Download: docx | pdf

U.S. DEPARTMENT OF

HOUSING AND URBAN DEVELOPMENT

Initial Privacy Assessment

CoC Recordkeeping

Office of Special Needs Assistance Programs

[July 2016]

INITIAL PRIVACY ASSESSMENT (IPA)

The Initial Privacy Assessment (IPA) is use to determine whether a Privacy Impact Assessment (PIA) is required under the E-Government Act of 2002. The IPA is also used to determine if a System of Records Notice (SORN) is required under the Privacy Act of 1974.

The IPA is an administrative form created by the Privacy Branch to efficiently and effectively identify the use of Personally Identifiable Information (PII) across the Department. The IPA focuses on three areas of inquiry:

• Business data and business processes within each HUD program.

• Potential connections with individuals including the use of PII – any use of social security numbers must be specifically identified.

HUD’s program and support offices should ensure that its respective IPA is completed and sent to the Privacy Branch for approval. If SSNs are to be used, the IPA specifically identifies the justification and authority for using SSNs. Upon receipt of the IPA, the Privacy Branch determines the applicability of other privacy compliance requirements including the PIA and SORN. The IPA is complete when the Privacy Branch signs it and sends the final copy back to the identified point of contact.

Please complete this form and send it to the HUD Privacy Branch staff.

Janice Noble

Acting, Branch Chief

Privacy Branch

U.S. Department of Housing and Urban Development

[email protected]

If a PIA or SORN is required, a copy of the Privacy Impact Assessment and System of Records Notice form is available on the HUD Privacy Branch website, http://hudatwork.hud.gov/HUD/cio/po/i/privacy, on HUD@Work or directly from the HUD Privacy Branch via email: [email protected] to complete and return.

INITIAL PRIVACY ASSESSMENT (IPA) SUMMARY INFORMATION

Date Submitted for Review:

Name of System or Project: Continuum of Care Recordkeeping Requirements (CoC – Recordkeeping)

System Name in CSAM: NA

Name of Program Office: Office of Special Needs Assistance Programs

Name of Project Manager or System Owner: Ebony Rankin

Email for Project Manager or System Owner: [email protected]

Phone Number for Project Manager or System Owner: (202) 402-2505

Type of Project:

☐ Information Technology and/or System

☐ A Notice of Proposed Rule Making or a Final Rule:

☒ Form or other Information Collection:

☐ Other:

SPECIFIC QUESTIONS

1. Describe the project and its purpose:

On May 20, 2009, the President signed into law ‘‘An Act to Prevent Mortgage Foreclosures and Enhance Mortgage Credit Availability,’’ which became Public Law 111–22. This law implements a variety of measures directed toward keeping individuals and families from losing their homes. Division B of this law is the HEARTH Act, which consolidates and amends three separate homeless assistance programs carried out under title IV of the McKinney-Vento Homeless Assistance Act (42 U.S.C. 11371 et seq.) (McKinney-Vento Act) into a single grant program that is designed to improve administrative efficiency and enhance response coordination and effectiveness in addressing the needs of homeless persons. The HEARTH Act codifies in law and enhances the Continuum of Care planning process, the coordinated response to addressing the needs of the homeless, which was established administratively by HUD in

1995. The single Continuum of Care Program established by the HEARTH Act consolidates the following programs: The Supportive Housing Program, the Shelter Plus Care Program, and the Moderate Rehabilitation/Single Room Occupancy Program.

Publication of the interim rule for the Continuum of Care Program continues HUD’s implementation of the HEARTH Act. This rule establishes the regulatory framework for the Continuum of Care Program and the Continuum of Care planning process, including requirements applicable to the establishment of a Continuum of Care. A Continuum of Care is designed to address the critical problem of homelessness through a coordinated community-based process of identifying needs and building a system of housing and services to address those needs. The approach is predicated on the understanding that homelessness is not caused merely by a lack of shelter, but involves a variety of underlying, unmet needs—physical, economic, and social.

As amended by the HEARTH Act, Subpart C of the McKinney-Vento Homeless Assistance Act establishes the Continuum of Care Program. The purpose of the program is to promote communitywide commitment to the goal of ending homelessness; provide funding for efforts by nonprofit providers, and State and local governments to quickly rehouse homeless individuals and families while minimizing the trauma and dislocation caused to homeless individuals, families, and communities by homelessness; promote access to and effective utilization of mainstream programs by homeless individuals and families; and optimize self-sufficiency among individuals and families experiencing homelessness.

The statutory provisions and implementing interim regulations found at 24 CFR 578 govern the Continuum of Care Program recordkeeping requirements for recipient and subrecipients and the standard operating procedures for ensuring that Continuum of Care Program funds are used in accordance with the program requirements.

Each collaborative applicant must keep the following documentation related to establishing and operating a Continuum of Care [24 CFR 578.103 (a)(1)(i-iii)]. 1. Evidence that the Board selected by the CoC meets the requirements, 2. Evidence that the Continuum has been established and operated according the subpart B of 24 CFR 578, and 3. Evidence that the Continuum has prepared the application for funds according to 24 CFR 578.9

Unified Funding Agencies (UFAs) that requested grant amendments from HUD must keep evidence that the grant amendment was approved by the Continuum [24 CFR 578.103 (a)(2)].

Recipients must maintain homeless and at risk of homeless status documentation of program participants [24 CFR 578.103 (a)(3-4)]. Recipients or subrecipients must document their compliance with the CoC’s homeless participation requirements [CFR 578.103(a)(12)]. Recipients are required to maintain documentation of reasonable belief of imminent threat of harm for victims of domestic violence, dating violence, sexual assault or stalking [24 CFR 578.103(a)(5)(i-ii)]. Recipients or subrecipients must also maintain records of supportive services provided, an annual assessment of services for program participants (as necessary), and as applicable, compliance with the termination of assistance [24 CFR 578.103(a)(7)(i-ii)]. Further, recipients or subrecipients must document the types of supportive services provided under a recipient’s program and the amounts spent on those services and adjust supportive service packages as necessary [CFR 578.103(a)(9)].

Program participants receiving housing assistance where rent or an occupancy charge is paid by the program participant, recipients or subrecipients must maintain documentation of the program participant’s annual income [24 CFR 578.103(a)(6)(i-iv)].

Recipients or subrecipients must retain documentation of compliance with the housing standards, including inspection reports [CFR 578.103(a)(8)].

Recipients must maintain documentation of the source and use of contributions made to satisfy the match requirement of the Continuum of Care Program. The records must indicate the grant and fiscal year for which each matching contribution is counted. Further, the records must show how the value placed on third party in-kind contributions was derived. To the extent feasible, volunteer services must be supported by the same methods that the organization uses to support the allocation of regular personnel costs [CFR 578.103(a)(10)].

Recipients and subrecipients must maintain documentation to demonstrate compliance with the organizational conflict-of-interest requirements, the Continuum of Care Board conflict-of interest requirements, and other conflict requirements as identified in the CoC Program [CFR 578.103(a)(11)].

Recipients and subrecipients must document compliance with the faith-based activities requirements of the Continuum of Care Program [CFR 578.103(a)(13)]. Moreover, recipients and subrecipients must maintain copies of their marketing, outreach, and other materials used to inform eligible persons of the program to document compliance with the CoC Program requirements [CFR 578.103(a)(14)].

Recipients and subrecipients must document their compliance with the other Federal requirements of the Continuum of Care Program, including but not limited to the following: environmental review, Solid Waste Disposal Act, Transparency Act Reporting, Coastal Barrier Resources Act, applicability to OMB Circulars, lead-based paint, audits, Davis-Bacon requirements, and Section 3 of the HUD Act [CFR 578.103(a)(15)].

The recipient must retain copies of all solicitations of and agreements with subrecipients, records of all payment requests by and dates of payments made to subrecipients, and documentation of all monitoring and sanctions of subrecipients, as applicable. Recipients must retain documentation of monitoring subrecipients, including any monitoring findings and corrective actions required. Recipient and subrecipients must retain copies of all procurement contracts and documentation of compliance with the procurement requirements in 24 CFR 84 and 85 [24 CFR 578.103(a)(16)].

Recipient and subrecipients must maintain other records specified by HUD and ensure that all records containing protected identifying information for individuals and families is kept secure and confidential Recipients and subrecipients must maintain all records pertaining to Continuum of Care funds. [24 CFR 578.103(a)(17)].

2. Status of Project:

☐ This is a new development effort.

☒ This is an existing project.

Date first developed: 5/1/2013

Date last updated: 06/24/2013

<Please provide a general description of the update.>

3. From whom do you collect, process, or retain information on: (Please check all that apply)

☐ HUD Employees

☐ Contractors working on behalf of HUD

☐ The Public

☒ The System does not contain any such information.

This assessment concerns the recordkeeping requirements for participation in the Continuum of Care program operated by the Office of Special Needs Assistance Programs at the Department of Housing and Urban Development. Recordkeeping information is not centralized, nor is the data stored in systems that can be accessed by the program office or Department. Each grant recipient maintains its own records and must produce information only in the event of an monitoring request as appropriate to determine regulatory compliance. No personally identified information is captured in any federal system, nor is it shared in any way with the program office.

3. Do you use or collect Social Security Numbers (SSNs)? (This includes truncated SSNs)

☒ No.

☐ Yes. Why does the program collect SSNs? Provide the function of the SSN and the legal authority to do so:

3. What information about individuals could be collected, generated or retained?

This assessment concerns the recordkeeping requirements for participation in the Continuum of Care program operated by the Office of Special Needs Assistance Programs at the Department of Housing and Urban Development. Recordkeeping information is not centralized, nor is the data stored in systems that can be accessed by the program office or Department. Each grant recipient maintains its own records and must produce information only in the event of an monitoring request as appropriate to determine regulatory compliance. No personally identified information is captured in any federal system, nor is it shared in any way with the program office.

6. If this project is a technology/system, does it relate solely to infrastructure? [For example, is the system a Local Area Network (LAN) or Wide Area Network (WAN)]?

☒ No. Please continue to the next question.

☐ Yes. Is there a log kept of communication traffic?

☐No. Please continue to the next question.

☐ Yes. What type of data is recorded in the log? (Please choose all that apply.)

☐ Header

☐ Payload Please describe the data that is logged.

6. Does the system connect, receive, or share Personally Identifiable Information with any other HUD systems?

☒ No.

☐ Yes. Please list the systems:

Is this external sharing pursuant to new or existing information sharing access agreement (MOU, MOA, LOI, etc.)?

6. Does the system meet all of the following requirements?

There will be a group of records under the control of an agency that contains a personal identifier (such as a name, date of birth, SSN, Employee Number, fingerprint, etc.) of U.S. citizens and lawful permanent residents;

Contains at least one other item of personal data (such as home address, performance rating, blood type, etc.); and

The data about the subject individual IS retrieved by the name or unique identifier assigned to the individual.

☒ No.

☐ Yes.

If yes is there an existing System of Record Notice?

☒ No.

☐ Yes.

9. Is there an Authorization to Operate record within OCIO’s FISMA tracking system CSAM?

☒ Unknown

☐ No

☐ Yes. Please indicate the determinations for each of the following:

Confidentiality: ☐ Low ☐ Moderate ☐ High

Integrity: ☐ Low ☐ Moderate ☐ High

Availability: ☐ Low ☐ Moderate ☐ High

PRIVACY DETERMINATION

(TO BE COMPLETED BY THE HUD PRIVACY BRANCH)

Date reviewed by the HUD Privacy Branch: <Insert Date.>

Name of the HUD Privacy Branch Reviewer: <Please enter name of reviewer.>

DESIGNATION

☐ This is NOT a Privacy Sensitive System – the system contains no Personally Identifiable Information.

☐ This IS a Privacy Sensitive System

Category of System

☐ IT System

☐ Legacy System

☐ HR System

☐ Rule

☐ Other: ____________________________

Determination

☐ IPA sufficient at this time

☐ Privacy compliance documentation determination in progress

☐ PIA is not required at this time

☐ PIA is required

☐ System covered by existing PIA:

☐ New PIA is required

☐ PIA update is required

☐ SORN not required at this time

☐ SORN is required

☐ System covered by existing SORN:

☐ New SORN is required

HUD PRIVACY BRANCH COMMENTS:

DOCUMENT ENDORSMENT

DATE REVIEWED:

PRIVACY REVIEWING OFFICIALS NAME:

By signing below you attest that the content captured in this document is accurate and complete and meet the requirements of applicable federal regulations and HUD internal policies.

SYSTEM OWNER << INSERT NAME/TITLE>>		Date
<<INSERT PROGRAM OFFICE>>
PROGRAM AREA MANAGER <<INSERT NAME/TITLE>>		Date
<<INSERT PROGRAM OFFICE>>
CHIEF PRIVACY OFFICER <<INSERT NAME/TITLE>>		Date
OFFICE OF THE EXECUTIVE SECRETARIAT

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
Author	h04105
File Modified	0000-00-00
File Created	2021-01-23