Privacy Threshold Analysis (PTA)

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: July 7, 2012
Page 1 of 8

PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.

Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under
the E-Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component
Privacy Office, please send the PTA to the DHS Privacy Office:
Rebecca J. Richards
Senior Director of Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 703-235-0780
[email protected]

Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a
PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment
Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website,
www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email:
[email protected], phone: 703-235-0780.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: July 7, 2012
Page 2 of 8

PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:

Citizen Corps

Component:

Federal Emergency
Management Agency (FEMA)

Office or
Program:

Office of Protection and
National Preparedness (PNP)

TAFISMA Name:

Citizen Corps

TAFISMA
Number:

FEM-06753-MAJ-06753

Type of Project or
Program:

IT System

Project or
program
status:

Operational

PROJECT OR PROGRAM MANAGER
Name:

Jenelle Cardone

Office:

PNP - Individual and
Community Preparedness
Division

Title:

Program Specialist

Phone:

(202) 786-9463

Email:

[email protected]
ov

INFORMATION SYSTEM SECURITY OFFICER (ISSO)
Name:

Daniel Lau-Lopez

Phone:

(202) 646-9917

Email:

[email protected]
ov

ROUTING INFORMATION
Date submitted to Component Privacy Office:

July 20, 2012

Date submitted to DHS Privacy Office:

November 29, 2012

Date approved by DHS Privacy Office:

December 18, 2012

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: July 7, 2012
Page 3 of 8

SPECIFIC PTA QUESTIONS
1. Please describe the purpose of the project or program:
Please provide a general description of the project and its purpose in a way a non-technical person could
understand.
The Federal Emergency Management Agency Office Protection and National Preparedness (PNP)
Individual and Community Preparedness Division, administers the Citizen Corps program on behalf
of the federal government. This PTA is part of Office of Budget and Management (OMB) No. 16600098 and the Citizen Corps system Security Authorization (SA) package.
Following the tragic events that occurred on September 11, 2001, state and local government officials
have increased opportunities for citizens to become an integral part of protecting the homeland and
supporting the local first responders. Officials agree that the formula for ensuring a more secure and
safer homeland consists of preparedness, training, and citizen involvement in supporting first
responders. In January 2002, the President of the United States launched Citizen Corps, to capture the
spirit of service that emerged throughout our communities following the terrorist attacks.
The Citizen Corps mission is to strengthen collaboration between government and community
leaders from all sectors to encourage citizens through education, training, and volunteer service to
make communities safer, stronger, and better prepared to respond to the threats of terrorism, crime,
public health issues, and disasters of all kinds. Through Citizen Corps, communities can setup and
register Citizen Corps Councils (Councils) and Community Emergency Response Team (CERT)
programs. The CERT program offers training that prepares people to help themselves, their families
and their neighbors in the event of a disaster in their community. Councils and CERT Programs are
sponsored by local emergency management or elected leaders and registry submissions are reviewed
by each State and then posted on the Citizen Corps website (www.citizencorps.gov). Approved
registration of a Council or CERT program allows them to be recognized as official entities; become
eligible for Homeland Security grant funding; allows for the coordination of preparedness and
emergency management activities among other groups associated with Citizen Corps; promotes their
local Councils to the public and become a part of the Citizen Corps national directory of Councils;
and receive important updates and messages from FEMA. The Council and CERT registries support
the mission of FEMA’s Individual and Community Preparedness Division and Citizen Corps, to help
achieve greater community resiliency nationwide. The Citizen Corps system is an online system used
to facilitate all community Council and CERT programs to register in the Citizen Corps and CERT
Program registries.
FEMA collects organizational registration information from local, tribal and territorial Citizen Corps
Councils and CERT the www.citizencorps.gov public-facing website. During the organization or
team’s registration process, personally identifiable information related to the council or team’s point
of contact is submitted to and maintained by FEMA. Other information such as training available,
Emergency Support Function (ESF), congressional involvement, and percentage of time dedicated by
the POC to council and CERT related activities is collected but only viewable by other council POC

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: July 7, 2012
Page 4 of 8
registered in the Citizen Corps system.

2. Project or Program status
January 1, 2002
Date first developed:
August 17, 2012
Date last updated:

Existing
Pilot launch date:
Pilot end date:

Click here to enter a date.
Click here to enter a date.

DHS Employees
3. From whom does the Project or
Program collect, maintain, use or
disseminate information?
Please check all that apply.

Contractors working on behalf of DHS
Members of the public
This program does not collect any personally
identifiable information 1

4. What specific information about individuals could be collected, generated or retained?
Please provide a specific description of information that might be collected, generated or retained such
as names, addresses, emails, etc.
State and Community POC information collected, maintained, and publically accessible on
the website:
Name (First, Middle, and Last)
Title
Addresses (Physical and email)
Phone Number

Does the Project or Program use Social
Security Numbers (SSNs)?
If yes, please provide the legal authority for
the collection of SSNs:
If yes, please describe the uses of the SSNs
within the Project or Program:

1

No
N/A
N/A

DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to
the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the
same.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: July 7, 2012
Page 5 of 8

5. Does this system employ any of the
following technologies:

Closed Circuit Television (CCTV)
Sharepoint-as-a-Service

If project or program utilizes any of these
technologies, please contact Component Privacy
Officer for specialized PTA.

Social Media
Mobile Application (or GPS)
Web portal 2
None of the above

If this project is a technology/system, does
it relate solely to infrastructure?
For example, is the system a Local Area Network
(LAN) or Wide Area Network (WAN)?

No. Please continue to next question.
Yes. If a log kept of communication traffic,
please answer the following question.

If header or payload data 3 is stored in the communication traffic log, please detail the data
elements stored.
Click here to enter text.

6. Does this project or program connect,
receive, or share PII with any other
DHS programs or systems 4?

No.
Yes. If yes, please list:
Click here to enter text.

7. Does this project or program connect,
receive, or share PII with any external
(non-DHS) partners or systems?

No.
Yes. If yes, please list:
Click here to enter text.

Is this external sharing pursuant to new
or existing information sharing access

Choose an item.

2

Informational and collaboration-based portals in operation at DHS and its components which collect, use,
maintain, and share limited personally identifiable information (PII) about individuals who are “members” of the
portal or who seek to gain access to the portal “potential members.”
When data is sent over the Internet, each unit transmitted includes both header information and the actual data
being sent. The header identifies the source and destination of the packet, while the actual data is referred to as the
payload. Because header information, or overhead data, is only used in the transmission process, it is stripped from
the packet when it reaches its destination. Therefore, the payload is the only data received by the destination system.
4 PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes.
Often, these systems are listed as “interconnected systems” in TAFISMA.
3

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: July 7, 2012
Page 6 of 8

agreement (MOU, MOA, LOI, etc.)?

Please describe applicable information sharing
governance in place.
Click here to enter text.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: July 7, 2012
Page 7 of 8

PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:

LeVar J. Sykes

Date submitted to DHS Privacy Office:

Click here to enter a date.

Component Privacy Office Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
Recommend new PIA be conducted and SORN (DHS/FEMA-006 - Citizen Corps Database, 73 Fed. Reg.
77785, December 19, 2008) be updated as part of the biennial review process.

(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:

Dayo Simms

Date approved by DHS Privacy Office:

December 18, 2012

PCTS Workflow Number:

966909
DESIGNATION
Yes

Privacy Sensitive System:

IT System

Category of System:
Determination:

If “no” PTA adjudication is complete.

If “other” is selected, please describe: Click here to enter text.
PTA sufficient at this time.
Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
DHS Policy for Computer-Readable Extracts Containing Sensitive PII
applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.

PIA:
SORN:

New PIA is required.
If covered by existing PIA, please list: Click here to enter text.
System covered by existing SORN
If covered by existing SORN, please list: DHS/FEMA-006 - Citizen Corps Database

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: July 7, 2012
Page 8 of 8

December 19, 2008 73 FR 77785
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
PRIV agrees that the Citizen Corps requires a PIA to mitigate the risks associated with the collection and
web publication of information from members of the public. We also agree that the SORN that covers this
collection is DHS/FEMA-006. In developing this PIA, please be sure to incorporate all uses of the
information, including the registration process for Citizen Corps. The website allows members to sign in
to the FEMA system, the PIA should address this aspect of the program and discuss the applicable web
portal functions that are not addressed in this PTA. Additionally, the Privacy Act statements are not
adequate on the website. Please revise these statements and clearly address the applicable SORN and the
consequences for not providing the requested information. Before applicants provide information, there
should be a clear PA statement which specifically states that this information may be posted on the
website.