Privacy Threshold Analysis (PTA)

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 1 of 8

PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.

Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under
the E-Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component
Privacy Office, please send the PTA to the DHS Privacy Office:
Rebecca J. Richards
Senior Director of Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]

Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a
PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment
Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website,
www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email:
[email protected], phone: 202-343-1717.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 2 of 8

PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:

Individual Assistance Declaration Factors (1660-0009) Rulemaking

Component:

Federal Emergency
Management Agency (FEMA)

Office or
Program:

Office of Response &
Recovery

TAFISMA Name:

Click here to enter text.

TAFISMA
Number:

Click here to enter text.

Type of Project or
Program:

Notice of Proposed
Rulemaking/Final Rule

Project or
program
status:

Choose an item.

PROJECT OR PROGRAM MANAGER
Name:

Lisa Dilliplane

Office:

Click here to enter text.

Title:

Click here to enter text.

Phone:

202.646.3598

Email:

[email protected]

INFORMATION SYSTEM SECURITY OFFICER (ISSO)
Name:

Click here to enter text.

Phone:

Click here to enter text.

Email:

Click here to enter text.

ROUTING INFORMATION
Date submitted to Component Privacy Office:

November 20, 2013

Date submitted to DHS Privacy Office:

November 21, 2013

Date approved by DHS Privacy Office:

December 5, 2013

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 3 of 8

SPECIFIC PTA QUESTIONS
1. Please describe the purpose of the project or program:
Please provide a general description of the project and its purpose in a way a non-technical person could
understand.
If a State is impacted by an event of a severity and magnitude that is beyond its response capabilities, the
State Governor may seek a declaration by the President that a major disaster or emergency exists under
sections 401 and 501 of the Stafford Act (42 U.S.C. §§ 5170 and 5190). The request is now submitted
through a FEMA form. FEMA evaluates the request and recommends to the President what response
action to take. If the request is granted, the State may be eligible to receive assistance under 42 U.S.C. §§
5170a, 5170b, 5170c; 5172, 5173, and 5174.
FEMA uses FEMA Form 010-0-13 to collect information from the requesting State. The form prompts a
State to describe the impact of disaster or emergency when seeking a Presidential declaration. With this,
DHS/FEMA is able to effectively process, analyze, and evaluate declaration requests. DHS/FEMA
analyzes the State’s information submitted in the form to determine what recommendations to make to the
President. Based on this information, the President may either grant the request or not. The form
contains the Governor’s name, state point of contact, incident date, type of incident, description of
damages, description of nature and amount of local resources used by state, type of assistance sought, and
designated counties and/or tribes within the state to receive assistance. FEMA’s Declarations Unit
maintains the State’s information from the form on an employee’s drive. The form is shared with a
limited number of employees. Any subsequent use of the information is evaluated in additional, separate
Privacy Threshold Analyses. The data is neither retrieved nor retrievable by personally identifiable
information.
Section 1109 of The Sandy Recovery Improvement Act of 2013 (SRIA) (Public Law 113-2) requires
FEMA, in cooperation with State, local, and Tribal emergency management agencies, to review, update,
and revise through rulemaking the factors that FEMA analyzes when reviewing Request for Declaration
forms. Congress directed FEMA to review, update, and revise these factors to provide more objective
criteria for evaluating the need for assistance to individuals, to clarify the threshold eligibility, and to
speed a declaration of a major disaster or emergency under the Stafford Act.
In accordance with this mandate, this rulemaking is proposing to revise the Individual Assistance factors
that are currently used by FEMA to make a major disaster recommendation to the President. Specifically,
FEMA is proposing to consider the fiscal capacity of a State, a State’s resource availability, US Census
provided disaster impacted population data points, any impacts to community infrastructure, any
uninsured home and personal property losses, information on the number of missing, injured, or deceased
individuals due to a disaster, and the disaster related unemployment numbers.
This information will be collected in existing FEMA Form 010-0-13 and will still only include the
Governor’s point of contact and general office phone number as well as other State specific and disaster
specific information of a non‐identifiable nature. The information is neither retrieved nor retrievable by
PII. Any retrieval would be done by State specific or disaster specific information of a non‐identifiable
nature.
This rulemaking does not impact FEMA’s collection of PII in the disaster declarations process and form.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 4 of 8

2. Project or Program status
April 1, 1979
Date first developed:
April 30, 2012
Date last updated:

Choose an item.
Pilot launch date:
Pilot end date:

Click here to enter a date.
Click here to enter a date.

DHS Employees
3. From whom does the Project or
Program collect, maintain, use or
disseminate information?
Please check all that apply.

Contractors working on behalf of DHS
Members of the public
This program does not collect any personally
identifiable information1

4. What specific information about individuals could be collected, generated or retained?
Please provide a specific description of information that might be collected, generated or retained such
as names, addresses, emails, etc.
Governor’s point of contact and general office phone number.

Does the Project or Program use Social
Security Numbers (SSNs)?
If yes, please provide the legal authority for
the collection of SSNs:
If yes, please describe the uses of the SSNs
within the Project or Program:

5. Does this system employ any of the
1

No
NA
NA

Closed Circuit Television (CCTV)

DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to
the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the
same.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 5 of 8

following technologies:
If project or program utilizes any of these
technologies, please contact Component Privacy
Officer for specialized PTA.

Sharepoint-as-a-Service
Social Media
Mobile Application (or GPS)
Web portal2
None of the above

If this project is a technology/system, does
it relate solely to infrastructure?
For example, is the system a Local Area Network
(LAN) or Wide Area Network (WAN)?

No. Please continue to next question.
Yes. If a log kept of communication traffic,
please answer the following question.

If header or payload data3 is stored in the communication traffic log, please detail the data
elements stored.
Click here to enter text.

6. Does this project or program connect,
receive, or share PII with any other
DHS programs or systems4?

No.
Yes. If yes, please list:
Click here to enter text.

7. Does this project or program connect,
receive, or share PII with any external
(non-DHS) partners or systems?

No.
Yes. If yes, please list:
Click here to enter text.

Is this external sharing pursuant to new
or existing information sharing access
agreement (MOU, MOA, LOI, etc.)?

Choose an item.
Please describe applicable information sharing
governance in place.

2

Informational and collaboration-based portals in operation at DHS and its components which collect, use,
maintain, and share limited personally identifiable information (PII) about individuals who are “members” of the
portal or who seek to gain access to the portal “potential members.”
3

When data is sent over the Internet, each unit transmitted includes both header information and the actual data
being sent. The header identifies the source and destination of the packet, while the actual data is referred to as the
payload. Because header information, or overhead data, is only used in the transmission process, it is stripped from
the packet when it reaches its destination. Therefore, the payload is the only data received by the destination system.
4 PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes.
Often, these systems are listed as “interconnected systems” in TAFISMA.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 6 of 8

Click here to enter text.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 7 of 8

PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:

Lane Raffray

Date submitted to DHS Privacy Office:

Click here to enter a date.

Component Privacy Office Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
Consistent with the adjudication of the April 30, 2012 PTA for the 1660-0009 ICR, FEMA recommends
that the PTA be sufficient and that no PIA and no SORN be required at this time.

(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:

Jameson Morgan

Date approved by DHS Privacy Office:

December 5, 2013

PCTS Workflow Number:

1001020
DESIGNATION
No

Privacy Sensitive System:

Choose an item.

Category of System:
Determination:

If “no” PTA adjudication is complete.

If “other” is selected, please describe: Click here to enter text.
PTA sufficient at this time.
Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
DHS Policy for Computer-Readable Extracts Containing Sensitive PII
applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.

PIA:
SORN:

Choose an item.
If covered by existing PIA, please list: Click here to enter text.
Choose an item.
If covered by existing SORN, please list: Click here to enter text.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 8 of 8

DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
The DHS Privacy Office agrees with the FEMA Privacy Office that this is a not privacy sensitive system.
No coverage under a PIA or SORN is required.
This PTA has been submitted because it includes information about a new proposed rulemaking.
Specifically, FEMA is proposing to consider the fiscal capacity of a State, a State’s resource availability,
US Census provided disaster impacted population data points, any impacts to community infrastructure,
any uninsured home and personal property losses, information on the number of missing, injured, or
deceased individuals due to a disaster, and the disaster related unemployment numbers. The changes to
the new proposed rulemaking do not involve any changes to or new collection of PII. There have been no
other changes since the last PTA was approved in April 2012.
The form collects the name of a state governor’s point of contact and the general office phone number of
that individual. The data is neither retrieved nor retrievable by personally identifiable information. This
PTA is sufficient because the only information collected is the name of an individual working in their
official capacity. As a result, no PIA or SORN is required. If FEMA begins to collect any other PII in
this form a new PTA is required.