Privacy Threshold Analysis (PTA)

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 1 of 8

PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.

Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under
the E-Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component
Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]

Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a
PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment
Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website,
www.dhs.gov/privacy, on DHS Connect and directly from the DHS Privacy Office via email:
[email protected], phone: 202-343-1717.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 2 of 8

PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:

Crisis Counseling Assistance and Training Program (1660-0085)

Component:

Federal Emergency
Management Agency (FEMA)

Office or
Program:

Office of Response &
Recovery (ORR)/Recovery
Directorate/Individual
Assistance (IA)
Division/Human Services
(HS) Branch

Xacta FISMA
Name (if
applicable):

Click here to enter text.

Xacta FISMA
Number (if
applicable):

Click here to enter text.

Type of Project or
Program:

Form or other Information
Collection

Project or
program
status:

Modification

Date first
developed:
Date of last PTA
update

March 7, 2010

Pilot launch
date:

Click here to enter a date.

July 19, 2012

Pilot end date:

Click here to enter a date.

ATO Status (if
applicable)

Choose an item.

ATO
expiration date
(if applicable):

Click here to enter a date.

PROJECT OR PROGRAM MANAGER
Name:

Tanya Stevenson

Office:

ORR/RD/IA/HS

Title:

Crisis Counseling Assistance
and Training Program (CCP)

Phone:

202-870-7854

Email:

[email protected]
ov

INFORMATION SYSTEM SECURITY OFFICER (ISSO) (IF APPLICABLE)
Name:

Click here to enter text.

Phone:

Click here to enter text.

Email:

Click here to enter text.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 3 of 8

SPECIFIC PTA QUESTIONS
1. Reason for submitting the PTA: Updated PTA
FEMA offers Crisis Counseling Assistance and Training Program (CCP) grants to U.S. states, territories,
and tribal governments (grantees) following a Presidentially declared disaster as authorized by Section
416 of the Robert T. Stafford Disaster Relief and Emergency Assistance Act as amended, 42 U.S.C. §
5183. FEMA’s Office of Response and Recovery/Recovery Directorate/Individual Assistance (IA)
Division/Human Services (HS) Branch administers CCP through two grants in partnership with the
Department of Health and Human Services’ (HHS) Substance Abuse and Mental Health Services Agency
(SAMHSA). These are the Immediate Services Program (ISP) and the Regular Services Program (RSP).
These programs provide supplemental funding for community-based outreach for mental health assistance
and training services. The CCP supports short-term interventions to assist survivors in understanding
their current situation and reactions, mitigating stress, reviewing their disaster recovery options, linking
with other helpful individuals and agencies and providing coping and emotional support.
The two CCP grant programs utilize the following forms:
FF 003-0-1 (ISP)
FEMA offers the ISP for a limited period of time, up to 60 days from the date of declaration, unless the
grantee submits an RSP application for longer-term funding. In that case, FEMA may continue funding
ISP until FEMA makes a decision regarding the RSP application.
FF 003-0-2 (RSP)
The RSP provides funding for up to nine months from the date awarded for community outreach,
consultation and public education, group and individual crisis counseling, coping strategies, referrals and
resource linkage.
Once a state/territory/tribal government agency completes the ISP or RSP application form, the grantee
POC scans in the form, password protects it and securely sends it to the FEMA IA Division/HS Branch
POC at either the appropriate Regional Office or Joint Field Office (JFO) for review. Then the
Regional/JFO POC securely forwards the form to POCs at both the FEMA HS Branch and
HHS/SAMHSA. These POCs and other designated program officials and managers review the application
and either approve or deny it. After deciding, FEMA stores the form in the office hardcopy grant file at
HHS/SAMHSA and on a shared drive.
FEMA renews this PTA because both FF 003-0-1 and FF 003-0-2 have been revised to reduce the amount
of PII requested and to, therefore, reduce the paperwork burden for applicants. The current expiration
date for the Information Collection 1660-0085 is August 31, 2014.

2. Does this system employ any of the
following technologies:
If you are using any of these technologies and

Closed Circuit Television (CCTV)

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 4 of 8

want coverage under the respective PIA for that
technology please stop here and contact the DHS
Privacy Office for further guidance.

Social Media
Web portal1 (e.g., SharePoint)
Contact Lists
None of these

3. From whom does the Project or
Program collect, maintain, use, or
disseminate information?
Please check all that apply.

This program does not collect any personally
identifiable information2
Members of the public
DHS employees/contractors (list components):
Contractors working on behalf of DHS
Employees of other federal agencies

4. What specific information about individuals is collected, generated or retained?
FF 003-0-1 (ISP)
The ISP grant applicant/agency’s POC must provide his/her name, work email address, mailing address,
and work phone number.
FF 003-0-2 (RSP)
The RSP grant applicant/agency’s POC must provide his/her name, work email address, mailing address,
and work phone number.
No. Please continue to next question.
4(a) Does the project, program, or system
Yes. If yes, please list all personal identifiers
retrieve information by personal identifier?
used:
4(b) Does the project, program, or system
No.
use Social Security Numbers (SSN)?
Yes.
Click here to enter text.
4(c) If yes, please provide the specific legal
1

Informational and collaboration-based portals in operation at DHS and its components that collect, use, maintain, and share
limited personally identifiable information (PII) about individuals who are “members” of the portal or “potential members” who
seek to gain access to the portal.
2
DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to
the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the
same.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 5 of 8

basis and purpose for the collection of
SSNs:
4(d) If yes, please describe the uses of the
SSNs within the project, program, or
system:
4(e) If this project, program, or system is
an information technology/system, does it
relate solely to infrastructure?

Click here to enter text.

No. Please continue to next question.
Yes. If a log kept of communication traffic,
please answer the following question.

For example, is the system a Local Area Network
(LAN) or Wide Area Network (WAN)?
4(f) If header or payload data3 is stored in the communication traffic log, please detail the data
elements stored.
Click here to enter text.

5. Does this project, program, or system
connect, receive, or share PII with any
other DHS programs or systems4?

No.
Yes. If yes, please list:
Click here to enter text.

6. Does this project, program, or system
connect, receive, or share PII with any
external (non-DHS) partners or
systems?
6(a) Is this external sharing pursuant to
new or existing information sharing
access agreement (MOU, MOA, LOI,
etc.)?
7. Does the project, program, or system
provide role-based training for
personnel who have access in addition
to annual privacy training required of
3

No.
Yes. If yes, please list:
Click here to enter text.
Choose an item.
Please describe applicable information sharing
governance in place:

No.
Yes. If yes, please list:

When data is sent over the Internet, each unit transmitted includes both header information and the actual data being sent. The
header identifies the source and destination of the packet, while the actual data is referred to as the payload. Because header
information, or overhead data, is only used in the transmission process, it is stripped from the packet when it reaches its
destination. Therefore, the payload is the only data received by the destination system.
4
PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes. Often, these
systems are listed as “interconnected systems” in Xacta.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 6 of 8

all DHS personnel?
8. Per NIST SP 800-53 Rev. 4, Appendix
J, does the project, program, or system
maintain an accounting of disclosures
of PII to individuals who have
requested access to their PII?
9. Is there a FIPS 199 determination?4

No. What steps will be taken to develop and
maintain the accounting:
Yes. In what format is the accounting
maintained:
Unknown.
No.
Yes. Please indicate the determinations for each
of the following:

4

Confidentiality:
Low
Moderate

High

Undefined

Integrity:
Low

Moderate

High

Undefined

Availability:
Low
Moderate

High

Undefined

FIPS 199 is the Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal
Information and Information Systems and is used to establish security categories of information systems.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 7 of 8

PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:

John K. Cook

Date submitted to Component Privacy
Office:

February 26, 2014

Date submitted to DHS Privacy Office:
Component Privacy Office Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
PIA: DHS/FEMA/PIA-013-Grant Management Programs
SORN: DHS/FEMA – 009 Hazard Mitigation, Disaster Public Assistance, and Disaster Loan Programs
System of Records
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:

Jameson Morgan

PCTS Workflow Number:

1018041

Date approved by DHS Privacy Office:

May 12, 2014

PTA Expiration Date

May 12, 2017
DESIGNATION

Privacy Sensitive System:
Category of System:
Determination:

Yes

If “no” PTA adjudication is complete.

IT System
If “other” is selected, please describe: Click here to enter text.
PTA sufficient at this time.
Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
DHS Policy for Computer-Readable Extracts Containing Sensitive PII
applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.
Paperwork Reduction Act (PRA) Clearance may be required. Contact

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 8 of 8

your component PRA Officer.
A Records Schedule may be required. Contact your component Records
Officer.
System covered by existing PIA
PIA:

If covered by existing PIA, please list: DHS/FEMA/PIA – 013 Grant Management
Programs,
System covered by existing SORN

SORN:

If covered by existing SORN, please list: DHS/FEMA-009 - Hazard Mitigation Assistance
Grant Programs
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
The DHS Privacy Office agrees with the FEMA Privacy Office that Crisis Counseling and Training
Program is a privacy sensitive program with coverage required under the DHS/FEMA/PIA – 013 Grant
Management Programs and the DHS/FEMA – 009 Hazard Mitigation, Disaster Public Assistance, and
Disaster Loan Programs SORN.
This PTA was submitted because the FF 003-0-1 and FF 003-0-2 forms were revised to reduce the
amount of PII requested and to, therefore, reduce the paperwork burden for applicants. This Update
includes coverage under the newly published DHS/FEMA – 009 SORN. The previous PTA was covered
under the DHS/FEMA – 004 SORN, however, the DHS/FEMA – 009 SORN provides more sufficient
coverage to these forms. The DHS/FEMA/PIA – 013 PIA is still applicable for these forms with the
reduced PII collection.