Privacy Impact Assessment (PIA) Summary for mediaservices.nasa.gov
Date of this Submission: (12/09/2005)
NASA Center: Headquarters, NASA Office of the CIO
Application Name: http://mediaservices.nasa.gov/ (the NASA Portal)
Is this application or information collection new or is an existing one being modified? No
Does this application collect, maintain, and/or disseminate information in identifiable form (IIF)? Yes
Mission Program/Project Supported: All,through the NASA Office of the CIO.
Identifying Numbers (Use N/A, where appropriate)
Privacy Act System of Records Number:N/A
OMB Information Collection Approval Number and Expiration Date: N/A
Other Identifying Number(s): N/A
- Provide an overview of the application or collection and indicate the legislation authorizing this activity.
mediaservices.nasa.gov is NASA’s public list server. It provides email delivery of newsletters, press releases, and other information subscribed to by users of the NASA Portal, a secure system provided to allow web publication of NASA’s public content to a broad public audience. mediaservices.nasa.gov interacts with users as any typical list server. It is an mx record that provides the source for email delivery. It allows voluntary user subscription and un-subscription though the subscribers resident email program.
- Describe the information the agency will collect, maintain, or disseminate and how the agency will use the information. In this description, indicate whether the information contains IIF and whether submission is voluntary or mandatory.
The subscriber submits all information voluntarily. Subscription to particular newsletters is determined by where the user is provided a link to subscribe (any NASA Web Site). The subscribers email address and the particular communication they are subscribing to are passed to the system by the subscribers resident email program. The system records the email address and newsletter subscription in a database. This information is then used to send the latest version of the newsletter to email address submitted. This IIF is not disseminated to any other location or system.
- Explain how the IIF collected, maintained, and/or disseminated is the minimum necessary to accomplish the purpose for this effort.
The information collected and stored by mediaservices.nasa.gov will be used only for its intended purpose as described above. Information collected is the minimum required to accomplish the user’s voluntary request for subscription to the newsletter.
- Explain why the IIF is being collected, maintained, or disseminated.
Email addresses are required to deliver the communication requested by the subscriber. The email is maintained so that every time there is a new issue of the newsletter the user can have a copy emailed to him/her. The system needs the email address to automatically send the new issue as soon as it is submitted to the system by the authors for dissemination.
- Identify with whom the agency will share the IIF.
The agency does not share this information with anyone other then NASA, its agents, or as otherwise required by law. Information is accessible only by the system administrators as required for them to perform their day to day jobs. Subscribers can un-subscribe at any time they choose.
- Describe how the IIF will be obtained, from whom it will be collected, what the suppliers of information and the subjects will be told about the information collection, and how this message will be conveyed to them (e.g., written notice, electronic notice if a Web-based collection, etc.). Describe any opportunities for consent provided to individuals regarding what information is collected and how the information will be shared.
- State whether personal information will be collected from children under age 13 on the Internet and, if so, how parental or guardian approval will be obtained. (Reference: Children’s Online Privacy Protection Act of 1998).
- Describe how the IIF will be secured.
All email addresses are stored in systems protected by security provided for in a security plan that requires annual certification, frequent auditing and constant monitoring. Information is accessible only by the system administrators as required for them to perform their day to day jobs. IIF information protection is consistent with the principles the E-Government Act of 2002, and as applicable, the Freedom of Information Act.
- Describe plans for retention and destruction of IIF.
Email addresses are retained for a period of time that the subscribed to communication is published. Where information is maintained for backup purposes on magnetic tapes, these tapes are overwritten, erased, or destroyed within 120 days.
- Identify whether a system of records is being created under section 552a of Title 5, United States Code (the Privacy Act), or identify the existing Privacy Act system of records notice under which the records will be maintained.
Identify a point of contact to whom a member of the public can address questions concerning this information system and the privacy concerns associated with it:
NASA Associate CTO
NASA Office of the CIO
Washington, DC 20546-0001
Submitted by: (Signature on Record)
NASA Associate CTO
NASA Office of the Chief Information Officer
Washington, DC 20546-0001
Patti F. Stockman Scott Santiago
NASA Privacy Act Officer Deputy CIO for IT Security
Date: _________________ Date: _________________
Approved for Publication:
Patricia L. Dunnington
Chief Information Officer