Privacy Threshold Analysis (PTA)

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 1 of 8

PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.

Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under
the E-Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component
Privacy Office, please send the PTA to the DHS Privacy Office:
Rebecca J. Richards
Senior Director of Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]

Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a
PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment
Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website,
www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email:
[email protected], phone: 202-343-1717.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 2 of 8

PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:

1660-0061 Federal Assistance to Individuals and Households Programs

Component:

Federal Emergency
Management Agency (FEMA)

TAFISMA Name:
Type of Project or
Program:

Form or other Information
Collection

Office or
Program:

Individuals and Households
Branch

TAFISMA
Number:

Click here to enter text.

Project or
program
status:

Modification

PROJECT OR PROGRAM MANAGER
Name:

John Carleton

Office:

Individuals and Households
Branch

Title:

Branch Chief

Phone:

202-212-1162

Email:

[email protected]

INFORMATION SYSTEM SECURITY OFFICER (ISSO)
Name:

Click here to enter text.

Phone:

Click here to enter text.

Email:

ROUTING INFORMATION
Date submitted to Component Privacy Office:

August 20, 2013

Date submitted to DHS Privacy Office:

August 21, 2013

Date approved by DHS Privacy Office:

October 21, 2013

Click here to enter text.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 3 of 8

SPECIFIC PTA QUESTIONS
1. Please describe the purpose of the project or program:
Please provide a general description of the project and its purpose in a way a non-technical person could
understand.
Section 206(a) of the Disaster Mitigation Act of 2000 (DMA 2000), Public Law 106-390, consolidated into one
section of the Robert T. Stafford Disaster Relief and Emergency Assistance Act two previously existing
programs, the “Temporary Housing Assistance” and the “Individual and Family Grant Programs” into a
single program called the “Federal Assistance to Individuals and Households” (IHP). To implement this
consolidation, which streamlined the provision of assistance to disaster victims, FEMA published rule 44
CFR Part 206 which included this collection of information under the purview of the Paperwork
Reduction Act. This information collection provides: 1) disaster survivors the opportunity to request
approval of late applications, continued assistance, and appeal program decisions and, 2) States/Indian
Tribal governments with a better opportunity to be active participants in the “Other Needs” provision of
the IHP through the review of an administrative option agreement and the development of an
administrative plan.
Additionally, in 2013, the President signed into law the Sandy Recovery Improvement Act of 2013 (SRIA),
Pub. L. No. 113-2, amending the Stafford Act. This collection accounts for changes to the Stafford Act;
specifically the ability of Indian Tribes to work directly with FEMA as a sovereign nation and the
addition of child care (Section 1108) as an eligible disaster expense under the IHP.
Individuals requesting approval of late application, request for continued assistance or appealing a
program decision would be required to submit such a request either by completing FEMA Form 010-0-12
“Application for Continued Temporary Housing Assistance”, (or in Spanish via FEMA Form 010-0-12S
“Solicitud para Continuar la Asistencia de Vivienda Temporera”), or in writing via mail or fax to FEMA’s
Maryland National Processing and Service Center. A FEMA appeals officer will review the information
submitted in accordance with established program criteria and procedures. Individuals wishing to
request continued assistance with rent will be required to submit via mail or fax a signed “Application for
Continued Temporary Housing Assistance,” which includes information on income, housing cost and
their individual recovery strategy.
The purpose of an Administrative Option Agreement between FEMA and the State/Indian Tribal
government is to establish a plan for the delivery of assistance under Section 408 of the Robert T. Stafford
Disaster Relief and Emergency Assistance Act (Stafford Act), as amended. States opting to participate in
the administration or management of the Other Needs provision of IHP must submit via mail a signed
FEMA Form 010-0-11 (formerly FEMA Form 90-153), “Individual and Households Program (IHP) – Other
Needs Assistance Administrative Option Selection”, which includes a signed standard personal property
list for that calendar year, establishing the State/Indian Tribal government’s proposed level of support
and participation in the delivery of assistance under Section 408 of the Stafford Act. The FEMA Regional
Director or designee and the State/Indian Tribal government will use the agreement for planning and
developing program implementation procedures to be used during the next calendar year in the

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 4 of 8
implementation of programs under Section 408 of the Stafford Act.

2. Project or Program status
March 3, 2003
Date first developed:
August 20, 2013
Date last updated:

Existing
Pilot launch date:
Pilot end date:

Click here to enter a date.
Click here to enter a date.

DHS Employees
3. From whom does the Project or
Program collect, maintain, use or
disseminate information?
Please check all that apply.

Contractors working on behalf of DHS
Members of the public
This program does not collect any personally
identifiable information1

4. What specific information about individuals could be collected, generated or retained?
Please provide a specific description of information that might be collected, generated or retained such
as names, addresses, emails, etc.
Individuals:










Disaster Applicant Name (First, Last, and Middle)
Applicant Physical Address(es) (Mailing, Residence)
Applicant Disaster Registration No.
Applicant Phone Number(s) (including alternate)
Applicant Expenses Information (Utility/Mortgage bills and payment history)
Applicant Housing Unit Leasing Information (Information found on a lease including
landlord contact information and cancelled checks)
Resident(s) Name (First, Last, and Middle)
Resident(s) Income Information (including paystubs and other income documentation)
Applicant (Co-Applicant) Signature

States/Indian Tribal governments:

1

DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to
the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the
same.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 5 of 8





State Governor or Designee Signature
Indian Tribal government Chief Executive or Designee Signature
FEMA Employee Signature

Does the Project or Program use Social
Security Numbers (SSNs)?
If yes, please provide the legal authority for
the collection of SSNs:
If yes, please describe the uses of the SSNs
within the Project or Program:

5. Does this system employ any of the
following technologies:

No
Click here to enter text.
Click here to enter text.

Closed Circuit Television (CCTV)
Sharepoint-as-a-Service

If project or program utilizes any of these
technologies, please contact Component Privacy
Officer for specialized PTA.

Social Media
Mobile Application (or GPS)
Web portal2
None of the above

If this project is a technology/system, does
it relate solely to infrastructure?
For example, is the system a Local Area Network
(LAN) or Wide Area Network (WAN)?

No. Please continue to next question.
Yes. If a log kept of communication traffic,
please answer the following question.

If header or payload data3 is stored in the communication traffic log, please detail the data
elements stored.
Click here to enter text.

2

Informational and collaboration-based portals in operation at DHS and its components which collect, use,
maintain, and share limited personally identifiable information (PII) about individuals who are “members” of the
portal or who seek to gain access to the portal “potential members.”
3

When data is sent over the Internet, each unit transmitted includes both header information and the actual data
being sent. The header identifies the source and destination of the packet, while the actual data is referred to as the
payload. Because header information, or overhead data, is only used in the transmission process, it is stripped from
the packet when it reaches its destination. Therefore, the payload is the only data received by the destination system.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 6 of 8

No.
6. Does this project or program connect,
receive, or share PII with any other
DHS programs or systems4?

7. Does this project or program connect,
receive, or share PII with any external
(non-DHS) partners or systems?

Yes. If yes, please list:
Disaster Assistance Improvement Program (DAIP)
and Document Management and Records Tracking
System (DMARTS)
No.
Yes. If yes, please list:
Click here to enter text.

Is this external sharing pursuant to new
or existing information sharing access
agreement (MOU, MOA, LOI, etc.)?

Choose an item.
Please describe applicable information sharing
governance in place.
Click here to enter text.

4

PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes.
Often, these systems are listed as “interconnected systems” in TAFISMA.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 7 of 8

PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:

Lane Raffray

Date submitted to DHS Privacy Office:

August 21, 2013

Component Privacy Office Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
PIA: DHS/FEMA/PIA-012 Disaster Assistance Improvement Plan (DAIP) and DHS/FEMA/PIA-009
Document Management and Records Tracking System (DMARTS)
SORN: DHS/FEMA 008 Disaster Recovery Assistance Files

(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:

Jameson Morgan

Date approved by DHS Privacy Office:

October 21, 2013

PCTS Workflow Number:

992262
DESIGNATION

Privacy Sensitive System:
Category of System:
Determination:

Yes

If “no” PTA adjudication is complete.

IT System
If “other” is selected, please describe: Click here to enter text.
PTA sufficient at this time.
Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
DHS Policy for Computer-Readable Extracts Containing Sensitive PII
applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.

System covered by existing PIA; PIA Appendix Update Required
PIA:

If covered by existing PIA, please list: DHS/FEMA/PIA-012(a) - Disaster Assistance
Improvement Plan (DAIP) Disaster Assistance Improvement Program (DAIP)

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 8 of 8

November 16, 2012 (PDF, 27 pages-384 KB); DHS/FEMA/PIA-009(a) - Document
Management and Records Tracking System (DMARTS) Privacy PIA FEMA DMARTS
System covered by existing SORN
SORN:

If covered by existing SORN, please list: DHS/FEMA-008 - Disaster Recovery Assistance
Files
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
The DHS Privacy Office agrees with the FEMA Privacy Office’s recommendation requiring coverage
under the DHS/FEMA/PIA-012(a) Disaster Assistance Improvement Plan (DAIP) and DHS/FEMA/PIA009 Document Management and Records Tracking System (DMARTS), as well as the DHS/FEMA 008
Disaster Recovery Assistance Files SORN. Both PIAs are required to have their respective appendices
updated to reflect coverage of this program. A Privacy Act Statement is also required for the forms used
by the Federal Assistance to Individuals and Households Program (IHP).
This program collects information from members of the public in order to allow disaster survivors to
request approval of late applications, continued assistance, and appeal program decisions. The program
also allows States/Indian Tribal governments with a better opportunity to be active participants in the
“Other Needs” provision of the IHP. In addition, this program also collects information relevant to the
addition of child care (Section 1108) as an eligible disaster expense under the IHP.
The DHS/FEMA – 008 Disaster Recovery Assistance Files SORN allows for information collection from
members of the public in a variety of instances including: individuals seeking disaster assistance from
FEMA, for the verification of IHP applicant information, and in order to determine eligibility of
applicants. All categories of records, categories of individuals, and routine uses of the information
collected in the program are consistent with the DHS/FEMA – 008 SORN.
The DHS/FEMA/PIA-012(a) DAIP PIA provides coverage for collection of information related to
disaster survivor application and registration information collected through various media including: (1)
DAIP paper forms (attached at Appendix A), (2) the www.disasterassistance.gov website, (3) the
http://m.fema.gov mobile website, and (4) via telephone. This PIA covers the collection of information
from members of the public by the Federal Assistance to Individuals and Households Program. The
DHS/FEMA/PIA-008 DMARTS PIA covers the storage, retrieval, and dissemination of information
about individuals applying for disaster assistance in the Document Management and Records Tracking
System (DMARTS). Both PIAs have appendices that are required to be updated to reflect coverage of
this program. A Privacy Act Statement is also required for the forms being used by this program since
the information is being stored in a system of record.