Text Size
NASA PIA Summary - eauth.mynasa.nasa.gov
March 12, 2008

Privacy Impact Assessment (PIA) Summary for eauth.mynasa.nasa.gov

Date of this Submission: (12/15/05)
NASA Center: Headquarters, OCIO Office in conjunction with NASA Office of Public Affairs
Application Name: http://eauth.mynasa.nasa.gov/ (in the NASA Portal)

Is this application or information collection new or is an existing one being modified? Yes
Does this application collect, maintain, and/or disseminate information in identifiable form (IIF)? Yes
Mission Program/Project Supported: All, through the NASA Office of Public Affairs

Identifying Numbers (Use N/A, where appropriate)
Privacy Act System of Records Number: N/A
OMB Information Collection Approval Number and Expiration Date: N/A
Other Identifying Number(s): N/A


  1. Provide an overview of the application or collection and indicate the legislation authorizing this activity.
    http://eauth.mynasa.nasa.gov/ is NASA’s public application portal that is integrated with GSA’s E-Authentication Portal as part of OMB’s Single Sign-On Initiative. It hosts the dynamic application content for the NASA Portal, a secure system provided to allow web publication of NASA’s public content to a broad public audience. http://eauth.mynasa.nasa.gov/ interacts with other NASA Portal applications including www.nasa.gov and mediaservices.nasa.gov., each of which is designed to securely accomplish the requests of web users who voluntarily provide information. It also allows voluntary user registration that when completed allows users to personalize their view of NASA’s portal. Through GSA’s E-Authentication Portal, users may associate their account with the E-Authentication Portal for single sign-on access to other personalized Federal Government Services.
  2. Describe the information the agency will collect, maintain, or disseminate and how the agency will use the information. In this description, indicate whether the information contains IIF and whether submission is voluntary or mandatory.
    http://eauth.mynasa.nasa.gov/ stores web user IIF directly through user registrations. The web user submits all information voluntarily. This information is maintained in secure systems and used for personalization of the user experience. The information is not disseminated beyond this system.
  3. Explain how the IIF collected, maintained, and/or disseminated is the minimum necessary to accomplish the purpose for this effort.
    The information collected and stored by http://eauth.mynasa.nasa.gov/ will be used only for its intended purpose as described above. Information collected is the minimum required to accomplish the user’s voluntary request for a personalized experience. The information is matched voluntarily by the user to the information he/she has submitted voluntarily at other federal government sites in order to access citizen-centric services.
  4. Explain why the IIF is being collected, maintained, or disseminated.
    Information is voluntarily provided by the user who chooses to register on mynasa.nasa.gov for the sole purpose of customizing their “view” of NASA content. These preferences are stored in a secure database so that the user is always presented with their customized view when they return to the site. Information is maintained till the user requests it be deleted.
  5. Identify with whom the agency will share the IIF.
    The agency does not share this information with anyone other then NASA, its agents, or as otherwise required by law. Information is accessible only by the system administrators as required for them to perform their day to day jobs and to specific individuals who are designated by NASA management to respond to user’s requests for information. Registered users can access their registration information through a user id and password that is only known to them or once associated through a machine generated ID with the E-Authentication Portal, directly from the E-Authentication Portal. However, the association with the GSA E-Authentication Portal does not include the sharing of IIF information or password.
  6. Describe how the IIF will be obtained, from whom it will be collected, what the suppliers of information and the subjects will be told about the information collection, and how this message will be conveyed to them (e.g., written notice, electronic notice if a Web-based collection, etc.). Describe any opportunities for consent provided to individuals regarding what information is collected and how the information will be shared.
    Information is provided by the user on a voluntary basis. In every case where a response in required by NASA to the user it is by email. Users are not required to submit this information to browse http://www.nasa.gov/ but are required to submit it upon registering to customize to their choices. Registered users can access their registration information through a user id and password that is only known to them, or once associated with the E-Authentication Portal, directly from the E-Authentication Portal. Links to the privacy policy are provided in a statement on the web page where the information is collected.
  7. State whether personal information will be collected from children under age 13 on the Internet and, if so, how parental or guardian approval will be obtained. (Reference: Children’s Online Privacy Protection Act of 1998).
  8. Describe how the IIF will be secured.
    All IIF information is stored in systems protected by security described in a security plan that requires annual certification, frequent auditing and constant monitoring. Any IIF information collected by http://eauth.mynasa.nasa.gov/ is stored in a secure Oracle database where access is limited to mynasa.nasa.gov system administrators. Information is accessible only by the system administrators as required for them to perform their day to day jobs. IIF information protection is consistent with the principles of the E-Government Act of 2002, and as applicable, the Freedom of Information Act.
  9. Describe plans for retention and destruction of IIF.
    Logon Ids and passwords are retained for a period of time that the user wishes to use http://eauth.mynasa.nasa.gov. These are deleted if the user requests deletion. Where information is collected for a request or question through email, NASA stores the user’s email address for sufficient time to allow research to be completed and to properly respond to the user. In most cases, the email address is retained for no longer than ninety days. Other information is retained for a period of time to carry out the request of the user and in no case longer than the time allowed by NASA’s Information Retention Policy. Where information is maintained for backup purposes on magnetic tapes, these tapes are overwritten, erased, or destroyed within 120 days.
  10. Identify whether a system of records is being created under section 552a of Title 5, United States Code (the Privacy Act), or identify the existing Privacy Act system of records notice under which the records will be maintained.

Identify a point of contact to whom a member of the public can address questions concerning this information system and the privacy concerns associated with it:

Nitin Naik
NASA Associate CTO
NASA Office of the Chief Information Officer
NASA Headquarters
Washington, DC 20546-0001

Submitted by: (Signature on Record)
Nitin Naik
NASA Associate CTO
NASA Office of the Chief Information Officer
NASA Headquarters
Washington, DC 20546-0001

Date 12/15/2005

Concur:                                             Concur:
Patti F. Stockman                                Scott Santiago
NASA Privacy Act Officer                 Deputy CIO for IT Security

Date: _________________                 Date: _________________

Approved for Publication:
Patricia L. Dunnington
Chief Information Officer

Date: _________________

Image Token: 
Image Token: 
Page Last Updated: November 1st, 2013
Page Editor: NASA Administrator