Download:
pdf |
pdfThe Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
571-227-3813, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
June 15, 2006 Version
Page 1 of 8
PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.
Please use the attached form to determine whether a Privacy Impact Assessment (PIA)
under the E‐Government Act of 2002 and the Homeland Security Act of 2002 is
required.
Please complete the form and return for review by the DHS Privacy Office:
Rebecca J. Richards
Director of Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 571‐227‐3813
Fax: 571‐227‐4171
[email protected]
If a PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy
Impact Assessment Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website,
www.dhs.gov/privacy, on DHSOnline and directly from the DHS Privacy Office via
email: [email protected], phone: 571‐227‐3813, and fax: 571‐227‐4717.
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
571-227-3813, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
June 15, 2006 Version
Page 2 of 8
PRIVACY THRESHOLD ANALYSIS
Please complete this form and send it to the DHS Privacy Office.
Upon receipt, the DHS Privacy Office will review this form
and may request additional information.
SUMMARY INFORMATION
DATE submitted for review: January 5, 2007
NAME of Project: PREDICT
Name of Component: Science and Technology
Name of Project Manager: Doug Maughan
Email for Project Manager: [email protected]
Phone number for Project Manger: 202‐360‐3170
TYPE of Project:
Information Technology and/or System
The E‐Government Act of 2002 defines these terms by reference to the
definition sections of Titles 40 and 44 of the United States Code. The
following is a summary of those definitions:
•
“Information Technology” means any equipment or interconnected
system or subsystem of equipment, used in the automatic acquisition,
storage, manipulation, management, movement, control, display,
switching, interchange, transmission, or reception of data or
information. See 40 U.S.C. § 11101(6).
•
“Information System” means a discrete set of information resources
organized for the collection, processing, maintenance, use, sharing,
dissemination, or disposition of information. See: 44. U.S.C. § 3502(8).
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
571-227-3813, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
June 15, 2006 Version
Page 3 of 8
Note, for purposes of this form, there is no distinction made between
national security systems or technologies/systems managed by
contractors. All technologies/systems should be initially reviewed for
potential privacy impact.
A Notice of Proposed Rule Making or a Final Rule.
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
571-227-3813, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
June 15, 2006 Version
Page 4 of 8
SPECIFIC QUESTIONS
1.
Describe the project and its purpose:
PREDICT was created to help to protect and defend the cyber
infrastructure of our country. PREDICT datasets are available to
approved researchers who are conducting cyber security research that
is in the interests of the United States. Due to PREDICTʹs inability to
manage operations and audit and monitor compliance with PREDICT
operational policies and procedures outside the United States, all
research and work involving PREDICT datasets must be carried out at
locations within the 50 United States.
PREDICT’s goals are to
•
Provide a central repository, accessible through a Web‐based
portal that catalogs current computer network operational data. (Data
Catalog/Metadata)
•
Provide secure access to multiple sources of data collected as a
result of use and traffic on the Internet.
•
Facilitate data flow among PREDICT participants for the
purpose of developing new models, technologies and products that
support effective threat assessment and increase cyber security
capabilities.
2.
Status of Project:
This is a new development effort.
This an existing project
Date first developed:
Date last updated:
3.
Could the project relate in any way to an individual?
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
571-227-3813, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
June 15, 2006 Version
Page 5 of 8
Projects can relate to individuals in a number of ways. For example, a
project may include a camera for the purpose of watching a physical
location. Individuals may walk past the camera and images of those
individuals may be recorded. Projects could also relate to individuals
in more subtle ways. For example, a project that is focused on
detecting radioactivity levels may be sensitive enough to detect
whether an individual received chemotherapy.
No. The Assessment is complete. Please send to the DHS Privacy Office.
Yes. Please answer the following questions.
PREDICT requires for you to submit personal information in order for
you to obtain access to the system and be given an account. The
personal information of the individual is stored on the SQL database.
Individuals requesting an account must submit a Sponsorship Letter
with this account request. Individuals requesting accounts must select
a role to associate the user with specified access to specified data. All
roles will need to complete a Memorandum of Agreement to fully
participate in PREDICT. The following are the different types of roles
associated with PREDICT:
Data Hosts: An organization providing computing infrastructure to
host PREDICT datasets
Data Providers: An organization providing datasets to PREDICT
Researchers: Individuals seeking access to PREDICT datasets to
develop products or services that support strong cyber defense.
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
571-227-3813, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
June 15, 2006 Version
Page 6 of 8
4.
What information about individuals could be collected, generated or retained?
USER INFORMATION
Required fields are marked with *
* First Name:
* Last Name:
* Street 1:
Street 2:
* City:
* State:
* Zip Code:
* Phone Number(s):
Office
Home
Cell
Fax:
* E‐mail:
SPONSORING ORGANIZATION INFORMATION
Sponsoring Organization Authorized Representative
* Organization Name:
* First Name:
* Street 1:
* Last Name:
Street 2:
* Phone:
* City: * E‐mail:
*State:
* Zip Code:
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
571-227-3813, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
June 15, 2006 Version
Page 7 of 8
5.
Is there a Certification & Accreditation record within OCIO’s FISMA tracking
system?
Do not know.
No.
Yes. Please indicate the determinations for each of the following:
Confidentiality:
Integrity:
Availability:
Low
Moderate
High
Undefined
Low
Moderate
High
Undefined
Low
Moderate
High
Undefined
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
571-227-3813, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
June 15, 2006 Version
Page 8 of 8
PRIVACY THRESHOLD REVIEW
(To be Completed by the DHS Privacy Office)
DATE reviewed by the DHS Privacy Office: January 5, 2007
NAME of the DHS Privacy Office Reviewer: Rebecca J. Richards
DESIGNATION: This system is designated:
A Privacy Sensitive System
Not a Privacy Sensitive System – In its current version.
This determination may change as the system itself changes over time.
DHS PRIVACY OFFICE COMMENTS:
PIA is required. PII is collected.
�
| File Type | application/pdf |
| File Title | DHS PRIVACY OFFICE |
| Author | pia |
| File Modified | 2008-05-05 |
| File Created | 2007-01-05 |