Download:
pdf |
pdfGreene,Sherina
From:
Sent:
To:
Subject:
VandeSteeg, Sarah
Friday, November 13, 2009 10:08 AM
Greene, Sherina
RE: Grant Programs Privacy Threshold Analysis (PTAs) for Review
Sorry,
DHS Privacy approved the PTA and determined that FEMA Grants PIA and the DHS/FEMA-004 Grant Management
Information Files SORN covers this program.
From: Greene, Sherina
Sent: Friday, November 13, 2009 10:06 AM
To: VandeSteeg, Sarah
Subject: RE: Grant Programs Privacy Threshold Analysis (PTAs) for Review
Question: When you say that the IECGP PTA was approved - meaning approved by wh
clarifYing.
? FEMA's Privacy Office. Just
From: VandeSteeg, Sarah
Sent: Friday, November 13, 20099:33 AM
To: Greene, Sherina
Subject: RE: Grant Programs Privacy Threshold Analysis (PTAs) for Review
Good Morning Sherina,
IECGP was approved yesterday. I have attached a copy of the PTA for your records. NSGP is close to being approved.
As for the others I will get on them right away.
From: Greene, Sherina
Sent: Friday, November 13, 20099: 18 AM
To: VandeSteeg, Sarah; Moglia, Dena
Subject: Grant Programs Privacy Threshold Analysis (PTAs) for Review
Importance: High
Hi Sarah and Dena,
I wasn't sure if I sent these PTAs to you for review. Please review the following PTA's for each grant program:
Urban Area Security Initiative Nonprofit Security Grant Program (NSGP)
Driver's License Security Grant Program (DLSGP)
Operation Stonegarden (OPSG)
Buffer Zone Protection Program (BZPP)
Emergency Management Performance Grant (EMPG) Program
Transit Security Grant Program (TSGP)
Interoperable Emergency Communications Grant Program (lECGP)
Please note that these are the PTAs that I have on file and some of the information may need to be updated. If you need
additional information please reach out to the poc (Dena Moglia) for more info.
Dena: Can you please send Sarah a PTA for the Homeland Security Grant Program (HSGP)? I do not have one for this
program on file. I checked the HSGP PRA Package that was sent on 8-27-09 and it was not attached.
�Sarah: I believe that the PIA for the Port Security Grant Program (PSGP) was approved by DHS on 7-14-09. Can you
please confirm this for me?
Thanks for your help.
Sherina M. Greene
Management Analyst
Collections and Research Branch
Federal Emergency Management Agency
Department of Homeland Security
MD-BO-RM
500 C Street, SW
Washington, DC 20472
Mail Drop Room 3005
1800 South Bell Street
Arlington, VA 22202
"fEMA's mission is to support our citizens and first responders to ensure that as a nation
we work together to build, sustain, and improve our capability to prepare for, protect
against, respond to, recover from, and mitigate all hazards."
2
�Federal Register/Vol. 74, No. 151/Friday, August 7, 2009/Notices
are suitable for detecting melamine
II. Comments
contamination in at-risk components
Interested persons may submit to the
down to 2.5 parts per million (ppm) to
Division of Dockets Management (see
give a high degree of assura~c~ that they
ADDRESSES) written or electronic
are not contaminated. At this time, FDA
comments regarding this docum~nt.
has not established an appropriate level
Submit a single copy of electronic
of melamine in drug products.
comments or two paper copies of any
As explained in detail in the
mailed comments, except that
guidance, there have been rep~ate~ .
individuals may submit one paper copy.
instances of melamine contamInatlOn In
Comments are to be identified with the
food articles, including in the u.s.
docket number found in brackets in the
market. In 2007, FDA learned that
heading of this document. Recei.v~d.
certain pet foods were sickening and
comments may be seen in the DlvlslOn
killing cats and dogs. In September
of Dockets Management between 9 a.m.
2008, FDA received reports of
and 4 p.m., Monday through Friday.
melamine-contaminated infant formula
in China. These two incidents share the
Ill. Electronic Access
following similarities:
Persons with access to the Internet
• Melamine, a nitrogen-based
may obtain the document at http://
compound, was apparently added to.
www,Jda.gov/Drugs/Guidance .
bolster the apparent protein content In
ComplianceRegulatorylnformatlOn/
foods or in ingredients used in
Guidances/default.htm, http://
processed food products intended to
Wt"IW.fda .gov/AnimaNeterinary/
contain protein.
GUidanceComplianceEnforcement/
• The recipients of the ingredients
GuidanceforIndustry/default.htm, or
usino a test for nitrogen content would
http://Wt''IW.regulations.gov.
not have been able to distinguish
Dated: July 31, 2009.
between melamine and the desired
Jeffrey Shuren,
protein.
.
.
Associote Commissioner for Policy ond
• Melamine contamInatlOn became
Plonning.
public only after numerous adverse
health events, including deaths, were
IFR Doc. E9-18952 Filed 8-6-09; 8:45 amI
reported and associated with the use of
BILLING CODE 4161Hl1-S
contaminated products.
These incidents ill us\rate the
DEPARTMENT OF HEALTH AND
potential for drug compon~nts to be
contaminated with melamIne; therefore, HUMAN SERViCES
it is important for drug manufacturers to
National Institutes of Health
be diligent in assuring that no
component used in the manufacture of
National Institute of Environmental
any drug is contaminated with.
Health Sciences; Notice of Closed
melamine. As of the date of this
Meeting
guidance, FDA is not aware of a~y
pharmaceuticals that are contamInated
Pursuant to section 10(d) of the
with melamine. However, because of the Federal Advisory Committee Act, as
potential risk of drug contamination, it
amended (5 U.S.c. App.), notice is
is important that manufacturers take
hereby given of the following meeting.
steps to ensure that susceptible
The meeting will be closed to the
components are not contaminated with
public in accordanc~ with .the
melamine.
provisions set forth In sectlOns
We are issuing this level 1 guidance
552b(c)(4) and 552b(c)(6), Title 5 U.S.c.,
for immediate implementation,
as amended. The grant applications and
consistent with FDA's good guidance
the discussions could disclose
practices regulation (21 CFR 10.115).
confidential trade secrets or commercial
The agency is not seeking comment
property such as pate~table mater~al,
before implementing this guidance
and personal informatlOn concernIng
because of the potential for a serious
individuals associated with the grant
public health impact if me.lamine
applications, the disclosure of which
contaminated pharmaceullcals were to
would constitute a clearly unwarranted
enter the domestic market. The
invasion of personal privacy.
guidance represents the agency's current
Name of Committee: Environmental Health
thinking on this issue. It does not create
or confer any rights for or on any person Sciences Review Committee.
Date: August 25-26, 2009.
and does not operate to bind FDA or the
Time: 8:30 a.m. to 5 p.m.
public. An alternative ap~roach may be
Agenda: To review and evaluate grant
used if such approach satisfies the
applications.
requirements of the applicable statutes
Place: Sheraton Chapel Hill Hotel, One
and regulations.
Europa Drive, Chapel Hill, NC 27517,
39705
Contact Person: Linda K Bass, PhD,
Scientific Review Administrator, Scientific
Review Branch, Division of Extramural
Research and Training. Nat'llnstitute of
Environmental Health Sciences, P.O. Box
12233. MD EC-30, Research Triangle Park.
NC 27709, (919) 541-1307.
(Cataloguo of Federal Domestic Assistance
Program Nos. 93.115, Biometry and RIsk
Estimation-Health Risks from
Environmllntal Exposures; 93.142, NIEHS
Hazardous Waste Worker Health and Safety
Training; 93.143, NTEHS Superfund
Hazardous Substances-Basic Research and
Education; 93.894, Resources and Manpower
Development in the Environmental Health
Sciences: 93.113, Biological Response to
Environme tal Health Hazards; 93.114,
Applied Toxicological Research and Testing,
National Institutes of Health, HHS)
Dated; August 3, 2009.
Jennifer Spaeth,
Director, Office of Federal AdVisory
Committee Policy.
[FR Doc. E9-18993 Filed 8--6-09; 8:45 amI
BILLING CODE 414lHll-P
DEPARTMENT OF HOMELAND
SECURITY
Office of the Secretary
[Docket Number DHS-200lHl159]
Privacy Act of 1974; DHSIFEMA-004
Grant Management Information Files
System of Records
Privacy Office; DHS.
Notice of Privacy Act system of
records.
AGENCY:
ACTION:
In accordance with the
Privacy Act of 1974, the Depart~ent of
Homeland Security is giving notice that
it proposes to consolidate into one new
system its inventory of record systems
entitled, Federal Emergency
Management Agency ~rant Mana,gement
Information Files. ThiS system wIll
enable the Department of Homeland
Security to better administer the Federal
Emergency Management Agency
Disaster R covery Assistance Program.
Many Fed ral Emergency Management
Agency grant programs collect a
minimum amount of contact and grant
project proposal information. The
informatio contained in the Federal
Emergency Management Agency's Grant
Management Information Files is
collected in order to determine awards
for both disaster and non disaster grants
and for th issuance of awarded funds.
DATES: The established system of
records will be effective September 8,
2009. Written comments must be
submitted on or before September 8,
2009.
SUMMARY:
�39706
Federal Register/Vol. 74, No. lSi/Friday, August 7, 2009/Notices
You may submit comments,
identified by DHS-2008-0159 by one of
the following methods:
• Federal e-Rulemaking Portal:
http://www.regulations.gov. Follow the
instructions for submitting comments.
• Fax: 703-483-2999.
• Mail: MaryEllen Callahan, Chief
Privacy Officer, Privacy Office,
Department of Homeland Securi ty.
Washington, DC 20528.
• Instructions: All submissions
received must include the agency name
and docket number for this rulemaking.
All comments received will be posted
without change to http://
r,vww.regulations.gov, including any
personal information, such as email
address, provided.
• Docket: For access to the docket to
read background documents or
comments received go to http://
www.regulations.gov.
ADDRESSES:
For
general questions please contact: Alisa
Turner (202-646-3102), Branch Chief,
Disclosure Office, Federal Emergency
Management Agency, Washington, DC
20472. For privacy issues please
contact: Mary Ellen Callahan (703-235
0780), Chief Privacy Officer, Privacy
Office, U.S. Department of Homeland
Security, Washington, DC 20528.
FOR FURTHER INFORMATION CONTACT:
SUPPLEMENTARY INFORMATION:
I. Background
investments, and the demonstrated need
for the grant funds.
Many of FEMA's grant programs
implement objectives addressed in a
series of post-91l1 laws, strategy
documents, plans, and Homeland
Security Presidential Directives
(HSPDs). FEMA management
requirements are incorporated into the
application processes and reflect
changes mandated in the Implementing
Recommendations of the 9111
Commission Act of 2007 (the "9111
Act"), enacted in August 2007, as well
as the FY 2008 Consolidated
Appropriations Act.
Consistent with DHS's information
sharing mission, information stored in
the Grants Management Information
Files may be shared with other DHS
components, as well as appropriate
federal. state, local, tribal, foreign, or
international government agencies. This
sharing will take place only after DHS
determines that the receiving
component or agency has a need to
know the information to carry out
national security, law enforcement,
immigration, intelligence, or other
functions consistent with the routine
uses set forth in this system of records
notice.
The information contained in the
FEMA Grant Management Information
Files is collected in order to determine
awards for both disaster and non
disaster grants and for the issuance of
awarded funds.
The goal of FEMA's grant programs is
II. Privacy Act
to provide funding to enhance the
capacity of state and local jurisdictions
The Privacy Act embodies fair
to prevent, respond to, and recover from information principles in a statutory
disaster and non disaster incidents
framework governing the means by
including cyber attacks. FEMA's grant
which the United States Government
programs currently provide funds to all
collects, maintains, uses, and
50 states, the District of Columbia, the
disseminates personally identi fiable
Commonwealth of Puerto Rico,
information. The Privacy Act applies to
American Samoa, the Commonwealth of information that is maintained in a
Northern Mariana Islands, Guam, and
"system of records." A "system of
the U.S. Virgin Islands. FEMA grant
records" is a group of any records under
programs are directed at a broad
the control of an agency for which
spectrum of state and local emergency
information is retrieved by the name of
responders, including firefighters,
an individual or by some identifying
emergency medical services, emergency number, symbol, or other identifying
management agencies, law enforcement, particular assigned to the individual. In
and public officials. The source of the
the Privacy Act, an individual is defined
information that FEMA is collecting
to encompass United States citizens and
generally comes from state, local, and
legal permanent residents. As a matter
tribal partners seeking grant funding.
of policy, DHS extends administrative
Additional sources of information may
Privacy Act protections to all
include private and non private
individuals where systems of records
organizations. The nature of the
maintain information on U.S. citizens,
collected data should illustrate
lawful permanent residents, and
organizations' familiarity with the
visitors. Individuals may request access
national preparedness architecture (i.e.
to their own records that are maintained
Federal Investment Strategy), identify
in a system of records in the possession
how elements of this architecture have
or under the control of DHS by
been incorporated into their regional!
complying with DHS Privacy Act
state/local planning, operations, and
regulations, 6 CFR Part 5.
The Privacy Act requires each agency
to publish in the Federal Register a
description denoting the type and
character of each system of records that
the agency maintains, and the routine
uses that are contained in each system
in order to make agency record keeping
practices transparent, to notify
individuals regarding the uses to which
personally identifiable information is
put, and to assist individuals to more
easily find such files within the agency.
Below is the description of the FEMA
Grants Management Information Files
system of records.
In accordance with 5 U.S.C. 552a(r),
DHS has provided a report of this new
system of records to the Office of
Management and Budget and to
Congress.
SYSTEM OF RECORDS DHSIFEMA-004
SYSTEM NAME:
DHS/FEMA-004 Grant Management
Information Files.
SECURITY CLASSIFICATION:
Unclassified and sensitive.
SYSTEM LOCATION:
Records are maintained at Federal
Emergency Management Agency
Headquarters in Washington, DC and
field offices.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
Categories of entities covered by this
system include: Recipients (grantees) of
grant funds. These include state,
territorial. tribal officials, port
authorities. transit authorities, non
profit organizations, and. in rare
instances, private companies.
CATEGORIES OF RECORDS IN THE SYSTEM:
Categories of records in this system
include:
• Organizational Name;
• Empl yer Identification Number
(EIN);
• Name of Organization's Designated
Point of Contact (POC);
• POC work address;
• POC work phone number;
• POC cell phone number;
• POC fax number;
• POC work e-mail address;
• Organization's Bank Routing
Number;
• Organization's Bank Account
Number; nd
• Grant related information.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Legal authority includes, but is not
limited to:
• The obert T. Stafford Disaster
Relief and Emergency Assistance Act,
42 U.S.c. 5133
�Federal Register/Vol. 74, No. 151/Friday, August 7, 2009/Notices
• The National Flood Insurance Act,
42 U.S.c. 4104c
• Section 2003(a) of the Homeland
Security Act of 2002 (6 U.S.c. 101 et
seq.), as amended by Section 101, Title
I of the Implementing
Recommendations of the 9/11
Commission Act of 2007, (Pub. 1. 110
053)
• Section 2004(a) of the Homeland
Security Act of 2002 (6 U.S.c. 101 et
seq.), as amended by Section 101, Title
I of the Implementing
Recommendations of the 9/11
Commission Act of 2007, (Pub. 1. 110
053)
• Section 1809 of the Homeland
Security Act of 2002 (6 U.S.c. 571 et
seq.), as amended by Section 301(a),
Title III of the Implementing
Recommendations of the 9/11
Commission Act of 2007 (Pub. 1. 110
053)
• The Post-Katrina Emergency
Management Reform Act of 2006 (6
U.S.C.723)
• Title III of Division 0 of the
Consolidated Security, Disaster
Assistance, and Continuing
Appropriations Act, 2009 (Pub. 1. 110
329)
• Section 614 of the Robert T.
Stafford Disaster Relief and Emergency
Assistance Act (42 U.S.c. 5196c), as
amended by Section 202, Title II of the
Implementing Recommendations of the
9/11 Commission Act of 2007 (Pub. 1.
110-053)
• Title III of Division E of the
Consolidated Appropriations Act, 2008
(Pub. L. 110-161)
• Section 1406, Title XIV of the
Implementing Recommendations of the
9/11 Commission Act of 2007 (Pub. 1.
110-053)
• Section 1513, Title XV of the
Implementing Recommendations of the
9/11 Commission Act of 2007 (Pub. 1.
110-053)
• Section 1532(a), Title XV of the
Implementing Recommendations of the
9/11 Commission Act of 2007 (Pub. 1.
110-053)
• 46 U.S.C. 70107
• Federal Financial Assistance
Management Improvement Act of 1999
(Pub. 1. 106-107)
PURPOSE(S):
The purpose of this system is to assist
in determining awards for both disaster
and non-disaster grants and for the
issuance of awarded funds and allow
DHS to contact individuals to ensure
completeness and accuracy of grants
and applications.
39707
compromise and prevent, minimize, or
remedy such harm.
F. To contractors and their agents,
In addition to those disclosures
grantees, experts, consultants, and
generally permitted under 5 U.S.c.
others performing or working on a
552a(b) of the Privacy Act, all or a
contract, service, grant, cooperative
portion of the records or information
agreement, or other assignment for DHS,
contained in this system may be
when necessary to accomplish an
disclosed outside DHS as a routine use
agency function related to this system of
pursuant to 5 U.S.c. 552a(b)(3) as
records. I dividuals provided
follows:
information under this routine use are
A. To the Department of Justice or
subject to the same Privacy Act
other Federal agency conducting
requirements and limitations on
litigation or in proceedings before any
disclosure as are applicable to DHS
court, adjudicative or administrative
officers and employees.
body, when:
G. To an appropriate Federal, State,
tribal, local, international, or foreign law
1. DHS or any component thereof;
enforcement agency or other appropriate
2. Any employee of DHS in his/her
official capacity;
authority charged with investigating or
prosecuting a violation or enforcing or
3. Any employee of DHS in his/her
implementing a Jaw, rule, regulation, or
individual capacity where DOJ or DHS
has agreed to represent the employee; or order, where a record, either on its face
or in conjunction with other
4. The United States or any agency
thereof, is a party to the I itigation or has information, indicates a violation or
potential violation of law, which
an interest in such litigation, and DHS
includes criminal, civil, or regulatory
determines that the records are both
violations and such disclosure is proper
relevant and necessary to the litigation
and consistent with the official duties of
and the use of such records is
the person making the disclosure.
compatible with the purpose for which
H. To
individual's employer or
DHS collected the records.
affiliated rganization to the extent
B. To a congressional office from the
necessary to veri fy emp loyment or
record of an ind ividual in response to
an inquiry from that congressional office membership status.
I. To the news media and the public,
made at the request of the individual to
with the approval of the Chief Privacy
whom the record pertains.
Officer in consultation with counsel,
C. To the National Archives and
Records Administration or other Federal when there exists a legitimate public
interest in the disclosure of the
government agencies pursuant to
information or when disclosure is
records management inspections being
necessary to preserve confidence in the
conducted under the authority of 44
integrity of DHS or is necessary to
U.S.c. 2904 and 2906.
demonstrate the accountability of DHS's
D. To an agency, organization, or
individual for the purpose of performing officers, employees, or individuals
covered by the system, except to the
audit or oversight operations as
extent it is determined that release of
authorized by law, but only such
information as is necessary and relevant the specific information in the context
of a particular case would constitute an
to such audit or oversight function.
unwarranted invasion of personal
E. To appropriate agencies, entities,
privacy.
and persons when:
1. DHS suspects or has confirmed that DISCLOSURE TO CONSUMER REPORTING
the security or confidentiality of
AGENCIES:
information in the system of records has
None.
been compromised;
2. The Department has determined
POLICIES AND PRACTICES FOR STORING,
RETRIEVING, ACCESSING, RETAINING, AND
that as a result of the suspected or
confirmed compromise there is a risk of DISPOSING OF RECORDS IN THE SYSTEM:
harm to economic or property interests,
STORAGE:
identity theft or fraud, or harm to the
Records in this system are stored
security or integrity of this system or
electronically or on paper in secure
other systems or programs (whether
facilities in a locked drawer behind a
maintained by DHS or another agency or locked door. The records are stored on
entity) that rely upon the compromised
magnetic disc, tape, digital media, and
information; and
CD-ROM.
3. The disclosure made to such
RETRIEVABILlTY:
agencies, entities, and persons is
reasonably necessary to assist in
Records may be retrieved by name of
connection with DHS's efforts to
organization or contact person covered
respond to the suspected or confirmed
by this system.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
THE PURPOSES OF SUCH USES:
�39708
Federal Register/Vol. 74, No. 151/Friday, August 7, 2009/Notices
SAFEGUARDS:
Records in this system are
safeguarded in accordance with
applicable rules and policies, including
all applicable DHS automated systems
security and access policies. Strict
controls have been imposed to minimize
the risk of compromising the
information that is being stored. Access
to the computer system containing the
records in this system is limited to those
individuals who have a need to know
the information for the performance of
their official duties and who have
appropriate clearances or permissions.
The system maintains a real-time
auditing function of individuals who
access the system. Additional
safeguards may vary by component and
program.
RETENTION AND DISPOSAL:
component's FOIA Officer, whose
contact information can be found at
hllp:llwww.dhs.govljoia under
"contacts." If an individual believes
more than one component maintains
Privacy Act records concerning him or
her, the individual may submit the
request to the Chief Privacy Officer,
Department of Homeland Security, 245
Murray Drive, SW., STOP-0655,
Washington, DC 20528.
When seeking records about yourself
from this system of records or any other
Departmental system of records, your
request must conform with the Privacy
Act regulations set forth in 6 CFR Part
5. You must first verify your identity,
meaning that you must provide your full
name, current address and date and
place of birth. You must sign your
request, and your signature must either
be notarized or submitted under 28
U.S.c. 1746, a law that permits
statements to be made under penalty of
perjury as a substitute for notarization.
While no specific form is required, you
may obtain forms for this purpose from
the Director, Disclosure and FOIA,
In accordance with the Federal
records retention requirements, Grant
administrative records and hard copies
of unsuccessful grant applications files
are destroyed when two years old
(Government Records Schedule (GRS)
No.3, Procurement, Supply, and Grant
hllp:llwww.dhs.govor 1-866-431-0486.
Records, Item 14). Electronically
In addition you should provide the
received and processed copies of
following:
unsuccessful grant application files are
• An explanation of why you believe
destroyed three years after rejection or
the Department would have information
withdrawal (GRS No.3, Procurement,
on you,
Supply, and Grant Records, Item 13).
• Identify which component(s) of the
Grant Project Records are maintained for
Department you believe may have the
three years after the end of the fiscal
information about you,
year that the grant or agreement is
• Specify when you believe the
finalized or when no longer needed,
records
would have been created,
whichever is sooner. These records are
• Provide any other information that
disposed of lAW FEMA Records
will help the FOIA staff determine
Schedule Nl-311-95-1, Item 1. Grant
which DHS component agency may
Final Reports are retired to the Federal
have responsive records,
Records Center three years after cutoff,
• If your request is seeking records
and then transferred to National
pertaining to another living individual,
Archives 20 years after cutoff. These
you must include a statement from that
records are maintained lAW FEMA
Records Schedule Nl-311-95-1, Item 3. individual certifying his/her agreement
for you to access his/her records.
All other grant (both disaster and non
Without this bulleted information the
disaster) records are maintained for six
component(s) will not be able to
years and three months after the end of
conduct an effective search, and your
the fiscal year when grant or agreement
request may be denied due to lack of
is completed or closed. These records
are disposed of according to IA W FEMA specificity or lack of compliance with
Records Schedule Nl-311-95-1, Item 2; applicable regulations.
Nl-311-01-8, Item 1; and Nl-311-04
RECORD ACCESS PROCEDURES:
1,Item1.
See "Notification procedure" above.
SYSTEM MANAGER AND ADDRESS:
Deputy Assistant Administrator,
Grant Program Directorate, FEMA, 500 C
Street, SW., Washington, DC 20472.
CONTESTING RECORD PROCEDURES:
See "Notification procedure" above.
RECoRD SOURCE CATEGORIES:
NOTIFICATION PROCEDURE:
Individuals or entities seeking
notification of and access to any record
contained in this system of records, or
seeking to contest its content, may
submit a request in writing to the
Records are obtained by grantees,
applicants for award, and grant program
monitors.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
Dated: July 31. 2009.
Mary Ellen Callahan,
Chief Privacy Officer, Department of
Homeland Security.
[FR Doc. E9-18931 Filed 8-6-09: 8:45 am]
BILLING CODE 9110-17-P
DEPARTMENT OF THE INTERIOR
Bureau of Indian Affairs
Class III Gaming; Tribal Revenue
Allocation Plans; Gaming on Trust
Lands
Bureau of Indian Affairs,
Interior.
ACTION: Notice of submission of
information collection renewal to the
Office of Management and Budget.
AGENCY:
In compliance with the
Paperwork Reduction Act, the Bureau of
Indian Affairs (BIA) is submitting the
following information collections to the
Office of Management and Budget
(OMB) for renewal: Class III Gaming
Procedures 25 CFR 291,1076-0149;
Tribal Revenue Allocation Plans 25 CFR
290,1076-0152; and Gaming On Trust
Lands Acquired After October 17, 1988,
25 CFR 292, 1076-0158. The current
approvals for the first two collections
(1076-1049 and 1076-0152) expire
August 31,2009 and the current
approval for the third collection (1076
0158) expires February 28, 2010.
Renewal will allow us to continue to
collect the information necessary to
comply with the Indian Gaming
Regulatory Act (IGRA).
DATES: Submit comments on or before
September 8, 2009.
ADDRESSES: Submit comments on the
information collection to the Desk
Officer for the Department of the
Interior, OIRA, Office of Management
and Budget, by fax at (202) 395-5806 or
e-mail at OlRA_DOCKET@ omb.eop.gov.
Please send a copy of your comments
to: Paula L. Hart, Office of Indian
Gaming, Mail Stop 3657-MIB, 1849 C
Street, N\ ., Washington, DC 20240,
Facsimile: (202) 273-3153.
FOR FURTHER INFORMATION CONTACT: You
may request further information or
obtain copies of the proposed
information collection request from
Paula 1. Hart, Telephone: (202) 219
4066.
SUMMARY:
SUPPLEMENTARY INFORMATION:
1. Abstract
This information collection is
necessary for the BrA, Office of Indian
Gaming, to ensure that the applicable
requirements for IGRA, 25 U.S.c. 2701
�Privacy Impact Assessment
for the
Grant Management Programs
July 14, 2009
Contact Point
Tracey Trautman
Deputy Assistant Administrator
Grant Programs Directorate
(202) 786-9730
Reviewing Official
Mary Ellen Callahan
Chief Privacy Officer
Department of Honleland Security
(703) 235-0780
�Homeland
Security
Privacy Impact Assessment
Federal Emergency Management Agency
Grant Management Programs
Page 2
Abstract
Many of the Department of Homeland Security Federal Emergency Management Agency (FEMA)
grant operations and projects collect a minimum amount of contact information. The information is
collected in order to determine awards for both disaster and non-disaster grants and for the issuance of
awarded funds. This Privacy Impact Assessment (PIA) is conducted because the information provided by
applicants includes personal identifiable information (PI!).
Overview
The primary mission of the Federal Emergency Management Agency (FEMA) is to reduce the loss
of life and property and protect the Nation from all hazards, including natural disasters, acts of terrorism,
and other man-made disasters, by leading and supporting the Nation in a risk-based, comprehensive
emergency management system of preparedness, protection, response, recovery, and mitigation. One of
FEMA's objectives is to prepare America for these hazards by developing and implementing national
programs to enhance the capaCity of state, local, and tribal government agencies to respond to these
incidents through coordinated training, equipment acquisition, technical assistance, and support for
Federal, state, and local exercises. FEMA fulfills this mission through a series of grant programs responsive
to the specific requirements of state, local agencies.
The goal of FEMA's grant programs is to prOVide funding to enhance the capaCity of state and local
jurisdictions to prevent, respond to, and recover from disaster and non disaster incidents including cyber
attacks. FEMA's grant programs currently proVide funds to alISO states, the District of Columbia, the
Commonwealth of Puerto Rico, American Samoa, the Commonwealth of Northern Mariana Islands, Guam,
and the U.S. Virgin Islands. FEMA grant programs are directed at a broad spectrum of state and local
emergency responders, including firefighters, emergency medical services, emergency management
agencies, law enforcement, and public officials. FEMA is collecting information from State, local, and tribal
parmers seeking grant funding. The nature of the collected data should illustrate partners' familiarity with
the national preparedness architecture (i.e. Federal Investment Strategy) and identify how elements of this
architecture have been incorporated into their regional/state/local planning, operations, and investments.
Many of FEMA's grant programs implement objectives addressed in a series of post-9/ Il laws,
strategy documents, plans and Homeland Security Presidential Directives (HSPDs). FEMA management
requirements are incorporated into the application processes and reflect changes mandated in the
Implementing Recommendations of the 9/ II Commission Act of 2007 (the "9/ II Act"), enacted in
August 2007, as well as the FY 2008 Consolidated Appropriations Act.
�Homelalld
Security
Privacy Impact Assessment
Federal Emergency Management Agency
Grant Management Programs
Page 3
Section 1.0 Characterization of the Information
The following questions are intended to define the scope of the information requested and/or
collected as well as reasons for its collection as part of the program, system, rule, or technology being
developed.
1.1
What information is collected, used, disseminated, or
maintained in the system?
Applications submitted for FEMA grants generally include information about the applying agency
or organization, including the name of the organization point of contact for the application, work address,
work phone and fax numbers, cell phone number, and work email address. Information for grant
processing also includes the organizations' Federal Employer Identification Number (EIN) information
about the activity or activities proposed to be completed under the requested grant as well as banking
information such as bank account number and routing number. Generally, the only sensitive PI! FEMA
may collect as part of the grants is the social security number used as EIN for small businesses and
organizations. In instances where grants may require such collections DHS/FEMA will conduct a separate
PIA analyzing the risks associated with such sensitive collections.
1.2 What are the sources of the information in the system?
Information is collected from state/territorialltribal offiCials, port authorities, transit authorities,
non-profit organizations, and, in rare instances, private companies. The information is entered into
Grants.gov.
1.3 Why is the information being collected, used,
disseminated, or maintained?
Contact information such as the organization's POC name, contact number, and addresses (mailing
and email) is collected to facilitate on-going communications with the applicants via e-mail, telephone, and
postal mail. Financial information is collected for the transfer of funds proVided under a FEMA disaster or
non disaster grant. Project proposal information is collected to inform the peer review decision-making
process in relation to application completeness, adherence to programmatic gUidelines, feaSibility, and how
well the proposed investments address identified need(s) or capability shortfall(s).
1.4 How is the information collected?
Information is collected generally via online application, but occasionally by telephone inqUiries or
paper forms.
1.5 How will the information be checked for accuracy?
Information is collected directly from individuals and is assumed to be accurate. Depending on the
�Homeland
Security
Privacy Impact Assessment
Federal Emergency Management Agency
Grant Management Programs
Page 4
nature of the grant (disaster or non disaster) and the grant program, the project or program may conduct a
certain degree of verification of information and follow up with the organization's point of contact.
1.6 What specific legal authorities, arrangements, and/or
agreements defined the collection of information?
The legal authorities that govern FEMA's collection of information regarding its grant programs
include, but are not limited to, the following:
•
•
•
•
•
•
•
•
•
•
The Robert T. Stafford Disaster Relief and Emergency Assistance Act, 42 U.s.c. 5133
The National Flood Insurance Act, 42 U.s.c. 4104c
Section 2003 (a) of the Homeland Security Act of 2002 (6 USC § J 01 et seq.), as amended by Section
10 I, Title I of the Implementing Recommendations of the 9/1 I Commission Act of 2007, (P.L. 110
053)
Section 2004(a) of the Homeland Security Act of2002 (6 USC §IOI et seq.), as amended by Section
10 I, Title I of the Implementing Recommendations of the 9 II 1 Commission Act of 2007, (P.L. I 10
053)
Section 1809 of the Homeland Security Act of 2002 (6 USC §57! et seq.), as amended by Section
30 I (a), Title III of the Implementing Recommendations of the 9/1 1 Commission Act of 2007 (P.L.
110-053)
Post-Katrina Emergency Management Reform Act of2006 (6 USC §723).
by Title III of Division D of the Consolidated Security, Disaster Assistance, and Continuing
Appropriations Act, 2009 (P.L. 110-329)
Section 614- of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (4-2 USC §51 96c), as
amended by Section 202, Title II of the Implementing Recommendations of the 9/11 Commission Act
of2007 (P.L 110-053)
Title III of Division E of the Consolidated Appropriations Act, 2008 (P.L 110-161)
Section 1406, Title XIV of the Implementing Recommendations of the 9/1 1 Commission Act of 2007
(P.L. I 10-053)
•
Section 1513, Title XV of the Implementing Recommendations of the 9/1 I Commission Act of2007
(P.L 110-053)
•
Section I532(a), Title XV of the Implementing Recommendations of the 9/1 I Commission Act of
2007 (P.L 110-053)
•
•
46 USC §70107
Federal Financial Assistance Management Improvement Act of 1999 (P.L I 06-1 07).
1.7 Privacy Impact Analysis: Given the amount and type of
data collected, discuss the privacy risks identified and how
they were mitigated.
The privacy risk presented by a basic contact list is that more information will be collected than is
necessary to distribute information. Contact information is limited to the information necessary to perform
the information distribution functions of the program or project. All information is collected with the
consent of the individual.
�Homeland
Security
Privacy Impact Assessment
Federal Emergency Management Agency
Gra t Management Programs
Page 5
Section 2.0 Uses of the Information
The following questions are intended to delineate clearly the use of information and the accuracy
of the data being used.
2.1
Describe all the uses of information.
FEMA uses the information to determine grant eligibility, to contact an applicant, to transfer funds
to the grant awardee(s) in accord with the grant awarded, and to inform the peer review panel in
determining how well proposed investments address identified homeland security need(s) or capability
shortfa1l(s).
Additionally, FEMA uses the information to generate reports summarizing grant activity of
applicant organizations. These reports are used to assist in the management and reporting of grant
programs including overall Grants Management, Program-Specific Progress, Functions and Monitoring,
Financial Management, management of Grantee and Sub-Grantee data (if available), System Administration,
and Common Services.
2.2
What types of tools are used to analyze data and what type
of data may be produced?
Information is stored but is not manipulated in any way other than to, if necessary, generate
summary reports about grants for speCific applicant organizations. Summary reports will not be generated
by individual's name or any other identifier. Data may be input into databases or electronic spreadsheets
and accessed via the various data elements. For example, a query may be conducted to calculate total grant
funds obligated within a certain state or a list of all grants awarded in a certain state.
2.3
If the system uses commercial or publicly available data
please explain why and how it is used.
Grant applications are not created, populated with, or verified with data collected from commercial
or publicly available sources.
2.4
Privacy Impact Analysis: Describe any types of controls
that may be in place to ensure that information is handled
in accordance with the above described uses.
The risk presented by the use of contact information or project proposal information is that the
information would be used in ways outside the scope intended by the initial collection. Per the Grants
Management Information Files System of Records Notice (SORN) and the Privacy Act Statements given
prior to collection, information collected is not to be used for any purpose other than what has been stated
and communicated. Additionally, all Department employees and contractors are trained on the appropriate
use of this sensitive information and are reqUired to obtain the appropriate level of security clearance to
handle certain data.
�Homeland
Security
Privacy Impact Assessment
Federal Emergency Management Agency
Grant Management Programs
Page 6
Section 3.0 Retention
The following questions are intended to outline how long infonnation will be retained after the
initial collection.
3.1
What information is retained?
All information provided by the grant applicant as outlined in section 1.1 and 1.3 of this PIA is
retained in each grant applicants file (paper and or electronic).
3.2
How long is information retained?
In accordance with the Federal records retention requirements, Grant acLninistrative records and
hard copies of unsuccessful grant applications files are destroyed when two years old (Government Records
Schedule (GRS) No.3, Procurement, Supply, and Grant Records, Item 14). Electronically received and
processed copies of unsuccessful grant application files are destroyed three years after rejection or
withdrawal (GRS No.3, Procurement, Supply, and Grant Records, Item 13). Grant Project Records are
maintained for three years after the end of the fiscal year that the grant or agreement is finalized or when
no longer needed, whichever is sooner. These records are disposed of IA W FEMA Records Schedule N 1
311-95-1, Item I. Grant Final Reports are retired to the Federal Records Center three years after cutoff, and
then transferred to National Archives 20 years after cutoff. These records are maintained lAW FEMA
Records Schedule N I -3 I 1-95 -I, Item 3. All other grant (both disaster and non-disaster) records are
maintained for six years and three months after the end of the fiscal year when grant or agreement is
completed or closed. These records are disposed of according to lAW FEMA Records Schedule N 1-311-95
I, Item 2; NI-311-01-8, Item I; and NI-311-04-1, Item I.
3.3
Has the retention schedule been approved by the
component records officer and the National Archives and
Records Administration (NARA)?
Records are retained and disposed of in accordance with the National Archives and Records
Administration's General Records Schedule 3, Procurement, Supply, and Grant Records, Items 13 and 14.
Additionally, grant files are under record group 3 I I and individual files generated are covered by FEMA
File Numbers PRC-I 2 through PRC-13-4. These record retentions have been approved by the NARA (Job
Numbers NI-311-01-8, NI-311-04-1, and NI-311-95-1) and are published in FEMA Manual 5400-2M,
dated February 2000.
3.4
Privacy Impact Analysis: Please discuss the risks
associated with the length of time data is retained and how
those risks are mitigated.
Information other than grant final reports is retained for no more than six years and three months
after the grant is closed and final audit and appeals are resolved and completed. Grant final reports, which
generally do not contain sensitive information, will be maintained at secured federal locations. This
�Homeland
Security
Privacy Impact Assessment
Federal Emergency Management Agency
Grant Management Programs
Page 7
minimizes retention and security costs associated with maintaining contact, financial, and project
information.
Section 4.0 Internal Sharing and Disclosure
The following questions are intended to define the scope of sharing within the Department of
Homeland Security.
4.1
With which internal organization(s) is the information
shared, what information is shared and for what purpose?
Grant application information may be shared with internal DHS components inasmuch as they are
involved in distributing information or collaborating with partners within the Department and within the
Nation's homeland security community. However, DHS does not share contact information for any
purpose beyond which it was originally collected, i.e. contact information given by organizations for
purpose x will not be shared for use of purpose y at a later date.
4.2
How is the information transmitted or disclosed?
FEMA may share information by electronic or paper means. If information is transmitted
electronically. proper security measures are taken, including encryption andlor use of Sensitive
Compartmented Information Facilities (SCIFs) when necessary.
For example. information may be
transmitted via an authenticated web interface, and regulated via role based access controls. Information
access is limited to the minimum necessary to perform reqUired job functions.
4.3
Privacy Impact Analysis: Considering the extent of internal
information sharing, discuss the privacy risks associated
with the sharing and how they were mitigated.
Inappropriate sharing is a risk inherent in any collection of sensitive ini~)rmation. Department
employees and contractors are trained on the appropriate use and sharing of sensitive information and are
reqUired to obtain the appropriate level of security clearance to handle certain data. Further. any sharing of
information must align with the purpose of the initial collection as described in its SORN and include the
Privacy Act Statement provided at the time of collection.
�Homeland
Security
Privacy Impact Assessment
Federal Emergency Management Agency
Grant Management Programs
Page 8
Section 5.0 External Sharing and Disclosure
The following questions are intended to define the content, scope, and authority for information
sharing external to DHS which includes Federal, state and local government, and the private sector.
5.1
With which external organization(s) is the information
shared, what information is shared, and for what purpose?
Contact and project information may be shared with external homeland security entities inasmuch
as those entities are involved in distributing information or collaborating with parmers within FEMA, DHS,
and homeland security officials throughout the Nation. Nonetheless, sensitive information is not shared for
any purpose beyond which it was originally collected, i.e. contact information given by individuals for
purpose x will not be shared for use of purpose y at a later date.
5.2
Is the sharing of personally identifiable information outside
the Department compatible with the original collection? If
so, is it covered by an appropriate routine use in a SORN?
If so, please describe. If not, please describe under what
legal mechanism the program or system is allowed to
share the personally identifiable information outside of
DHS.
Yes. Per the Grants Management Information Files SORN and the various notices proVided when
information is collected, use of application information beyond the purposes for which it was origina]]y
co]]ected is not acceptable.
5.3
How is the information shared outside the Department and
what security measures safeguard its transmission?
Any information shared with organizations outside the Department is required to be appropriately
secured per Office of Management and Budget Memoranda 06-15, Safeguarding Personally Identifiable
Information, and 06-16, Protection of Sensitive Agency Information.
5.4
Privacy Impact Analysis: Given the external sharing,
explain the privacy risks identified and describe how they
were mitigated.
A risk is presented whenever FEMA shares information it has initially collected from organizations
or individuals outside of the Department. If external sharing of information would exceed the purpose for
which the information was collected, then the information is not permitted to be shared. The Grants
Management Information Files SORN outlines the specific instances where contact and project proposal
information may be shared outside the Department. All FEMA employees and contractors receive training
�Homeland
Security
Privacy Impact Assessment
Federal Emergency Management Agency
Grant Management Programs
Page 9
on the appropriate use and sharing of information and are required to obtain the appropriate level of
security clearance to handle certain data.
Section 6.0 Notice
The following questions are directed at notice to the individual of the scope of information
collected, the right to consent to uses of said information, and the right to decline to provide information.
6.1
Was notice provided to the individual prior to collection of
information?
Yes. This PIA and the Grants Management Information Files SORN prOVide notice regarding the
collection of contact and project proposal information by FEMA. More appropriately. though. each
collection of grant information is immediately preceded by notice regarding the scope and purpose of the
contact and project proposal information at the time of collection. These Privacy Act Statements (these
notices are reqUired under 5 U .S.c. § 55 2a(e) (3)) at the moment of collection provide individuals and
organizations with notice of the nature of the collection and the authority to collect the information.
6.2
Do individuals have the opportunity and/or right to decline
to provide information?
No. Applicants are required to prOVide contact and project proposal information as mandated by
law. If requested information is not provided in its entirety. it is likely that applicants will not receive grant
funding and will not receive information from the Department or partners in the Department.
6.3
Do individuals have the right to consent to particular uses
of the information? If so, how does the individual exercise
the right?
DHS will use the information only for the purposes for which it was collected. Should an
organization suspect information is being used beyond the given scope of the collection. they are
encouraged to write to FEMA/FOIA. 500 "C" Street, NW, Washington, DC 20472. The system managers
are also listed in the Grants Management Information Files SORN.
6.4
Privacy Impact Analysis: Describe how notice is provided
to individuals, and how the risks associated with
individuals being unaware of the collection are mitigated.
The privacy risk associated with notice in the collection of contact and project proposal
information is that the applicant is not aware of the purpose for which the information he or she submits
may be used. This risk is primarily mitigated by limiting the use of application information to what is
necessary for the purposes of awarding a grant. Additionally, the Grants Management Information Files
SORN proVides notice of the purpose of the collection. redress procedures. and the routine uses associated
�Homeland
Security
Privacy Impact Assessment
Federal Emergency Management Agency
Grant Management Programs
Page 10
with the collection of contact information. Notice is always provided prior to the collection of information,
and consent is obtained by the organization prior to his providing information.
Section 7.0 Access, Redress and Correction
The following questions are directed at an individual's ability to ensure the accuracy of the
infonnation collected about them.
7.1
What are the procedures that allow individuals to gain
access to their information?
Should an organization seek to update either their grant application or grant they should contact
the grant program office or project which initially collected the information. The grant program or project
is in the best position to remove, edit and/or provide access to the information held on an organization.
Access requests can also be directed to the following: Federal Emergency Management, 500 "(" Street, MS
857, Washington, DC 20472, Attn: FOIA. In the case of a system covered by this PIA, generally, once a
request for a grant application has been approved, the specified organizational contact person is provided
logon credentials to their account. Once an organization's point of contact is authenticated, they will be
able to make changes as allowed by the program and the system.
Additionally, the Grants Management Information Files SORN details access provisions along with
the names of omcials designated to field such requests within FEMA.
7.2
What are the procedures for correcting inaccurate or
erroneous information?
The procedures are the same as those outlined in Question 7. I. The specific grant program office
or project that initially collected the information is in the best position to correct or amend any inaccurate
or outdated information. Any inquires for correction should be made to the grant program office or project
that initially collected the information.
Additionally, the Grants Management Information Files SORN details access provisions along with
the names of officials deSignated to field such requests within FEMA.
7.3
How are individuals notified of the procedures for
correcting their information?
Individuals are notified at collection that they may amend or correct their information at
any time by the procedures outlined above.
7.4
If no formal redress is provided, what alternatives are
available to the individual?
Appropriate redress is prOVided as described in 7. I.
�Homeland
Security
7.5
Privacy Impact Assessment
Federal Emergency Management Agency
Grant Management Programs
Page 11
Privacy Impact Analysis: Please discuss the privacy risks
associated with the redress available to individuals and
how those risks are mitigated.
Organizations may amend or correct information at any time during which FEMA possesses and
uses their application information, Any risks associated with correction of information are thorougWy
mitigated by the organizations' ability to correct its information,
Section 8.0 Technical Access and Security
The following questions are intended to describe technical safeguards and security measures.
8.1
What procedures are in place to determine hich users
may access the system and are they documented?
FEMA physical and information security policies dictate who may access FEMA computers and
filing systems, Specifically. DHS Management Directive 4-300A and FEMA Information Technology Security
Policy Directive outline information technology procedures for granting access to DHS/FEMA computers.
which is where grant information is stored, Access to application information is strictly limited by access
controls to those who require it for completion of their official duties,
8.2 Will Department contractors have access to the system?
Yes, depending on the grant project or program, Many times contractors are tasked with
information processing. distribution and other outreach tasks, Contractors are reqUired to have the same
level of security clearance in order to access DHS/FEMA computers as all other FEMA employees,
8.3
Describe what privacy training is provided to users either
generally or specifically relevant to the program or
system?
All FEMA employees and contractors are required to receive annual privacy and security training to
ensure their understanding of proper handling and securing of sensitive information such as the type of
information contained in a grant application submission.
8.4
Has Certification & Accreditation been completed for the
system or systems supporting the program?
In compliance with the Federal Information Security Management Act of 2005. systems supporting
disaster and non-disaster grants covered by this PIA will go through the Certification and Accreditation
process and "vill be listed in Appenclix A.
�Homeland
Security
Privacy Impact Assessment
Federal Emergency Management Agency
Grant Management Programs
Page \2
8.5 What auditing measures and technical safeguards are in
place to prevent misuse of data?
All FEMA information systems are audited regularly to ensure appropriate use and access to
information. Additionally, grant information residing on a local area network's shared drive is restricted by
access controls to those who require it for completion of their official duties. Folders within shared drives
are privilege-protected.
8.6
Privacy Impact Analysis: Given the sensitivity and scope of
the information collected, as well as any information
sharing conducted on the system, what privacy risks were
identified and how do the security controls mitigate them?
The risk of unauthorized access exists with any information technology system or document. FEMA
conducts thorough background checks on every employee and contractor. Access to the systems and
networks which store the grant contact and fmancial information are protected pursuant to established
Departmental and Agency procedures (see 8.4).
All FEMA employees and contractors are trained on security procedures, specifically as they relate
to sensitive information.
Section 9.0 Technology
The following questions are directed at critically analyzing the selection process for any
technologies utilized by the system, including system hardware, RFID, biometrics and other technology.
9.1
What type of project is the program or system?
This assessment covers grant application processes developed by a program or project involved in
outreach or collaboration efforts within or outside of DHS.
9.2 What stage of development is the system in and what
project development lifecycle was used?
The program or projects detailed here are not necessarily involved in a specific Iifecycle. Complete
information technology systems are in the operational phase and have completed C&A documentation.
Appendix A will list all grant information systems covered by this PIA and its C&A status as well and
specific Iifecycles used.
�Homeland
Security
9.3
Privacy Impact Assessment
Federal Emergency Management Agency
Grant Management Programs
Page 13
Does the project employ technology which may raise
privacy concerns? If so please discuss their
implementation.
If a particular technology used in the collection or hancl1ing of information in connection with the
types of contact lists addressed in this PIA raises specific and/or heightened privacy concerns, the
implementation of the technology will be required to conduct a separate PIA.
Approval Signature
Original signed and me with the DHS Privacy Office
Mary EJlen Callahan
Chief Privacy Officer
Department of Homeland Security
�Homeland
Security
APPENDIX A (Grant Programs/Systems covered by this PIA)
Assistance to Firefighters Grant Program
Port Security Grant Program
Non-Disaster Grant System
Grants Reporting Tool
Privacy Impact Assessment
Federal Emergency Management Agency
Grant Management Programs
Page 14
�| File Type | application/pdf |
| File Modified | 2010-01-22 |
| File Created | 2010-01-22 |