Privacy Threshold Analysis (PTA)

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: July 14, 2009
Page 1 of 8
PRIVACY THRESHOLD ANALYSIS (PTA)

DHS WEB PORTALS
This form is used to determine whether
the DHS Web Portals Privacy Impact Assessment (PIA) covers the relevant portal.
Many DHS operations and projects require collaboration and communication amongst affected
stakeholders. One method of effectuating such collaboration is the establishment of an online “portal”
allowing authorized users to obtain, post and exchange information, access common resources, and
generally communicate with similarly situated and interested individuals. DHS has written the DHS
Web Portals PIA to document these informational and collaboration-based portals in operation at DHS
and its Components, which collect, use, maintain, and share limited personally identifiable information
about individuals who are “members” of the portal or who seek to gain access to the portal “potential
members.”
To determine whether your portal is covered please review the DHS Web Portals PIA, complete this
form, and send it to your component Privacy Office. If you do not have a component Privacy Office,
please send the PTA to the DHS Privacy Office:
Rebecca J. Richards
Director of Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 703-235-0780
[email protected]

Upon receipt, the DHS Privacy Office will review this form. If the DHS Privacy Office determines that
your portal is covered, the name of your project to Appendix A of the Web Portals PIA. If the Privacy
Office determines that your portal is not covered, we will send you a copy of the Official Privacy Impact
Assessment Guide and accompanying Template to complete and return.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: July 14, 2009
Page 2 of 8
PRIVACY THRESHOLD ANALYSIS (PTA)
Please complete this form and send it to the DHS Privacy Office.
Upon receipt, the DHS Privacy Office will review this form
and may request additional information.
SUMMARY INFORMATION
DATE submitted for review: 4/4/2013
NAME of Project: Community Drill Day Registration Website
Name of Component: Federal Emergency Managment Agency
Name of Project Manager: Chad Stover
Email for Project Manager: [email protected]
Phone number for Project Manger: 202-786-9860

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: July 14, 2009
Page 3 of 8
SPECIFIC QUESTIONS
1.

Describe the project and its purpose:
Pursuant to Presidential Policy Directive (PPD) – 8 National Preparedness, dated
March 30, 2011, the Federal Insurance and Mitigation Administration (FIMA), Office
of Protection and National Preparedness (PNP), Individual and Community
Preparedness Division (ICPD) would like to create a new online web-based
information collection process by which individuals and organizations submit
registration and disaster preparedness information via a website. Registrants of the
collaboration site consist of Federal, State, Local, Tribal, and territorial governments,
private and non-public organizations, and the general public. The registrant
provides their contact information including organization affiliation, organizations
capabilities and readiness for general disaster response, and planned exercise
participation information. The registrant has the option to have their contact
information listed on the website and viewable by other website registered users
only. Registration provides an individual or organization with links to educational
information and activities about preparedness and response related to specific
hazards. Registrants can choose to receive important updates and messages from
FEMA using their contact information provided during the registration process. This
registry supports PPD-8 and the mission of FEMA’s Individual and Community
Preparedness Division, to help achieve greater community resiliency nationwide.
This collection of information is a new collection by FEMA (OMB No. 1660-NW79).

2.

Status of Project:
This is a new development effort.
This an existing project.
Date first developed:
Date last updated:


3.

What information about individuals could be collected, generated, or retained?
First and Last Name

Email Address

Phone Number

Business Affiliation

Mailing Address

Supervisor Information

Other: Organization Name, Department, Job Title, Email, Time Zone

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: July 14, 2009
Page 4 of 8
4.

What information is collected for security questions 1?
Mothers Maiden Name
Social Security Number
Date of Birth
Other: None

5.

Is the information collected directly from the individuals seeking membership to the
informational/collaboration-based portal?
Yes.
No. Please describe the information source and collection method.


6.

Please describe how individuals are verified during the portal registration process.
Email Supervisor
Phone Supervisor
Other: 
No verification is performed.

7.

Is the personally identifiable information exchanged on the portal limited to members’ contact
information?
Yes.
No.

8.

1

Is the personally identifiable information collected, used, or exchanged limited to the
purpose(s) of facilitating registration, providing information to, and collaboration among
authorized members?

The Privacy Office encourages Components to collect non-sensitive PII as an alternative to sensitive PII wherever possible,
including for registration purposes. If your Component seeks coverage by this PIA and collects sensitive PII for registration
purposes, please consult with the Privacy Office and provide justification for the collection of this information. The Privacy Office
will then determine whether the relevant portal may be covered by this PIA.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: July 14, 2009
Page 5 of 8
Yes.
No.
9.

Can web portal member routinely post commercial or publicly available data containing PII?
Yes.
No.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: July 14, 2009
Page 6 of 8
10.

Is an appropriate Privacy Act notice (e)(3) statement given to the potential member outlining
the uses of personally identifiable information?
Yes. Please attach the (e)(3) statement.
No.

11.

Has an Authority to Operate from the Chief Information Security Officer been granted to the
portal or to the larger information technology system on which the portal resides?
No.
Yes. Please provide the date of the ATO and indicate the determinations for each of the
following:
Confidentiality:

Low

Moderate

High

Undefined

Integrity:

Low

Moderate

High

Undefined

Availability:

Low

Moderate

High

Undefined

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: July 14, 2009
Page 7 of 8
PRIVACY THRESHOLD REVIEW
(To be Completed by the DHS Privacy Office)
DATE reviewed by the DHS Privacy Office: April 26, 2013
NAME of the DHS Privacy Office Reviewer: Dayo Simms
DESIGNATION
This is NOT a Privacy Sensitive System – the system contains no Personally Identifiable
Information.
This IS a Privacy Sensitive System
Category of System
IT System
National Security System
Legacy System
HR System
Rule
Other:
Determination
PTA sufficient at this time
Privacy compliance documentation determination in progress
PIA is not required at this time
A PIA is required
System covered by existing PIA: DHS/ALL/PIA-015 Department of
Homeland Security Web Portals June 15, 2009
A new PIA is required.
A PIA Update is required.
A SORN is required
System covered by existing SORN: DHS/ALL-004 - General Information
Technology Access Account Records System (GITAARS) November 27, 2012, 77 FR 70792

A new SORN is required.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
703-235-0780, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: July 14, 2009
Page 8 of 8
DHS PRIVACY OFFICE COMMENTS
PRIV agrees that the ICPD Community Drill Day Registration website is a web portal
which fosters collaboration between FEMA stakeholders and bolsters community
preparedness efforts. This portal is covered by the DHS Web Portal PIA, which
covers the collection of limited contact information from individuals who seek to
access to DHS resources from a collaboration site. The GITAARS SORN covers this
collection of information from individuals who seek access to DHS IT systems.