Privacy Threshold Analysis (PTA)

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 1 of 7

PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.

Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under
the E-Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component
Privacy Office, please send the PTA to the DHS Privacy Office:
Rebecca J. Richards
Senior Director of Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]

Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a
PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment
Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website,
www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email:
[email protected], phone: 202-343-1717.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 2 of 7

PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:

Resource Request Form (RRF) and Mission Assignment (MA) Form –
Collection #1660-0047

Component:

Federal Emergency
Management Agency (FEMA)

Office or
Program:

Office of Response &
Recovery (OR&R)/Response
Directorate

TAFISMA Name:

Click here to enter text.

TAFISMA
Number:

Click here to enter text.

Type of Project or
Program:

Form or other Information
Collection

Project or
program
status:

Update

PROJECT OR PROGRAM MANAGER
Name:

Arnie Gonzalez

Office:

Office of Response &
Recovery (OR&R)/Response
Directorate/National
Response Coordination
Center (NRCC)

Title:

Mission Assignment Program
Lead

Phone:

202-646-4313

Email:

[email protected]

INFORMATION SYSTEM SECURITY OFFICER (ISSO)
Name:

Michael Reid

Phone:

202-646-4039

Email:

[email protected]

ROUTING INFORMATION
Date submitted to Component Privacy Office:

September 6, 2013

Date submitted to DHS Privacy Office:

January 7, 2014

Date approved by DHS Privacy Office:

February 21, 2014

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 3 of 7

SPECIFIC PTA QUESTIONS
1. Please describe the purpose of the project or program:
Please provide a general description of the project and its purpose in a way a non-technical person could
understand.
FEMA’s information collection 1660-0047 includes the use of two forms: FEMA Form (FF) 010-0-7,
which is used by states and other federal agencies outside of FEMA to request FEMA disaster assistance;
and FF 010-0-8, which FEMA uses to describe the type of disaster assistance FEMA will provide in
response to the request contained in FF 010-0-7.
FEMA Form 010-0-7 (Resource Request Form/RRF, formerly Action Request Form/ARF): States
and other federal agencies (OFAs) utilize this form to request specified types of disaster assistance
resources, such as commodities and/or personnel, from FEMA following a disaster. FEMA uses the
information contained in FF 010-0-7 to determine (1) whether or not the requested resources are
appropriate and (2) whether they are being requested as a result of the disaster, rather than a pre-existing
condition. Once the required information has been captured on the RRF, FEMA manually enters the
information into the WebEOC Crisis Management System (CMS).
FEMA Form 010-0-8 (Mission Assignment/MA Form): FEMA utilizes this electronic form, which is
located in the Enterprise Coordination and Approvals Processing Systems (eCAPS), to document and
verify the following information regarding the resource request: (1) assigned mission function(s); (2)
work to be performed; (3) start and end dates of the assignment; and (4) estimated costs. FEMA uses this
information to evaluate the assignment, to identify the financial requirements related to the mission
assignment, and to obligate the funds that have been requested from another federal agency to fulfill the
mission task.

2. Project or Program status
February 1, 2004
Date first developed:
Date last updated:

October 28, 2013

Choose an item.
Pilot launch date:
Pilot end date:

April 1, 1997
Click here to enter a
date.

DHS Employees
3. From whom does the Project or
Program collect, maintain, use or
disseminate information?
Please check all that apply.

1

Contractors working on behalf of DHS
Members of the public
This program does not collect any personally
identifiable information1

DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to
the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 4 of 7

4. What specific information about individuals could be collected, generated or retained?
Please provide a specific description of information that might be collected, generated or retained such
as names, addresses, emails, etc.
The following information about individuals is collected using Form 010-0-7 (RRF, formerly ARF):


Requestor’s Name and Title



Requestor’s Phone and Fax Numbers



Requestor’s Organization



Requestor’s E-mail Address



Site Point-of-Contact (POC) Name



Site POC’s 24 Hour Phone Number and Fax Number



State Approving Official’s Signature



Names of Reviewers (i.e., OPS and LOG)



Other Coordination (i.e., names of POCs, agencies, etc.) as required by OPS Section Chief



OFA Action Officer



RRF Recipient’s Name and Organization

The following information about individuals is collected using Form 010-0-8 (MA Form):


Initiator/Requestor Name



Site POC’s Name



24-Hour Phone Number of Initiator/Requestor and Site POC



Email Address of Initiator/Requestor and Site POC



ESF/OFA Action Officer’s Name



ESF/OFA Action Officer’s Phone Number



ESF/OFA Action Officer’s Email Address



MA Manager’s Name (Preparer)



FEMA Project Manager/Branch Director’s Signature (Program Approval)



Comptroller/Funds Control Signature (Funds Review)

harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the
same.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 5 of 7



State Approving Official’s Signature



Federal Approving Official’s Signature

Does the Project or Program use Social
Security Numbers (SSNs)?
If yes, please provide the legal authority for
the collection of SSNs:
If yes, please describe the uses of the SSNs
within the Project or Program:

5. Does this system employ any of the
following technologies:

No
Click here to enter text.
Click here to enter text.

Closed Circuit Television (CCTV)
Sharepoint-as-a-Service

If project or program utilizes any of these
technologies, please contact Component Privacy
Officer for specialized PTA.

Social Media
Mobile Application (or GPS)
Web portal2
None of the above

If this project is a technology/system, does
it relate solely to infrastructure?
For example, is the system a Local Area Network
(LAN) or Wide Area Network (WAN)?

No. Please continue to next question.
Yes. If a log kept of communication traffic,
please answer the following question.

If header or payload data3 is stored in the communication traffic log, please detail the data
elements stored.
Click here to enter text.

6. Does this project or program connect,
receive, or share PII with any other

No.

2

Informational and collaboration-based portals in operation at DHS and its components which collect, use,
maintain, and share limited personally identifiable information (PII) about individuals who are “members” of the
portal or who seek to gain access to the portal “potential members.”
3

When data is sent over the Internet, each unit transmitted includes both header information and the actual data
being sent. The header identifies the source and destination of the packet, while the actual data is referred to as the
payload. Because header information, or overhead data, is only used in the transmission process, it is stripped from
the packet when it reaches its destination. Therefore, the payload is the only data received by the destination system.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 6 of 7

DHS programs or systems4?

Yes. If yes, please list:
eCAPS and WebEOC CMS

7. Does this project or program connect,
receive, or share PII with any external
(non-DHS) partners or systems?

No.
Yes. If yes, please list:
Click here to enter text.

Is this external sharing pursuant to new
or existing information sharing access
agreement (MOU, MOA, LOI, etc.)?

Choose an item.
Please describe applicable information sharing
governance in place.
Click here to enter text.

PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:

John K. Cook

Date submitted to DHS Privacy Office:

January 7, 2014

Component Privacy Office Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
PIA: E-CAPS (which is currently being updated)
SORN: Consistent with the previous adjudication, no SORN at this time.

(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:

Jameson Morgan

Date approved by DHS Privacy Office:

February 21, 2014

PCTS Workflow Number:

1004955
DESIGNATION

Privacy Sensitive System:

4

Yes

If “no” PTA adjudication is complete.

PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes.
Often, these systems are listed as “interconnected systems” in TAFISMA.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 7 of 7

Category of System:
Determination:

IT System
If “other” is selected, please describe: Click here to enter text.
PTA sufficient at this time.
Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
DHS Policy for Computer-Readable Extracts Containing Sensitive PII
applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.

PIA:

SORN:

PIA update is required. Update to the DHS/FEMA/PIA-023 - Enterprise Coordination and
Approval Processing System (eCAPS) PIA is required.
If covered by existing PIA, please list: Click here to enter text.
System covered by existing SORN

If covered by existing SORN, please list:
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
The DHS Privacy Office approves this PIA as a privacy sensitive system. Resource Request Form (RRF)
and Mission Assignment (MA) Form – Collection #1660-0047. An update to the DHS/FEMA/PIA – 023
eCAPS PIA is required.
This PTA was submitted because FEMA has made adjustments to the two forms being used. The ICR
also expires on March 31, 2014. These two forms are used by states and other federal agencies outside of
FEMA to request FEMA disaster assistance and to describe the type of disaster assistance FEMA will
provide in response to the request contained in FF 010-0-7, respectively.
The eCAPS PIA is being updated to reflect the changes to the forms. Coverage under this updated PIA is
required once it is published on the DHS website.
SORN coverage is not required because collected by the forms is not retrieved by any unique identifier. A
Privacy Act Notice is not required because this is not information from members of the general public
going in to a system of records.