DD Form 2930, "Privacy Impact Assessment (PIA), June 2017".pdf

PREVIOUS EDITION IS OBSOLETE.

Page 1 of 8

DD FORM 2930, JUN 2017

PRIVACY IMPACT ASSESSMENT (PIA)

PRESCRIBING AUTHORITY: DoD Instruction 5400.16, "DoD Privacy Impact Assessment (PIA) Guidance". Complete this form for Department of Defense

(DoD) information systems or electronic collections of information (referred to as an "electronic collection" for the purpose of this form) that collect, maintain, use,

and/or disseminate personally identifiable information (PII) about members of the public, Federal employees, contractors, or foreign nationals employed at U.S.

military facilities internationally. In the case where no PII is collected, the PIA will serve as a conclusive determination that privacy requirements do not apply to

system.

1. DOD INFORMATION SYSTEM/ELECTRONIC COLLECTION NAME:

Air Education and Training Command Enterprise Mobility Management (AETC EMM)

2. DOD COMPONENT NAME:

United States Air Force

3. PIA APPROVAL DATE:

11/14/23

Air Education and Training Command Cyber Strategy, Programs and Projects

SECTION 1: PII DESCRIPTION SUMMARY (FOR PUBLIC RELEASE)

a. The PII is: (Check one. Note: Federal contractors, military family members, and foreign nationals are included in general public.)

From members of the general public From Federal employees

from both members of the general public and Federal employees Not Collected (if checked proceed to Section 4)

b. The PII is in a: (Check one.)

New DoD Information System New Electronic Collection

Existing DoD Information System Existing Electronic Collection

Significantly Modified DoD Information System

c. Describe the purpose of this DoD information system or electronic collection and describe the types of personal information about individuals

collected in the system.

The function of this IT investment is to provide an approved and authorized device and content management solution for mobile users in a

training environment. Using device managed, cloud storage with access to AFNet email through soft credentials. The AETC EMM leverages

a commercial Internet connection to provide enterprise approved content anywhere, anytime.

Categories of individuals that data is collected from are active duty members, DAF civilians and contractors.

The following types of data collected are: Official Duty Address, Work email address, Official Duty Telephone, Position/Title, Rank/Grade,

DoD ID Number and Name(s)

d. Why is the PII collected and/or what is the intended use of the PII? (e.g., verification, identification, authentication, data matching, mission-related use,

administrative use)

PII is collected for Identification, verification for the creation of user accounts.

e. Do individuals have the opportunity to object to the collection of their PII?

Yes No

(1) If "Yes," describe the method by which individuals can object to the collection of PII.

(2) If "No," state the reason why individuals cannot object to the collection of PII.

PII collected is for account management. Individuals can object, however, failure to provide PII may result to denial of access to the AETC

EMM.

f. Do individuals have the opportunity to consent to the specific uses of their PII? Yes No

(1) If "Yes," describe the method by which individuals can give or withhold their consent.

(2) If "No," state the reason why individuals cannot give or withhold their consent.

PII collected is for account management. Individuals can object, however, failure to provide PII may result to denial of access to the AETC

EMM.

g. When an individual is asked to provide PII, a Privacy Act Statement (PAS) and/or a Privacy Advisory must be provided. (Check as appropriate and

provide the actual wording.)

Privacy Act Statement Privacy Advisory Not Applicable

Privacy Act Statement

PURPOSE: The information will be used to grant access to the AETC EMM. The DD Form 2875, System Access Authorization Request

(SAAR) is used to collect the information used for this purpose.

PREVIOUS EDITION IS OBSOLETE.

Page 2 of 8

DD FORM 2930, JUN 2017

AUTHORITY: 5 U.S.C. Chapter 41, Training; 5 CFR part 410, Office of Personnel Management-Training; E.O. 11348, Providing for the

Further Training of Government Employees, as amended by E.O. 12107. The applicable System of Records Notice(s) is DoD 0005, Defense

Training Records

PRINCIPLE PUPOSE(S): To record names, signatures and other identifiers for the purpose of validating the trustworthiness of individuals

requesting access to AETC EMM and information. As well as for the creation of user accounts on the AETC EMM. NOTE: Records may be

maintained in both electronic and/or paper form. Information is not shared outside the AETC EMM Program Office or with other systems.

ROUTINE USE(S): None

DISCLOSURE: Disclosure of this information is voluntary; however, failure to provide to requested information may impede, delay or

prevent further access to the AETC EMM.

h. With whom will the PII be shared through data/system exchange, both within your DoD Component and outside your Component?

(Check all that apply)

Within the DoD Component Specify.

Strictly for AETC EMM Access

Other DoD Components (i.e. Army, Navy, Air Force) Specify.

Other Federal Agencies (i.e. Veteran’s Affairs, Energy, State) Specify.

State and Local Agencies Specify.

Contractor (Name of contractor and describe the language in

the contract that safeguards PII. Include whether FAR privacy

clauses, i.e., 52.224-1, Privacy Act Notification, 52.224-2,

Privacy Act, and FAR 39.105 are included in the contract.)

Specify.

Other (e.g., commercial providers, colleges). Specify.

i. Source of the PII collected is: (Check all that apply and list all information systems if applicable)

Individuals

Databases

Existing DoD Information Systems Commercial Systems

Other Federal Information Systems

Air Force Directory Services

j. How will the information be collected? (Check all that apply and list all Official Form Numbers if applicable)

E-mail Official Form (Enter Form Number(s) in the box below)

In-Person Contact Paper

Fax Telephone Interview

Information Sharing - System to System Website/E-Form

Other (If Other, enter the information in the box below)

DD Form 2875 System Access Authorization Request (SAAR)

k. Does this DoD Information system or electronic collection require a Privacy Act System of Records Notice (SORN)?

A Privacy Act SORN is required if the information system or electronic collection contains information about U.S. citizens or lawful permanent U.S. residents that

is retrieved by name or other unique identifier. PIA and Privacy Act SORN information must be consistent.

Yes No

If "Yes," enter SORN System Identifier

Defense Training Records DoD 0005

SORN Identifier, not the Federal Register (FR) Citation. Consult the DoD Component Privacy Office for additional information or http://dpcld.defense.gov/

Privacy/SORNs/

If a SORN has not yet been published in the Federal Register, enter date of submission for approval to Defense Privacy, Civil Liberties, and Transparency

Division (DPCLTD). Consult the DoD Component Privacy Office for this date

PREVIOUS EDITION IS OBSOLETE.

Page 3 of 8

DD FORM 2930, JUN 2017

If "No," explain why the SORN is not required in accordance with DoD Regulation 5400.11-R: Department of Defense Privacy Program.

l. What is the National Archives and Records Administration (NARA) approved, pending or general records schedule (GRS) disposition authority

for the system or for the records maintained in the system?

(1) NARA Job Number or General Records Schedule Authority.

(2) If pending, provide the date the SF-115 was submitted to NARA.

(3) Retention Instructions.

While it is asserted there is no records data in AETC EMM, the DAF Records Office notes the statement, "NOTE: Records may be

maintained in both electronic and/or paper form" in response to question g in Section 1 of this PIA. The DAF Records Office strongly

encourages the creation of electronic forms per OMB Memorandum M-19-21 (Transition to Electronic Records) and OMB Memorandum

M-23-07.

m. What is the authority to collect information? A Federal law or Executive Order must authorize the collection and maintenance of a system of

records. For PII not collected or maintained in a system of records, the collection or maintenance of the PII must be necessary to discharge the

requirements of a statue or Executive Order.

(1) If this system has a Privacy Act SORN, the authorities in this PIA and the existing Privacy Act SORN should be similar.

(2) If a SORN does not apply, cite the authority for this DoD information system or electronic collection to collect, use, maintain and/or disseminate PII.

(If multiple authorities are cited, provide all that apply).

(a) Cite the specific provisions of the statute and/or EO that authorizes the operation of the system and the collection of PII.

(b) If direct statutory authority or an Executive Order does not exist, indirect statutory authority may be cited if the authority requires the

operation or administration of a program, the execution of which will require the collection and maintenance of a system of records.

(c) If direct or indirect authority does not exist, DoD Components can use their general statutory grants of authority (“internal housekeeping”) as

the primary authority. The requirement, directive, or instruction implementing the statute within the DoD Component must be identified.

5 U.S.C. Chapter 41, Training; 5 CFR part 410, Office of Personnel Management-Training

n. Does this DoD information system or electronic collection have an active and approved Office of Management and Budget (OMB) Control

Number?

Contact the Component Information Management Control Officer or DoD Clearance Officer for this information. This number indicates OMB approval to

collect data from 10 or more members of the public in a 12-month period regardless of form or format.

Yes No Pending

(1) If "Yes," list all applicable OMB Control Numbers, collection titles, and expiration dates.

(2) If "No," explain why OMB approval is not required in accordance with DoD Manual 8910.01, Volume 2, " DoD Information Collections Manual:

Procedures for DoD Public Information Collections.”

(3) If "Pending," provide the date for the 60 and/or 30 day notice and the Federal Register citation.

0704-0630 DD2875 System Authorization Access Request 03-29-2025

NOTE: Sections 1 above is to be posted to the Component's Web site. Posting of these Sections indicates

that the PIA has been reviewed to ensure that appropriate safeguards are in place to protect privacy. A

Component may restrict the publication of Sections 1 if they contain information that would reveal

sensitive information or raise security concerns.