Privacy Threshold Analysis

CRS_ PRIVACY_OFFICE_PTA_10_20_2012.doc

Community Rating System (CRS) Program-Application Worksheets and Commentary

Privacy Threshold Analysis

OMB: 1660-0022

⚠️ Notice: This form may be outdated. More recent filings and information on OMB 1660-0022 can be found here:

Document [doc]

Download: doc | pdf

T he Privacy Office

U.S. Department of Homeland Security

Washington, DC 20528

703-235-0780, [email protected]

www.dhs.gov/privacy

Privacy Threshold Analysis

Version date: July 7, 2012

Page 7 of 7

PRIVACY THRESHOLD ANALYSIS (PTA)

This form is used to determine whether
a Privacy Impact Assessment is required.

Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under the E-Government Act of 2002 and the Homeland Security Act of 2002.

Please complete this form and send it to your component Privacy Office. If you do not have a component Privacy Office, please send the PTA to the DHS Privacy Office:

Rebecca J. Richards

Senior Director of Privacy Compliance

The Privacy Office

U.S. Department of Homeland Security

Washington, DC 20528

Tel: 703-235-0780

[email protected]

Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment Guide and accompanying Template to complete and return.

A copy of the Guide and Template is available on the DHS Privacy Office website, www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email: [email protected], phone: 703-235-0780.

PRIVACY THRESHOLD ANALYSIS (PTA)

Summary Information

Project or Program Name:	NFIP Community Rating System
Component:	Federal Emergency Management Agency (FEMA)	Office or Program:	Federal Insurance and Mitigation Administration
TAFISMA Name:	Click here to enter text.	TAFISMA Number:	Click here to enter text.
Type of Project or Program:	Form or other Information Collection	Project or program status:	Modification

PROJECT OR PROGRAM MANAGER

Name:	Bill Lesser
Office:	FIMA, Risk Reduction Div.	Title:	Sr. Program Specialist
Phone:	202 646 2807	Email:	[email protected]

INFORMATION SYSTEM SECURITY OFFICER (ISSO)

Name:	Click here to enter text.
Phone:	Click here to enter text.	Email:	Click here to enter text.

ROUTING INFORMATION

Date submitted to Component Privacy Office:	October 19, 2012
Date submitted to DHS Privacy Office:	Click here to enter a date.
Date approved by DHS Privacy Office:	Click here to enter a date.

Specific PTA Questions

Please describe the purpose of the project or program:

Please provide a general description of the project and its purpose in a way a non-technical person could understand.

Re: OMB Control Number 1660-0022. The National Flood Insurance Program, Community Rating System enables flood insurance to be less expensive for insurance policy holders in communities that implement protective floodplain management practices designed to lessen the risk of future flood damages to insurable property. These practices include activities such as enforcing a building codes limiting new construction in flood prone areas and implementing public education programs about how to avoid flood damage.

Three (3) FEMA Forms are part of community participation in the Community rating System Program. FEMA Form 086-0-35 Community Rating System Application Letter of Intent and Quick Check Instructions is used by communities interested in joining the CRS and submitting an application. FEMA Form 086-0-35B Environmental and Historic Preservation Certifications is used by those communities applying to join CRS or who participate in CRS seeking to get credit for specific CRS activities that require special environmental review. FEMA Form 086-0-35A Community Rating System Community Certifications are used by communities participating in CRS that need to certify they are implementing certain CRS activities both initially when joining and once a year at the annual recertification period. The information received by the completion of these forms is held in the NFIP Community Information System “CIS” data base.

Project or Program status		Choose an item.
Date first developed:	Click here to enter a date.	Pilot launch date:	Click here to enter a date.
Date last updated:	Click here to enter a date.	Pilot end date:	Click here to enter a date.

From whom does the Project or Program collect, maintain, use or disseminate information?

Please check all that apply.

DHS Employees

Contractors working on behalf of DHS

Members of the public

This program does not collect any personally identifiable information^¹

What specific information about individuals could be collected, generated or retained? Please provide a specific description of information that might be collected, generated or retained such as names, addresses, emails, etc.
Communities that participate in CRS submit name and contact information of chief elected official and CRS Coordinator as part of the CRS Application Quick Check and Letter of Interest, Community Recertifications and Environmental Certifications.
Does the Project or Program use Social Security Numbers (SSNs)?	No
If yes, please provide the legal authority for the collection of SSNs:	Click here to enter text.
If yes, please describe the uses of the SSNs within the Project or Program:	Click here to enter text.

Does this system employ any of the following technologies:

If project or program utilizes any of these technologies, please contact Component Privacy Officer for specialized PTA.

Closed Circuit Television (CCTV)

Sharepoint-as-a-Service

Social Media

Mobile Application (or GPS)

Web portal^²

None of the above

If this project is a technology/system, does it relate solely to infrastructure?

For example, is the system a Local Area Network (LAN) or Wide Area Network (WAN)?

No. Please continue to next question.

Yes. If a log kept of communication traffic, please answer the following question.

If header or payload data^³ is stored in the communication traffic log, please detail the data elements stored.

Click here to enter text.

Does this project or program connect, receive, or share PII with any other DHS programs or systems^⁴?

No.

Yes. If yes, please list: NFIP Community Information System (CIS)

Click here to enter text.

Does this project or program connect, receive, or share PII with any external (non-DHS) partners or systems?

No.

Yes. If yes, please list: FEMA’s CRS Contractor Insurance Services Organization

Click here to enter text.

Is this external sharing pursuant to new or existing information sharing access agreement (MOU, MOA, LOI, etc.)?

Choose an item.

Please describe applicable information sharing governance in place.

Click here to enter text.

PRIVACY THRESHOLD REVIEW

(To be Completed by COMPONENT PRIVACY OFFICE)

Component Privacy Office Reviewer:	Click here to enter text.
Date submitted to DHS Privacy Office:	Click here to enter a date.
Component Privacy Office Recommendation: Please include recommendation below, including what new privacy compliance documentation is needed.
Click here to enter text.

(To be Completed by the DHS Privacy Office)

DHS Privacy Office Reviewer:	Click here to enter text.
Date approved by DHS Privacy Office:	Click here to enter a date.
PCTS Workflow Number:	Click here to enter text.

DESIGNATION

Privacy Sensitive System:

Choose an item. If “no” PTA adjudication is complete.

Category of System:

Choose an item.

If “other” is selected, please describe: Click here to enter text.

Determination: PTA sufficient at this time.

Privacy compliance documentation determination in progress.

New information sharing arrangement is required.

DHS Policy for Computer-Readable Extracts Containing Sensitive PII applies.

Privacy Act Statement required.

Privacy Impact Assessment (PIA) required.

System of Records Notice (SORN) required.

PIA:

Choose an item.

If covered by existing PIA, please list: Click here to enter text.

SORN:

Choose an item.

If covered by existing SORN, please list: Click here to enter text.

DHS Privacy Office Comments:

Please describe rationale for privacy compliance determination above.

Click here to enter text.

1 DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual, regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the same.

2 Informational and collaboration-based portals in operation at DHS and its components which collect, use, maintain, and share limited personally identifiable information (PII) about individuals who are “members” of the portal or who seek to gain access to the portal “potential members.”

3 When data is sent over the Internet, each unit transmitted includes both header information and the actual data being sent. The header identifies the source and destination of the packet, while the actual data is referred to as the payload. Because header information, or overhead data, is only used in the transmission process, it is stripped from the packet when it reaches its destination. Therefore, the payload is the only data received by the destination system.

4 PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes. Often, these systems are listed as “interconnected systems” in TAFISMA.

File Type	application/msword
File Title	DHS PRIVACY OFFICE
Author	ljohnso3
Last Modified By	ljohnso3
File Modified	2012-10-22
File Created	2012-10-22