Supports the general management of the organizational workforce, including functions such as personnel action processing, employee tracking, position classification and management, discipline/grievance, advancement and awards, and labor relations. The overall accountability rating for this information classification is Low.
Confidentiality level = Low
The confidentiality impact level is the effect of unauthorized disclosure of personnel management information on the abilities of responsible entities to manage the organizational workforce. The consequences of unauthorized disclosure of the majority of personnel management information will result in a limited adverse effect on organizational operations, organizational assets, or individuals.
Known mitigating factors toward changing the confidentiality level
Where more sensitive information is involved, it will probably be personal information subject to the various state and international privacy laws, the Health Insurance Portability and Accountability Act of 1996, the Payment Card Industry Data Security Standard, contractual security and privacy standards, or other laws and executive orders affecting the dissemination of information regarding individuals. (The provisional impact levels for personnel information are documented in the Personal Identity and Authentication, Income, Representative Payee, and Entitlement Event information types.) In such cases, the consequences of unauthorized disclosure of personnel management information could be serious. For those cases, the confidentiality impact level might be moderate. In a few cases (e.g., where some employees and/or clients are potential targets for retaliation by criminal elements or targets of criminal intelligence organizations), unauthorized disclosure of some personnel management information (e.g., name, address, title, organization, dependents’ information) can have life-threatening consequences and has a high confidentiality impact level.
Integrity level = Low
The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of personnel management information depends mostly on the criticality of the information with respect to organizational mission capability, protection of organizational assets, and safety of individuals. Although there can be serious short-term effects for individuals, the effects of modifications or deletion of this information are generally limited with respect to organizational mission capabilities or assets.
Known mitigating factors toward changing the integrity level
In some cases (e.g., where an organization’s mission is strongly dependent on organized labor), integrity compromises that adversely affect a significant subset of the workforce can result in work stoppages that adversely affect the organization’s mission. Where interruptions to organizational missions can have serious or life-threatening consequences for individuals, the impacts of integrity compromises can be moderate or even high.
Availability level = Low
The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to reestablish access to the personnel management information. Typically, personnel management processes are tolerant of reasonable delays.
Known mitigating factors toward changing the availability level
In some cases (e.g., where an organization’s mission is strongly dependent on organized labor), loss of availability of information that adversely affects a significant subset of the workforce can result in work stoppages that adversely affect the organization’s mission. Where interruptions to organizational missions can have serious or life-threatening consequences for individuals, the impacts of availability compromises can be moderate or even high.