Privacy Impact Assessment (PIA) Summary
USAID’s Human Capital and Talent Management Division use the Government Retirement and Benefits (GRB) System to perform accurate retirement calculations for USAID staff. The GRB Platform is the only known customized and distinctive software system capable of providing accurate retirement and benefit estimates for both the Civil Service (CS) and Foreign Service (FS) retirement system, which include the Civil Service Retirement System (CSRS), Federal Employees Retirement System (FERS), Foreign Service Retirement and Disability (FSRDS) and Foreign Service Pension System (FSPS).
The GRB Platform is a complete Software-as-a-Service (SaaS) Federal Retirement and Benefits Administration solution that meets the goals and objectives of the HR Line of Business (HRLoB). Offered on a subscription basis for unlimited use and developed specifically for the Federal sector, the GRB Platform combines tools and capabilities for human resource specialists, managers, and employees into a common system. The GRB Platform contains a flexible bi-directional interface used to communicate with an Agency’s payroll/human resource information system (HRIS), third-party benefits providers, and any outside parties as necessary. Hosted in GRB’s data center, the GRB Platform has received certification and accreditation by meeting the stringent security requirements of FIPS 199 and NIST 800-60. This Platform also provides HR Specialists with a suite of tools for assisting employees with their retirement and benefits decision in which it increases productivity and lowers cost by providing the framework for organizing and managing a high volume caseload.
The Department of State (DOS) and USAID use the same SaaS Platform for employee retirement information. GRB will facilitate the processing of benefits and prevent errors and other issues arising as the two agencies work together to provide these services. There is no interface or connection of any kind with the DOS instance of GRB. Rather, through GRB, USAID will conduct retirement calculations in a similar manner to DOS.
GRB is a web-based application that assists in calculating an employee’s retirement options and benefits. The GRB system is replacing the legacy FedHR (FHR) Navigator tool, which provided largely the same functionality; however, its calculations for Foreign Service Officers (FSOs) did not align with the DOS FSO calculations. Transitioning to GRB will provide consistency across the FSO community. GRB includes functionality for HR Specialists and for use via self-service.
GRB requires the use of PII, which will be provided to GRB through the National Finance Center (NFC) payroll system. The NFC serves as the data collection for the employment and compensation data used in GRB. Only pertinent PII that is necessary to accurately compute retirement estimates would be extracted from NFC, including names, dates of birth, and Social Security numbers (SSNs). In cases where there are gaps in the NFC data provided (i.e., federal service from another agency or USAID service prior to implementation of NFC), HCTM’s HR Specialists may manually input data from the user’s federal employment history to complete the calculations. See 3.4.5 for storage, archiving, and disposition procedures for these data.
Though HCTM attempts to use the SSN sparingly, it is the sole unique identifier in the NFC payroll system. For this reason, the SSN must be used in GRB because a consistent unique identifier for each employee must be used for the data update process. Additionally, the agencies that process retirement packages for USAID retirees (OPM for Civil Service and State Department for Foreign Service) require the SSN for processing. To minimize the risk of exposing the SSN, the whole SSN is masked to the regular employee end user. The SSN is not masked on the HR side because the system is using SSN as the employee unique identifier. The reason is that the HR user will be looking up the employee by SSN and that the SSN will be used on OPM forms that require the SSN to be displayed. This information is extracted by USAID and provided to GRB via a Secure File Transfer Protocol (SFTP) process.
No information is collected directly by the GRB system. Rather, NFC compensation and employment data will be uploaded into GRB using the following steps:
- Data set is manually queried from the NFC system.
- The .csv file is downloaded, encrypted with AES128 or better, and saved onto the user’s network drive.
- The encrypted .csv file is sent securely via SFTP and uploaded into GRB.
- The encrypted .csv file is permanently deleted from the user’s network drive after a successful SFTP.
The data are used in a series of projections and calculations associated with retirement benefits and planning; it includes pertinent PII that is necessary for these calculations, including names, dates of birth, and SSNs.
HR Specialists consult with USAID employees on the process and may walk through the information contained in GRB. There is no direct connection between GRB and any other system.