PTA DHS Industry Outreach

PTA, S&T - Industry Outreach.pdf

Industry Outreach Form

PTA DHS Industry Outreach

OMB: 1640-0019

Document [pdf]

Download: pdf | pdf

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 1 of 8

PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.

Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under
the E-Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component
Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717

[email protected]

Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a
PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment
Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website,
www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email:
[email protected], phone: 202-343-1717.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 2 of 8

PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:

Industry Outreach

Component:

Science and Technology (S&T)

Office or
Program:

Public-Private Partnerships

Xacta FISMA
Name (if
applicable):

Xacta FISMA
Number (if
applicable):

Type of Project or
Program:

Form or other Information
Collection

Project or
program
status:

Modification

Date first
developed:
Date of last PTA
update

August 2, 2016

Pilot launch
date:

September 19, 2016

Click here to enter a date.

Pilot end date:

Click here to enter a date.

ATO Status (if
applicable)

Choose an item.

ATO
expiration date
(if applicable):

Click here to enter a date.

PROJECT OR PROGRAM MANAGER
Name:

Dee Parker

Office:

Public-Private Partnerships

Title:

Industry Liaison

Phone:

202.254. 6632

Email:

[email protected]

INFORMATION SYSTEM SECURITY OFFICER (ISSO) (IF APPLICABLE)
Name:

Jameson O’Brien

Phone:

202.254.8236

Email:

[email protected]

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 3 of 8

SPECIFIC PTA QUESTIONS
1. Reason for submitting the PTA: Renewal PTA
DHS S&T proposes to collect private sector company information using an Industry Outreach
Information Form. The information collected in this form would include:
1) Company name and address;
2) company classification (size and type); and
3) a description of the company’s technology or technical capability, including the current state of
the technology, its technology readiness level, and its manufacturing readiness level.
This information collection would allow S&T to maintain awareness and knowledge of private sector
companies and their technology products that may be of interest to S&T's research and development
(R&D) programs. S&T will also use this information collection to inform its technology scouting function
to discover technologies and capabilities of vendors/companies that are interested in working with S&T
on current or future projects.

2. Does this system employ any of the
following technologies:
If you are using any of these technologies and
want coverage under the respective PIA for that
technology please stop here and contact the DHS
Privacy Office for further guidance.

Closed Circuit Television (CCTV)
Social Media
Web portal1 (e.g., SharePoint)
Contact Lists
None of these
This program does not collect any personally
identifiable information2

3. From whom does the Project or
Program collect, maintain, use, or
disseminate information?
Please check all that apply.

Members of the public
DHS employees/contractors (list components):
Contractors working on behalf of DHS
Employees of other federal agencies

Informational and collaboration-based portals in operation at DHS and its components that collect, use, maintain, and share
limited personally identifiable information (PII) about individuals who are “members” of the portal or “potential members” who
seek to gain access to the portal.
2
DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to
the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the
same.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 4 of 8

4. What specific information about individuals is collected, generated or retained?
The DHS S&T Industry Outreach Information Form will collect information from private sector
companies. The information to be collected includes:
 Name of Company
 General Phone Number
 General Mailing Address and Email Address
No specific information about individuals will be collected.
No. Please continue to next question.
Yes. If yes, please list all personal identifiers
used:

4(a) Does the project, program, or system
retrieve information by personal identifier?
4(b) Does the project, program, or system
use Social Security Numbers (SSN)?
4(c) If yes, please provide the specific legal
basis and purpose for the collection of
SSNs:
4(d) If yes, please describe the uses of the
SSNs within the project, program, or
system:
4(e) If this project, program, or system is
an information technology/system, does it
relate solely to infrastructure?

No.
Yes.
Click here to enter text.

Click here to enter text.

No. Please continue to next question.
Yes. If a log kept of communication traffic,
please answer the following question.

For example, is the system a Local Area Network
(LAN) or Wide Area Network (WAN)?
4(f) If header or payload data3 is stored in the communication traffic log, please detail the data
elements stored.
Click here to enter text.
5. Does this project, program, or system
connect, receive, or share PII with any
other DHS programs or systems4?

No.
Yes. If yes, please list:

When data is sent over the Internet, each unit transmitted includes both header information and the actual data being sent. The
header identifies the source and destination of the packet, while the actual data is referred to as the payload. Because header
information, or overhead data, is only used in the transmission process, it is stripped from the packet when it reaches its destination.
Therefore, the payload is the only data received by the destination system.
4
PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes. Often, these
systems are listed as “interconnected systems” in Xacta.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 5 of 8

Click here to enter text.
6. Does this project, program, or system
connect, receive, or share PII with any
external (non-DHS) partners or
systems?

No.
Yes. If yes, please list:
Click here to enter text.
Choose an item.

6(a) Is this external sharing pursuant to
new or existing information sharing
access agreement (MOU, MOA, LOI,
etc.)?

Please describe applicable information sharing
governance in place:

No.

7. Does the project, program, or system
provide role-based training for
personnel who have access in addition
to annual privacy training required of
all DHS personnel?

Yes. If yes, please list:
User Training on the Contact Relationship
Management (CRM) tool for storing and managing
information.
No. What steps will be taken to develop and
maintain the accounting. Do not anticipate such
requests as no PII will be collected.

8. Per NIST SP 800-53 Rev. 4, Appendix
J, does the project, program, or system
maintain an accounting of disclosures
of PII to individuals who have
requested access to their PII?

Yes. In what format is the accounting
maintained:

9. Is there a FIPS 199 determination?4

Unknown.
No.
Yes. Please indicate the determinations for each
of the following:

Confidentiality:
Low
Moderate

High

Undefined

Integrity:
Low

Moderate

High

Undefined

Availability:
Low
Moderate

High

Undefined

FIPS 199 is the Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal
Information and Information Systems and is used to establish security categories of information systems.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 6 of 8

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 7 of 8

PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:

Christopher S. Lee

Date submitted to Component Privacy
Office:

February 9, 2018

Date submitted to DHS Privacy Office:

February 23, 2018

Component Privacy Office Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
This PTA is being submitted for Paperwork Reduction Act compliance requirements.
This S&T effort has been restructured such that no PII is being collected, used, or shared. Only general
information from the company is being used.
Because no PII is being collected, used, or shared, S&T Privacy recommends no further compliance
requirements be taken.
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:

Riley Dean

PCTS Workflow Number:

1158544

Date approved by DHS Privacy Office:

February 26, 2018

PTA Expiration Date

February 26, 2021
DESIGNATION

Privacy Sensitive System:
Category of System:
Determination:

Yes

If “no” PTA adjudication is complete.

Form/Information Collection
If “other” is selected, please describe: Click here to enter text.
PTA sufficient at this time.
Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
DHS Policy for Computer-Readable Extracts Containing Sensitive PII
applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 8 of 8

System of Records Notice (SORN) required.
Paperwork Reduction Act (PRA) Clearance may be required. Contact
your component PRA Officer.
A Records Schedule may be required. Contact your component Records
Officer.
PIA:
SORN:

Choose an item.
If covered by existing PIA, please list: Click here to enter text.
Choose an item.

If covered by existing SORN, please list: Click here to enter text.
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
S&T is submitting this PTA to discuss an Industry Outreach form. It will collect private sector company
information to include: company name and address; company classification (size and type); and
description of the company’s technology or technical capability, including the current state of the
technology, its technology readiness level, and its manufacturing readiness level. This information
collection allows S&T to maintain awareness and knowledge of private sector companies and their
technology products that may be of interest to S&T's R&D programs. S&T will use this information
collection to inform its technology scouting function to discover technologies and capabilities of
vendors/companies that are interested in working with S&T on current or future projects.
S&T has restructured this form to no longer solicit PII from private sector individuals by requesting
general company information instead of individual POC contact information.
However, the form still does solicit information about individual POCs at DHS with whom the company
may have worked with in the past. Because of this, the form may still contain PII when it is submitted.
That being said, the form does not require PIA or SORN coverage (as the PII of the DHS personnel
would not be retrieved by personal identifier), and thus no Privacy Act Statement.
No further privacy compliance documentation is required.

File Type	application/pdf
File Modified	2018-02-24
File Created	2018-02-24