The Office of Economic Opportunity has built strong privacy protections into the Integrated Data System. These practices conform to the federal regulations that govern the confidentiality of education records and unemployment insurance information. OEO determines and authorizes ‟need to know” access to personal information. OEO also minimizes disclosure risk by anonymizing data when used for statistical research and applies disclosure control methods to tabulations and other output from studies before release.

The Workforce Data Task Force oversees development of the IDS. The Task Force is established in the Office of Economic Opportunity (OEO), which serves as the lead agency and oversees IDS operations. The OEO is dedicated to maintaining the highest level of information security for our cloud-based technology infrastructure. Our system operates within a fully isolated, FedRAMP-authorized environment, ensuring stringent data protection. To safeguard these critical systems, we work closely with the Arizona Department of Homeland Security (AZDOHS), the Arizona Department of Administration’s Arizona Strategic Enterprise Technology (ADOA ASET) division, and the National Guard.

Encryption is one of many techniques OEO uses to protect data when it is at rest and in transit. OEO encrypts data in storage using recommendations from the National Institute of Standards and Technology (NIST). OEO also protects data transmissions by encrypting data before transmission; verifying the source (either a person or process) and the destination; and checking that the data arrives unaltered.

We employ a rigorous approach to security, combining continuous monitoring and regular updates to maintain system integrity. This ensures that security controls remain up-to-date, reflecting the latest industry standards and addressing emerging threats. Additionally, we

collaborate with trusted third-party providers to implement necessary patches and improvements, keeping our environment current with evolving best practices. Our partnership with the Cybersecurity and Infrastructure Security Agency (CISA) further reinforces our commitment to governance and compliance.

Our cloud-based technology infrastructure is designed with a zero-trust security model, ensuring that access is granted only to authorized researchers through a multi-layered authentication process and on trusted devices. This approach emphasizes strict identity verification and system monitoring to protect against unauthorized access.

In alignment with the National Institute of Standards and Technology (NIST) 800-53 guidelines, our system undergoes annual independent third-party assessments, verifying compliance with all regulatory standards. Risk is minimized through a proactive strategy and a close partnership with the Cyber community. This comprehensive strategy of continuous monitoring, updating, and evaluation ensures that our cloud infrastructure remains resilient, secure, and fully compliant with the highest security frameworks.

To ensure transparency and to help establish public trust in IDS operations, OEO publishes the results of the most recent PIA on this page.

Privacy Impact Assessment (PDF, 165KB, 14 pages)