Privacy Impact Assessment

The Privacy Office
U.S. Department of Homeland Security
Washington, DC20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 1 of 7

PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.

Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under
the E-Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component
Privacy Office, please send the PTA to the DHS Privacy Office:
Rebecca J. Richards
Senior Director of Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717

[email protected]

Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a
PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment
Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website,
www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email:
[email protected], phone: 202-343-1717.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 2 of 7

PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:

Training.fema.gov

Component:

Federal Emergency
Management Agency (FEMA)

Office or
Program:

Emergency Management
Institute

TAFISMA Name:

Training.fema.gov

TAFISMA
Number:

FEM-05808-MAJ--5808

Type of Project or
Program:

IT System

Project or
program
status:

Operational

PROJECT OR PROGRAM MANAGER
Name:

Dana Moat

Office:

Emergency Management
Institute

Title:

Project Manager

Phone:

301-447-1922

Email:

[email protected]

INFORMATION SYSTEM SECURITY OFFICER (ISSO)
Name:

Denise Maruca

Phone:

301-447-1186

Email:

[email protected]
v

ROUTING INFORMATION
Date submitted to Component Privacy Office:

November 30, 2012

Date submitted to DHS Privacy Office:

February 5, 2013

Date approved by DHS Privacy Office:

February 15, 2013

The Privacy Office
U.S. Department of Homeland Security
Washington, DC20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 3 of 7

SPECIFIC PTA QUESTIONS
1. Please describe the purpose of the project or program:
Please provide a general description of the project and its purpose in a way a non-technical person could
understand.
The Federal Emergency Management Agency (FEMA), Protection and National Preparedness (PNP)
Directorate owns and manages the "Training.fema.gov" system and website. The purpose of this system
is to collect and display information related to training offered by state emergency management and
FEMA regional organizations. Courses are available to FEMA employees and contractors (permanent
and disaster); federal partners; state, tribal, and local emergency managers and first responders; volunteer
organizations; and the general public. Training.fema.gov captures state training activity data, activity
title, delivery funding source, and number of participants for all FEMA and state developed training
activities. Training.fema.gov maintains course completion information for student official and unofficial
transcripts. In order for Independent Study courses to be included in a transcript, the student must
provide personally identifiable information (PII) in the form of their full name and social security number
(SSN). Information is collected from FEMA employees and contractors (permanent and disaster); federal
partners; state, tribal, and local emergency managers and first responders; volunteer organizations; and
the general public one time for the purpose of class registration.

2. Project or Program status
October 1, 2002
Date first developed:
November 1, 2009
Date last updated:

Existing
Pilot launch date:
Pilot end date:

Click here to enter a date.
Click here to enter a date.

DHS Employees
3. From whom does the Project or
Program collect, maintain, use or
disseminate information?
Please check all that apply.

Contractors working on behalf of DHS
Members of the public
This program does not collect any personally
identifiable information1

4. What specific information about individuals could be collected, generated or retained?
Please provide a specific description of information that might be collected, generated or retained such
as names, addresses, emails, etc.
Student Names, business address, business phone number, SSNs and course information associated with
1

DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to
the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the
same.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 4 of 7

that student.
Does the Project or Program use Social
Security Numbers (SSNs)?
If yes, please provide the legal authority for
the collection of SSNs:
If yes, please describe the uses of the SSNs
within the Project or Program:

5. Does this system employ any of the
following technologies:

Yes
Executive Orders 13478, and 9397, and the Debt
Collection Improvement Act of 1996,
31 U.S.C. § 7701(c).
SSNs are used as unique identifiers. FEMA is in the
process of replacing SSN with a Student
Identification (SID) number as a unique identifier.
SSNs are not publically accessible and encryption is
used while the data is in transit and at rest.

Closed Circuit Television (CCTV)
Sharepoint-as-a-Service

If project or program utilizes any of these
technologies, please contact Component Privacy
Officer for specialized PTA.

Social Media
Mobile Application (or GPS)
Web portal2
None of the above

If this project is a technology/system, does
it relate solely to infrastructure?
For example, is the system a Local Area Network
(LAN) or Wide Area Network (WAN)?

No. Please continue to next question.
Yes. If a log kept of communication traffic,
please answer the following question.

If header or payload data3 is stored in the communication traffic log, please detail the data
elements stored.
Click here to enter text.

2

Informational and collaboration-based portals in operation at DHS and its components which collect, use,
maintain, and share limited personally identifiable information (PII) about individuals who are “members” of the
portal or who seek to gain access to the portal “potential members.”
3When

data is sent over the Internet, each unit transmitted includes both header information and the actual data
being sent. The header identifies the source and destination of the packet, while the actual data is referred to as the
payload. Because header information, or overhead data, is only used in the transmission process, it is stripped from
the packet when it reaches its destination. Therefore, the payload is the only data received by the destination system.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 5 of 7

6. Does this project or program connect,
receive, or share PII with any other
DHS programs or systems4?

No.
Yes. If yes, please list:
Click here to enter text.

7. Does this project or program connect,
receive, or share PII with any
external(non-DHS) partners or
systems?

Is this external sharing pursuant to new
or existing information sharing access
agreement (MOU, MOA, LOI, etc.)?

No.
Yes. If yes, please list:
Transcript information may be shared with
educational institutions only at the request of the
student.
Choose an item.
Please describe applicable information sharing
governance in place.
Click here to enter text.

4PII

may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes.
Often, these systems are listed as “interconnected systems” in TAFISMA.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 6 of 7

PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:

LeVar J. Sykes

Date submitted to DHS Privacy Office:

February 5, 2013

Component Privacy Office Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
Recommend coverage by existing PIA (Student Training/Exercise Application and Registration Records
Systems (STARRS)) and existing SORN (DHS/FEMA-011 Training and Exercise Programs).
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:

Dayo Simms

Date approved by DHS Privacy Office:

February 15, 2013

PCTS Workflow Number:

972490
DESIGNATION

Privacy Sensitive System:
Category of System:
Determination:

YesIf “no” PTA adjudication is complete.
IT System
If “other” is selected, please describe:Click here to enter text.
PTA sufficient at this time.
Privacy compliance documentation determination in progress.
New information sharing arrangement is required.

DHS Policy for Computer-Readable Extracts Containing Sensitive PII
applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.
System covered by existing PIA
PIA:

SORN:

If covered by existing PIA, please list: DHS/FEMA/PIA-022 Student Training/Exercise
Application and Registration Records (STARRS), March 29, 2012
System covered by existing SORN
If covered by existing SORN, please list: DHS/FEMA-011 - General Training and Exercise

The Privacy Office
U.S. Department of Homeland Security
Washington, DC20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 7 of 7

Program Records System of Records Notice April 6, 2011 76 FR 19107
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
PRIV concurs with the FEMA Privacy Office Recommendation that training.fema.gov is covered by the
Student Training/Exercise Application and Registration Records Systems PIA and the DHS/FEMA-011
Training and Exercise Programs SORN. Both the PIA and SORN cover the collection of information
from individuals who apply to take FEMA sponsored trainings this includes both federal employees and
members of the public.