Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page
PRIVACY THRESHOLD ANALYSIS (PTA)
This
form is used to determine whether
a Privacy Impact Assessment is
required.
Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under the E-Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website, www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email: [email protected], phone: 202-343-1717.
PRIVACY THRESHOLD ANALYSIS (PTA)
Summary Information
Project or Program Name: |
Mitigation (MT) Electronic Grants (eGrants) |
||
Component: |
|
Office or Program: |
Federal Insurance and Mitigation Administration (FIMA) |
Xacta FISMA Name (if applicable): |
MT eGrants |
Xacta FISMA Number (if applicable): |
FEM-01843-MAJ-01843 |
Type of Project or Program: |
|
Project or program status: |
|
Date first developed: |
August 1, 2003 |
Pilot launch date: |
Click here to enter a date. |
Date of last PTA update |
February 10, 2011 |
Pilot end date: |
Click here to enter a date. |
ATO Status (if applicable) |
|
ATO expiration date (if applicable): |
July 15, 2016 |
PROJECT OR PROGRAM MANAGER
Name: |
Jennifer East |
||
Office: |
Risk Reduction/GDAT |
Title: |
System Team Lead |
Phone: |
202-646-2908 |
Email: |
INFORMATION SYSTEM SECURITY OFFICER (ISSO) (if applicable)
Name: |
John Fowler |
||
Phone: |
202-264-2679 |
Email: |
Specific PTA Questions
1. Reason for submitting the PTA: |
The Federal Insurance and Mitigation Administration (FIMA) own and operate the Mitigation (MT) Electronic Grants (eGrants) system. FIMA conducts this MT eGrants PTA during this ongoing Security Authorization renewal process and as part of OMB ICR No. 1660-0072 review, update, and renewal process. MT eGrants is both an internal (government-facing) system and an external facing system. This system is also part of OMB ICR No. 1660-0072. Grant applicants and sub-applicants (States, Federally-recognized Indian Tribal governments, territories, and local governments) access the external site to submit their applications. FEMA staff use the internal systems to review the applications and to award and monitor awarded grants. MT eGrants processes applications for the following components of the Hazard Mitigation Assistance (HMA) grant programs: Pre-Disaster Mitigation (PDM), Flood Mitigation Assistance (FMA), Repetitive Flood Claims (RFC) and Severe Repetitive Loss (SRL). During the application process, the grant applicant provides personally identifiable information (PII) of its point of contacts (POCs) for the sole purpose of correspondence between FEMA and the applicant. Also, MT eGrants collects the name, address, other property information such as the flood insurance policy information for the purpose of determining HMA funding eligibility and to prevent duplication of benefits. There are no forms associated with OMB ICR No. 1660-0072. MT eGrants currently has coverage by the DHS/FEMA/PIA-006 FEMA National Emergency Management Information System MT eGrants System Privacy Impact Assessment (PIA) and the DHS/FEMA-009 Hazard Mitigation Assistance (HMA) Grant Programs System of Records System of Records Notice (SORN), 77 Fed. Reg. 17,783 (July 23, 2012).(PLEASE NOTE THAT THIS SORN IS BEING REVISED) Individuals access MT eGrants through the FEMA Authentication and Provisioning Services (APS). FEMA APS is currently covered by the DHS/FEMA/PIA-031 Authentication and Provisioning Services (APS) PIA and the DHS/ALL-004 General Information Technology Access Account Records System (GITAARS) SORN 77 Fed. Reg. 70,792 (Nov. 27, 2012). FIMA shares MT eGrant information with the FEMA Enterprise Data Warehouse (EDW). FIMA shares this information with EDW for storage and reporting purposes. The FEMA EDW is currently covered by the DHS/FEMA/PIA-026 Operational Data Store and Enterprise Data Warehouse PIA.
|
If you are using any of these technologies and want coverage under the respective PIA for that technology please stop here and contact the DHS Privacy Office for further guidance.
|
Closed Circuit Television (CCTV) Social Media Web portal1 (e.g., SharePoint) Contact Lists None of these |
Please check all that apply. |
This program does not collect any personally identifiable information2 Members of the public DHS employees/contractors (list components): Contractors working on behalf of DHS Employees of other federal agencies |
|
|
|
The FEMA MT eGrants system collects the following information from individual property owners that are included in a state’s HMA Grant Program grant application: name, telephone number(s) (home, work/business, and/or mobile), property address(es) (damaged, mailing, and email), flood insurance policy number, flood insurance policy provider, flood insurance policy/coverage status.
The
FEMA MT eGrants system also collects the following point of
contact information from grant applicants: name, work/business
address, work/business telephone number, and work/business email
address.
|
|
|
4(a) Does the project, program, or system retrieve information by personal identifier? |
No. Please continue to next question. Yes. If yes, please list all personal identifiers used: |
|
4(b) Does the project, program, or system use Social Security Numbers (SSN)? |
No. Yes. |
|
4(c) If yes, please provide the specific legal basis and purpose for the collection of SSNs: |
Click here to enter text. |
|
4(d) If yes, please describe the uses of the SSNs within the project, program, or system: |
Click here to enter text. |
|
4(e) If this project, program, or system is an information technology/system, does it relate solely to infrastructure?
For example, is the system a Local Area Network (LAN) or Wide Area Network (WAN)? |
No. Please continue to next question. Yes. If a log kept of communication traffic, please answer the following question. |
|
4(f) If header or payload data3 is stored in the communication traffic log, please detail the data elements stored. |
||
Click here to enter text.
|
|
No. Yes. If yes, please list: FEMA’s Enterprise Data Warehouse |
|
No. Yes. If yes, please list: Click here to enter text. |
6(a) Is this external sharing pursuant to new or existing information sharing access agreement (MOU, MOA, LOI, etc.)?
|
Please describe applicable information sharing governance in place:
|
7. Does the project, program, or system provide role-based training for personnel who have access in addition to annual privacy training required of all DHS personnel?
|
No. Yes. If yes, please list: |
|
No. What steps will be taken to develop and maintain the accounting: Yes. In what format is the accounting maintained: MT eGrants audit logs are generated via syslog. The audit records capture event information including user account name, user IP address, timestamp of event, and type of event. MT eGrants administrators following the Enterprise Audit Logging SOP, dated April 30, 2012. |
|
Unknown. No. Yes. Please indicate the determinations for each of the following: Confidentiality: Low Moderate High Undefined
Integrity: Low Moderate High Undefined
Availability: Low Moderate High Undefined |
PRIVACY THRESHOLD REVIEW
(To be Completed by COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer: |
LeVar J. Sykes |
|
Date submitted to Component Privacy Office: |
Click here to enter a date. |
|
Date submitted to DHS Privacy Office: |
Click here to enter a date. |
|
Component Privacy Office Recommendation: Please include recommendation below, including what new privacy compliance documentation is needed. |
||
The FEMA Privacy Office recommends that FEMA MT eGrants be classified as a Privacy Sensitive System with coverage by the following existing PIA and SORN: PIA: DHS/FEMA/PIA-006 National Emergency Management Information System Mitigation (MT) Electronic Grants (eGrants) System SORN: DHS/FEMA-009 – HMA Grant Programs SORN, 77 Fed Reg. 17,783 (July 23, 2012).
|
(To be Completed by the DHS Privacy Office)
DHS Privacy Office Reviewer: |
Click here to enter text. |
PCTS Workflow Number: |
Click here to enter text. |
Date approved by DHS Privacy Office: |
Click here to enter a date. |
PTA Expiration Date |
Click here to enter a date. |
DESIGNATION
Privacy Sensitive System: |
If “no” PTA adjudication is complete. |
|
|
Category of System: |
If “other” is selected, please describe: Click here to enter text. |
|
|
Determination: PTA sufficient at this time. Privacy compliance documentation determination in progress. New information sharing arrangement is required. DHS Policy for Computer-Readable Extracts Containing Sensitive PII applies. Privacy Act Statement required. Privacy Impact Assessment (PIA) required. System of Records Notice (SORN) required. Paperwork Reduction Act (PRA) Clearance may be required. Contact your component PRA Officer. A Records Schedule may be required. Contact your component Records Officer. |
|
||
PIA: |
If covered by existing PIA, please list: Click here to enter text. |
|
|
SORN: |
If covered by existing SORN, please list: Click here to enter text. |
|
|
DHS Privacy Office Comments: Please describe rationale for privacy compliance determination above. |
|||
Click here to enter text.
|
1 Informational and collaboration-based portals in operation at DHS and its components that collect, use, maintain, and share limited personally identifiable information (PII) about individuals who are “members” of the portal or “potential members” who seek to gain access to the portal.
2 DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual, regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the same.
3 When data is sent over the Internet, each unit transmitted includes both header information and the actual data being sent. The header identifies the source and destination of the packet, while the actual data is referred to as the payload. Because header information, or overhead data, is only used in the transmission process, it is stripped from the packet when it reaches its destination. Therefore, the payload is the only data received by the destination system.
4 PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes. Often, these systems are listed as “interconnected systems” in Xacta.
4 FIPS 199 is the Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal Information and Information Systems and is used to establish security categories of information systems.
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File Title | DHS PRIVACY OFFICE |
Author | marilyn.powell |
File Modified | 0000-00-00 |
File Created | 2021-01-27 |