Privacy Threshold Analysis (PTA)

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 1 of 7

PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.

Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under
the E-Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component
Privacy Office, please send the PTA to the DHS Privacy Office:
Rebecca J. Richards
Senior Director of Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]

Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a
PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment
Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website,
www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email:
[email protected], phone: 202-343-1717.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 2 of 7

PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:

Emergency Management Performance Grant Program

Component:

Federal Emergency
Management Agency (FEMA)

Office or
Program:

Protection and National
Preparedness (PNP)

TAFISMA Name:

Click here to enter text.

TAFISMA
Number:

Click here to enter text.

Type of Project or
Program:

Form or other Information
Collection

Project or
program
status:

Operational

PROJECT OR PROGRAM MANAGER
Name:

Samrawit Aragie

Office:

Grant Programs Directorate
(GPD)

Title:

Program Analyst

Phone:

202.786.9846

Email:

[email protected]
ov

INFORMATION SYSTEM SECURITY OFFICER (ISSO)
Name:

Click here to enter text.

Phone:

Click here to enter text.

Email:

Click here to enter text.

ROUTING INFORMATION
Date submitted to Component Privacy Office:

October 21, 2013

Date submitted to DHS Privacy Office:

November 6, 2013

Date approved by DHS Privacy Office:

November 25, 2013

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 3 of 7

SPECIFIC PTA QUESTIONS
1. Please describe the purpose of the project or program:
Please provide a general description of the project and its purpose in a way a non-technical person could
understand.
The PNP Grant Program Directorate (GPD) manages the Emergency Management Performance Grant
(EMPG) Program. Pursuant to the National Flood Insurance Act of 1968, 42 U.S.C. § 4001 et seq.;
Robert T. Stafford Disaster Relief and Emergency Assistance Act, 42 U.S.C. § 5121 et seq.; Earthquake
Hazards Reduction Act of 1977, 42 U.S.C. § 7701 et seq.; Reorganization Plan No. 3 of 1978, 5 U.S.C.
App.; and, Section 662 of the Post-Katrina Emergency Management Reform Act of 2006 (PKEMRA), as
amended, 6 U.S.C. § 762, the EMPG Program provides financial assistance to State and local
governments in support of emergency management activities and in support of national preparedness and
response efforts. EMPG funding may be used for a variety of emergency management activities to
include personnel costs, planning, training and exercises, equipment procurement, and select renovation
and construction activities.
Information related to the EMPG Program is collected from the general public, specifically, State and
local organizations requesting federal funds. Collection of EMPG Program information is covered under
OMB ICR No. 1660-0126. During the application process, grant applicant’s submit the following
personally identifiable information for the applicant Point of Contact (POC): points-of-contact (POC)
name, title, address, phone number(s), email address, and signatures. Grant applicants enter EMPG
information, including the above PII of POCs and representatives into the U.S. Health and Human
Services (HHS) Grants.gov system. Additional information supporting the grant application is uploaded
and entered into the FEMA Non-Disaster (ND) Grants Management System which consolidates the entire
non-disaster grants management lifecycle into a single system. The FEMA ND Grants system is currently
adjudicated by DHS under the FEMA Grant Management Programs PIA and the related DHS/FEMA –
004 Grant Management Information Files SORN.
2. Project or Program status
September 1, 2003
Date first developed:
Click here to enter a
Date last updated:
date.

Existing
Pilot launch date:

Click here to enter a date.

Pilot end date:

Click here to enter a date.

DHS Employees
3. From whom does the Project or
Program collect, maintain, use or
disseminate information?
Please check all that apply.

1

Contractors working on behalf of DHS
Members of the public
This program does not collect any personally
identifiable information1

DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 4 of 7

4. What specific information about individuals could be collected, generated or retained?
Please provide a specific description of information that might be collected, generated or retained such
as names, addresses, emails, etc.
The Emergency Management Performance Grant (EMPG) Program collects the following information
about grant applicant’s POC and or representative:
Name;
Title;
Mailing address(es);
Email address(es);
Phone number(s); and
Signatures.
Does the Project or Program use Social
Security Numbers (SSNs)?
If yes, please provide the legal authority for
the collection of SSNs:
If yes, please describe the uses of the SSNs
within the Project or Program:

5. Does this system employ any of the
following technologies:

No
Click here to enter text.
Click here to enter text.

Closed Circuit Television (CCTV)
Sharepoint-as-a-Service

If project or program utilizes any of these
technologies, please contact Component Privacy
Officer for specialized PTA.

Social Media
Mobile Application (or GPS)
Web portal2
None of the above

If this project is a technology/system, does
it relate solely to infrastructure?

No. Please continue to next question.
Yes. If a log kept of communication traffic,

the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the
same.
2

Informational and collaboration-based portals in operation at DHS and its components which collect, use,
maintain, and share limited personally identifiable information (PII) about individuals who are “members” of the
portal or who seek to gain access to the portal “potential members.”

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 5 of 7

For example, is the system a Local Area Network
(LAN) or Wide Area Network (WAN)?

please answer the following question.

If header or payload data3 is stored in the communication traffic log, please detail the data
elements stored.
Click here to enter text.

6. Does this project or program connect,
receive, or share PII with any other
DHS programs or systems4?

No.
Yes. If yes, please list:
FEMA ND Grant System

7. Does this project or program connect,
receive, or share PII with any external
(non-DHS) partners or systems?

No.
Yes. If yes, please list:
HHS Grants.gov System

Is this external sharing pursuant to new
or existing information sharing access
agreement (MOU, MOA, LOI, etc.)?

Choose an item.
Please describe applicable information sharing
governance in place.
N/A

3

When data is sent over the Internet, each unit transmitted includes both header information and the actual data
being sent. The header identifies the source and destination of the packet, while the actual data is referred to as the
payload. Because header information, or overhead data, is only used in the transmission process, it is stripped from
the packet when it reaches its destination. Therefore, the payload is the only data received by the destination system.
4 PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes.
Often, these systems are listed as “interconnected systems” in TAFISMA.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 6 of 7

PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:

LeVar J. Sykes

Date submitted to DHS Privacy Office:

November 5, 2013

Component Privacy Office Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
Recommend coverage by the FEMA Grant Management Programs PIA and the related DHS/FEMA –
004 Grant Management Information Files SORN.
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:

Jameson Morgan

Date approved by DHS Privacy Office:

November 25, 2013

PCTS Workflow Number:

999708
DESIGNATION

Privacy Sensitive System:
Category of System:
Determination:

Yes

If “no” PTA adjudication is complete.

IT System
If “other” is selected, please describe: Click here to enter text.
PTA sufficient at this time.
Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
DHS Policy for Computer-Readable Extracts Containing Sensitive PII
applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.

System covered by existing PIA
PIA:

SORN:

If covered by existing PIA, please list: DHS/FEMA/PIA-013 - Grant Management
Programs
System covered by existing SORN
If covered by existing SORN, please list: DHS/FEMA-004 Grant Management Information

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 7 of 7

Files
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
The DHS Privacy Office agrees with the FEMA Privacy Office’s recommendation that the EMPG
Program is required to receive coverage under the DHS/FEMA/PIA – 013 Grant Management Programs
PIA and DHS/FEMA – 004 Grant Management Information Files SORN. A Privacy Act Statement is
also required for the program.
This PTA is being submitted as a 3-year renewal. Nothing has changed in EMPG since the last PTA
adjudication on 1/26/2010. The purpose of this program is to provide financial assistance to state and
local governments in support of emergency management activities and national preparedness and
response efforts. Funding provided by EMPG includes personnel costs, planning, training and exercises,
equipment procurement, and select renovation and construction activities. Members of the public must
provide FEMA with a limited amount of PII in order to receive requested funding. PII received goes into
the HHS Grants.gov system. Additional information supporting the grant application is uploaded and
entered into the FEMA Non-Disaster (ND) Grants Management System. The FEMA ND Grants system
is currently adjudicated by DHS under the FEMA Grant Management Programs PIA and the related
DHS/FEMA – 004 Grant Management Information Files SORN.
The DHS/FEMA/PIA – 013 Grant Management Programs PIA is required because this system is
collecting PII from members of the public in order to provide funding to individuals applying for FEMA
grants. The Grant Management Programs PIA allows DHS/FEMA to collect information in order to
determine awards for both disaster and non-disaster grants and for the issuance of awarded funds.
Coverage under the DHS/FEMA – 004 Grant Management Information Files SORN is required because
the information collected by EMPG is held by DHS and uniquely retrievable. The DHS/FEMA – 004
SORN allows DHS/FEMA to collect information to assist in determining awards for both disaster and
non-disaster grants, for the issuance of awarded funds, and to allow DHS to contact individuals to ensure
completeness and accuracy of grants and applications. The information collected by EMPG is consistent
with the purpose, categories of individuals, categories of records, and routine uses of the DHS/FEMA –
004 SORN. A Privacy Act Statement is also required because information collected from members of the
public is being stored in a system of records.