Download: docx | pdf

U.S. DEPARTMENT OF

HOUSING AND URBAN DEVELOPMENT

Initial Privacy Assessment

ESG Recordkeeping

Office of Special Needs Assistance Programs

May 5^th, 2016

INITIAL PRIVACY ASSESSMENT (IPA)

The Initial Privacy Assessment (IPA) is use to determine whether a Privacy Impact Assessment (PIA) is required under the E-Government Act of 2002. The IPA is also used to determine if a System of Records Notice (SORN) is required under the Privacy Act of 1974.

The IPA is an administrative form created by the Privacy Branch to efficiently and effectively identify the use of Personally Identifiable Information (PII) across the Department. The IPA focuses on three areas of inquiry:

• Business data and business processes within each HUD program.

• Potential connections with individuals including the use of PII – any use of social security numbers must be specifically identified.

HUD’s program and support offices should ensure that its respective IPA is completed and sent to the Privacy Branch for approval. If SSNs are to be used, the IPA specifically identifies the justification and authority for using SSNs. Upon receipt of the IPA, the Privacy Branch determines the applicability of other privacy compliance requirements including the PIA and SORN. The IPA is complete when the Privacy Branch signs it and sends the final copy back to the identified point of contact.

Please complete this form and send it to the HUD Privacy Branch staff.

Janice Noble

Acting, Branch Chief

Privacy Branch

U.S. Department of Housing and Urban Development

[email protected]

If a PIA or SORN is required, a copy of the Privacy Impact Assessment and System of Records Notice form is available on the HUD Privacy Branch website, http://hudatwork.hud.gov/HUD/cio/po/i/privacy, on HUD@Work or directly from the HUD Privacy Branch via email: [email protected] to complete and return.

INITIAL PRIVACY ASSESSMENT (IPA) SUMMARY INFORMATION

Date Submitted for Review: May 5^th, 2016

Name of System or Project: ESG Recordkeeping

System Name in CSAM: N/A

Name of Program Office: Office of Special Needs Assistance Programs

Name of Project Manager or System Owner: Marlisa Grogan

Email for Project Manager or System Owner: [email protected]

Phone Number for Project Manager or System Owner: 603.666.7510 EXT 3049

Type of Project:

☐ Information Technology and/or System

☐ A Notice of Proposed Rule Making or a Final Rule:

☒ Form or other Information Collection:

☐ Other:

SPECIFIC QUESTIONS

1. Describe the project and its purpose:

On May 20, 2009, Congress passed the Homeless Emergency Assistance and Rapid Transition to Housing Act of 2009 (HEARTH Act). The HEARTH Act revises the Emergency Shelter Grants program and renames the program the Emergency Solutions Grants (ESG) program. The change in the program’s name reflects the change in the program’s focus from addressing the needs of homeless people in emergency or transitional shelters to assisting people in quickly regaining stability in permanent housing after experiencing a housing crisis and/or homelessness. The key changes that reflect this new emphasis are the expansion of the homelessness prevention component of the program and the addition of new rapid re-housing assistance components.

The statutory provisions and the implementing interim regulations found at 24 CFR 576 that govern the program require recordkeeping requirements first captured in the 6 month clearance package approved in June 2012.

The Emergency Solutions Grants program places an increased emphasis on targeted and coordinated use of local resources. The implementing interim regulations require that ESG recipients consult with local Continuums of Care within their geographic areas (§ 576.400(a)) and requires recipients and subrecipients to coordinate ESG assistance to program participants with other targeted homeless services (§ 576.400(b)) and other mainstream resources available within the community (§ 576.400(c)).

All persons who receive ESG assistance must have an initial evaluation and periodic re-evaluations (every three months for homelessness prevention assistance and annually for rapid re-housing assistance) to ensure that they meet HUD’s eligibility criteria (§ 576.401(a) and (b)). The implementing regulations for the ESG program also require recipients to develop written standards to determine, among other things, the amount and type of assistance each eligible individual or family may receive when they present for assistance (§ 576.400(d)).

Once an individual or family becomes a program participant, the ESG recipient or subrecipient must connect the program participant to other mainstream resources to help the individual or family obtain and maintain housing stability (§ 576.401(d)), develop a housing retention plan (§ 576.401(e)), and ensure that the individual or family is residing in a unit or shelter that meets habitability standards (§ 576.401(d)).

The recipient must establish termination of assistance procedures and must follow them before terminating assistance to any program participant receiving ESG assistance (§ 576.402).

To ensure that programs carried out with ESG funds meet the needs of homeless persons and persons at risk of homelessness within the geographic area, ESG recipients and subrecipients, not including States, must have a homeless or formerly homeless person serve on the board or other decision making body (§ 576.405).

The recipient and subrecipient must keep records verifying that all of the program requirements have been met (§ 576.500) and ensure that these records are maintained in a secure and confidential manner. Recipients must monitor subrecipients to ensure that program requirements are being met and take sanctions against subrecipients if the requirements are not being met (§ 576.501(c)).

Due to the repeal of Section 443 of the McKinney-Vento Homeless Assistance Act, ESG recipients initially had to follow the environmental review procedures under 24 CFR part 50, which assigns HUD all environmental review responsibilities. However, the President signed into law H.R. 4348 on July 6, 2012, which corrects certain provisions of the HEARTH Act, including the requirement that ESG recipients follow 24 CFR part 50. As a result, recipients and subrecipients assume environmental review responsibilities under 24 CFR part 58. This does not affect the burden hours calculation, as neither part 50 nor part 58 are under the purview of the regulations that govern this program. As a result of this and further clarification, however, we have removed the Environmental Review form from the collection package.

2. Status of Project:

☐ This is a new development effort.

☒ This is an existing project.

Date first developed: 07/12/2012

Date last updated: 4/24/2013

There have been no changes to the recordkeeping burden hours since the last submission, approved 4/24/13. The package approved 7/31/12 incorporated the new name of the grant program “Emergency Solutions Grant” and referenced the newly approved rule. For the previous package, approved 4/24/13, the term “reporting” was removed from the title and the document because none of the items included in the burden calculation were related to reporting, only recordkeeping. No changes were made that affected the burden calculation from the most recent collection.

3. From whom do you collect, process, or retain information on: (Please check all that apply)

☐ HUD Employees

☐ Contractors working on behalf of HUD

☒ The Public

☐ The System does not contain any such information.

3. Do you use or collect Social Security Numbers (SSNs)? (This includes truncated SSNs)

☒ No.

☐ Yes. Why does the program collect SSNs? Provide the function of the SSN and the legal authority to do so:

3. What information about individuals could be collected, generated or retained?

HUD requires recipients of ESG funds to carry out certain program requirements and maintain records that the program requirements were carried out. HUD Field Offices, HUD Headquarters, and ESG recipients use this information to track compliance with the statutory and regulatory provisions. If HUD identifies that the recipient has not been meeting the requirements of this program, it may take the remedial actions set forth in § 576.501(b).

§ 576.500(w) of the interim ESG regulations states that recipients and subrecipient must develop and implement procedures to ensure that all records containing personally identifying information will be kept secure and confidential; the address or location of any domestic violence, dating violence, sexual assault, or stalking shelter project will not be made public, except with written authorization of the person responsible for the operation of shelter; and the address or location of any housing of a program participant will not be made public, except as provided under a preexisting privacy policy of the recipient or subrecipient and consistent with state and local laws regarding privacy and obligations of confidentiality.

Recordkeeping information is not centralized, nor is the data stored in systems that can be accessed by the program office or Department. Each grant recipient maintains its own records and must produce information only in the event of an monitoring request as appropriate to determine regulatory compliance. No personally identified information is captured in any federal system, nor is it shared in any way with the program office.

6. If this project is a technology/system, does it relate solely to infrastructure? [For example, is the system a Local Area Network (LAN) or Wide Area Network (WAN)]?

☒ No. Please continue to the next question.

☐ Yes. Is there a log kept of communication traffic?

☐No. Please continue to the next question.

☐ Yes. What type of data is recorded in the log? (Please choose all that apply.)

☐ Header

☐ Payload Please describe the data that is logged.

6. Does the system connect, receive, or share Personally Identifiable Information with any other HUD systems?

☒ No.

☐ Yes. Please list the systems:

Is this external sharing pursuant to new or existing information sharing access agreement (MOU, MOA, LOI, etc.)?

Not applicable.

6. Does the system meet all of the following requirements?

There is no federal system. No personal/sensitive information is collected.

There will be a group of records under the control of an agency that contains a personal identifier (such as a name, date of birth, SSN, Employee Number, fingerprint, etc.) of U.S. citizens and lawful permanent residents;

Contains at least one other item of personal data (such as home address, performance rating, blood type, etc.); and

The data about the subject individual IS retrieved by the name or unique identifier assigned to the individual.

☒ No.

☐ Yes.

If yes is there an existing System of Record Notice?

☒ No.

☐ Yes.

9. Is there an Authorization to Operate record within OCIO’s FISMA tracking system CSAM?

☐ Unknown

☒ No - There is no federal system. No personal/sensitive information is collected.

☐ Yes. Please indicate the determinations for each of the following:

Confidentiality: ☐ Low ☐ Moderate ☐ High

Integrity: ☐ Low ☐ Moderate ☐ High

Availability: ☐ Low ☐ Moderate ☐ High

PRIVACY DETERMINATION

(TO BE COMPLETED BY THE HUD PRIVACY BRANCH)

Date reviewed by the HUD Privacy Branch: <Insert Date.>

Name of the HUD Privacy Branch Reviewer: <Please enter name of reviewer.>

DESIGNATION

☐ This is NOT a Privacy Sensitive System – the system contains no Personally Identifiable Information.

☐ This IS a Privacy Sensitive System

Category of System

☐ IT System

☐ Legacy System

☐ HR System

☐ Rule

☐ Other: ____________________________

Determination

☐ IPA sufficient at this time

☐ Privacy compliance documentation determination in progress

☐ PIA is not required at this time

☐ PIA is required

☐ System covered by existing PIA:

☐ New PIA is required

☐ PIA update is required

☐ SORN not required at this time

☐ SORN is required

☐ System covered by existing SORN:

☐ New SORN is required

HUD PRIVACY BRANCH COMMENTS:

DOCUMENT ENDORSMENT

DATE REVIEWED:

PRIVACY REVIEWING OFFICIALS NAME:

By signing below you attest that the content captured in this document is accurate and complete and meet the requirements of applicable federal regulations and HUD internal policies.

SYSTEM OWNER << INSERT NAME/TITLE>>		Date
<<INSERT PROGRAM OFFICE>>
PROGRAM AREA MANAGER <<INSERT NAME/TITLE>>		Date
<<INSERT PROGRAM OFFICE>>
CHIEF PRIVACY OFFICER <<INSERT NAME/TITLE>>		Date
OFFICE OF THE EXECUTIVE SECRETARIAT

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
Author	h04105
File Modified	0000-00-00
File Created	2021-01-23