Download:
pdf |
pdfPrivacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 1 of 9
PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.
Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under
the E-Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component
Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]
Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a
PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment
Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website,
www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email:
[email protected], phone: 202-343-1717.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 2 of 9
PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:
National Urban Search and Rescue Response System Grant/Cooperative
Agreement Program
Component:
Federal Emergency
Management Agency (FEMA)
Office or
Program:
Office of Response and
Recovery (ORR)
Xacta FISMA
Name (if
applicable):
Click here to enter text.
Xacta FISMA
Number (if
applicable):
Click here to enter text.
Type of Project or
Program:
Form or other Information
Collection
Project or
program
status:
Update
Date first
developed:
Date of last PTA
update
Click here to enter a date.
Pilot launch
date:
Click here to enter a date.
Click here to enter a date.
Pilot end date:
Click here to enter a date.
ATO Status (if
applicable)
Choose an item.
ATO
expiration date
(if applicable):
Click here to enter a date.
PROJECT OR PROGRAM MANAGER
Name:
Catherine Deel
Office:
US&R Branch
Title:
Program Specialist
Phone:
202-212-3796
Email:
[email protected]
v
INFORMATION SYSTEM SECURITY OFFICER (ISSO) (IF APPLICABLE)
Name:
Click here to enter text.
Phone:
Click here to enter text.
Email:
Click here to enter text.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 3 of 9
SPECIFIC PTA QUESTIONS
1. Reason for submitting the PTA: New PTA
The Federal Emergency Management Agency (FEMA) manages the National Urban Search and Rescue
System (US&R) Grant/Cooperative Agreement Program. FEMA provides grant funding to 28
established Sponsoring Organizations within the National US&R Response System. The US&R
provides specialized lifesaving assistance within their local jurisdiction as well as during major disaster
or emergencies that the President declares under the Robert T. Stafford Disaster Relief and Emergency
Assistance Act (Stafford Act), 42 U.S.C. 5121 through 5208. US&R operational activities include
locating, extracting and providing on-site medical treatment to victims trapped in collapsed structures,
weapons of mass destruction events and when assigned, incident command or coordination of other
operational activities.
This new PTA is part of the update and renewal of Office of Management and Budget (OMB)
Information Collection Resource (ICR) No. 1660-0073 that is scheduled for expiration on November
30, 2015. As part of this update and renewal, FEMA is updating the existing forms and adding an
additional form relating to this information collection.
The following forms are associated with this collection of information: FEMA Form (FF) 089-0-10,
Urban Search Rescue Response System Narrative Statement Workbook; FF 089-0-11, Urban Search
Rescue Response System Semi-Annual Performance Report; FF 089-0-12, Urban Search Rescue
Response System Amendment Form; FF 089-0-14, Urban Search Rescue Response System Task Force
Self-Evaluation Scoresheet; FF 089-0-15, Urban Search Rescue Response System Task Force
Deployment Data; and FF 089-0-16, Vehicle Support Unit Purchase/Replacement/Disposal
Justification.
FEMA requires each of the 28 Sponsoring Organizations within the National US&R Response System
to submit the appropriate forms and associated information to: 1) apply each fiscal year for
grant/cooperative agreement funds; 2) provide semi-annual updates on their performance; 3) provide a
request for amendments, when necessary; 4) evaluate their US&R task force on a yearly basis and
provide their self-evaluation to FEMA; 5) provide specific information on their equipment cache each
year for potential air lift and space requirements during deployment; and 6) provide information about
all vehicle purchases, replacements and the disposition of each.
The US&R Sponsoring Organization’s representative may, but are not required to, provide any
combination of their name, title, phone (cell, work, or home) numbers, email address, and signature to
FEMA during submission of the associated forms. Additionally, US&R Grantee’s provide the name,
staff position, and salary information of key personnel associated with the grant/cooperative agreement.
FEMA employees in the role of FEMA US&R approvers provide their name, phone number, title, and
signature.
FEMA uses the Non Disaster Grants (ND Grants) System to store and track US&R grant/cooperative
agreement related applications, awards, amendments, and other program related information.
Additionally, FEMA uses internal SharePoint that is behind the FEMA firewall to help track Grant
applications through the grant/funding lifecycle.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 4 of 9
FEMA retrieves records by organizational names and not by any PII.
2. Does this system employ any of the
following technologies:
If you are using any of these technologies and
want coverage under the respective PIA for that
technology please stop here and contact the DHS
Privacy Office for further guidance.
Closed Circuit Television (CCTV)
Social Media
Web portal 1 (e.g., SharePoint)
Contact Lists
None of these
This program does not collect any personally
identifiable information 2
3. From whom does the Project or
Program collect, maintain, use, or
disseminate information?
Please check all that apply.
Members of the public
DHS employees/contractors (list components):
FEMA
Contractors working on behalf of DHS
Employees of other federal agencies
4. What specific information about individuals is collected, generated or retained?
FEMA may collect the following information from National US&R Response System Sponsoring
Organization representatives:
• Name
• Signature
• Organization
• Title/Position
• Phones number (mobile, work, or home)
1
Informational and collaboration-based portals in operation at DHS and its components that collect, use, maintain, and share
limited personally identifiable information (PII) about individuals who are “members” of the portal or “potential members” who
seek to gain access to the portal.
2
DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to
the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the
same.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 5 of 9
•
Email address (work or business)
FEMA collects the following information from National US&R Response System Sponsoring
Organization/Grantee Key personnel:
• Name
• Job titles/classifications
• Salaries
FEMA may collect the following information from FEMA personnel (ex. FEMA US&R Approver):
• Name
• Signature
• Title/Position
• Phone number
• Email address
4(a) Does the project, program, or system
retrieve information by personal identifier?
4(b) Does the project, program, or system
use Social Security Numbers (SSN)?
4(c) If yes, please provide the specific legal
basis and purpose for the collection of
SSNs:
4(d) If yes, please describe the uses of the
SSNs within the project, program, or
system:
4(e) If this project, program, or system is
an information technology/system, does it
relate solely to infrastructure?
No. Please continue to next question.
Yes. If yes, please list all personal identifiers
used:
No.
Yes.
Click here to enter text.
Click here to enter text.
No. Please continue to next question.
Yes. If a log kept of communication traffic,
please answer the following question.
For example, is the system a Local Area Network
(LAN) or Wide Area Network (WAN)?
4(f) If header or payload data 3 is stored in the communication traffic log, please detail the data
elements stored.
3
When data is sent over the Internet, each unit transmitted includes both header information and the actual data being sent. The
header identifies the source and destination of the packet, while the actual data is referred to as the payload. Because header
information, or overhead data, is only used in the transmission process, it is stripped from the packet when it reaches its destination.
Therefore, the payload is the only data received by the destination system.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 6 of 9
Click here to enter text.
No.
5. Does this project, program, or system
connect, receive, or share PII with any
other DHS programs or systems 4?
Yes. If yes, please list:
ND Grants
FEMA SharePoint Site
6. Does this project, program, or system
connect, receive, or share PII with any
external (non-DHS) partners or
systems?
No.
Yes. If yes, please list:
Sponsoring Organizations
Choose an item.
6(a) Is this external sharing pursuant to
new or existing information sharing
access agreement (MOU, MOA, LOI,
etc.)?
7. Does the project, program, or system
provide role-based training for
personnel who have access in addition
to annual privacy training required of
all DHS personnel?
8. Per NIST SP 800-53 Rev. 4, Appendix
J, does the project, program, or system
maintain an accounting of disclosures
of PII to individuals who have
requested access to their PII?
4
Please describe applicable information sharing
governance in place: Memoranda of Agreement
with each of the 28 respondents, along with yearly
Readiness Cooperative Agreement Statements of
Work and Terms and Conditions under each
Cooperative Agreement.
No.
Yes. If yes, please list:
No. What steps will be taken to develop and
maintain the accounting:
Yes. In what format is the accounting
maintained: FEMA’s Disclosure Branch maintains
an account of PII disclosed pursuant to the
FOIA/PA process.
PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes. Often, these
systems are listed as “interconnected systems” in Xacta.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 7 of 9
9. Is there a FIPS 199 determination? 4
Unknown.
No.
Yes. Please indicate the determinations for each
of the following:
Confidentiality:
Low
Moderate
High
Undefined
Integrity:
Low
Moderate
High
Undefined
Availability:
Low
Moderate
High
Undefined
PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:
LeVar J. Sykes
Date submitted to Component Privacy
Office:
Click here to enter a date.
Date submitted to DHS Privacy Office:
October 7, 2015
Component Privacy Office Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
FEMA recommends the following privacy compliance coverage:
PIA: DHS/FEMA/PIA – 013 Grant Management Programs
SORN: N/A
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
4
FIPS 199 is the Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal
Information and Information Systems and is used to establish security categories of information systems.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 8 of 9
DHS Privacy Office Reviewer:
Eric M. Leckey
PCTS Workflow Number:
109416
Date approved by DHS Privacy Office:
October 14, 2015
PTA Expiration Date
October 14, 2018
DESIGNATION
Privacy Sensitive System:
Category of System:
Determination:
Yes
If “no” PTA adjudication is complete.
Form/Information Collection
If “other” is selected, please describe: Click here to enter text.
PTA sufficient at this time.
Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
DHS Policy for Computer-Readable Extracts Containing Sensitive PII
applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.
Paperwork Reduction Act (PRA) Clearance may be required. Contact
your component PRA Officer.
A Records Schedule may be required. Contact your component Records
Officer.
System covered by existing PIA
PIA:
SORN:
If covered by existing PIA, please list: DHS/FEMA/PIA – 013 Grant Management
Programs
Choose an item.
If covered by existing SORN, please list: Click here to enter text.
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
The National Urban Search and Rescue System (US&R) Grant/Cooperative Agreement Program is a
Privacy Sensitive System that collects the personally identifiable information (PII) of the public and
FEMA personnel. FEMA collects the related information to process grant/cooperative agreement funding
for the 28 Sponsoring Organizations with the US&R. In accordance with the E-Government Act of 2002,
this project requires the completion of a Privacy Impact Assessment (PIA). FEMA retrieves information
by organizational name and not by the PII of the organization’s representative or FEMA employee. This
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 9 of 9
project is not a system of records and does not require a System of Records Notice in accordance with the
Privacy Act of 1974.
File Type | application/pdf |
File Title | DHS PRIVACY OFFICE |
Author | marilyn.powell |
File Modified | 2015-10-15 |
File Created | 2015-10-14 |