Download:
pdf |
pdfThe Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version date: November 6, 2012
Page 1 of 7
PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.
Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under
the E-Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component
Privacy Office, please send the PTA to the DHS Privacy Office:
Rebecca J. Richards
Senior Director of Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]
Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a
PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment
Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website,
www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email:
[email protected], phone: 202-343-1717.
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version date: November 6, 2012
Page 2 of 7
PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:
Regional Catastrophic Preparedness Grant Program (RCPGP)
Component:
Federal Emergency
Management Agency (FEMA)
Office or
Program:
Protection and National
Preparedness (PNP)
TAFISMA Name:
Click here to enter text.
TAFISMA
Number:
Click here to enter text.
Type of Project or
Program:
Form or other Information
Collection
Project or
program
status:
Update
PROJECT OR PROGRAM MANAGER
Name:
Nicholas Sleptzoff
Office:
FEMA-NPD-NIC
Title:
Program Specialist
Phone:
202-212-3794
Email:
[email protected]
INFORMATION SYSTEM SECURITY OFFICER (ISSO)
Name:
Click here to enter text.
Phone:
Click here to enter text.
Email:
Click here to enter text.
ROUTING INFORMATION
Date submitted to Component Privacy Office:
November 20, 2013
Date submitted to DHS Privacy Office:
November 25, 2013
Date approved by DHS Privacy Office:
December 23, 2013
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version date: November 6, 2012
Page 3 of 7
SPECIFIC PTA QUESTIONS
1. Please describe the purpose of the project or program:
Please provide a general description of the project and its purpose in a way a non-technical person could
understand.
The FEMA PNP National Preparedness Directorate (NPD) manages the Regional Catastrophic
Preparedness Grant Program (RCPGP). The RCPGP provides grant funding to ten, specified,
highest risk urban areas and their surrounding regions for catastrophic preparedness planning. It
builds upon state and urban area efforts to plan for catastrophic incidents, addresses Post-Katrina
Emergency Management Reform Act mandates, and reinforces initiatives under way with the
implementation of Presidential Policy Directive 8. Each of the 10 regions has a Regional
Catastrophic Preparedness Team (RCPT) that consists of Federal, State, and local emergency
management professionals and first responders. FEMA administers and manages federal funding
to support catastrophic preparedness planning within FEMA’s 10 regions. A State can apply for
grant funding to support the RCPT(s).
The RCPT uses SharePoint services hosted at the Department of Energy’s Argonne National
Laboratory and sponsored by FEMA. This allows the teams to collaborate on documents and
lessons learned with each other in a secure environment.
FEMA collects information from State, and RCPTs seeking RCPGP funding. Information
collected by FEMA from States and RCPTs includes personally identifiable information such as
name, address, and phone numbers of grant applicant’s point of contact and RCPT members.
The PII collected is only for the purpose of FEMA contacting grant applicants, grantees, and
RCPTs regarding RCPGP grant funding, reporting, and planning related matters. Grant
applicants submit RCPGP grant information using the Department of Health and Human
Services (HHS) Grants.gov website.
2. Project or Program status
September 1, 2008
Date first developed:
July 1, 2011
Date last updated:
Existing
Pilot launch date:
Pilot end date:
Click here to enter a date.
Click here to enter a date.
DHS Employees
3. From whom does the Project or
Program collect, maintain, use or
disseminate information?
Please check all that apply.
1
Contractors working on behalf of DHS
Members of the public
This program does not collect any personally
identifiable information1
DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version date: November 6, 2012
Page 4 of 7
4. What specific information about individuals could be collected, generated or retained?
Please provide a specific description of information that might be collected, generated or retained such
as names, addresses, emails, etc.
The RCPGP collects the following information about grant applicant’s POC or representative:
Name;
Title/Position;
Mailing address(es);
Email address(es); and
Phone number(s).
RCPGP may collect the following additional information from RCPT members as part of an
applicant’s supporting documentation:
Name;
Title/Position;
Physical Address(es);
Email address(es); and
Phone number(s)
Does the Project or Program use Social
Security Numbers (SSNs)?
If yes, please provide the legal authority for
the collection of SSNs:
If yes, please describe the uses of the SSNs
within the Project or Program:
5. Does this system employ any of the
following technologies:
If project or program utilizes any of these
technologies, please contact Component Privacy
Officer for specialized PTA.
No
Click here to enter text.
Click here to enter text.
Closed Circuit Television (CCTV)
Sharepoint-as-a-Service
Social Media
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to
the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the
same.
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version date: November 6, 2012
Page 5 of 7
Mobile Application (or GPS)
Web portal2
None of the above
If this project is a technology/system, does
it relate solely to infrastructure?
For example, is the system a Local Area Network
(LAN) or Wide Area Network (WAN)?
No. Please continue to next question.
Yes. If a log kept of communication traffic,
please answer the following question.
If header or payload data3 is stored in the communication traffic log, please detail the data
elements stored.
Click here to enter text.
6. Does this project or program connect,
receive, or share PII with any other
DHS programs or systems4?
No.
Yes. If yes, please list:
Click here to enter text.
7. Does this project or program connect,
receive, or share PII with any external
(non-DHS) partners or systems?
No.
Yes. If yes, please list:
HHS Grants.gov
Is this external sharing pursuant to new
or existing information sharing access
agreement (MOU, MOA, LOI, etc.)?
Choose an item.
Please describe applicable information sharing
governance in place.
N/A
2
Informational and collaboration-based portals in operation at DHS and its components which collect, use,
maintain, and share limited personally identifiable information (PII) about individuals who are “members” of the
portal or who seek to gain access to the portal “potential members.”
3
When data is sent over the Internet, each unit transmitted includes both header information and the actual data
being sent. The header identifies the source and destination of the packet, while the actual data is referred to as the
payload. Because header information, or overhead data, is only used in the transmission process, it is stripped from
the packet when it reaches its destination. Therefore, the payload is the only data received by the destination system.
4 PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes.
Often, these systems are listed as “interconnected systems” in TAFISMA.
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version date: November 6, 2012
Page 6 of 7
PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:
LeVar J. Sykes
Date submitted to DHS Privacy Office:
Click here to enter a date.
Component Privacy Office Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
Recommend coverage by the FEMA Grant Management Programs PIA and the related
DHS/FEMA – 004 Grant Management Information Files SORN.
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:
Jameson Morgan
Date approved by DHS Privacy Office:
December 23, 2013
PCTS Workflow Number:
1000872
DESIGNATION
Privacy Sensitive System:
Category of System:
Determination:
Yes
If “no” PTA adjudication is complete.
IT System
If “other” is selected, please describe: Click here to enter text.
PTA sufficient at this time.
Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
DHS Policy for Computer-Readable Extracts Containing Sensitive PII
applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.
System covered by existing PIA
PIA:
SORN:
If covered by existing PIA, please list: DHS/FEMA/PIA – 013 Grant Management
Programs
System covered by existing SORN
�The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version date: November 6, 2012
Page 7 of 7
If covered by existing SORN, please list: DHS/FEMA-004 Grant Management Information
Files
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
The DHS Privacy Office agrees with the FEMA Privacy Office that RCPGP is a privacy sensitive system
with coverage required under the DHS/FEMA/PIA – 013 Grant Management Programs PIA and the
DHS/FEMA – 004 Grant Management Information Files SORN.
RCPGP provides grant funding to ten urban areas and their surrounding regions for catastrophic
preparedness planning. Each of the 10 regions has a team (RCPT) consisting of federal, state, and local
emergency management professionals and first responders. FEMA administers and manages federal
funding to support planning within FEMA’s 10 regions. The PTA has been submitted because FEMA
collects information from states and RCPTs seeking RCPGP funding including PII such as name, address,
and phone numbers of grant applicant’s point of contact and RCPT members. The PII collected is only
for the purpose of FEMA contacting grant applicants, grantees, and RCPTs regarding RCPGP grant
funding, reporting, and planning related matters. The RCPTs use SharePoint services hosted at DOE
and sponsored by FEMA for collaboration. FEMA does not own or operate the SharePoint site.
The DHS/FEMA/PIA Grant Management Programs PIA is required because FEMA is collecting PII from
states and RCPTs that is used in order to contact grant applicants, grantees, and the members of the RCPT
regarding the RCPGP grant funding, reporting, and planning. The DHS/FEMA – 013 Grant Management
PIA allows FEMA to collect PII in order to determine awards for disaster and non-disaster grants for the
issuance of awarded funds. This PIA covers RCPGP because the program is collecting PII in support of
providing grant funding to applicants, grantees, and RCPTs from each of the 10 regions of the RCPGP
and RCPGP is using the information in the same manner as described in the PIA. This program uses
SharePoint as a service. However, the DHS/ALL – 037 SharePoint and Collaboration Sites PIA is not
required because the existing PIA covers this activity and the activity is consistent as rules outlined in the
DHS/FEMA/PIA – 013 Grant Management Programs PIA.
The DHS/FEMA – 004 Grant Management Information Files SORN allows FEMA to collect and store
PII in order to assist in determining awards for disaster and non-disaster grants, for the issuance of funds,
and in order to ensure completeness and accuracy of grants and applications. This SORN is required
because FEMA is collecting PII for the purpose of administering federal funding to support the 10
RCPGP regions.
�
| File Type | application/pdf |
| File Title | DHS PRIVACY OFFICE |
| Author | marilyn.powell |
| File Modified | 2013-12-30 |
| File Created | 2013-12-30 |