Privacy Threshold Analysis (PTA)

Privacy Threshold Analysis (PTA), RCPGP.pdf

FEMA Preparedness Grants: Regional Catastrophic Preparedness Grant Program (RCPGP)

Privacy Threshold Analysis (PTA)

OMB: 1660-0123

Document [pdf]
Download: pdf | pdf
Greene, Sherina
From:
Sent:
To:
SUbject:
Attachments:

Baker, Tamara L on behalf of PIA
Thursday, September 17, 2009 1:35 PM
VandeSteeg, Sarah
RE: RCPGP PTA
PTA, FEMA-RCPGP, 20090917, priv final.pdf

Good Afternoon,
We have reviewed the RCPGP PTA and determined that the system is covered by the FEMA Grants Management
Program PIA and the Grant Management Information Files (DHS/FEMA-004). I have attached the approved PTA for your
records.
Please let us know if the PTA needs to be uploaded in TAFISMA.
Thank you,
Tamara

Tamara Baker I Privacy Analyst

Privacy Office
703.235.0765 (d)

From: VandeSteeg, sarah [mailto:[email protected]]
Sent: Tuesday, september 15, 2009 7:32 AM
To: PIA
Subject: RCPGP PTA
Good Morning,
The FEMA Privacy Office submits the attached RCPGP PTA for review and approval. If there are any questions or
concerns regarding this PTA, please do not hesitate to contact me. My contact information is below.

Very Respectfully,
Sarah Van de Steeg
FEMA Privacy Office
Records Management Division
(202) 212-2132 Desk

1

Homeland
Security

The Privacy Office
U.s. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: June 10 th , 2009
Page 1 of7
PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.

Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under
the E-Govenunent Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. U you do not have a component
Privacy Office, please send the PTA to the DHS Privacy Office:
Rebecca J. Richards

Director of Privacy Compliance

The Privacy Office

U.S. Department of Homeland Security

Washington, DC 20528

Tel: 703-235-0780


[email protected]


Upon receipt, the DHS Privacy Office wilJ review this fonn. If a PIA is required, the DHS Privacy Office
will send you a copy of the Official Privacy Impact Assessment Guide and accompanying Template to
complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website, www.dhs.gov/privacy,
on DHSOniine and directly from the DHS Privacy Office via email: [email protected], phone: 703-235-0780.

Homeland
Security

The Privacy Office
U.S.	 Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: June 10 th , 2009

Page 2 of7
PRIVACY THRESHOLD ANALYSIS (PTA)

Please complete this form and send it to the DHS Privacy Office.

Upon receipt, the DHS Privacy Office will review this form

and may request additional information.

SUMMARY INFORMAnON

DATE submitted for review: August 19, 2009
NAME of Project: Regional Catatrophic Preparedness Grant Program (RCPGP)
Name of Component: Federal Emergency Managment Agency
Name of Project Manager: Nicholas W. Peake
Email for Project Manager: [email protected]
Phone number for Project Manager: 202.786.9726
TYPE of Project:

o
o

Information Technology and/or System'
A Notice of Proposed Rule Making or a Final Rule.

l'ZI

Other: A pilot DHS Preparedness Grant Program for state and local governments, not a
project.

. The E-Govemment Act of 2002 defines these terms by reference to the definition sections of Titles 40 and
44 of the United States Code. The following is a summary of those definitions:
e"Iniormation Technology" means any equipment or interconnected system or subsystem of
equipment, used in the automatic acquisition, storage, manipulation, management, movement,
control, display, switching, interchange, transmission, or reception of data or information. See 40
USc. § 11101 (6).
e"Iniormation System" means a discrete set of information resources organized for the collection,
processing, maintenance, use, sharing, dissemination, or disposition of information. See: 44. USc. §
3502(8).
Note, for purposes of this form, there is no distinction made between national security systems or
technologies/systems managed by contractors. All technologies/systems should be initially reviewed
for potential privacy impact.

Homeland
Security

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhS.gov/privacy

Privacy Threshold Analysis
Version date: June 10 th , 2009
Page 3 of7
SPECIFIC QUESTIONS
1.

Describe the project and its purpose:
The Regional Catatrophic Preparedness Grant Program (RCPGP) is one tool among a
comprehensive set of measures authorized by Congress and implemented by the Administration
to help strengthen the Nation against risks associated with catastrophic events. RCPGP provides
funding to ten designated high-risk Urban Areas and their surrounding regions to enable them to
develop plans and planning for catastrophic events. RCPGP helps to implement objectives
addressed in a series of post-9/11 laws, strategy documents, plans, and Homeland Security
Presidential Directives (HSPDs).
RCPGP grantees have existing plans, planning relationships, and some standing

agreements to share resources. However, recent assessments of catastrophic event

planning and preparedness clearly highlight the need for improved and expanded

regional collaboration. As part of the FY 2008 grant cycle, RCPGP sites focused

primarily on the development of new regional plans and annexes for catastrophic

incidents, development of regional planning communities and processes, and

identification of capability gaps, and development of a plan of action to address the

shortfalls. Priorities for the RCPGP FY 2009 grant cycle promote regional coordination
and implementation of the projects developed in the RCPGP FY 2008 grant cycle.

2.

Status of Project:

o This is a new development effort.

lZl This is an existing project.

Date first developed: January 2008
Date last updated: November 2008
The following priorities and expected outcomes, which build upon projects in the first cycle (FY
2008) of the program, have been identified for FY 2009:
• Ensure the integration of planning and synchronization of plans through the use of
national planning systems and tools,
• Share best practices in support of a robust national planning community
• Implement citizen and community preparedness campaigns with a focus on educating
citizens about catastrophic events and the necessary steps for preparedness
• Planning for and pre-positioning of needed commodities and equipmentl
• Implement the principles and processes identified in CPG-I012 for the development of
plans consistent with the Integrated Planning System
• Address shortcomings in existing plans and processes

Homeland
Security

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.govjprivacy

Privacy Threshold Analysis
Version date: June 10 th, 2009
Page 4 of7
Each of these priorities must take into account both the area at risk of an attack or catastrophic
event and those communities likely to host evacuees or support long-term operations.
3.	

Could the project relate in any way to an individual?1

I:8J No. Please skip ahead to the next question.

D Yes. Please provide a general description, below.



4.	

Do you collect, process, or retain infonnation on: (Please check all that apply)

D DHS Employees

D Contractors working on behalf of DHS
D The Public
I:8J The System does not contain any such information.

Projects can relate to individuals in a number of ways. For example, a project may indude a camera for
the purpose of watching a physical location. Individuals may walk past the camera and images of those
individuals may be recorded. Projects could also relate to individuals in more subtle ways. For example, a
project that is focused on detecting radioactivity levels may be sensitive enough to detect whether an
individual received chemotherapy.
1

Homeland
Security

The Privacy Office
U.S.	 Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: June 10 th , 2009
Page 50[7
5.	

Do you use or collect Social Security Numbers (SSNs)? (This includes

[g]

ncated SSNs)

No.


o Yes. Why does the program collect SSNs? Provide the function of the SSN and the

legal authority to do so:




6.	

What information about individuals could be collected, generated or retained?
None

7.	

If this project is a technology/system, does it relate solely to infrastructure? [For example, is
the system a Local Area Network (LAN) or Wide Area Network (WAN)]?

[g]

No. Please continue to the next question.

o Yes. Is there a log kept of communication traffic?
o No. Please continue to the next question.


o Yes. What type of data is recorded
o Header

in the log? (Please choose all that apply.)


o Payload Please describe the data that is logged.

8.	

Can the system be accessed remotely?

[g]

No.

o Yes.

When remote access is allowed, is the access accomplished by a virtual private network

(VPN)?
DNa.

DYes.


Homeland
Security

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: June 10 th , 2009
Page 60f7
9.	

Is Personally Identifiable Information 2 physically transported outside of the LAN? (This can
include mobile devices, flash drives, laptops, etc.)

l8J No.
DYes.
10.	

Does the system connect, receive, or share Personally Identifiable Information with any other
DHS systems 3 ?

~No
D Yes. Please list:

11.	

Are there regular (ie. periodic, recurring, etc.) data extractions from the system?

l8J No.
D Yes. Are these extractions included as part of the Certification and Accreditation 4 ?
DYes.
DNa.
12.	

Is there a Certification & Accreditation record within DCID's FISMA tracking system?

D Unknown.

l8J No.

D Yes. Please indicate the determinations for each of the following:

Confidentiality:

D Low D Moderate D High D Undefined

Integrity:

D Low D Moderate D High D Undefined

Availability:

D Low D Moderate D High D Undefined

2 Personally Identifiable Information is information that can identify a person. This includes; name, address, phone

number, social security number, as well as health information or a physical description.

J PH may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes.

Often, these systems are listed as "interconnected systems" in TAFISMA.

4 This could include the Standard Operation Procedures (SOP) or a Memorandum of Understanding (MOU)


Homeland
Security

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: June 10 th , 2009
Page 70/7
PRIV ACY THRESHOl.D REVIEW
(To be Completed by the DHS Privacy Office)

DATE reviewed by the DHS Privacy Office: September 17, 2009
NAME of the DHS Privacy Office Reviewer: Rebecca J. Richards
DESIGNAnON

D This is
C8J

NOT a Privacy Sensitive System - the system contains no Personally Identifiable
Informa tion.
This IS a Privacy Sensitive System
Category of System

C8J IT System

o National Security System

D Legacy System


o HRSystem


o Rule
o Other:

Determination


o PTA sufficient at this time

o Privacy compliance documentation determination in progress

o PIA is not required at this time

[SJ A PIA is required


[SJ System covered by existing PIA: Grants Management Program

o A new PIA is required.

o

A PIA Update is required.


lZJ A SORN is required

[g] System covered by existing SORN: DHS/FEMA-004

o A new SORN is required.
DHS PRIVACY OFFICE COMMENTS


File Typeapplication/pdf
File Modified2010-04-02
File Created2010-04-02

© 2024 OMB.report | Privacy Policy