The Presidential $1 Coin Program Data Collection Privacy Impact Assessment

Name of System:

The Presidential $1 Coin Program Data Collection

Purpose of the System:

The Presidential $1 Coin Program Data Collection will be used to collect and store certain data from individuals and entities that request information and promotional materials (such as posters, stickers, bookmarks, brochures, and pamphlets) offered by the Mint concerning the Presidential $1 Coin Program. The United States Mint is offering these materials and information to assist in fulfillment of obligations under the Presidential $1 Coin Act of 2005 (Public Law 109-145). Information proposed to be collected and stored includes the name of the requesting individual, business, or organization; the name of the human contact representative of a requesting business or organization; the requester’s mailing address, business phone number, and email address; the information, materials and quantity requested, whether the requester is asking for materials to be automatically shipped each time different materials are offered, and the intended use of the requested materials and information. Mint employees will administer the project, along with United States Mint contractors and subcontractors who will assist the United States Mint in managing the information collection and fulfilling requests. The information will be collected by direct upload via an online form appearing on the United States Mint’s Web site that leads to the contractor’s electronic information systems. Requesters that call, mail or make requests by other means will likely be guided to the Web site to complete an online request. The Mint does not plan to collect data for the system other than through this Web site.

Once collected, the information will be maintained on the contractor’s electronic systems in a secured environment. The public is not obligated to provide this information, but when requests are made, the information must be provided in order for the United States Mint to verify, respond and provide requested materials. Provided information will be used solely by authorized United States Mint personnel and contractors for the business purpose of:

  1. Properly fulfilling orders for program information and materials.
  2. Tracking order fulfillment status.
  3. Performing statistical analyses and generating reports to monitor the effectiveness of the program and the demand for program materials and information.

A. Contact Information (Provide Name, Title, and Organization)

  1. Who is the person completing this document? Michael Welther, United States Mint Office of Sales and Marketing (SAM), and Rene Smeraglia, United States Mint Office of the Chief Information Officer (OCIO), Office of Information Security, Operations Division and Records Management Division.
  2. Who is the System Owner? Cynthia Meals, Assistant Director, Office of External Communications, SAM
  3. Who is the Program Manager for this system or application?Mary Lhotsky, Manager, Office of External Communications, SAM
  4. Who is the Information System Security Manager who reviewed this document? Rene Smeraglia, Assistant Director, Office of Information Security
  5. Who is the Bureau Privacy Act Officer who reviewed this document? Kathleen Saunders-Mitchell, Mint Disclosure Officer, Office of Information Security/Records Management Division

B. System Application/General Information

  1. Does this system contain any personal information about individuals? Yes, this system will contain individuals’ names, mailing addresses, telephone numbers, email addresses and the intended uses of any materials requested.
  2. What legal authority authorizes the purchase or development of this system/application?31 U.S.C. § 5136 and 31 U.S.C. § 5112(p).
  3. For new systems, how is privacy addressed in documentation related to system development; including statement of need, functional requirements analysis, alternatives analysis, feasibility analysis, benefits/cost analysis, and especially the initial risk assessment?In planning the data collection and storage for the system, the United States Mint elected to collect and retain only the information we believe we need to fulfill and monitor requests for the Presidential $1 Coin Program information and promotional materials we will be offering. We do not currently plan to charge for these materials or their fulfillment, minimizing the amount of sensitive financial information we now need to collect and store. We plan to require a minimum age warranty on the web form to assist in compliance with the Children’s Online Privacy Protection Act. The contractor storing the data and fulfilling the orders is required to comply with the Privacy Act of 1974, and applicable Federal laws and regulations, and to ensure data received is maintained in a secured environment.

    The data includes document files, databases, and web page applications.

    Data Classification
    Rating Data Type
    For Official Use Only information
    Proprietary Business Information not releasable under the FOIA or other laws.
    Personal Data (Privacy Act of 1974)
    Critical Safety or Life Support Information
    Financial Transactions
    Information Available in the Public Domain

C. Data in the System

  1. What categories of individuals are covered in the system?(e.g., employees, contractors, the public) General public as well as any employees and contractors who submit requests for Presidential $1 Coin program information and materials.
  2. What are the sources of the information in the system?Information in the system is obtained from individuals, businesses, or organizations who voluntarily submit requests for program information and materials.

    2a. Is the source of the information collected directly from the individual or is it taken from another source? If not directly from the individual, then what other source?

    Information collected and maintained in the system is directly collected from the individual requester or an individual representing a business or organization that is requesting program information and materials.

    2b. What Federal agencies are providing data for use in the system?

    None, except to the extent agencies elect to request program information and materials, in which case they provide the necessary information as any other requester would provide to allow fulfillment.

    2c. What State and/or local agencies are providing data for use in the system?

    None, except to the extent agencies elect to request program information and materials, in which case they provide the necessary information as any other requester would provide to allow fulfillment.

    2d. From what other third party sources will data be collected?

    None.

    2e. What information will be collected from the employee and the public?

    Information will not be collected from employees except to the extent an employee elects to request program information and materials, in which case he or she would provide information like any other requester. Information collected from requesters who are employees or members of the public will include the name of the requesting individual, business, or organization; the name of the human contact representative of a requesting business or organization; the requester’s mailing address, business phone number and email address; the information, materials and quantity being requested, whether the requester is asking for materials to be automatically shipped each time different materials are offered, and the requester’s intended use of the requested materials and information.

  3. Accuracy, Timeliness, and Reliability3a. How will data collected from sources other than bureau records be verified?

    Data will be collected directly from the requester, or its individual representative if the requester is an organization or other entity. An email is planned to be sent automatically to the email address the requester provides. It will indicate to the recipient that an email address has been submitted to the system, and ask the recipient to click a link initiating a return email to verify the address. This email may also allow order verification. A second email will be sent to the requester indicating order shipment.

    3b. How will data be checked for completeness?

    As noted, email address verifications and shipment confirmations for promotional material orders are emailed to requesters. Requests are reviewed by contractor staff in the course of fulfillment processing, and requesters are contacted if a clarification becomes necessary.

    3c. Is the data current? What steps or procedures are taken to ensure the data is current and not out-of-date? Name of document (e.g. data models).

    Data is as current as provided by the requester. In addition to the verification and confirmation emails noted above, if necessary requesters are contacted by email or phone to complete or clarify a request.

D. Attributes of the Data

  1. Is the use of the data both relevant and necessary to the purpose for which the system is being designed? Yes. The system is designed to collect and fulfill requests for information and materials to promote the Presidential $1 Coin. The data to be collected identifies the information and materials requested and the contact information necessary for verification and fulfillment.
  2. Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected, and how will this be maintained and filed? There is no aggregation of data for this system, nor will previously unavailable data be created or added to this system, and there are no current plans to derive or create new data.
  3. Will the new data be placed in the individual’s record? There is no aggregation of data for this system, nor will previously unavailable data be created or added to this system, and there are no current plans to derive or create new data.
  4. Can the system make determinations about employees/public that would not be possible without the new data?There is no aggregation of data for this system, nor will previously unavailable data be created or added to this system, and there are no current plans to derive or create new data.
  5. How will the new data be verified for relevance and accuracy? There is no aggregation of data for this system, nor will previously unavailable data be created or added to this system, and there are no current plans to derive or create new data.
  6. Do the records in this system share the same purpose, routine use, and security requirements? Information collected in the system shares the same purpose (fulfilling requests for Presidential $1 Coin information and materials). Routine uses have not yet been finalized. The system will be treated either as a new system of records or a modification of an existing one under the Privacy Act of 1974, and will require development and publication of a Privacy Act System of Record Notice in the Federal Register identifying routine uses.

    All data in this system is maintained in a secured environment by a United States Mint contractor, and shares the same security requirements.

  7. If the data is being consolidated, what controls are in place to protect the data from unauthorized access or use? Data in the system is not being consolidated.
  8. How will data be retrieved? Does a personal identifier retrieve the data? If yes, explain and list the identifiers that will be used to retrieve information on the individual. (Will information be retrieved on an individual by their name, assigned number, etc.? This will determine if it is a Privacy Act System of Records and whether a system of records notice will be needed.) Data will be retrieved by information voluntarily submitted by requesters that may include personal identifiers, such as an organization’s or individual’s name (including the name of individual representing a business or organization), and the mailing address (city, state, and zip code) associated with the request. Other searchable and sort fields include order date, requester’s telephone number, whether or not the account is ‘flagged’ (such as due to an unusual quantity or an order requiring verification for processing and completion), shipment tracking number , and any internal id number that may be assigned to the request.
  9. What kinds of reports can be produced on individuals? What will be the use of these reports? Who will access them?Reports on individuals requesting Presidential $1 Coin information or promotional materials through this system can be prepared by United States Mint employees, and by contractors at the request of authorized United States Mint personnel, for proper business purposes. It is anticipated that such reports will be created only upon request and include status reports on the effectiveness of the program, tracking of supply and demand for materials, and completion rates for requests received. Reports may be made available to the United States Mint’s Deputy Director and Director, and to United States Mint employees and contractors in its Sales and Marketing, Chief Counsel, Manufacturing, and Public Affairs offices and other Strategic Business Units as deemed necessary for proper purposes. It is also possible that members of Congress will request information on the status of the Presidential $1 Coin Program outreach and that reports could be generated and produced for that purpose.

E. Maintenance and Administrative Controls

  1. If the system is operated in more than one site, how will consistent use of the system and data be maintained in all sites? The system is maintained and operated in one geographical location.
  2. What are the retention periods of the data in this system? Information entered in the system will be maintained until disposition instructions are identified and approved by the United States National Archives and Records Administration.
  3. What are the procedures for disposition of the data at the end of the retention period? How long will the reports produced be kept? Where are the procedures documented? Records retention information for the system, its contents and any reports generated will be identified in a United States Mint retention schedule approved by the National Archives and Records Administration, and existing agency file plans will be revised to incorporate records information for the new system. The data will be disposed of in accordance with approved records retention instructions and procedures. The online version of the response to this question will be updated once the United States Mint revises existing file plans to incorporate the new system and the retention schedule for this system is approved by the National Archives and Records Administration.
  4. Is the system using technologies in ways that the bureau/office has not previously employed (e.g. monitoring software, Smart Cards, Caller-ID)? No.
  5. How does the use of this technology affect public/employee privacy?The system is not using technologies in ways that the bureau/office has not previously employed.
  6. Will this system provide the capability to identify, locate, and monitor individuals? If yes, explain.The system will contain mailing addresses, allowing the Mint and its contractors to contact individuals who supply this information to respond to their requests for Presidential $1 Coin outreach-related information, materials and services. Program staff and contractors will be able to observe the ordering activity of requesters and track the status of order fulfillment through the data in the system, but the Presidential $1 Coin Program Data Collection will not be independently capable of monitoring individuals.
  7. What kinds of information are collected as a function of monitoring of individuals? No information is collected in the system as a function of monitoring individuals.
  8. What controls will be used to prevent unauthorized monitoring? Access controls are used to prevent unauthorized access to the system. System controls are implemented in a role- based ‘least access’ manner. Authorized United States Mint personnel and contractors will have the least amount of access to the system required to perform their job function. Instances of access to the system by contractors and United States Mint personnel are subject to monitoring for inappropriate activity.
  9. If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?This system includes a web-based application to collect requests via the United States Mint’s Web site linked through to the contractor’s server. The Web sites operating the system do not currently use persistent cookies to identify web visitors, to store individually-identifiable information, or to track actions of site visitors over time or across other web sites.
  10. Under which Privacy Act system of records notice does the system operate? A system of records notice will be developed for publication in the Federal Register in accordance with the requirements of 5 U.S.C. 552a.
  11. If the system is being modified, will the Privacy Act system of records notice require amendment or revision? Explain. This may be deemed a new system under the Privacy Act. If it is not, the applicable system of records notice will be modified.

F. Access to Data

  1. Who will have access to the data in the system? (e.g., contractors, users, managers, system administrators, developers, others.) Will those with access to the data have appropriate training and security clearances to handle the sensitivity of the information?Only authorized United States Mint personnel and contractors will have access to the data in this system. All authorized personnel and contractors having system access are required to have appropriate security clearances. All Mint personnel and authorized contractors are informed of and must acknowledge United States Mint directives, MD 9C-2 (Mint Computer Use) MD 9C-3 (Information Systems Access Policy), IT System User Rules of Behavior and Information Security, Education and Awareness Program. All persons using United States Mint computers participate in an Information Security Awareness training program annually.
  2. How is access to the data by a user determined? Are criteria, procedures, controls, and responsibilities regarding access documented? There are no current plans to provide requesters with an online account they can access online to amend or delete personal information or orders in the system. However, they should receive emails from the United States Mint (or its contractors) verifying their initial request and email address and confirming shipment of requested materials, and can contact the United States Mint as necessary regarding their requests. This is the only access provided to requesters. Internal United States Mint administrative access to the system must be authorized by the system owner or program official. Administrative access is granted only to United States Mint authorized personnel and contractors for the purpose of fulfilling requests, monitoring fulfillment status, and maintaining the system. All United States Mint authorized personnel and the system’s contractor are informed of and (in the case of the contractor by contract) are obligated to comply with United States Mint directives, MD 9C-2 (Mint Computer Use), MD 9C-3 (Information Systems Access Policy) and IT System User Rules of Behavior and Information Security, Education and Awareness Program.
  3. Will users have access to all data on the system or will the user’s access be restricted? Explain. As noted above, requesters are not expected to have an online account they can access online to amend or delete personal information or orders in the system. However, they should receive emails from the United States Mint (or its contractors) verifying their initial request and email address and confirming shipment of requested materials, and can contact the United States Mint as necessary regarding their requests. This is the only access provided to requesters. All United States Mint administrative access by Mint employees is granted at the level of Least Privilege necessary to perform the job function, and all access by contractors is restricted to that required to perform its obligations under the contract. Access controls are in place to prevent users who do not have a business need to access data from doing so.
  4. What controls are in place to prevent the misuse (e.g. unauthorized browsing) of data by those having access? (Please list process and training materials). As noted, access controls are in place to prevent those other than authorized United States Mint personnel and contractors from having direct access to the system. System controls are implemented in a role- based least access manner. Authorized Mint personnel and contractors will have the least access to the system and its data content required to perform their respective job functions. Instances of access to the system by contractors and United States Mint personnel are subject to monitoring for inappropriate activity. All United States Mint authorized personnel and the system’s contractor are informed of and (in the case of the contractor by contract) are obligated to comply with United States Mint directives, MD 9C-2 (Mint Computer Use), MD 9C-3 (Information Systems Access Policy) and IT System User Rules of Behavior and Information Security, Education and Awareness Program. All United States Mint computer users participate in an Information Security Awareness training program annually.
  5. Are the contractors involved with the design and development of the system and will they be involved with the maintenance of the system? If yes, were Privacy Act contract clauses inserted in their contracts and other regulatory measures addressed? Yes, United States Mint contractors are involved with the development and maintenance of the system. Their contracts include non-disclosure agreements and agreements to comply with all applicable Mint policies and laws, including the Privacy Act.
  6. Do other systems share data or have access to the data in the system? If yes, explain. No, other systems do not share data with or have access to the data in this system.
  7. Who will be responsible for protecting the privacy rights of the public and employees affected by the interface? All authorized Mint personnel and contractors have a responsibility to safeguard information and data under their control. United States Mint program and information security personnel (including but not limited to the United States Mint employees serving as the system manager and information owners) and contractors work together to accomplish this for this system.
  8. Will other agencies share data or have access to the data in this system (e.g. Federal State, Local, and Others)? Other than in accordance with applicable laws (including but not limited to the Privacy Act and routine uses thereunder to be set forth in the system of record notice for this system), the United States Mint does not expect to share or provide access to the data in this system to other Federal, state, local or other agencies. It is possible that members of Congress will request information on the status of the Presidential $1 Coin Program outreach and that reports could be generated and produced for that purpose.
  9. Who is responsible for assuring proper use of the data? United States Mint program office staff and Office of the Chief Information Officer staff and their respective contractors work together to assure proper use of data in the system.
Content last updated on
Tags: