The Office of Energy Efficiency and Renewable Energy (EERE) has requirements for websites, applications, customer surveys, and user experience (UX) research that collect data on individuals, also called personally identifiable information (PII).
The U.S. Department of Energy (DOE) defines PII as:
Any information collected or maintained by the department about an individual, including but not limited to, education, financial transactions, medical history and criminal or employment history, and information that can be used to distinguish or trace an individual's identity, such as his/her name, social security number, date and place of birth, mother's maiden name, biometric data, and including any other personal information that is linked or linkable to a specific individual.
Any personal information you collect may be PII. Even email addresses may be PII if they include a person's full name.
If your project involves PII, you must determine the following:
- How sensitive it is
- Whether you need to submit a Privacy Impact Assessment
- How to host the PII
- How to prepare PII for release.
Determining the Sensitivity Level of Your Data
PII becomes more sensitive based on how much harm, embarrassment, or inconvenience it will cause to an individual or an organization if that information is lost, compromised, or disclosed.
Determining how sensitive a collection is can be subjective. It depends on many factors, such as what information you're collecting, what information is associated with each other, and how it will be used. In general, the more information that's associated with an individual, the more sensitive that PII becomes. Because of this, you should always collect as little PII as necessary.
To get an idea of how sensitive your collection may be:
- Write down the questions you want to ask in your survey or for UX research.
- Consider the questions as a whole. How much information about each person will you collect? How much harm would it do if it was released? What will do you with the PII that you collect? Do you need it all for your project to be successful?
EERE forbids the collection of high-sensitivity PII on its websites. Your PII is of "high" sensitivity when one of two things happens:
- You ask for information that would have a severe or catastrophic effect on an individual if it was released, such as social security numbers or biometric identifiers (such as fingerprints.)
- You ask many questions that, taken as a whole, create a complete and in-depth profile of an individual.
Submitting a Privacy Impact Assessment Form
If you need to collect PII for your project, mention it in your concept meeting with the Web Governance Team (WGT). Send the WGT your project charter and include which information you want to collect, how you will collect it, and where it will be stored.
The WGT will tell you if you need to fill out a Privacy Impact Assessment (PIA) or not. If you need to, fill out the PIA and send it to the WGT.
Hosting and Storing Personally Identifiable Information
All PII must be stored on DOE computers. This means:
- If you want to use a 3rd-party website to collect PII, you must use one of EERE's approved software tools for UX research projects or event registration systems.
- Databases that collect PII must be hosted on the EERE Centralized Web Hosting Environment or on another server that meets EERE's security requirements for hosting applications.
- Files (such as Excel or Word files) that include PII should be stored on DOE computers, not on flash drives or mobile devices.
- Files that include PII cannot be posted publicly until the PII has been removed.
- Dispose of PII when you no longer need it.
If you have questions about what information you can collect and where you can store it, contact the Web Governance Team and attend a meeting.
Preparing Data for Analysis or Release
If you can analyze your data with all of the PII removed, then do so. Remove the PII by replacing it with anonymous data that is unassociated with an individual, like ID numbers or aliases. Store this anonymized data on your computer and delete all the PII.
No information can be posted publicly or released outside of DOE until all PII has been removed.