Download:
pdf |
pdfThe Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version date: July 14, 2009
Page 1 of 7
PRIVACY THRESHOLD ANALYSIS (PTA)
DHS WEB PORTALS
This form is used to determine whether
the DHS Web Portals Privacy Impact Assessment (PIA) covers the relevant portal.
Many DHS operations and projects require collaboration and communication amongst affected
stakeholders. One method of effectuating such collaboration is the establishment of an online “portal”
allowing authorized users to obtain, post and exchange information, access common resources, and
generally communicate with similarly situated and interested individuals. DHS has written the DHS
Web Portals PIA to document these informational and collaboration‐based portals in operation at DHS
and its Components, which collect, use, maintain, and share limited personally identifiable information
about individuals who are “members” of the portal or who seek to gain access to the portal “potential
members.”
To determine whether your portal is covered please review the DHS Web Portals PIA, complete this
form, and send it to your component Privacy Office. If you do not have a component Privacy Office,
please send the PTA to the DHS Privacy Office:
Rebecca J. Richards
Director of Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 703‐235‐0780
[email protected]
Upon receipt, the DHS Privacy Office will review this form. If the DHS Privacy Office determines that
your portal is covered, the name of your project to Appendix A of the Web Portals PIA. If the Privacy
Office determines that your portal is not covered, we will send you a copy of the Official Privacy Impact
Assessment Guide and accompanying Template to complete and return.
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version date: July 14, 2009
Page 2 of 7
PRIVACY THRESHOLD ANALYSIS (PTA)
Please complete this form and send it to the DHS Privacy Office.
Upon receipt, the DHS Privacy Office will review this form
and may request additional information.
SUMMARY INFORMATION
DATE submitted for review: July 20, 2009
NAME of Project: First Responder Communities of Practice (FR CoP)
Name of Component: Science and Technology
Name of Project Manager: King Waters
Email for Project Manager: [email protected]
Phone number for Project Manger: 202‐254‐6766
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version date: July 14, 2009
Page 3 of 7
SPECIFIC QUESTIONS
1.
Describe the project and its purpose:
DHS S&T Directorate‘s First Responder Technologies (R‐Tech) program is
developing a secure web application to provide the nation’s First Responders with a
platform they can use to collaborate on important issues that affect the safety and
security of the nation. The First Responders Community of Practice (FR CoP)
application will serve federal, state, local and tribal First Responders in fostering
information sharing, communication, collaboration and innovation. The system will
be owned by DHS S&T and hosted at a DHS data center. The system will be operated
by S&T and S&T contractors, who will have access to system user registration data.
2.
Status of Project:
This is a new development effort.
This an existing project.
Date first developed:
Date last updated:
3.
What information about individuals could be collected, generated, or retained?
First and Last Name
Email Address
Phone Number
Business Affiliation
Mailing Address
Supervisor Information
Other:
REQUIRED: First Name, Last Name, E‐Mail, Discipline(s), Job Title, Primary Work Zip, Primary
Work City, and Primary Work State.
REQUIRED FOR USERS WHO REQUIRE VETTING (See PTA #6): Sponsor First Name, Sponsor
Last Name, Sponsor Title, Sponsor E‐Mail, and Sponsor Organization Phone Number.
OPTIONAL: Organization Name, Retired (Y/N), Work Phone Number, Primary Work Zip
Extension, Time Period With Organization, Profile Picture, Professional Bio (free text),
Professional Certifications, Professional Associations, and Interests. Also OPTIONAL and
related to a users education: School Name, Dates Attended, and Degree Obtained.
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version date: July 14, 2009
Page 4 of 7
4.
What information is collected for security questions1?
Mothers Maiden Name
Social Security Number
Date of Birth
Other:
5.
Is the information collected directly from the individuals seeking membership to the
informational/collaboration‐based portal?
Yes.
No. Please describe the information source and collection method.
6.
Please describe how individuals are verified during the portal registration process.
Email Supervisor
Phone Supervisor
Other: FR CoP users will fall in to four ʺvettingʺ categories when they register:
1. Users with existing/active FR CoP accounts will be authorized to invite colleagues/contacts
relevant to the mission of FR CoP to join the system (after being asked to actively acknowledge
that the individual they are inviting is indeed a First Responder). No further vetting will be
required for individuals who are invited by existing/active members. NOTE: The system will be
developed to automatically record this relationship (who a user was invited by and who the user
has invited).
2. Designated DHS personnel (approved by the FR CoP System Owner) will be authorized to
invite individuals to register for FR CoP. Designated Contractors will be permitted to
recommend prospective users to the FR CoP System Owner for approval. No further vetting
will be required for individuals officially invited to register.
1
The Privacy Office encourages Components to collect non‐sensitive PII as an alternative to sensitive PII wherever possible,
including for registration purposes. If your Component seeks coverage by this PIA and collects sensitive PII for registration
purposes, please consult with the Privacy Office and provide justification for the collection of this information. The Privacy Office
will then determine whether the relevant portal may be covered by this PIA.
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version date: July 14, 2009
Page 5 of 7
3. Prospective users who register for an FR CoP account using a .mil or .gov email address will
be processed without further vetting if they acknowledge, via the registration form, that they are
indeed a First Responder or regularly work with First Responders (making them a relevant FR
CoP system stakeholder).
4. Prospective users who register without an explicit invitation (and therefor do not fall into any
of the previous three categories) will be manually vetted by designated DHS personnel. Data
provided by the prospective user during the registration process (to include First and Last Name,
E‐Mail, Discipline(s), Organization Name, Work Phone, Primary Work Zip, Primary Work State,
Sponsor First and Last Name, Sponsor Title, Sponsor E‐mail, and Sponsor Organization Phone
Number), will be used to confirm the First Responder affiliation of the requestor before granting
access to the system.
No verification is performed.
7.
Is the personally identifiable information exchanged on the portal limited to members’ contact
information?
Yes.
No.
8.
Is the personally identifiable information collected, used, or exchanged limited to the
purpose(s) of facilitating registration, providing information to, and collaboration among
authorized members?
Yes.
No.
9.
Can web portal member routinely post commercial or publicly available data containing PII?
Yes.
No.
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version date: July 14, 2009
Page 6 of 7
10.
Is an appropriate Privacy Act notice (e)(3) statement given to the potential member outlining
the uses of personally identifiable information?
Yes. Please attach the (e)(3) statement.
No.
11.
Has an Authority to Operate from the Chief Information Security Officer been granted to the
portal or to the larger information technology system on which the portal resides?
No.
Yes. Please provide the date of the ATO and indicate the determinations for each of the
following:
Confidentiality:
Integrity:
Availability:
Low
Moderate
High
Undefined
Low
Moderate
High
Undefined
Low
Moderate
High
Undefined
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version date: July 14, 2009
Page 7 of 7
PRIVACY THRESHOLD REVIEW
(To be Completed by the DHS Privacy Office)
DATE reviewed by the DHS Privacy Office: July 28, 2009
NAME of the DHS Privacy Office Reviewer: Rebecca J. Richards
DESIGNATION
This is NOT a Privacy Sensitive System – the system contains no Personally Identifiable
Information.
This IS a Privacy Sensitive System
Category of System
IT System
National Security System
Legacy System
HR System
Rule
Other:
Determination
PTA sufficient at this time
Privacy compliance documentation determination in progress
PIA is not required at this time
A PIA is required
System covered by existing PIA: DHS‐Wide Portals PIA
A new PIA is required.
A PIA Update is required.
A SORN is required
System covered by existing SORN: DHS/ALL‐004; DHS/ALL‐002
A new SORN is required.
DHS PRIVACY OFFICE COMMENTS
�
| File Type | application/pdf |
| File Title | PRIVACY THRESHOLD ANALYSIS (PTA) |
| Author | jamie.pressman |
| File Modified | 2009-07-28 |
| File Created | 2009-07-28 |