Download: docx | pdf

U.S. DEPARTMENT OF

HOUSING AND URBAN DEVELOPMENT

Initial Privacy Assessment

Housing Counselor Certification Examination

Office of Housing Counseling

Template July 2015

August 20, 2015

INITIAL PRIVACY ASSESSMENT (IPA)

The Initial Privacy Assessment (IPA) is use to determine whether a Privacy Impact Assessment (PIA) is required under the E-Government Act of 2002. The IPA is also used to determine if a System of Records Notice (SORN) is required under the Privacy Act of 1974.

The IPA is an administrative form created by the Privacy Branch to efficiently and effectively identify the use of Personally Identifiable Information (PII) across the Department. The IPA focuses on three areas of inquiry:

• Business data and business processes within each HUD program.

• Potential connections with individuals including the use of PII – any use of social security numbers must be specifically identified.

HUD’s program and support offices should ensure that its respective IPA is completed and sent to the Privacy Branch for approval. If SSNs are to be used, the IPA specifically identifies the justification and authority for using SSNs. Upon receipt of the IPA, the Privacy Branch determines the applicability of other privacy compliance requirements including the PIA and SORN. The IPA is complete when the Privacy Branch signs it and sends the final copy back to the identified point of contact.

Please complete this form and send it to the HUD Privacy Branch staff.

Janice Noble

Acting, Branch Chief

Privacy Branch

U.S. Department of Housing and Urban Development

[email protected]

If a PIA or SORN is required, a copy of the Privacy Impact Assessment and System of Records Notice form is available on the HUD Privacy Branch website, http://hudatwork.hud.gov/HUD/cio/po/i/privacy, on HUD@Work or directly from the HUD Privacy Branch via email: [email protected] to complete and return.

INITIAL PRIVACY ASSESSMENT (IPA) SUMMARY INFORMATION

Date Submitted for Review:

Name of System or Project: Housing Counselor Certification

System Name in CSAM: Housing Counseling System/H11

Name of Program Office: Office of Housing Counseling

Name of System Owner: Danberry Carmon

Email for System Owner: [email protected]

Phone Number for System Owner: 202-402-2462

Type of Project:

☒ Information Technology and/or System

☒ A Notice of Proposed Rule Making or a Final Rule:

☐ Form or other Information Collection:

☐ Other:

SPECIFIC QUESTIONS

1. Describe the project and its purpose: HUD will establish a Housing Counselor Certification Exam, as mandated by Subtitle D of title XIV of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Pub. L. 111-203, 124 Stat. 1376 (July 21, 2010)) (Dodd-Frank Act). The Dodd-Frank Act requires individual housing counselors providing homeownership counseling or rental counseling under HUD programs to successfully pass a certification examination demonstrating competency in six (6) areas identified in the statute. In order for housing counselors to become certified they pass the certification examination and be employed by a HUD-participating agency. When the certification requirement becomes mandatory, agencies must have at least one certified housing counselor on staff in order to participate in HUD’s Housing Counseling Program.

The testing and certification will be implemented through two systems. HUDHousingCounselors.com* will collect PII to create a user ID to keep track of training progress and register for the certification examination. After the counselor passes the certification examination, he/she must apply through FHA Connection to request certification and provide employment information. Agency personnel designated as an FHA Administrator will be required to verify the counselor’s employment before a HUD Certified Housing Counselor certificate is issued.

The system consists of a the HUD Housing Counselors website, HUDHousingCounselors.com, that allows the public to review general information about the HUD Housing Counseling Program and requirements for certification as a housing counselor, access training materials and a practice exam, and register for the certification exam.

The HUDHousingCounselorswebsite was built using the Drupal 7 content management system (CMS). The use of Drupal offers the ability to use an industry recognized open source solution that is cost effective, flexible, secure, and 508 compliant.

Major components of the website include an open front-end section, offering details about the certification program, and a back-end user interface that requires login information. The back-end interface will allow Bixal administrators to view data and generate reports from site activities.

A signup/login section provides a gateway between the public facing section of the website and the password protected pages. Any individual who provides the login information can gain access to the password protected section of the site, including the training course, downloadable study guide, practice exam, and certification exam registration. To register for the exam, individuals will be prompted to make an online payment, select an exam proctoring option, and schedule the exam.

To handle the collection and management of personally identifiable information (PII), the HUD Housing Counselors website will use a Secure Sockets Layer (SSL), a standard security technology that establishes an encrypted link between a web server and a browser. When a user enters PII into a web form, the SSL encrypts the data and allows for the secure transmission of information from the online web form to the server.

The HUD Housing Counselors website will receive information from third-party vendors, including the online payment provider, practice exam delivery platform, certification exam delivery platform, and proctoring service, via an integrated application program interface (API).

The HUD Housing Counselor website will not collect or store any financial data from users. A third-party online payment provider will serve as the secure gateway to collect and process credit card payments of fees for the certification exam. When an individual proceeds to pay for the exam registration, an external payment module from the third-party provider will load to collect payment. When the individual clicks the payment option, he or she will be directed to a secure HTTPS external form where the user will be able to enter payment information. Once the online payment is confirmed, users will be directed back to the HUD Housing Counselor website. The confirmation of payment will be reported back to the system via an integrated API. The practice exam delivery platform will report information about the number of users. The certification exam delivery platform will report exam results.

The HUD Housing Counselor website will not collect or store any financial data from users. The third-party payment processor will collect all credit card data using advanced web-based payment gateway integration.

The FHA Connection System will be similar to currently used HUD HECM Roster Application screens. Applicants will submit PII including name, user ID, and social security number to allow the system to match certification requests with examination data and verify employment.

2. Status of Project:

☒ This is a new development effort.

☐ This is an existing project.

Date first developed:

Date last updated:

3. From whom do you collect, process, or retain information on: (Please check all that apply)

☐ HUD Employees

☐ Contractors working on behalf of HUD

☒ The Public

☐ The System does not contain any such information.

3. Do you use or collect Social Security Numbers (SSNs)? (This includes truncated SSNs)

☐ No.

☒ Yes. Why does the program collect SSNs? Provide the function of the SSN and the legal authority to do so:

SSNs are being collected to allow access to a government system. USCODE-2010-title42/pdf/USCODE-2010-title42-chap44-sec3543

Subtitle D of title XIV of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Pub. L. 111-203, 124 Stat. 1376) (July 21, 2010); Section 106 of the Housing and Urban Development Act of 1968, 12 U.S.C.§1701x

3. What information about individuals could be collected, generated or retained?

Individuals will be required to provide personally identifiable information (PII). Demographic information is optional.

In order to register to use the site and receive a User ID, the following information is required:

• Name;

• Email;

• Phone number;

• Mailing address;

• Occupation;

• Employer;

• Whether or not employer is a HUD-approved housing counseling agency; and if yes, HCS # of agency

In order to register for the certification examination, the user must supply the following information in addition to the items above:

• Social Security #

• Fax #

• Whether or not the user provides direct housing counseling services

Further data collected is optional and users will not be required to provide this information:

• the language(s) in which the counselor provides housing counseling services

• Ethnicity (Hispanic/Latino or Non-Hispanic/Latino);

• Race (American Indian/Alaska Native, Asian, Black/African American, Native Hawaiian/Other, Pacific Islander, White, or Other);

• Gender (male, female, transgender);

• Whether or not the user completed pre-exam training (HUD training or another entity); and

• Whether the user needs special accommodations to take the exam.

In order to apply for certification through FHA Connection, the user must supply the following PII:

• Name;

• Email;

• Phone number;

• Fax number;

• Mailing address;

• Social Security number;

• Bixal ID number;

• Employer;

• Agency HCS number;

• Hire date

The FHA Administrator must validate the counselor is employed at the agency and verify hire date. The FHA Administrator will also use this system to delete a housing counselor from the agency’s list of HUD certified housing counselors when that counselor is no longer working for that agency.

6. If this project is a technology/system, does it relate solely to infrastructure? [For example, is the system a Local Area Network (LAN) or Wide Area Network (WAN)]?

☒ No. Please continue to the next question.

☐ Yes. Is there a log kept of communication traffic?

☐No. Please continue to the next question.

☐ Yes. What type of data is recorded in the log? (Please choose all that apply.)

☐ Header

☐ Payload Please describe the data that is logged.

<Please list the data elements in the log.>

6. Does the system connect, receive, or share Personally Identifiable Information with any other HUD systems?

☐ No.

☒ Yes. Please list the systems:

This system will interface with FHA Connection which in turn may share data collected with CHUMS, SFDW, and HCS.

Other interconnections with HUDHousingCounselors.com website include:

• Third-party payment processing system

• Practice exam delivery platform Brillium

• Proctoring service to take the certification examination

The HUD Housing Counselor website will not collect or store any financial data from users. The third-party payment processor will collect all credit card data using advanced web-based payment gateway integration. There will be no permanent data retention.

FHA Connection and related HUD systems will store data. PII collected for those individuals that pass the certification examination will be maintained permanently in HUD’s system as passing the certification examination is a one-time requirement.

The records retention and disposal schedule for this project has been drafted for submission to NARA for approval.

Is this external sharing pursuant to new or existing information sharing access agreement (MOU, MOA, LOI, etc.)?

No. It is based on Bixal Solutions Contract, DU100H-13-C-05 which requires HUDHousingcounselors.com to interface with FHA Connection and share information. Other agreements to share PII with proctoring service and payment vendors will be submitted to OCIO and Office of Privacy for review and approval.

6. Does the system meet all of the following requirements?

There will be a group of records under the control of an agency that contains a personal identifier (such as a name, date of birth, SSN, Employee Number, fingerprint, etc.) of U.S. citizens and lawful permanent residents;

Contains at least one other item of personal data (such as home address, performance rating, blood type, etc.); and

The data about the subject individual IS retrieved by the name or unique identifier assigned to the individual.

☐ No.

☒ Yes.

If yes is there an existing System of Record Notice?

☒ No. It is in process and the federal notice is expected to be published soon.

☐ Yes.

9. Is there an Authorization to Operate record within OCIO’s FISMA tracking system CSAM?

☐ Unknown

☒ No Please see attached email chain from Fritzie Delacruz

☐ Yes. Please indicate the determinations for each of the following:

Confidentiality: ☐ Low ☐ Moderate ☐ High

Integrity: ☐ Low ☐ Moderate ☐ High

Availability: ☐ Low ☐ Moderate ☐ High

PRIVACY DETERMINATION

(TO BE COMPLETED BY THE HUD PRIVACY BRANCH)

Date reviewed by the HUD Privacy Branch: <Insert Date.>

Name of the HUD Privacy Branch Reviewer: <Please enter name of reviewer.>

DESIGNATION

☐ This is NOT a Privacy Sensitive System – the system contains no Personally Identifiable Information.

☐ This IS a Privacy Sensitive System

Category of System

☐ IT System

☐ Legacy System

☐ HR System

☐ Rule

☐ Other: ____________________________

Determination

☐ IPA sufficient at this time

☐ Privacy compliance documentation determination in progress

☐ PIA is not required at this time

☐ PIA is required

☐ System covered by existing PIA:

☐ New PIA is required

☐ PIA update is required

☐ SORN not required at this time

☐ SORN is required

☐ System covered by existing SORN:

☐ New SORN is required

HUD PRIVACY BRANCH COMMENTS:

DOCUMENT ENDORSMENT

DATE REVIEWED:

PRIVACY REVIEWING OFFICIALS NAME:

By signing below you attest that the content captured in this document is accurate and complete and meet the requirements of applicable federal regulations and HUD internal policies.

SYSTEM OWNER << INSERT NAME/TITLE>>		Date
<<INSERT PROGRAM OFFICE>>
CHIEF PRIVACY OFFICER <<INSERT NAME/TITLE>>		Date
OFFICE OF ADMINISTRATION

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
Author	h04105
File Modified	0000-00-00
File Created	2021-01-24