Privacy Threshold Analysis (PTA)

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 1 of 8

PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.

Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under
the E-Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component
Privacy Office, please send the PTA to the DHS Privacy Office:
Rebecca J. Richards
Senior Director of Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]

Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a
PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment
Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website,
www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email:
[email protected], phone: 202-343-1717.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 2 of 8

PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:

Individual Assistance Customer Satisfaction Surveys
Collection 1660-0036

Component:

Federal Emergency
Management Agency (FEMA)

Office or
Program:

Customer Satisfaction
Analysis Section of the
National Processing Service
Centers Division

TAFISMA Name:

Click here to enter text.

TAFISMA
Number:

Click here to enter text.

Type of Project or
Program:

Form or other Information
Collection

Project or
program
status:

Update

PROJECT OR PROGRAM MANAGER
Name:

Kyle M. Mills, P.E., Section Manager or Maggie Billing, Program Analyst

Office:

Customer Satisfaction
Analysis Section

Title:

940 891-8500 Switchboard
Phone:

940 891-8881 Kyle Mills

Email:

940 891-8709 Maggie Billing

See Name Above
[email protected]
[email protected]

INFORMATION SYSTEM SECURITY OFFICER (ISSO)
Name:

Click here to enter text.

Phone:

Click here to enter text.

Email:

Click here to enter text.

ROUTING INFORMATION
Date submitted to Component Privacy Office:

July 23, 2013

Date submitted to DHS Privacy Office:

September 20, 2013

Date approved by DHS Privacy Office:

September 23, 2013

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 3 of 8

SPECIFIC PTA QUESTIONS
1. Please describe the purpose of the project or program:
Please provide a general description of the project and its purpose in a way a non-technical person could
understand.
FEMA’s Recovery Directorate, National Processing Service Center Division (NPSC) administers the
Individual Assistance (IA) Customer Satisfaction Surveys and focus groups through the Customer
Satisfaction Analysis Section. The purpose is to measure disaster survivor satisfaction with FEMA’s
services and to make recommendations for improvements to those services based on the voice of the
customer.
Disaster survivor data is randomly imported from records stored in electronic data files and displayed on a
screen containing the survey questions. Responses to the surveys are stored in electronic data files.
Monitoring for quality assurance is recorded in an electronic file.
This purpose is consistent with FEMA’s Strategic Plan and the mandates of Exec. Order Nos. 12862,
13411, and 13571 and the Government Performance and Results Acts (GPRA).

2. Project or Program status
1995
Date first developed:
February 15, 2011
Date last updated:

Choose an item.
Pilot launch date:
Pilot end date:

N/A
N/A

DHS Employees
3. From whom does the Project or
Program collect, maintain, use or
disseminate information?
Please check all that apply.

Contractors working on behalf of DHS
Members of the public
This program does not collect any personally
identifiable information1

4. What specific information about individuals could be collected, generated or retained?
Please provide a specific description of information that might be collected, generated or retained such
as names, addresses, emails, etc.
The following data is imported and retained based on the type of survey being administered:
1) Applicant name, phone number(s), mailing address, damaged address, disaster number, registration
1

DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to
the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the
same.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 4 of 8

identification number, date of registration, registrar name, date of loss, type of loss, damage to home,
damage to personal property, damage to access, emergency needs, evacuation needs, disability needs,
damage to business, current location, type of home, insurance(s), ownership, income, age, number of
dependents, self-employed, referrals to other agencies, subsequent contact date, summary line from the
comment, type of call, and representative name are imported from the IA Client application of the
NEMIS-IA system replicated to the Enterprise Data Warehouse.
2) Temporary housing unit assignment, recommendation date, dates of approval and notification of unit
assignment and acceptance dates, unit type, unit requested, unit assigned, site address and type, dates of
maintenance requested and received and priority, dates issued to and completed by contractor, move out
and vacate dates, sale date and representative name, disaster number, registration identification number
are imported from the Housing Operations Management Enterprise System Client (HOMES) application
of the NEMIS-IA system replicated to the Enterprise Data Warehouse.
3) First name and phone number, date of visit, and the DRC number are imported from the Disaster
Recovery Center (DRC) Manager in the Recovery Information Management System (RIMS).
4) Name, phone number, date of visit, DRC number, disaster number, and registration identification
number are imported from DRC Visitor Logs.
5) Name, phone number, disaster number, registration identification number, date of contact, name of
representative and purpose of contact are imported from the Disaster Survivor Assistance Team (DSAT)
tracking logs.
The imported data is stored with the survey responses in the Customer Satisfaction Analysis System
(CSAS).
Monitoring for quality assurance is recorded through the Quality Assurance Recording System (QARS).
Does the Project or Program use Social
Security Numbers (SSNs)?
If yes, please provide the legal authority for
the collection of SSNs:
If yes, please describe the uses of the SSNs
within the Project or Program:

5. Does this system employ any of the
following technologies:
If project or program utilizes any of these
technologies, please contact Component Privacy
Officer for specialized PTA.

No
N/A
N/A

Closed Circuit Television (CCTV)
Sharepoint-as-a-Service
Social Media

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 5 of 8

Mobile Application (or GPS)
Web portal2
None of the above
If this project is a technology/system, does
it relate solely to infrastructure?
For example, is the system a Local Area Network
(LAN) or Wide Area Network (WAN)?

No. Please continue to next question.
Yes. If a log kept of communication traffic,
please answer the following question.

If header or payload data3 is stored in the communication traffic log, please detail the data
elements stored.

No.
Yes. If yes, please list:
6. Does this project or program connect,
receive, or share PII with any other
DHS programs or systems4?

Data received from:
1. Enterprise Data Warehouse
2. Recovery Information Management System

(RIMS) and visitor or tracking logs
Monitored through the Quality Assurance
Recording System (QARS).
7. Does this project or program connect,
receive, or share PII with any external
(non-DHS) partners or systems?

No.
Yes. If yes, please list:
Click here to enter text.

Is this external sharing pursuant to new

Choose an item.

2

Informational and collaboration-based portals in operation at DHS and its components which collect, use,
maintain, and share limited personally identifiable information (PII) about individuals who are “members” of the
portal or who seek to gain access to the portal “potential members.”
3

When data is sent over the Internet, each unit transmitted includes both header information and the actual data
being sent. The header identifies the source and destination of the packet, while the actual data is referred to as the
payload. Because header information, or overhead data, is only used in the transmission process, it is stripped from
the packet when it reaches its destination. Therefore, the payload is the only data received by the destination system.
4 PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes.
Often, these systems are listed as “interconnected systems” in TAFISMA.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 6 of 8

or existing information sharing access
agreement (MOU, MOA, LOI, etc.)?

Please describe applicable information sharing
governance in place.
Click here to enter text.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 7 of 8

PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:

Lane Raffray

Date submitted to DHS Privacy Office:

Click here to enter a date.

Component Privacy Office Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
PIA: This ICR will be covered by a new PIA for the CSAS IT System that stores and maintains the
survey data.
SORN: DHS/FEMA 008 Disaster Recovery Files System of Records (April 30, 2013, 78 FR 25282) &
DHS/FEMA 002 Quality Assurance Recording System (QARS) System of Records (February 15, 2011
76 FR 8758).
The QARS SORN is being updates to include the Customer Satisfaction Analysis Section recording of its
employees administering surveys and assessments to IA applicants.
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:

Jameson Morgan

Date approved by DHS Privacy Office:

September 23, 2013

PCTS Workflow Number:

992049
DESIGNATION

Privacy Sensitive System:
Category of System:
Determination:

Yes

If “no” PTA adjudication is complete.

IT System
If “other” is selected, please describe: Click here to enter text.
PTA sufficient at this time.
Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
DHS Policy for Computer-Readable Extracts Containing Sensitive PII
applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.

PIA:

New PIA is required. Covered by forthcoming PIA for the CSAS IT System.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 8 of 8

If covered by existing PIA, please list: Click here to enter text.
System covered by existing SORN. A SORN Update is also required.
SORN:

If covered by existing SORN, please list: DHS/FEMA-002 – Quality Assurance Recording
System; DHS/FEMA-008 - Disaster Recovery Assistance Files
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
The DHS Privacy Office agrees with FEMA Privacy Offices Assessment. This system requires coverage
under the forthcoming PIA for the CSAS IT System, and under the DHS/FEMA 008 Disaster Recovery
Assistance Files SORN, and the DHS/FEMA 002 Quality Assurance Recording System (QARS) SORN
after being updated. Also, any forms developed through this program where a member of the public
provides information must include an approved Privacy Act Statement.
These surveys are used to measure disaster survivor satisfaction with FEMA’s services and to make
recommendations for improvements to those services based on the voice of the customer. In order to
make these surveys as accurate as possible, some PII must be collected from individuals participating in
the surveys. A PIA is required for this system because it is collecting and storing a wide array of PII from
members of the public, and conducting surveys using this PII for quality assurance purposes. There is
currently no PIA that covers this collection of information. The forthcoming DHS/FEMAPIA for the
CSAS IT system will cover the collection and storage of the survey data in this system.
The DHS/FEMA – 008 Disaster Recovery Assistance Files SORN covers the data that is collected as a
result of individuals applying for FEMA disaster assistance. This data is used to help customer service
representatives contact members of the public and conduct surveys more accurately and efficiently. The
DHS/FEMA – 002 QARS SORN will be updated to include the Customer Satisfaction Analysis Section
recording of its employees administering surveys and assessments to Individual Assistance applicants.
This update will help FEMA provide better customer service and should produce more accurate survey
results. Any forms developed through this program where a member of the public provides information
must include an approved Privacy Act Statement as required by the Privacy Act of 1974. This PTA
should be reviewed every year until the PIA is completed.