4. What controls are in place to prevent the misuse (e.g., browsing) of data by those having access?  (Please list processes and training materials)  Explain the controls that have been established and how are they monitored or reviewed.
    In accordance with OMB Circulars A-123 and A-130, Appendix III, the GENESYS application has proper access password controls in place that entitles the user to full access to the information for user, reviewer, and training purposes. When the application/system contains data, the applicable users are involved in and expected to browse the data to identify errors occurring from import of financial institution provided data, reconcilement of such data, and any manual input by the examiners. Examiners requirements for ensuring the security and confidentiality of bank and customer related data is covered as a directive in the DSC divisional Regional Director Memo system. Plus, access to the data is limited to the examination staff and their supervisors. While the data is in ALERT, it is encrypted and accessible only on the laptop of the specific examiner charged with analyzing the portfolio and printing the necessary line sheets.
  5. Do other systems share data or have access to the data in the system?  If yes, explain the purpose for the need to have access.
    ALERT provides a file for import into the GENESYS application/system. The GENESYS application provides for the display of the examiner's end analysis of the loan portfolio
  6. Who will be responsible for protecting the privacy rights of the public and employees affected by the interface?  Has policy or procedures been established for this responsibility and accountability?  Explain.
    Members of the examination team and their supervisors and managers share the responsibility of ensuring that privacy rights are protected. The examiner-in-charge is specifically responsible for all members of his team and the ultimate distribution of all data acquired through its final disposal. Additionally, requirements for ensuring the security and confidentiality of bank and customer related data is covered by several directives in the Regional Director Memo system. Plus, mandatory security awareness training conducted on-line annually by the DSC's Information Security Manager covers general data security issues.
  7. If other agencies use the data, how will the data be used?  Who establishes the criteria for what data can be shared?  Have non-disclosure agreements been effected?  Explain the purpose for the need to share the data?
    Other financial institution regulatory agencies use the data in a similar manner to that described above and for the same purpose. The DSC Policy Section, with help from legal, established the existing sharing arrangements and effected any required non-disclosure agreements. The FDIC, along with each of the other financial institution regulatory agencies, work together to ensure the integrity and safety of the banking system. The FDIC is the ultimate insurer of deposits of all institutions. As such, the FDIC is dependent upon the other regulatory bodies to provide accurate and timely information as to the condition of the banks they each directly regulate to protect the insurance fund. By providing such agencies access to the ALERT application/system, FDIC enhances their ability to supervise such institutions and advances it goal of insuring the safety and soundness of all institutions.
  8. Who is responsible for assuring proper use of the data?  Is this individual fully accountable should the integrity of the data be compromised?  Explain.
    The examiner-in-charge is directly responsible for all actions of the examination team and all data that comes into the possession of the examination team in the process of examining a particular financial institution. This examiner is directly accountable, by virtue of his commissioning and position assignment, for the integrity of all data generated during the examination process.
  9. Explain the magnitude of harm to the corporation if privacy related data is disclosed, intentionally or unintentionally.  Would the reputation of the corporation affected?
    Compromise of the data could be inconvenient and/or embarrassing to the FDIC, but would not seriously affect the FDIC's ability to function. The reputation of the FDIC would be affected to a limited degree given our mission. Additionally, since a portion of the examination process directly addresses and evaluates the financial institution's procedures for providing for the security and privacy of customer non-public, such breach would tend to negate our message and goal.
  10. What involvement will a contractor have with the design and maintenance of the system?  Has a Contractor Confidentiality Agreement or a Non-Disclosure Agreement been developed for contractors who work on the system?
    The ALERT application/system contains no confidential or other type data as an application when in the possession of a contractor. The methodology used by the application to process and display the data contains no privacy or confidentiality issues. As such, a contractor presents no disclosure risks for this application. However, all contractors must sign corporate contracts which contain appropriate Confidentiality and Non-Disclosure Agreements in order to perform any kind of work on corporate systems or applications
  11. Explain whether or not the data owner is contacted if it is not clear if other agencies share or have access to the data.
    The DSC application Program Manager, by policy and through the DSC Division Information Security Manager, is required to be contacted for all matters related to an application/system for which such owner is owner of record as maintained in the DIT application baseline database. In any instance where an issue of access by another agency should arise, the data owner must be contacted for any final decision making.

F. Accuracy, Timeliness, and Reliability

  1. How is the data collected from sources other than FDIC records verified?  Has action been taken to determine its reliability that it is virus free and does not contain malicious code?  Who is responsible for this making this determination?  Explain.
    All data used by this system/application is obtained by import from the financial institution under examination. Simultaneous to acquiring the electronic loan trial balance file, the examination staff requires the financial institution's daily statement for the same day as the electronic file and a copy of the institution's own reconcilement form, as completed, for that trail balance. This data is compared to the electronic file to insure its data integrity.
  2. How will data be checked for completeness?  How is this being measured?  What is the source for ensuring the completeness of the data?  Explain the method used.
    The examiner-in-charge is responsible for insuring the accuracy and completeness of the data acquired and processed by the ALERT application through his examination team. He assigned the electronic loan trial balance file to an individual examiner whose responsibility is to insure the file is properly imported, reconciled against separately provided documents and processed correctly by comparing/sampling of the data. Additionally, paper records of reconcilement are obtained from the financial institution to double check electronic data that is also required and provided directly by such financial institution.

G. Attributes of the Data?

  1. Is the use of the data both relevant and necessary to the purpose for which the system is being designed?  Is this part of the system design?  Is this documented, if so, where is the document located?  Explain.
    The system is fully designed and has been in production for some time. The system was specifically designed to acquire, manipulate, process, and print loan examination data. The data is both relevant and necessary to the examination process and the purpose for which the application was developed. Design and development documentation resides with the DIT project development staff.
  2. Will the system derive personal identifiable information from any new data previously non-inclusive, about an individual through aggregation from the information collected?  What steps are taken to make this determination? Explain.
    The system uses no previously unidentified data from which personal identifiable information could be derived. Discussion with the Program Manager and review of available documentation on updates and revisions confirm this status.
  3. Can the system make privacy determinations about employees that would not be possible without the new data?   If so, explain.
    N/A No such new data is used.
  4. If the data is being consolidated, what controls are in place to protect the data from unauthorized access or use?  Does the consolidation of data result in personal identifiable information? Explain.
    N/A No such new data is used.
  5. How is the data retrieved?  Can it be retrieved by a personal identifier (e.g., social security number)?  If yes, explain, and list the identifiers that will be used to retrieve information on the individual.
    Data can be retrieved by any personal identifier of any type. The application can contain any number of personally identifiable bits of information that could be used to aggregate information about an individual. The system's primary design is to aggregate, process, sort, or otherwise manipulate such personally identifiable information. Most commonly, the data fields that could be independently used for this would be the person's last name, central information file number, social security number, or portions of the loan numbers where a customer has one loan number for all loans followed by a second number representing the specific loan.
  6. What kind of reports can be produced on individuals?  What will be the use of these reports?  Who will have access to them?  Explain how they are distributed.
    By design, specific line sheets (reports) can and will be produced on any individual who meets some query definition generally because of the dollar volume of his borrowing, type borrowing, loan officer, or some other and numerous variations of queries that allows for the sorting and parsing of the data base imported. These line sheets (reports) are used by the examination team to identify the loan files that will be manually worked and provide the time savings created by the preprinted loan line sheets with core loan information. This allows the examiner to focus on the qualitative analysis of the loan data. These same examiners and their immediate supervisors are the only ones who will have access to such loan reports. Copies of the report are retained in the work papers until the next examination. Additionally, ALERT creates a file for import into GENESYS.

H. Maintenance and Administrative Controls:

  1. If the system is operated in more than one site, how will consistent use of the system and data be maintained in all sites?   Will the same controls be used? Explain.
    The ALERT application/system is generically mounted on each examiner laptop/desktop; however, the database used is unique to each financial institution (location) and each examination team. The database is not shared with other examination teams at other financial institution locations. If the financial institution under examination has multiple locations, the printed loan line sheets are hand separated to each location and hand carried there. Controls remain essentially the same for each laptop, the application, and the institution.
  2. What are the retention periods of data in this system?  Under what guidelines are the retention periods determined?  Who establishes the retention guidelines?  Explain.
    The retention periods of data/records are covered by FDIC Records Schedules. The Corporation also follows guidance on permanent and temporary records disposition issued by the National Archives and Records Administration (NARA) By design, data is not retained in this system. By policy directive, examination staff are directed to delete all electronic data files related to an examination at the conclusion of that examination through final review and approval of the report, destroy the bank provided electronic file by proper method, and retain the printed loan line sheets in the related work papers for that examination.
  3. What are the procedures for disposition of the data at the end of the retention period?  How long will any reports produced be maintained?  Where are the procedures documented?  How is the information disposed (e.g., shredding, degaussing, overwriting, etc.)?  Who establishes the procedures?  Explain.
    By policy directive, examination staff are directed to delete all electronic data related to an examination at the conclusion of that examination. Further, procedures for disposition of the data at the end of the retention period are established in accordance with FDIC Records and Schedules in conjunction with NARA guidance.
  4. Is the system using technologies in ways that the Corporation has not previously employed (e.g., Monitoring software, SmartCards, Caller-ID, biometrics, PIV cards, etc.)?  Explain.
    No.
  5. How does the use of this technology affect privacy?  Does the use of this technology introduce compromise that did not exist prior to the deployment of this technology?  Explain.
    The system does not increase privacy issues; however, since only that portion of the loan trail balance that is converted to line sheets is now retained in the work papers, the privacy risk is diminished over previous manual procedures. No new compromise is introduced by the use of this system as the ALERT application, with its encrypted database, has a lower risk profile then the retention of paper loan trial balance report which was the previous method.
  6. If monitoring is being performed, describe the data being collected.  Is monitoring required?  If so, describe the need for the monitoring and identify the requirements and explain how the information is protected.
    Monitoring is not being performed, nor is it required for this type of application.
  7. If monitoring is not required, explain the controls that will be used to prevent unauthorized monitoring?
    The system is not used to monitor individuals. The system is only accessible by those individuals who have been authorized and then only for the processing location and institution to which they have been assigned. Additionally, each individual has total control of access to the laptop where the application is mounted and database is stored during the pre-examination process. Corporate policy prohibits all corporate users from improper conduct while on the network or connected to the network. The network itself is firewall, anti-virus, and IDS protected.
  8. In the Federal Register, under which Privacy Act Systems of Record (SOR) does this system operate?  Provide number and name.
    The system does not operate as a Privacy Act system of records.
  9. If the system is being modified, will the Privacy Act system of records notice require amendment or revision?  Explain.
    Changes to the application may affect functionality but will not impact the overall business processes that the system supports so the Privacy Act system of records will not require amendment or revision.

I. Business Processes and Technology

  1. Does the conduct of this PIA result in circumstances that requires changes to business processes?
    No changes to business processes are required.
  2. Does the completion of this PIA potentially result in technology changes?
    No changes to technology are required.

Last Updated 07/27/2006 Privacy@fdic.gov

Home    Contact Us    Search    Help    SiteMap    Forms
Freedom of Information Act (FOIA) Service Center    Website Policies    USA.gov
FDIC Office of Inspector General