U.S. DEPARTMENT OF
HOUSING AND URBAN DEVELOPMENT
INITIAL PRIVACY ASSESSMENT (IPA)
Office of Special Needs Assistance Programs
Continuum of Care Program Application –Technical Submission
CPD/SNAPS
04-18-16
What is an Initial Privacy Assessment?
An Initial Privacy Assessment (IPA) is designed to assess whether a Privacy Impact Assessment (PIA), a Privacy Act system of records notice (SORN), and/or other related privacy documents are required. The responses to the IPA will provide a foundation for both a PIA and a SORN should either or both be required, and will also help to identify any policy concerns.
The IPA incorporates the matters previously addressed in the Department’s Privacy Identifiable Information (PII) Survey, and thus replaces the survey.
When should an IPA be completed?
An IPA should be completed during the system’s design phase, whether the system is electronic or contains only records in paper form, and should be completed before commencement of any testing or pilot project of an information system. Additionally, an IPA should be completed any time there is a change to the information system to determine whether there are any privacy issues as a result of such a change.
Who should complete the IPA?
The IPA should be written and reviewed by a combination of the component’s (e.g., Privacy Act Officer, System Owner, Project Leaders), and the program-specific office responsible for the system.
How is the IPA related to the Capital Planning and Certification and Accreditation process?
Upon completion and approval of the IPA by the Privacy Officer the official document may be uploaded into the C&A tool, and provided as part of the IT Capital Planning process as validation of the completed evaluation. The completed IPA demonstrates that the program components have consciously considered privacy and related requirements as part of the overall system design. For an IT system that does not require a C&A, such as a minor application that runs on a system that does require a C&A, an IPA still should be completed to determine if other related privacy documentation are required for that system or project.
Where should the completed IPA be sent?
A copy of the completed IPA should be sent to the Office of Privacy via email to [email protected] and [email protected]. The Privacy Officer will review the IPA and determine what additional privacy documentation is required, and then will advise the Program component accordingly.
Initial Privacy Assessment
INFORMATION ABOUT THE PROJECT/SYSTEM
Date submitted for review: 04/18/16 |
|
|
Project Name/Acronym: Continuum of Care Program Application -Technical Submission (CoC – Technical Submission) |
|
|
System Owner/Contact Information: Operated by CPD/SNAPS. 202.708.4300 |
|
|
Project Leader/Contact Information: Matt Aronson/ [email protected]
|
|
|
|
Paper-Only |
|
Combination of Paper and Electronic |
||
|
Electronic-Only |
|
|
Other: Please describe the type of project including paper based Privacy Act System of Records |
|
* Note: For this form purpose, there is no distinction made between technologies/ systems managed by contractors. All technologies/systems should be initially reviewed for potential privacy impact.
Provide a general description of the system or project that describes: (a) the functionality of the system and the purpose that the records and/or system serve; (b) who has access to information in the system; (c) how information in the system is retrieved by the user; (d) how information is transmitted to and from the system; and (e) interconnections with other systems.
This assessment concerns the Technical Submission requirements for participation in the Continuum of Care Program application process operated by the Office of Special Needs Assistance Programs at the Department of Housing and Urban Development. Technical Submission is the third phase of the Continuum of Care Application. Applicants who are successful in the first two phases of the Continuum of Care Program Homeless Assistance Grant competition are required to submit more detailed technical information. The information will be collected in our e-snaps grants management system and will be used to ensure that technical requirements are met prior to the execution of a grant agreement. The technical requirements relate to a more extensive description of the budgets for supportive services and operations, as well as acquisition, rehabilitation, new construction, rental assistance, leasing, and sources of financing documentation. HUD will use this detailed information to determine if a project is financially feasible and whether all proposed activities are eligible
The information collected during the Technical Submission is strictly organization level and no individual level information is captured.
Have the IPA been reviewed and approved by the Departmental Privacy Officer
|
YES |
|
NO (Please contact component privacy official before submitting official IPA.) |
Status of System or Project
|
This is a new system or project in development |
Specify expected production date: Do not complete Section II.
|
This is an existing system or project. The questions and process are the same, however the system is now fully electronic. |
After completing Section I, complete Section II.
System or project personal identifiers/sensitive information
YES |
NO |
Does the system or project collect, maintain use or disseminate other personal identifiers/ sensitive information (i.e., name, home address, home telephone number, date of birth, gender status, income/financial data. employment, medical history, criminal record, etc.)? There is no federal system. No personal/sensitive information is collected. |
|
|
If yes, briefly describe the types of information about individuals in the system.
Does the information about individuals identify particular individuals (i.e., is the information linked or linkable to specific individuals, often referred to as personally identifiable information?)
|
YES |
|
NO (If no, indicate below how the information is not identifiable to specific individuals. |
The information is organization-level. No personal/sensitive information is collected.
Does the personally identifiable information in the system pertain only to government employees, contractors, or consultants?
|
YES (If yes, specify individual type.) ___________________________________ |
|
NO (If no, indicate below how the information is not identifiable to specific individuals. |
The information is organization-level. No personal/sensitive information is collected.
Is there an existing Privacy Act System of Records Notice (SORN) that has been published in the Federal Register to cover the system? (Please consult with the component’s Privacy Act Officer if assistance is needed in responding to this question.)
|
YES |
|
NO |
The information is organization-level. No personal/sensitive information is collected.
SSN usage
YES |
NO |
Do the project or system collect, maintain, use, or disseminate Social Security Numbers (SSNs)? (This includes truncated SSNs) |
|
|
The information is organization-level. No personal/sensitive information is collected.
If yes, please provide the purpose/legal authority authorizing the solicitation of SSNs:
Is there a Certification & Accreditation record for your system?
|
YES (If yes, indicate the following:) |
|
||||||||
Confidentiality |
|
Low |
|
Moderate |
|
High |
|
Undefined |
||
Integrity |
|
Low |
|
Moderate |
|
High |
|
Undefined |
||
Availability |
|
Low |
|
Moderate |
|
High |
|
Undefined |
||
|
NO (If no, please identify the FISMA-reported system whose C&A covers this system.) |
|
||||||||
|
DO NOT KNOW The information is organization-level. No personal/sensitive information is collected. |
|
||||||||
II. EXISTING SYSTEM OR PROJECT
When was the system developed?
The Technical Submission process has been in place for several years; however, this is the first year that the process has been built into our existing e-snaps grants management system. The system was developed this fall.
If an existing system, has the system undergone any changes since April 17, 2003?
|
YES (If yes, explain the nature of those changes and proceed to Question 3.) System is now electronic |
|
NO (If no, proceed to question 5.) |
Do the changes to the system or project involve a change in the type of records maintained, the individuals on whom records are maintained, or the use or dissemination of information from the system?
|
YES |
|
NO |
See Above
Please indicate if any of the following changes to the system or project have occurred: (Mark all boxes that apply.)
|
A conversion from paper-based records to an electronic system. |
|
A change from information in a format that is anonymous or non-identifiable to a format that is identifiable to particular individuals. |
|
A new use of an IT system, including application of a new technology that changes how information in identifiable form is managed. (For example, a change that would create a more open environment and /or avenue for exposure of data that previously did not exist.) |
|
A change that results in information in identifiable form being merged, centralized, or matched with other databases. |
|
A new method of authenticating the use of an access to information in the identifiable form by members of the public. |
|
A systematic incorporation of databases of information in identifiable form purchased or obtained from commercial or public sources. |
|
A new interagency use of shared agency function that results in new uses or exchanges of information in identifiable form. |
|
A change that results in a new use of disclosure of information in identifiable form. |
|
A change that results in new items of information in identifiable form being added into the system. |
Does a PIA for the system already exist?
|
YES (If yes, provide the date and title of the PIA and whether the PIA is posted on the Privacy Office webpage. |
|
NO. |
The information is organization-level. No personal/sensitive information is collected..
IPA Determination/Approval
(To be completed by the Privacy Office)
DATE REVIEWED: |
REVIEWERS NAME: |
|
This is NOT a Privacy Sensitive Project – the project contains no personal identifiers/sensitive information |
|
This IS a Privacy Sensitive Project |
|
PTA sufficient at this time |
|
A PIA is required |
COMMENTS:
|
|
______________________________________________ _______________________________
Program Director Signature Date
[Title]
_______________________________________________ ________________________________
Departmental Privacy Officer Signature Date
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| Author | h04105 |
| File Modified | 0000-00-00 |
| File Created | 2021-01-23 |