Privacy Threshold Analysis (PTA)

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 1 of 8

PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.

Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under
the E-Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component
Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]

Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a
PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment
Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website,
www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email:
[email protected], phone: 202-343-1717.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 2 of 8

PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:

Special Flood Hazard Determination Form

Component:

Federal Emergency
Management Agency (FEMA)

Office or
Program:

Federal Insurance
Mitigation Administration
(FIMA)

Xacta FISMA
Name (if
applicable):

Click here to enter text.

Xacta FISMA
Number (if
applicable):

Click here to enter text.

Type of Project or
Program:

Form or other Information
Collection

Project or
program
status:

Modification

Date first
developed:
Date of last PTA
update

1994

Pilot launch
date:

October 25, 2011

Pilot end date:

Click here to enter a date.

ATO Status (if
applicable)

Choose an item.

ATO
expiration date
(if applicable):

Click here to enter a date.

PROJECT OR PROGRAM MANAGER
Name:

Susan Bernstein

Office:

FIMA RID

Title:

Program Specialist

Phone:

202-212-2113

Email:

[email protected]
v

INFORMATION SYSTEM SECURITY OFFICER (ISSO) (IF APPLICABLE)
Name:

Click here to enter text.

Phone:

Click here to enter text.

Email:

Click here to enter text.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 3 of 8

SPECIFIC PTA QUESTIONS
1. Reason for submitting the PTA: Renewal PTA
FEMA completes this PTA as part of the Paperwork Reduction Act (PRA) information collection renewal
and update process. FEMA Form (FF) 086-0-32 “Special Hazard Determination Form” is included in the
Office of Management and Budget (OMB) Information Collection Resource (ICR) No. 1660-0040. The
form is being updated with clearer language to help the user better understand how to fill out the form.
There are no changes to the type or amount of information being collected since the previous PTA for this
form was approved by DHS on October 25, 2011.
The FEMA FIMA developed FF 086-0-32 in compliance with the National Flood Insurance Reform Act
(NFIRA) requirement that a Standard Flood Hazard Determination form be used by regulated lending
institutions, federal agency lenders, the Federal National Mortgage Association, the Federal Home Loan
Mortgage Corporation, and the Government National Mortgage Association. Federally regulated lending
institutions and organizations must use FF 086-0-32 for the purpose of determining whether flood
insurance is required and available when making, increasing, extending, renewing or purchasing each
loan for property. FF 086-0-32 is required for all such loans in the United States and includes the
property address for the loan collateral.
FEMA does not collect the copies of the completed form or information submitted on the form as part of
its normal business process. FEMA is responsible for developing and updating the form used by lenders.
Lenders are not regulated by FEMA.

2. Does this system employ any of the
following technologies:
If you are using any of these technologies and
want coverage under the respective PIA for that
technology please stop here and contact the DHS
Privacy Office for further guidance.

Closed Circuit Television (CCTV)
Social Media
Web portal 1 (e.g., SharePoint)
Contact Lists
None of these

3. From whom does the Project or
Program collect, maintain, use, or
disseminate information?
Please check all that apply.

1

This program does not collect any personally
identifiable information 2
Members of the public

Informational and collaboration-based portals in operation at DHS and its components that collect, use, maintain, and share
limited personally identifiable information (PII) about individuals who are “members” of the portal or “potential members” who
seek to gain access to the portal.
2
DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to
the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the
same.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 4 of 8

DHS employees/contractors (list components):
Contractors working on behalf of DHS
Employees of other federal agencies

4. What specific information about individuals is collected, generated or retained?
The form is required for all federally backed loans in the United States and lists a property
address for the loan collateral so that address can be reviewed for flood risk. The lender/user has
this information as part of the loan and enters it on the form. FEMA does not collect the
information; but, we are responsible for developing and updating the form.
The following information is requested on FF 086-0-32:
Name/lender identification number;
Addresses (physical or mailing) or physical description of an address; and
Telephone Number
This information is maintained and owned by the lending institution. FEMA/FIMA does not collect or
maintain the information for its normal administration of the NFIP.
No. Please continue to next question.
4(a) Does the project, program, or system
Yes. If yes, please list all personal identifiers
retrieve information by personal identifier?
used:
4(b) Does the project, program, or system
No.
use Social Security Numbers (SSN)?
Yes.
4(c) If yes, please provide the specific legal
Click here to enter text.
basis and purpose for the collection of
SSNs:
4(d) If yes, please describe the uses of the
SSNs within the project, program, or
system:
4(e) If this project, program, or system is
an information technology/system, does it
relate solely to infrastructure?

Click here to enter text.

No. Please continue to next question.
Yes. If a log kept of communication traffic,
please answer the following question.

For example, is the system a Local Area Network
(LAN) or Wide Area Network (WAN)?
4(f) If header or payload data 3 is stored in the communication traffic log, please detail the data
elements stored.
3

When data is sent over the Internet, each unit transmitted includes both header information and the actual data being sent. The
header identifies the source and destination of the packet, while the actual data is referred to as the payload. Because header

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 5 of 8

Click here to enter text.

5. Does this project, program, or system
connect, receive, or share PII with any
other DHS programs or systems 4?

No.
Yes. If yes, please list:
Click here to enter text.

6. Does this project, program, or system
connect, receive, or share PII with any
external (non-DHS) partners or
systems?
6(a) Is this external sharing pursuant to
new or existing information sharing
access agreement (MOU, MOA, LOI,
etc.)?
7. Does the project, program, or system
provide role-based training for
personnel who have access in addition
to annual privacy training required of
all DHS personnel?
8. Per NIST SP 800-53 Rev. 4, Appendix
J, does the project, program, or system
maintain an accounting of disclosures
of PII to individuals who have
requested access to their PII?
9. Is there a FIPS 199 determination? 4

No.
Yes. If yes, please list:
Click here to enter text.
Choose an item.
Please describe applicable information sharing
governance in place:
No.
Yes. If yes, please list:

No. What steps will be taken to develop and
maintain the accounting: FEMA is only responsible
for form development and updates and do not
collect information or account for completed forms.
Lenders use the form.
Yes. In what format is the accounting
maintained:
Unknown.
No.
Yes. Please indicate the determinations for each
of the following:
Confidentiality:

information, or overhead data, is only used in the transmission process, it is stripped from the packet when it reaches its
destination. Therefore, the payload is the only data received by the destination system.
4
PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes. Often, these
systems are listed as “interconnected systems” in Xacta.
4
FIPS 199 is the Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal
Information and Information Systems and is used to establish security categories of information systems.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 6 of 8

Low

Moderate

High

Undefined

Moderate

High

Undefined

Availability:
Low
Moderate

High

Undefined

Integrity:
Low

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 7 of 8

PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:

LeVar J. Sykes

Date submitted to Component Privacy
Office:

October 1, 2014

Date submitted to DHS Privacy Office:

November 25, 2014

Component Privacy Office Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
The FEMA Privacy Office recommends that this collect not be considered and privacy sensitive system as
the form is not used by FEMA but is a tool created by FEMA to standardize lending institution and other
stakeholders’ collection of information as part of the NFIP.
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:

Eric M. Leckey

PCTS Workflow Number:

1054649

Date approved by DHS Privacy Office:

November 25, 2014

PTA Expiration Date

November 25, 2017
DESIGNATION

Privacy Sensitive System:

No

Category of System:

Form/Information Collection

Determination:

PTA sufficient at this time.
Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
DHS Policy for Computer-Readable Extracts Containing Sensitive PII
applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.
Paperwork Reduction Act (PRA) Clearance may be required. Contact
your component PRA Officer.
A Records Schedule may be required. Contact your component Records

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 8 of 8

Officer.
PIA:
SORN:

Choose an item.
If covered by existing PIA, please list: Click here to enter text.
Choose an item.

If covered by existing SORN, please list: Click here to enter text.
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
It is agreed that this is not s privacy sensitive system. FEMA does not collect, use, or maintain either
completed forms or any information provided to lenders and other stakeholders when completing the
form.