Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page
PRIVACY THRESHOLD ANALYSIS (PTA)
This
form is used to determine whether
a Privacy Impact Assessment is
required.
Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under the E-Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website, www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email: [email protected], phone: 202-343-1717.
PRIVACY THRESHOLD ANALYSIS (PTA)
Summary Information
Project or Program Name: |
Write Your Own (WYO) Company Participation Criteria; New Applicant |
||
Component: |
|
Office or Program: |
Federal Insurance and Mitigation Administration (FIMA) |
Xacta FISMA Name (if applicable): |
Click here to enter text. |
Xacta FISMA Number (if applicable): |
Click here to enter text. |
Type of Project or Program: |
|
Project or program status: |
|
Date first developed: |
October 1, 1978 |
Pilot launch date: |
Click here to enter a date. |
Date of last PTA update |
December 19, 2011 |
Pilot end date: |
Click here to enter a date. |
ATO Status (if applicable) |
|
ATO expiration date (if applicable): |
Click here to enter a date. |
PROJECT OR PROGRAM MANAGER
Name: |
Susan Bernstein |
||
Office: |
FIMA RID |
Title: |
Program Specialist |
Phone: |
202-212-2113 |
Email: |
INFORMATION SYSTEM SECURITY OFFICER (ISSO) (if applicable)
Name: |
Click here to enter text. |
||
Phone: |
Click here to enter text. |
Email: |
Click here to enter text. |
Specific PTA Questions
1. Reason for submitting the PTA: |
The Federal Emergency Management Agency (FEMA) Federal Insurance and Mitigation Administration (FIMA) perform this Privacy Threshold Analysis (PTA) as part of the Office of Management and Budget (OMB) Information Collection Resource (ICR) renewal process. This PTA is part of OMB ICR No. 1660-0038. FEMA has had no changes to this collection or associated forms since the last PTA was approved on December 19, 2011. Under the National Flood Insurance Program’s (NFIP) Write Your Own (WYO) Program, FEMA enters into arrangements with private insurance companies. The arrangement with the private insurers is authorized by the National Flood Insurance Act of 1968. Individual private sector insurance companies are licensed by the states they do business in to engage in the business of property insurance. These companies may offer flood insurance coverage to eligible property owners by use of their customary business practice and the NFIP uses their submissions to determine the provider’s competency. To facilitate the marketing of flood insurance, the federal government will be a guarantor of flood insurance coverage for WYO companies’ policies issued under the WYO Program Financial Assistance/Subsidy Arrangement (Arrangement). FEMA requires a one-time submission of information from an insurance company to determine the company’s qualifications, as set forth in 44 CFR 62.24. FIMA collects the personally identifiable information from an insurance company’s point of contact (POC) applying on behalf of their organization to participate in the WYO Program. FIMA retrieves information that is part of this project by name of insurance company and not by PII. The DHS/FEMA – 003 National Flood Insurance Program Files SORN provide additional information regarding the NFIP and WYO programs. |
If you are using any of these technologies and want coverage under the respective PIA for that technology please stop here and contact the DHS Privacy Office for further guidance.
|
Closed Circuit Television (CCTV) Social Media Web portal1 (e.g., SharePoint) Contact Lists None of these |
Please check all that apply. |
This program does not collect any personally identifiable information2 Members of the public DHS employees/contractors (list components): Contractors working on behalf of DHS Employees of other federal agencies |
|
|
|
This project collects the following information from insurance company’s point of contacts: Signature, Name, Title, Organization name, Telephone number(s), or Email address. |
|
|
4(a) Does the project, program, or system retrieve information by personal identifier? |
No. Please continue to next question. Yes. If yes, please list all personal identifiers used: |
|
4(b) Does the project, program, or system use Social Security Numbers (SSN)? |
No. Yes. |
|
4(c) If yes, please provide the specific legal basis and purpose for the collection of SSNs: |
Click here to enter text. |
|
4(d) If yes, please describe the uses of the SSNs within the project, program, or system: |
Click here to enter text. |
|
4(e) If this project, program, or system is an information technology/system, does it relate solely to infrastructure?
For example, is the system a Local Area Network (LAN) or Wide Area Network (WAN)? |
No. Please continue to next question. Yes. If a log kept of communication traffic, please answer the following question. |
|
4(f) If header or payload data3 is stored in the communication traffic log, please detail the data elements stored. |
||
Click here to enter text.
|
|
No. Yes. If yes, please list: Click here to enter text. |
|
No. Yes. If yes, please list: Click here to enter text. |
6(a) Is this external sharing pursuant to new or existing information sharing access agreement (MOU, MOA, LOI, etc.)?
|
Please describe applicable information sharing governance in place:
|
7. Does the project, program, or system provide role-based training for personnel who have access in addition to annual privacy training required of all DHS personnel?
|
No. Yes. If yes, please list: |
|
No. What steps will be taken to develop and maintain the accounting: Yes. In what format is the accounting maintained: |
|
Unknown. No. Yes. Please indicate the determinations for each of the following: Confidentiality: Low Moderate High Undefined
Integrity: Low Moderate High Undefined
Availability: Low Moderate High Undefined |
PRIVACY THRESHOLD REVIEW
(To be Completed by COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer: |
LeVar J. Sykes |
|
Date submitted to Component Privacy Office: |
Click here to enter a date. |
|
Date submitted to DHS Privacy Office: |
Click here to enter a date. |
|
Component Privacy Office Recommendation: Please include recommendation below, including what new privacy compliance documentation is needed. |
||
FEMA recommends the following privacy compliance coverage: PIA: DHS/FEMA/PIA – 011 National Flood Insurance Program (NFIP) Information Technology Systems (ITS) SORN: N/A |
(To be Completed by the DHS Privacy Office)
DHS Privacy Office Reviewer: |
Eric M. Leckey |
PCTS Workflow Number: |
Click here to enter text. |
Date approved by DHS Privacy Office: |
Click here to enter a date. |
PTA Expiration Date |
Click here to enter a date. |
DESIGNATION
Privacy Sensitive System: |
If “no” PTA adjudication is complete. |
|
|
Category of System: |
If “other” is selected, please describe: Click here to enter text. |
|
|
Determination: PTA sufficient at this time. Privacy compliance documentation determination in progress. New information sharing arrangement is required. DHS Policy for Computer-Readable Extracts Containing Sensitive PII applies. Privacy Act Statement required. Privacy Impact Assessment (PIA) required. System of Records Notice (SORN) required. Paperwork Reduction Act (PRA) Clearance may be required. Contact your component PRA Officer. A Records Schedule may be required. Contact your component Records Officer. |
|
||
PIA: |
If covered by existing PIA, please list: DHS/FEMA/PIA – 011 National Flood Insurance |
|
|
SORN: |
If covered by existing SORN, please list: Click here to enter text. |
|
|
DHS Privacy Office Comments: Please describe rationale for privacy compliance determination above. |
|||
This project collects PII from insurance companies’ point of contact and is categorized as a Privacy Sensitive System. In accordance with the E-Government Act, a PIA is required for this collection. This collection of information has coverage under the DHS/FEMA/PIA – 011 National Flood Insurance Program (NFIP) Information Technology Systems (ITS) PIA. FEMA retrieves records for this collection by insurance companies’ name and not by the PII of the insurance company’s POC. However, information collected by this collection is associated with the DHS/FEMA – 003 National Flood Insurance Program Files System of Records SORN. |
1 Informational and collaboration-based portals in operation at DHS and its components that collect, use, maintain, and share limited personally identifiable information (PII) about individuals who are “members” of the portal or “potential members” who seek to gain access to the portal.
2 DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual, regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the same.
3 When data is sent over the Internet, each unit transmitted includes both header information and the actual data being sent. The header identifies the source and destination of the packet, while the actual data is referred to as the payload. Because header information, or overhead data, is only used in the transmission process, it is stripped from the packet when it reaches its destination. Therefore, the payload is the only data received by the destination system.
4 PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes. Often, these systems are listed as “interconnected systems” in Xacta.
4 FIPS 199 is the Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal Information and Information Systems and is used to establish security categories of information systems.
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File Title | DHS PRIVACY OFFICE |
Author | marilyn.powell |
File Modified | 0000-00-00 |
File Created | 2021-01-25 |