Privacy Threshold Analysis (PTA)

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 1 of 8

PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.

Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under
the E-Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component
Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]

Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a
PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment
Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website,
www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email:
[email protected], phone: 202-343-1717.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 2 of 8

PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:

Manufactured Housing Operations Forms (1660-0030)

Component:

Federal Emergency
Management Agency (FEMA)

Office or
Program:

Office of Response &
Recovery (ORR) – Recovery
- Individual Assistance
Division

Xacta FISMA
Name (if
applicable):

Click here to enter text.

Xacta FISMA
Number (if
applicable):

Click here to enter text.

Type of Project or
Program:

Form or other Information
Collection

Project or
program
status:

Operational

Date first
developed:
Date of last PTA
update

November 1, 2010

Pilot launch
date:

Click here to enter a date.

November 6, 2013

Pilot end date:

Click here to enter a date.

ATO Status (if
applicable)

Choose an item.

ATO
expiration date
(if applicable):

Click here to enter a date.

PROJECT OR PROGRAM MANAGER
Name:

Elizabeth McDowell

Office:

FEMA – Individual
Assistance

Title:

Lead Program Specialist

Phone:

540-686-3630

Email:

[email protected]
ov

INFORMATION SYSTEM SECURITY OFFICER (ISSO) (IF APPLICABLE)
Name:

Click here to enter text.

Phone:

Click here to enter text.

Email:

Click here to enter text.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 3 of 8

SPECIFIC PTA QUESTIONS
1. Reason for submitting the PTA: Renewal PTA
The Federal Emergency Management Agency provides financial needs and services to individuals and
households who apply for disaster benefits in the event of a federal declared disaster, in accordance with
the Robert T Stafford Disaster Relief and Emergency Act, as amended, 42 U.S.C. § 5174. Section 408 of
the Robert T. Stafford Disaster Relief and Emergency Assistance Act, Pub. L. No. 93-288, as amended
(the Stafford Act), collected at 42 U.S. 5121 et seq.,authorizes FEMA to provide direct housing
assistance, directly to individuals or households, who, as a result of a major disaster, lack of available
housing resources and would be unable to make use of financial assistance. FEMA will provide
temporary housing units in the form of a manufactured home or other readily fabricated dwellings.
The information collection request (ICR) 1660-0030 is to support the direct housing operation. The
information collected is used to determine if the feasibility of a potential site for Temporary Housing
Units (THUs) and to ensure the landowner, if other than the will allow for a Mobile Housing Unit (MHU)
to be placed on the property. This information is collected via paper forms then uploaded into the
Individual Assistance (formerly NEMIS-IA) IT system, which maintains Individual and Households
Program information. The information is entered into the Housing Operations Management Enterprise
Systems (HOMES) database (within IA) that is used to coordinate the provision of THUs for disaster
survivors. Under this ICR, FEMA will collect information from members of the public (owners/managers
of the properties hosting MHUs and IHP applicants in need of THUs).
Previously approved forms
a. FEMA Form 010-0-9 (formerly 90-1), Request for Site Inspection – is used by FEMA to ensure
the feasibility of potential sites for temporary housing units. This form will also provide FEMA
with the ability to determine whether these sites will accommodate a temporary housing unit, and
comply with local, State and Federal guidelines and regulations regarding the placement of the
unit. The form documents that the necessary infrastructure required to support a temporary
housing unit is in place.
b. FEMA Form 010-0-10 (formerly 90-31), Landowner’s Authorization Ingress / Egress Agreement
– is used by FEMA to ensure a landowner, if other than the applicant receiving the unit, will
allow the unit to be placed on the property. This form also verifies that routes of ingress and
egress to and from the property are maintained, that necessary actions to make ingress and egress
possible are documented for completion, and that FEMA has a 30-day timeframe upon
termination of the temporary housing agreement to facilitate removal.
Additional forms (change to ICR)
c. FEMA Form 009-0-138 (formerly 90-13), Manufactured Housing Unit Inspection Report- is used
by FEMA to document the condition of the unit and contents during each transaction that occurs
for temporary housing. This form is intended to be used anytime a manufactured housing unit
(HUD or other) is transferred in the property transfer system of record, the Housing Operations
Management Enterprise System (HOMES), including delivery to and receipt from the disaster
survivor.
d. FEMA Form 009-0-136 (formerly 90-26), Unit Installation Work Order - is used to issue and
track individual work orders against a contract for installing Manufactured Housing Units.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 4 of 8

e. FEMA Form 009-0-130 (formerly 90-38), Maintenance Work Order - is used to initiate work
(cost incurred to the government), in particular perform maintenance on a manufactured housing
unit (HUD or otherwise).

2. Does this system employ any of the
following technologies:
If you are using any of these technologies and
want coverage under the respective PIA for that
technology please stop here and contact the DHS
Privacy Office for further guidance.

Closed Circuit Television (CCTV)
Social Media
Web portal 1 (e.g., SharePoint)
Contact Lists
None of these

3. From whom does the Project or
Program collect, maintain, use, or
disseminate information?
Please check all that apply.

This program does not collect any personally
identifiable information 2
Members of the public
DHS employees/contractors (list components):
Contractors working on behalf of DHS
Employees of other federal agencies

4. What specific information about individuals is collected, generated or retained?
Applicant name, Applicant address, applicant phone number, applicant FEMA registration
number, site information (if different from the applicant address), Witness signature, applicant
signature, site owner/agent signature.

1

Informational and collaboration-based portals in operation at DHS and its components that collect, use, maintain, and share
limited personally identifiable information (PII) about individuals who are “members” of the portal or “potential members” who
seek to gain access to the portal.
2
DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to
the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the
same.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 5 of 8

4(a) Does the project, program, or system
retrieve information by personal identifier?
4(b) Does the project, program, or system
use Social Security Numbers (SSN)?
4(c) If yes, please provide the specific legal
basis and purpose for the collection of
SSNs:
4(d) If yes, please describe the uses of the
SSNs within the project, program, or
system:
4(e) If this project, program, or system is
an information technology/system, does it
relate solely to infrastructure?

No. Please continue to next question.
Yes. If yes, please list all personal identifiers
used: Name, registration ID
No.
Yes.
Click here to enter text.

Click here to enter text.

No. Please continue to next question.
Yes. If a log kept of communication traffic,
please answer the following question.

For example, is the system a Local Area Network
(LAN) or Wide Area Network (WAN)?
4(f) If header or payload data 3 is stored in the communication traffic log, please detail the data
elements stored.
Click here to enter text.

5. Does this project, program, or system
connect, receive, or share PII with any
other DHS programs or systems 4?

No.
Yes. If yes, please list:
Click here to enter text.

6. Does this project, program, or system
connect, receive, or share PII with any
external (non-DHS) partners or
systems?

No.
Yes. If yes, please list:
Click here to enter text.

6(a) Is this external sharing pursuant to
new or existing information sharing
access agreement (MOU, MOA, LOI,

Choose an item.
Please describe applicable information sharing

3
When data is sent over the Internet, each unit transmitted includes both header information and the actual data being sent. The
header identifies the source and destination of the packet, while the actual data is referred to as the payload. Because header
information, or overhead data, is only used in the transmission process, it is stripped from the packet when it reaches its
destination. Therefore, the payload is the only data received by the destination system.
4
PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes. Often, these
systems are listed as “interconnected systems” in Xacta.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 6 of 8

governance in place:

etc.)?
7. Does the project, program, or system
provide role-based training for
personnel who have access in addition
to annual privacy training required of
all DHS personnel?
8. Per NIST SP 800-53 Rev. 4, Appendix
J, does the project, program, or system
maintain an accounting of disclosures
of PII to individuals who have
requested access to their PII?
9. Is there a FIPS 199 determination? 4

No.
Yes. If yes, please list:

No. What steps will be taken to develop and
maintain the accounting:
Yes. In what format is the accounting
maintained:
Unknown.
No.
Yes. Please indicate the determinations for each
of the following:
Confidentiality:
Low
Moderate

High

Undefined

Integrity:
Low

Moderate

High

Undefined

Availability:
Low
Moderate

High

Undefined

PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:

Lane Raffray

Date submitted to Component Privacy
Office:

February 24, 2015

Date submitted to DHS Privacy Office:

April 28, 2015

Component Privacy Office Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
4

FIPS 199 is the Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal
Information and Information Systems and is used to establish security categories of information systems.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 7 of 8

PIA: DHS/FEMA/PIA-027 – National Emergency Management Information System-Individual
Assistance (NEMIS-IA) Web-based and Client-based Modules (Will be re-named IA when it is updated.)
SORN: DHS/FEMA 008 Disaster Recovery Assistance Files

(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:

Eric M. Leckey

PCTS Workflow Number:

1083215

Date approved by DHS Privacy Office:

April 30, 2015

PTA Expiration Date

April 30, 2018
DESIGNATION

Privacy Sensitive System:
Category of System:
Determination:

Yes

If “no” PTA adjudication is complete.

Form/Information Collection
If “other” is selected, please describe: Click here to enter text.
PTA sufficient at this time.
Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
DHS Policy for Computer-Readable Extracts Containing Sensitive PII
applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.
Paperwork Reduction Act (PRA) Clearance may be required. Contact
your component PRA Officer.
A Records Schedule may be required. Contact your component Records
Officer.

System covered by existing PIA
PIA:

SORN:

If covered by existing PIA, please list: DHS/FEMA/PIA-027 – National Emergency
Management Information System-Individual Assistance (NEMIS-IA) Web-based and
Client-based Modules
System covered by existing SORN

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 8 of 8

If covered by existing SORN, please list: DHS/FEMA-008 - Disaster Recovery Assistance
Files April 30, 2013 78 FR 25282
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
FEMA’s ICR 1660-0030 collects information from applicants of FEMA’s Individual Assistance program
to assist in the provision of housing benefits. This PTA represents a renewal of the existing ICR, with the
addition of two forms. FEMA’s IA programs are covered by the DHS/FEMA-008 - Disaster Recovery
Assistance Files (April 30, 2013, 78 FR 25282) SORN, which is currently due for a biennial review. The
SORN includes broad categories of records covering inspection reports and associated documents;
however FEMA should review the SORN to ensure proper coverage of this ICR. The housing related
information may be stored, maintained, or processed through FEMA’s Individual Assistance (formerly
NEMIS-IA) IT system, which is covered by the DHS/FEMA/PIA-027 – National Emergency
Management Information System-Individual Assistance (NEMIS-IA) Web-based and Client-based
Modules PIA. The PIA is due for its renewal, and FEMA should ensure that any new information that
may now be processed through IA as a result of this ICR is noted in the new IA PIA.