Privacy Threshold Analysis (PTA)

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 1 of 7

PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.

Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under
the E-Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component
Privacy Office, please send the PTA to the DHS Privacy Office:
Rebecca J. Richards
Senior Director of Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]

Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a
PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment
Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website,
www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email:
[email protected], phone: 202-343-1717.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 2 of 7

PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:

Residential Basement Floodproofing Certification (FEMA Form 086-0-24) –
OMB No. 1660-0033

Component:

Federal Emergency
Management Agency (FEMA)

Federal Insurance and
Mitigation Administration
(FIMA)

TAFISMA
Number:

TAFISMA Name:
Type of Project or
Program:

Office or
Program:

Form or other Information
Collection

Project or
program
status:

Operational

PROJECT OR PROGRAM MANAGER
Name:

Mary Chang

Office:

Risk Insurance Division

Title:

Insurance Examiner

Phone:

202-212-4712

Email:

[email protected]

INFORMATION SYSTEM SECURITY OFFICER (ISSO)
Name:
Phone:

Email:

ROUTING INFORMATION
Date submitted to Component Privacy Office:

Click here to enter a date.

Date submitted to DHS Privacy Office:

June 18, 2013

Date approved by DHS Privacy Office:

July 2, 2013

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 3 of 7

SPECIFIC PTA QUESTIONS
1. Please describe the purpose of the project or program:
Please provide a general description of the project and its purpose in a way a non-technical person could
understand.
The Federal Insurance and Mitigation Administration (FIMA) National Flood Insurance Program (NFIP)
offers flood insurance to property owners located in communities participating in the NFIP. Title 44 C.F.R. §
60.3(c)(2), requires that all new construction and substantial improvements of residential structures within
certain high risk flood areas, have the lowest floor, including the basement, elevated to or above the Base
Flood Elevation (BFE) unless an exception is granted. Title 44 C.F.R. § 60.6(a)(7) and 44 C.F.R. §
60.6(b)(1), allow communities to apply for an exception when circumstances present a hardship that would
prevent adherence to the BFE elevation requirement . This exception must meet the conditions set forth in
44 C.F.R. § 60.6(c).
FEMA Form 086-0-24 is used to certify that the basement design and methods of construction for residential
structures in communities that have been granted an exception by FEMA are in accordance with floodplain
management ordinances. A registered professional engineer or architect completes FEMA Form 086-0-24 to
certify that the floodproofing conforms to minimum specifications. If the certification shows that the
building’s floodproofed design elevation is at least 1 foot above the BFE, the residential structure is eligible
for lower flood insurance rates.
Information collected and maintained includes the personally identifiable information (PII) of the general
public, specifically professional certifiers and property owners. Completed copies of the FF 086-0-24 are
maintained by FEMA’s NFIP Direct Servicing Agent (DSA) and Write-Your-Own (WYO) companies.
WYOs are private insurance companies that sell and service FEMA’s Standard Flood Insurance Policy
(SFIP) under their own names. Status of the completed FF 086-0-24 is identified in a flood insurance
policyholder’s record within FEMA’s NFIP Information Technology Systems (ITS).

2. Project or Program status
October 1, 1968
Date first developed:
October 12, 2012
Date last updated:

Existing
Pilot launch date:
Pilot end date:

Click here to enter a date.
Click here to enter a date.

DHS Employees
3. From whom does the Project or
Program collect, maintain, use or
disseminate information?
Please check all that apply.

Contractors working on behalf of DHS
Members of the public
This program does not collect any personally
identifiable information 1

1
DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 4 of 7

4. What specific information about individuals could be collected, generated or retained?
Please provide a specific description of information that might be collected, generated or retained such
as names, addresses, emails, etc.
The following information is associated with OMB No. 1660-0033 and FF 086-0-24:

Property Owner and Professional Certifiers:
Individual's Full Name;
Address;
Professional Title;
Professional License;
Telephone Number(s);
Company Name;
Company Number;
Flood-Policy Number;
Geographical Locations;
Flood Zone Data;
Legal Description of Property;
Does the Project or Program use Social
Security Numbers (SSNs)?
If yes, please provide the legal authority for
the collection of SSNs:
If yes, please describe the uses of the SSNs
within the Project or Program:

5. Does this system employ any of the
following technologies:
If project or program utilizes any of these
technologies, please contact Component Privacy
Officer for specialized PTA.

No
Click here to enter text.
Click here to enter text.

Closed Circuit Television (CCTV)
Sharepoint-as-a-Service
Social Media

the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the
same.

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 5 of 7

Mobile Application (or GPS)
Web portal 2
None of the above
If this project is a technology/system, does
it relate solely to infrastructure?
For example, is the system a Local Area Network
(LAN) or Wide Area Network (WAN)?

No. Please continue to next question.
Yes. If a log kept of communication traffic,
please answer the following question.

If header or payload data 3 is stored in the communication traffic log, please detail the data
elements stored.
Click here to enter text.

6. Does this project or program connect,
receive, or share PII with any other
DHS programs or systems 4?

No.

7. Does this project or program connect,
receive, or share PII with any external
(non-DHS) partners or systems?

No.

Is this external sharing pursuant to new
or existing information sharing access
agreement (MOU, MOA, LOI, etc.)?

Yes. If yes, please list:

Yes. If yes, please list:

Choose an item.

Please describe applicable information sharing
governance in place.

2

Informational and collaboration-based portals in operation at DHS and its components which collect, use,
maintain, and share limited personally identifiable information (PII) about individuals who are “members” of the
portal or who seek to gain access to the portal “potential members.”
When data is sent over the Internet, each unit transmitted includes both header information and the actual data
being sent. The header identifies the source and destination of the packet, while the actual data is referred to as the
payload. Because header information, or overhead data, is only used in the transmission process, it is stripped from
the packet when it reaches its destination. Therefore, the payload is the only data received by the destination system.
4 PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes.
Often, these systems are listed as “interconnected systems” in TAFISMA.
3

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 6 of 7

PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:

LeVar J. Sykes

Date submitted to DHS Privacy Office:

Click here to enter a date.

Component Privacy Office Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
PIA: DHS/FEMA/PIA-011 - National Flood Insurance Program (NFIP) Information Technology System
(ITS), October 12, 2012
SORN: DHS/FEMA-003 - National Flood Insurance Program Files (Dec. 19, 2008 73 Fed. Reg. 77747)
– This SORN is currently being consolidated with other FEMA SORNS and updated with additional
categories of records, categories of individuals, and routine uses.

(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:

Dayo Simms

Date approved by DHS Privacy Office:

July 2, 2013

PCTS Workflow Number:

984080
DESIGNATION

Privacy Sensitive System:
Category of System:
Determination:

Yes

If “no” PTA adjudication is complete.

Other
If “other” is selected, please describe: Form
PTA sufficient at this time.
Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
DHS Policy for Computer-Readable Extracts Containing Sensitive PII
applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.

PIA:

System covered by existing PIA

The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version date: November 6, 2012
Page 7 of 7

If covered by existing PIA, please list: National Flood Insurance Program Information
Technology System October 12, 2012 (PDF, 23 pages-211.26 KB)
SORN update is required.
SORN:

If covered by existing SORN, please list: DHS/FEMA-003 - National Flood Insurance
Program Files December 19, 2008 73 FR 77747
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
PRIV agrees that the Residential Basement Flood Proofing Certification Form is privacy sensitive, as it
collects information from members of the public who seek reduced flood insurance rates through FEMA’s
NFIP program. The NFIP IT System PIA covers this collection of information, and the DHS/FEMA-003
SORN covers the collection of some of this information. In the revision of this SORN, FEMA should
more clearly break out the data elements collected and the categories of individuals to ensure that the
SORN explicitly calls out the individuals collected in its forms. For example, this PTA/Form mentions
professional certifiers, but currently the SORN refers to certified flood adjusters, insurance companies,
agents, and property owners. The SORN should include certifiers in its category of individuals and also
include professional qualifications in the categories of records section.