Privacy Impact Assessment
for the
Drug-Free Workplace
Program
DHS/ALL/PIA-063
January 2, 2018
Contact Point
Robyn Spano
Drug Program Administrator
Human Capital Policy & Program
Office of the Chief Human Capital Officer
(202) 357-8277
Reviewing Official
Philip S. Kaplan
Chief Privacy Officer
Department of Homeland Security
(202) 343-1717
Privacy Impact Assessment
DHS/ALL/PIA-063
Drug-Free Workplace Program
Page 1
Abstract
The Federal Drug-Free Workplace Program was established by Executive Order (EO)
12,564 on September 15, 1986, to address illegal drug use by federal employees. The Department
of Homeland Security (DHS) Office of the Chief Human Capital Officer (OCHCO) oversees the
departmental Drug-Free Workplace (DFW) program, and developed and implemented a
comprehensive DFW program that includes the Components developing their own DFW plans
that conform to DHS policies. This Privacy Impact Assessment (PIA) outlines the collection and
use of the personally identifiable information (PII) of current employees and applicants who are
selected for employment at DHS and subject to the requirements of the DHS DFW program.
Overview
As required by EO 12564, DHS OCHCO developed a Department-wide DFW plan, which
has been certified by the U.S. Department of Health & Human Services (HHS). Under the
Department plan, each Component has its own DFW plan that conforms to the overarching DHS
program. For most aspects of the program, including the anticipated enterprise contract for drug
testing services beginning in Fiscal Year (FY) 2018, there will be an overarching DHS contract,
with each Component holding a task order thereunder. This Privacy Impact Assessment (PIA)
outlines the organization and privacy risks of the DFW program at the enterprise level.
Components with current OCHCO-approved DFW plans are: U.S. Customs and Border
Protection (CBP), U.S. Citizenship and Immigration Services (USCIS), the Federal Emergency
Management Agency (FEMA), the Federal Law Enforcement Training Center (FLETC), DHS
Headquarters, U.S. Immigration and Customs Enforcement (ICE), the National Protection and
Programs Directorate (NPPD), Office of Inspector General (OIG), Transportation Security
Administration (TSA), and U.S. Secret Service (USSS). In FY 18, Components are scheduled to
fall under the enterprise contract.
1
Across the Department, Component drug testing services (collection, laboratory, and
Medical Review Officer [MRO] services) will be obtained through an enterprise contract. A
Department-wide contract vehicle allows for effective oversight, ensuring the services provided
are staffed by trained professionals who hold the appropriate certifications or credentials.
Likewise, the enterprise contract ensures that the same range of services is available to all
Components (e.g., drug testing outside the continental United States). By using the same contract
vehicle across the Department, it ensures that data systems used in the drug testing processes will
be the same. Because the data system(s) used under this contract are standard across the
Components, the information technology (IT) security review process is centralized to ensure all
IT security standards are met at the enterprise level. The Alere/eScreen data system (hereafter
1
Appendix A lists all of the Components that are under the enterprise contract.
Privacy Impact Assessment
DHS/ALL/PIA-063
Drug-Free Workplace Program
Page 2
referred to as the System) used to facilitate the drug testing process is owned by the Department
of Interior (hereafter referred to as the Contractor). This System is used from the beginning to the
end of the testing process (i.e., to schedule testing, to track specimens through the process, and
to document and track test results).
There are several circumstances in which drug testing of an individual will be performed:
1) random drug testing, 2) applicant drug testing, 2) voluntary drug testing, 3) reasonable
suspicion drug testing, 4) post-accident drug testing, and 5) follow-up [to treatment] drug testing.
All of these reasons besides “applicant drug testing” involve current DHS employees. The process
for the drug testing function itself is the same for the various circumstances listed above, except
with regards to applicant (non-employee) drug testing. To make the distinction, the processes for
random drug testing (employee) and applicant (non-employee) drug testing are described below.
Random Drug Testing
Use of the System begins when the Component deems appropriate to conduct random
drug testing.
The Component provides a list of all personnel in Testing Designated Positions (TDP)
2
to the Contractor. The Contractor uses a random generator to produce a list of personnel
randomly selected
3
from the list of all personnel in TDPs.
The Contractor contacts supervisors of the randomly selected individuals to advise that
they have personnel who have been randomly selected for drug testing.
Supervisors identify which of those employees will be available to report for drug testing
and that information is provided to the Contractor by phone or secure email.
The Contractor inputs into the System the names of those individuals who will be sent for
drug testing and the Contractor then produces the Chain of Custody Form (CCF).
4
2
TDPs are positions that are considered to be sensitive in nature (i.e., positions having access to sensitive
information, such as individuals with access to national security information that could be damaging to national
interests if compromised). DHS has determined that the sensitive positions designated for testing are those that
require a Top Secret clearance, or above. Other positions that require random testing, regardless of their clearance
level are: 1) those with critical safety or security responsibilities; 2) positions requiring the carrying of a firearm, the
operation of motor vehicles carrying passengers, aviation crews, and air traffic controllers; 3) certain health and
safety positions where the influence of drugs could cause substantial physical injury to others; 4) Presidential
appointees requiring Senate confirmation; and 5) front line law enforcement personnel with proximity to criminals,
drugs, or drug traffickers and drug rehabilitation employees with direct client contact.
3
A random generator program is used by the Contractor to ensure there is no appearance of a conflict of interest by
Component employees performing the random selection. The algorithm used in the program is not disclosed to
DHS.
4
The Chain of Custody Form (CCF) is created by the Contractor with information provided by the Component Drug
Program Coordinator (DPC). The form is populated prior to receipt by the collection site. The CCF OMB Control
number is 0930-0158.
Privacy Impact Assessment
DHS/ALL/PIA-063
Drug-Free Workplace Program
Page 3
After receiving confirmation of the employee’s availability for testing, the employee’s
immediate supervisor is provided additional instructions for the employee (i.e., the
individual’s random selection for drug testing, the location of the collection site,
circumstances for testing (random), and timeline for testing (typically within two hours)).
Once the employee reports for the drug test, the individual identifies him or herself and
provides a picture ID, which the Contractor visually confirms. The individual is then
asked to review the personal data on the CCF and verify that it is correct.
Applicant Drug Testing
The applicant drug test occurs when a tentative job offer (TJO) is issued by a Component
Human Capital Office and the position requires drug testing as a requirement of onboarding.
The Contractor receives a request for an applicant drug test from a Component Drug
Program Coordinator (DPC) via password-protected email. The PII included in that email
is: name, home address, last five digits of Social Security number (SSN), DHS
Component, email address, and phone numbers (daytime and evening).
The Contractor contacts the applicant directly via phone or email to coordinate the drug
test.
The Contractor verifies the candidate’s availability and location and requests that a federal
drug testing kit is sent to or available at a collection site convenient to the applicant.
The Contractor then contacts the applicant again and provides instructions regarding
where to report for the test and the required timeline for reporting (within 48 hours after
contact).
DHS employees and applicants selected for drug testing are required to provide a valid PIV card
or a valid driver’s license, respectively, upon reporting to the collection site. Collection site
personnel will verify the individual’s identity and record the name, gender, last 5 digits of the
SSN, date of birth, phone number(s), testing authority (HHS), circumstances for test, and drugs
for which to be tested. This information is recorded on the federal drug testing CCF, which is
signed by the employee/applicant, and it accompanies the specimen as it is sent from the
collection site to an HHS-certified laboratory for analysis. The laboratory sends the preliminary
test results, and the necessary biographic information to ensure that the test results are connected
to the correct employee, to the Contractor MRO via the System for verification of any positive
result. Once results have been verified by the MRO, the results are uploaded into the System as
“negative” or “verified positive.”
Only authorized Component personnel (e.g., the DPC), with approved user ID/passwords,
are able to retrieve drug testing results. System user access is authorized and controlled by each
Privacy Impact Assessment
DHS/ALL/PIA-063
Drug-Free Workplace Program
Page 4
Component with additional monitoring provided by the Contractor. User accounts allow
authorized personnel to access data for their Component only. The System is accessed through
the internet via secure HTTP (HTTPS), which provides an encryption layer to prevent
unauthorized access. Applicants or employees do not directly receive their test results. However,
they are notified if there is a positive test result.
Section 1.0 Authorities and Other Requirements
1.1 What specific legal authorities and/or agreements permit and
define the collection of information by the project in
question?
DHS is authorized to collect this information pursuant to the following:
Executive Order 12,564, Drug-Free Federal Workplace;
Executive Order 10,450, Security Requirements for Government Employees;
Executive Order 12,958, Classified National Security Information, as amended;
DHS Drug-Free Workplace Plan, February 6, 2013;
Supplemental Appropriations Act of 1987, Pub. L. 100-71, as amended (5 U.S.C. § 7301);
Department of Health and Human Services Mandatory Guidelines for Federal Drug
Testing Programs;
DHS Directive 11005, Suspending Access to DHS Facilities, Sensitive Information, and
IT Systems; and
DHS Directive 11056.1, Sensitive Security Information.
1.2 What Privacy Act System of Records Notice(s) (SORN(s))
apply to the information?
Information collected, maintained, and used by DHS during the drug testing process is
covered by a DHS/ALL-022 Department of Homeland Security Drug-Free Workplace.
5
1.3 Has a system security plan been completed for the
information system(s) supporting the project?
Yes. The System was granted a three-year Authority to Operate (ATO) in October 2015
and undergoes continuous monitoring of its IT security controls to ensure the PII of employees
and applicants is protected.
5
DHS/ALL-022 Department of Homeland Security Drug Free Workplace, 73 FR 64974 (Oct. 31, 2008).
Privacy Impact Assessment
DHS/ALL/PIA-063
Drug-Free Workplace Program
Page 5
1.4 Does a records retention schedule approved by the
National Archives and Records Administration (NARA)
exist?
Yes, records are retained in accordance with National Archives and Records
Administration (NARA) General Records Schedule (GRS) 1, Item 36. The majority of the
records under this GRS are retained for three (3) years.
1.5 If the information is covered by the Paperwork Reduction Act
(PRA), provide the OMB Control number and the agency
number for the collection. If there are multiple forms, include a
list in an appendix.
The Paperwork Reduction Act (PRA) only applies to the Applicant Drug Testing aspect
of the DFW program because it is the only information collection from members of the public.
This information is submitted at the time of application for a position with DHS. Additionally,
the CCF is associated with OMB Control number is 0930-0158.
Section 2.0 Characterization of the Information
The following questions are intended to define the scope of the information requested and/or collected, as
well as reasons for its collection.
2.1 Identify the information the project collects, uses, disseminates,
or maintains.
The Component DPC provides to the Contractor a list of personnel in TPDs.
6
The
following information is provided to the Contractor by password-protected email:
Individual’s name;
Home address;
Last 5 digits of the SSN;
Phone numbers (daytime and evening); and
Email address.
For applicants, the same information is collected, transmitted, and uploaded to the System. The
Contractor uses only the PII of DHS employees who are in TDPs, and that of applicants selected
for employment at DHS via a TJO.
6
Designation of a position being a TDP is made at the time the position description is developed and job is
advertised, per HHS guidance.
Privacy Impact Assessment
DHS/ALL/PIA-063
Drug-Free Workplace Program
Page 6
The System automatically populates the following information on the CCF:
Testing authority (HHS);
Circumstance for testing; and
Drugs for which the employee/applicant is to be tested.
7
Once the laboratory has completed the analysis process, the preliminary test results are
forwarded to the MRO for review. For test results other than “negative,” the MRO verifies the
result and issues a final result of “verified positive.” Once the results are verified, the MRO adds
the information to the System, and that data is reported as a result.
2.2 What are the sources of the information and how is
the information collected for the project?
The data source for employee information is the OCHCO Human Resources Management
and Services (HRMS) payroll/personnel system.
8
By way of a pre-formatted spreadsheet,
OCHCO HRMS downloads the information from the National Finance Center (NFC)
Payroll/Personnel System (PPS) directly into the spreadsheet report format and it is uploaded into
the System.
9
Applicant information is initially obtained from the applicant at the time application is
made for employment at DHS via the USA Jobs website (which is administered by the Office of
Personnel Management (OPM)),
10
which is in-turn retrieved by the respective Human Resources
Office for consideration. When a TJO is issued, the applicant’s information is uploaded to the
System, which begins the applicant drug testing process.
In accordance with the HHS Medical Review Officer Manual,
11
the source for the final
test result is the MRO. The specimen is analyzed by a laboratory services provider and a finding
of negative or positive (or other condition (e.g., diluted specimen)) is sent to the MRO from the
laboratory via the System. The MRO reviews all tests to determine whether each can be
7
For federal drug testing, the drug panel for which DHS tests is established by HHS.
8
This system is the National Finance Center (NFC) Payroll/Personnel System (PPS), which is maintained by the
U.S. Department of Agriculture. The NFC maintains payroll information on all DHS personnel. For more
information, please see https://www.usda.gov/home/privacy-policy/privacy-impact-assessments.
9
Within NFC PPS, personnel in TDPs are noted in a separate field. This allows the DPC to request a report of
current TDPs and that is the only information that is passed to the Contractor. The Contractor does not receive the
information for any individual unless that person is going to be drug tested (for both employees and selected
applicants).
10
For more information, please see USA Staffing System (July 21, 2017), available at
https://www.opm.gov/information-management/privacy-policy/#url=Privacy-Impact-Assessments.
11
For more information, please see https://www.hhs.gov/sites/default/files/hr-resource-library-792-5.pdf.
Privacy Impact Assessment
DHS/ALL/PIA-063
Drug-Free Workplace Program
Page 7
confirmed as negative or verified positive.
12
Once the final result is entered into the System, the
DPC accesses the System to review the results.
2.3 Does the project use information from commercial sources
or publicly available data? If so, explain why and how this
information is used.
No. The DFW program does not use information from commercial sources or publicly
available data.
2.4 Discuss how accuracy of the data is ensured.
Applicants
Information is provided by the applicant at the time application is made for a position at
DHS. In turn, the applicant’s information is provided to the Contractor by the Component Human
Resources Office once the selection is made to fill a position. Data verification occurs as part of
the process at the collection site once the applicant reports for the drug test. The person to be drug
tested is asked to review the personal data on the CCF and confirm its accuracy. If correct, the
CCF is initialed by the specimen individual.
DHS Personnel
Prior to submitting the list of personnel in TDPs to the Contractor, the list is reviewed by
the DPC and compared to the payroll/personnel system data of record. The same information is
also reviewed by the supervisors of the TDPs, and again when the personnel in TDPs report to
the collection site and are asked to review the data on the CCF. If correct, the CCF is initialed by
the specimen individual.
Chain of Custody
The CCF is generated by the Contractor for all drug tests and, at the collection site, the
CCF is reviewed and initialed by the individual, both before and after the specimen is provided.
The CCF accompanies the specimen through all aspects of processing. (i.e., collection site,
laboratory, and medical review office).
2.5 Privacy Impact Analysis: Related to Characterization of
the Information
Privacy Risk: There is a privacy risk that PII may be emailed, by the Contractor or the
Component, without appropriate encryption safeguards.
12
An example of when a positive test result cannot be verified would be when the individual can produce a legal
prescription for the substance identified by the laboratory. In that event, the positive preliminary result would be
changed to negative.
Privacy Impact Assessment
DHS/ALL/PIA-063
Drug-Free Workplace Program
Page 8
Mitigation: This risk is mitigated by the fact that the Contractor or the Component must
password-protect or encrypt any sensitive PII they may transmit via email, per the DHS
Handbook for Protecting Sensitive Personally Identifiable Information.
13
Additionally, all
Contractor personnel have been trained in IT Security and Awareness Training. All contractors
sign a declaration (i.e., Rules of Behavior) stating they are aware of the security requirements.
Section 3.0 Uses of the Information
The following questions require a clear description of the project’s use of information.
3.1 Describe how and why the project uses the information.
This information is required so that the Contractor can effectively and efficiently conduct
drug testing services. Without this information, DHS and the authorized Contractor would not be
able to ensure that the individual required to submit a drug test is the same individual who
reports and provides the specimen. The specimen is effectively tracked and appropriately
matched to the individual, and ultimately to the drug test results. The employee and applicant
data is transmitted via telephone, password-protected email, or via the System, depending on
what data is required and for what purpose.
3.2 Does the project use technology to conduct electronic searches,
queries, or analyses in an electronic database to discover or
locate a predictive pattern or an anomaly? If so, state how DHS
plans to use such results.
No. The program does not use technology to conduct electronic searches, queries, or
analyses to locate predictive patterns or anomalies.
3.3 Are there other components with assigned roles
and responsibilities within the system?
Once the FY18 enterprise contract is awarded, there will be centralized oversight by the
DPA. Although DHS OCHCO oversees DFW plan compliance, it will not be able to access
Component data, with the exception of aggregated report data.
14
Each Component using the
System only has access to its Component-specific data and designates specific administrative
13
The DHS Handbook for Safeguarding Sensitive Personally Identifiable Information sets minimum standards for
how Department personnel should handle Sensitive PII in paper and electronic form during their everyday work
activities at the Department, available at
https://www.dhs.gov/sites/default/files/publications/dhs%20policy%20directive%20047-01-
007%20handbook%20for%20safeguarding%20sensitive%20PII%2012-4-2017.pdf.
14
This data will not include PII, but instead includes data required for HHS annual reporting (e.g., how many tests
administered, how many positives (for what drugs), what type of test).
Privacy Impact Assessment
DHS/ALL/PIA-063
Drug-Free Workplace Program
Page 9
rights to Component personnel that are required to have access.
The Transportation Security Administration (TSA) actually will “hold” the enterprise
contract, and will conduct the associated contract administration functions. Technical
responsibilities are assigned to the DPA. The Component DPCs will be the points of contact for
each Component.
3.4 Privacy Impact Analysis: Related to the Uses of Information
Privacy Risk: There is a privacy risk that applicant and employee information may be
used in a manner inconsistent with its original purpose for collection.
Mitigation: Applicant and employee information may only be used consistent with the
purpose for collection. All files and records are maintained by DHS in accordance with OPM
regulations and instructions. They are used to provide the source of factual data with regards
to drug testing about an individual’s qualifications to becoming or maintaining status as a
federal employee. Records are only used to meet OPM personnel requirements, including
screening qualifications of employees and determining applicant eligibility.
Privacy Risk: There is a privacy risk that information collected on behalf of DHS will
be accessed or used by someone without a “need to know.”
Mitigation: This risk is mitigated. In accordance with the DHS DFW Plan, test results
may be disclosed only to a limited number of officials on a “need to knowbasis. This may
include the employee’s supervisor who has the authority to take adverse action; the Office of
the Chief Security Officer (OCSO), Branch Chief for the Personnel Security Division; and the
Employee Relations Specialist who will initiate the adverse action process. This information
may also be disclosed in a related legal proceeding as necessary to defend against a challenge
to an adverse personnel action. For applicants, test results are only disclosed to a limited
number of personnel with a “need to know.” This includes disclosing the information to the
HR specialist responsible for processing the hiring of the individual or rescinding a TJO
previously sent to the individual.
Additionally, initial and recurring training for users of the System addresses the
purpose, limitations, and usage of information obtained from the System. All System users are
required to sign the Rules of Behavior as a condition of access. Penalties may apply for
violations of information protection. Furthermore, DHS employees are required to complete
Information Assurance Awareness training on an annual basis. This training specifically
addresses not only how to maintain and protect sensitive information from unauthorized users
but also how to report a security or privacy incident.
Per the service contract, records retention functions are performed under the oversight of
the Contractor. This level of oversight ensures that the procedures and practices for records
Privacy Impact Assessment
DHS/ALL/PIA-063
Drug-Free Workplace Program
Page 10
retention and destruction are provided in accordance with the contract, the DHS SORN, GRS 1,
Item 36, and NARA.
Section 4.0 Notice
The following questions seek information about the project’s notice to the individual about the information
collected, the right to consent to uses of said information, and the right to decline to provide information.
4.1 How does the project provide individuals notice prior to the
collection of information? If notice is not provided, explain
why not.
DHS Employees
In October 2014, the Department sent a notice via an email from the Chief Human
Capital Officer advising all DHS personnel of the implementation of the DHS Drug-Free
Workplace program. A 30-day notice was also sent to personnel in TDPs, advising them of the
commencement of drug testing under the new DHS Drug-Free Workplace Plan, and
conforming Component plans. The notice may have been provided in hard copy or by email,
depending on the Component, but the employee was required to sign the document to
acknowledge receipt of the notice.
Unions
Messaging was sent to the national unions by email, prior to delivery of the notices
listed above, by the DHS Labor Relations Office and to Component local unions by the
Component Labor Relations offices.
DHS Applicants
Applicants selected for employment at DHS are provided notice of the requirement to be
drug tested in the job opportunity announcement (JOA) via the USA Jobs website and in the TJO.
For applicants, the PII required for the drug test is already submitted when applying for a federal
job, (e.g., name, date of birth, address, phone numbers). The only additional information that is
collected as part of this process is specific to the facilitation of drug testing and the results of the
testing.
Furthermore, once the employee or applicant reports to the collection site, he or she is
provided a Privacy Act Statement, located on the back of the CCF. This Privacy Act Statement
advises employees and applicants about the authorities allowing for such collection, the purpose
of the data collection, how the data collected can be shared, and consequences for refusing to
provide the requested data.
Privacy Impact Assessment
DHS/ALL/PIA-063
Drug-Free Workplace Program
Page 11
4.2 What opportunities are available for individuals to consent
to uses, decline to provide information, or opt out of the
project?
DHS Applicants
Applicants who decline pre-employment testing are informed during the hiring process
that a negative drug test is a condition of employment, as noted on the JOA and TJO. If
applicants refuse to take the required drug test, the TJO is rescinded.
DHS Employees
Employees in TDPs have the right to appeal the TDP designation to the DPC through the
employee’s supervisor. If an employee objects to a TDP designation they can be reassigned to
another position if one is available that does not meet the criteria of a TDP. Otherwise, a refusal
to submit to a drug test is to be treated as a verified positive drug test. Some Components are
new to drug testing, so TDP personnel are advised that their position is a TDP after accepting the
job. However, the Federal Drug-Free Workplace Program has been in existence since 1986.
4.3 Privacy Impact Analysis: Related to Notice
Privacy Risk: There is a privacy risk that applicants or employees will not receive
adequate notice detailing the purpose for the collection of their information, as well as its use,
maintenance, and dissemination.
Mitigation: This privacy risk is mitigated by the notice provided through this PIA.
Additionally, a Privacy Act Statement is provided to the applicants and employees at the time
of specimen collection. By providing notice, DHS mitigates the privacy risks associated with
notice, including the lack of understanding on the part of individuals regarding the collection
and use of their PII, their rights to refuse to participate in the information collection, and their
ability to correct inaccurate information.
Additionally, drug testing first became a requirement of all federal agencies in 1986
and DHS is very accustomed to the drug testing process and the notifications with regard to
the program and the drug testing required thereunder. To ensure transparency, efforts have
been undertaken to advise all DHS employees of the new DHS DFW program, as opposed to
continuing the legacy drug testing programs used by pre-DHS agencies (e.g., USSS under the
Department of Treasury, ICE and USCIS under the Department of Justice).
Privacy Impact Assessment
DHS/ALL/PIA-063
Drug-Free Workplace Program
Page 12
Section 5.0 Data Retention by the project
The following questions are intended to outline how long the project retains the information after the
initial collection.
5.1 Explain how long and for what reason the information is retained.
Information related to the DHS DFW program is retained in accordance with NARA
GRS 1, Item 36.
Agency copies of plans and procedures pertaining to the development of procedures for
drug testing programs, including the determination of testing incumbents in designated
positions are destroyed when three years old or when superseded or obsolete.
Forms completed by employees whose positions are designated sensitive for drug
testing purposes acknowledging that they have received notice that they may be tested
are destroyed when an employee separates from the testing-designated position.
Records relating to the selection of specific employees/applicants for testing and the
scheduling of tests are destroyed after three years.
Records relating to the collection and handling of specimens with regards to “record
books”
15
are destroyed three years after the date of the last entry.
Records relating to the collection and handling of specimens with regards to “chain of
custody records,” which include forms and other records used to maintain control and
accountability of specimens from the point of collection to the final disposition of the
specimen, are destroyed after three years.
Positive test results for an employee are destroyed when he or she leaves the agency or when
three years old, whichever is later. Positive test results for an applicant are destroyed when three
years old. Negative test results for all individuals are destroyed when three years old.
5.2 Privacy Impact Analysis: Related to Retention
Privacy Risk: There is a risk that records will be retained for a longer period of time than
is necessary.
Mitigation: Through contractual obligation, the Contractor is required to adhere to the
following compliance and certification requirements:
“Compliance with the National Archives Records Administration (NARA) General
Records Schedule (GRS) 1, Civilian Personnel Records, Item 36 Federal Workplace Drug Testing
15
Bound books containing identifying data on each specimen, recorded at each collection site in the order in which
the specimens were collected.
Privacy Impact Assessment
DHS/ALL/PIA-063
Drug-Free Workplace Program
Page 13
Program Files, which requires a retention period for related records of three years.” The same
retention requirements apply to DHS.
Per the service contract, records retention functions are performed under the oversight of
the Contractor. This level of oversight ensures that the procedures and practices for records
retention and destruction are provided in accordance with the contract, the DHS SORN, GRS 1,
Item 36, and NARA.
Section 6.0 Information Sharing
The following questions are intended to describe the scope of the project information sharing external to
the Department. External sharing encompasses sharing with other federal, state and local government, and private
sector entities.
6.1 Is information shared outside of DHS as part of the normal
agency operations? If so, identify the organization(s) and how
the information is accessed and how it is to be used.
The employee and applicant PII is provided to the Contractor in accordance with the
enterprise contract, and is shared on a “need to know” basis. Within the Contractor
organization, only the personnel who directly support a Component have access to that
Component’s data. Component drug testing data is not available to all Contractor personnel on
the DHS team, but only to the contractors servicing the particular Component.
The HHS Substance Abuse and Mental Health Services Administration (SAMHSA)
requires that departments and agencies provide statistical information related to their Federal
Drug-Free Workplace programs, in the form of an Annual Survey Report. Although the DHS
report will entail Component-specific information, it includes no PII.
6.2 Describe how the external sharing noted in 6.1 is compatible
with the SORN noted in 1.2.
The Drug-Free Workplace SORN
16
permits the sharing of drug testing information in
accordance with the purpose for which the information is collected and in accordance with the
routine uses listed in the SORN. The purpose of the Drug-Free Workplace Program is to
address illegal drug use by DHS employees and applicants. The SORN’s routine uses define
the circumstances under which drug-testing information can be shared. A complete list of the
routine uses can be found in the SORN. The following are brief examples of the information
sharing permitted by these routine uses.
Information is shared with the Contractor to perform the drug testing functions (Routine
16
DHS/ALL-022 Department of Homeland Security Drug-Free Workplace, 73 FR 64974 (Oct. 31, 2008).
Privacy Impact Assessment
DHS/ALL/PIA-063
Drug-Free Workplace Program
Page 14
Use B). DHS informs the Contractor that it is subject to the same Privacy Act
requirements and limitations on disclosure as are applicable to DHS officers and
employees.
Information is shared with supervisors or management officials of an employee when
the results of the drug test should result in adverse personnel action against the
employee (Routine Use E).
6.3 Does the project place limitations on re-dissemination?
All information collected, maintained, used, and disseminated by DHS during the drug
testing process is covered by the Privacy Act. As such, information may only be disseminated
consistent with the Privacy Act, including the routine uses in the above SORN. DHS does not
share information internally or externally in a manner inconsistent with these Privacy Act
protections or other applicable federal laws, statutes, and DHS policy.
The Contractor is not permitted to disseminate any of the data housed on the System. The
Contractor will not re-disseminate data without the expressed written consent of DHS.
6.4 Describe how the project maintains a record of any
disclosures outside of the Department.
Records of requests for data disclosures will be retained in a secure computer file by the
Contractor. This file will include the date of request, entity requesting disclosure, name of
requestor, purpose of request, and appropriate authority to receive disclosure. The Contractor
will not re-disseminate data without the expressed written consent of DHS.
6.5 Privacy Impact Analysis: Related to Information Sharing
Privacy Risk: There is the risk of unauthorized disclosure related to information sharing.
Mitigation: This risk is mitigated. Requests for data disclosures require the following
information: entity requesting disclosure, name of requestor, purpose of request, and
appropriate authority to receive disclosure prior to sharing of information outside normal drug
testing operations. Written permission for disclosure must be obtained from the Component’s
DPC, or if it pertains to all Components, from the DHS DPA. Additionally, Contractor
personnel are required to sign a non-disclosure agreement.
Privacy Impact Assessment
DHS/ALL/PIA-063
Drug-Free Workplace Program
Page 15
Section 7.0 Redress
The following questions seek information about processes in place for individuals to seek redress which
may include access to records about themselves, ensuring the accuracy of the information collected about them,
and/or filing complaints.
7.1 What are the procedures that allow individuals to access
their information?
Individual applicants or employees who desire to receive copies of their drug test results
or additional information related to their drug test may also submit that request in writing
directly to the Component DPC listed on the front of the CCF. Individuals may also follow the
access procedures list in the Drug-Free Workplace SORN.
17
Employees can also correct their
information at any time via their Supervisor or Human Resources point of contact.
7.2 What procedures are in place to allow the subject individual
to correct inaccurate or erroneous information?
Individuals who wish to request corrections to their personal information may submit that
request in writing directly to the Component DPC listed on the front of the CCF. Personnel with
non-negative tests are permitted to demonstrate to the MRO why the use of the substance is legal
(e.g., by providing a valid prescription for the substance).
18
If the individual alleges the specimen
was not his or hers, he or she may contest the test. However, the original specimen was split in
two separate vials labeled with the person’s tracking information and initialed by that individual.
The vials are also stored in case the individual requests analysis of the second specimen.
7.3 How does the project notify individuals about the procedures
for correcting their information?
Employees and applicants who are drug tested are provided with the Donor Copy (Copy
5) of the CCF.
19
This form provides the name, address, and phone number for the Component
DPC. Individuals who see errors on the CCF can contact the DPC and request in writing that
corrections be made in the personnel system. Once an error has been brought to the attention of the
DPC, the DPC will inform the OCHCO HRMS payroll/processing team of the error and the
required correction. The OCHCO HRMS is the data source for the PII required for employee
drug testing.
17
DHS/ALL-022 Department of Homeland Security Drug-Free Workplace, 73 FR 64974 (Oct. 31, 2008).
18
The information about a preliminary positive that ends up being negative after a prescription is produced is not
available to the DPC. Information about what prescription drugs is not presented prior to a test to avoid over-
collection of information that may not be needed.
19
The CCF is the document used to track the custody, control, transfer, analysis, and disposal of the specimen. The
five (5) copies in the CCF are: 1) Test Facility; 2) MRO; 3) Collector; 4) Employer; and 5) Donor.
Privacy Impact Assessment
DHS/ALL/PIA-063
Drug-Free Workplace Program
Page 16
7.4 Privacy Impact Analysis: Related to Redress
Privacy Risk: There is a privacy risk that applicants or employees will not know how to
access, correct, or amend their personnel records.
Mitigation: This risk is mitigated. For government employees, all personnel records are
covered by the Privacy Act and fall under the Drug-Free Workplace SORN managed and
maintained by DHS. The CCF also lists the Component DPC, to whom individuals who wish
to request corrections to their personal information may submit requests in writing.
Section 8.0 Auditing and Accountability
The following questions are intended to describe technical and policy based safeguards and security
measures.
8.1 How does the project ensure that the information is used
in accordance with stated practices in this PIA?
User accounts/roles allow authorized personnel to access data based specifically on
their job function. In addition to user responsibilities, a unique user ID and password are
assigned, the privacy notice is posted on the System login screen, and activity is tracked via
audit logs.
The Contractor is responsible for ensuring the System is following federal guidelines for
external systems, as well as abiding by the Terms and Conditions of the contract.
8.2 Describe what privacy training is provided to users
either generally or specifically relevant to the project.
DHS mandates annual privacy and IT security training to all employees and contractors.
Additionally, new System users are provided with user tutorial training.
8.3 What procedures are in place to determine which users may
access the information and how does the project determine
who has access?
DHS Components identify authorized System users based on a strict “need to know”
basis. Authorized users are granted access via user ID and password, and access is tracked via a
quarterly audit. The Component user access approval process includes all requests for access
being provided to Component DPCs. Once approved, the System Administrator issues the user a
unique user ID and password, and access to the System tutorial.
Privacy Impact Assessment
DHS/ALL/PIA-063
Drug-Free Workplace Program
Page 17
8.4 How does the project review and approve information sharing
agreements, MOUs, new uses of the information, new access to
the system by organizations within DHS and outside?
All DHS Drug-Free Workplace program agreements at the Department level will be
reviewed by the OCHCO Contract Specialist, the DHS Privacy Office, and DHS DPA, with
higher level review by the OCHCO Human Capital Policy and Programs (HCPP) Executive
Director available as appropriate. All Component-level agreements will be reviewed by the DPC,
the Component Privacy Office, and the Component Procurement Office.
Responsible Officials
Jason Kruse, Director
HCBS Standards and Compliance
Office of the Chief Human Capital Officer
Department of Homeland Security
Approval Signature
Original, signed copy on file with the DHS Privacy Office.
Philip S. Kaplan
Chief Privacy Officer
Department of Homeland Security
Privacy Impact Assessment
DHS/ALL/PIA-063
Drug-Free Workplace Program
Page 18
Appendix A
Components that fall under the enterprise-wide contract for drug testing services are:
1. Headquarters
20
2. U.S. Customs and Immigration Services (USCIS)
3. Federal Emergency Management Agency (FEMA)
4. Federal Law Enforcement Training Center (FLETC)
5. Office of the Inspector General (OIG)
6. United States Secret Service (USSS)
20
National Protection and Programs Directorate (NPPD) currently has its own plan and is not covered by the
enterprise-wide contract.