Download:
pdf |
pdfPrivacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD ANALYSIS (PTA)
This form serves as the official determination by the DHS Privacy Office to
identify the privacy compliance requirements for all Departmental uses of
personally identifiable information (PII).
A Privacy Threshold Analysis (PTA) serves as the document used to identify
information technology (IT) systems, information collections/forms, technologies,
rulemakings, programs, information sharing arrangements, or pilot projects that involve
PII and other activities that otherwise impact the privacy of individuals as determined by
the Chief Privacy Officer, pursuant to Section 222 of the Homeland Security Act, and to
assess whether there is a need for additional Privacy Compliance Documentation. A PTA
includes a general description of the IT system, information collection, form, technology,
rulemaking, program, pilot project, information sharing arrangement, or other Department
activity and describes what PII is collected (and from whom) and how that information is
used and managed.
Please complete the attached Privacy Threshold Analysis and submit it to your
component Privacy Office. After review by your component Privacy Officer the PTA is sent
to the Department’s Senior Director for Privacy Compliance for action. If you do not have a
component Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]
Upon receipt from your component Privacy Office, the DHS Privacy Office will review this
form and assess whether any privacy compliance documentation is required. If compliance
documentation is required – such as Privacy Impact Assessment (PIA), System of Records
Notice (SORN), Privacy Act Statement, or Computer Matching Agreement (CMA) – the DHS
Privacy Office or component Privacy Office will send you a copy of the relevant compliance
template to complete and return.
Privacy Threshold Analysis – IC/Form
Page 1 of 13
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis (PTA)
Specialized Template for
Information Collections (IC) and Forms
The Forms-PTA is a specialized template for Information Collections and Forms. This
specialized PTA must accompany all Information Collections submitted as part of the
Paperwork Reduction Act process (any instrument for collection (form, survey,
questionnaire, etc.) from ten or more members of the public). Components may use this PTA
to assess internal, component-specific forms as well.
Form Number & Title:
086-0-06 – Worksheet-Contents-Personal Property
Form Number & Title:
Form Number & Title:
Form Number & Title:
Form Number & Title:
Form Number & Title:
Form Number & Title:
086-0-07 – Worksheet-Building
086-0-08 – Worksheet-Building (Continued)
086-0-09 – Proof of Loss
086-0-10 – Worksheet-Increased Cost of Compliance
086-0-11 – Notice of Loss
086-0-12 – Remove – Statement as to Full Cost to Repair or
Replacement Cost Coverage, Subject to the Terms and
Conditions of this Policy
086-0-13 – Adjuster’s Preliminary Report
086-0-14 – Adjuster’s Final Report
086-0-15 – National Flood Insurance Program Narrative
Report
086-0-16 – Cause of Loss and Subrogation Report
086-0-17 – Manufactured (Mobile) Home/Travel Trailer
Worksheet
086-0-18 – Mobile Home/Travel Trailer Worksheet
(Continued)
086-0-19 – Increased Cost of Compliance (ICC) Adjuster
Report
086-0-20 – Adjuster’s Preliminary Flood Damage
Assessment
086-0-21 – Adjuster’s Certification Application
Form Number & Title:
Form Number & Title:
Form Number & Title:
Form Number & Title:
Form Number & Title:
Form Number & Title:
Form Number & Title:
Form Number & Title:
Form Number & Title:
Privacy Threshold Analysis – IC/Form
Page 2 of 13
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Component:
Federal Emergency
Management Agency
(FEMA)
Office:
Federal Insurance and
Mitigation
Administration (FIMA)
IF COVERED BY THE PAPERWORK REDUCTION ACT:
Collection Title:
FEMA National Flood Insurance Program (NFIP) Proof of Loss
Collection
OMB Control
Number:
Collection status:
Name:
Office:
Phone:
Name:
Office:
Phone:
1660-0005
Revision
OMB Expiration
Date:
Date of last PTA (if
applicable):
April 30, 2017
October 30, 2013
PROJECT OR PROGRAM MANAGER
Freda Copeland
FIMA – Federal Insurance
Title:
Direct Servicing Agent,
Branch Chief
202-212-1361
Email:
[email protected]
ov
COMPONENT INFORMATION COLLECTION/FORMS CONTACT
Millicent Brown
Records Management
Title:
Sr. Forms Management/
Program
Information Collection
Analyst
202-646-2814
Email:
[email protected]
ov
SPECIFIC IC/Forms PTA QUESTIONS
1. Purpose of the Information Collection or Form
a. Describe the purpose of the information collection or form. Please provide a
general description of the project and its purpose, including how it supports the DHS
mission, in a way a non-technical person could understand (you may use
information from the Supporting Statement).
If this is an updated PTA, please specifically describe what changes or upgrades are
triggering the update to this PTA.
Privacy Threshold Analysis – IC/Form
Page 3 of 13
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
The Federal Emergency Management Agency (FEMA) Federal Insurance and
Mitigation Administration (FIMA) completes this Privacy Threshold Analysis
(PTA) as part of the Office of Management and Budget (OMB) Information
Collection Resources (ICR) No. 1660-0005 revision and renewal process. Since the
last PTA for this collection was approved, FEMA is removing FEMA Form 086-0-012
Statement as to Full Cost of Repair or Replacement under the Replacement Cost
Coverage, Subject to the Terms and Conditions of this Policy from Collection 16600005. This information will be collected using other forms within this collection.
The NFIP provides federally-backed flood insurance, which includes a claim and
claim appeal processes for existing buildings exposed to flood risk. In return,
communities must enact and administer construction safeguards to ensure that
new construction in the flood plain will be built to eliminate or minimize further
flood damage. FIMA collects detailed damaged property information, including
other personally identifiable information (PII) from policyholders as part of its
flood insurance claims process. Information collected is approved under OMB ICR
1660-0005. This claims process is only for individuals that have insurance policies
directly with FEMA through the NFIP Direct Servicing Agent (DSA) contractor. All
other flood insurance claims are processed and handled by Write-Your-Own
(WYO) companies. The following FEMA forms (FF) are required to be completed by
flood insurance policies with the NFIP DSA only:
• FF 086-0-6 (formerly 81-40) National Flood Insurance Program WorksheetContents-Personal Property
• FF 086-0-7 (formerly 81-41) Worksheet Building
• FF 086-0-8 (formerly 81-41A) Worksheet Building (Continued)
• FF 086-0-9 (formerly 81-42) Proof of Loss
• FF 086-0-10 (formerly 81-42A) Increased Cost of Compliance Proof of Loss
• FF 086-0-11 (formerly 81-43) Notice of Loss
• FF 086-0-13 (formerly 81-57) National Flood Insurance Program Preliminary
Report
• FF 086-0-14 (formerly 81-58) National Flood Insurance Program Final Report
• FF 086-0-15 (formerly 81-59) National Flood Insurance Program Narrative
Report
• FF 086-0-16 (formerly 81-63) Cause of Loss and Subrogation Report
• FF 086-0-17 (formerly 81-96) Manufactured (Mobile) Home/Travel Trailer
Worksheet
• FF 086-0-18 (formerly 81-96A) Manufactured (Mobile) Home/Travel Trailer
Worksheet (Continued)
Privacy Threshold Analysis – IC/Form
Page 4 of 13
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
• FF 086-0-19 (formerly 81-98) Increased Cost of Compliance (ICC) Adjuster
Report
• FF 086-0-20 (formerly 81-109) Adjuster Preliminary Damage Assessment
• FF 086-0-21(formerly 81-110) Adjuster Certification Application
In addition to the above process, FIMA has established by regulation an additional
process for the appeal of decisions of flood insurance claims issued through the
NFIP pursuant to Section 205 of the Bunning-Bereuter-Blumenauer Flood
Insurance Reform Act (FRIA) of 2004 Pub. L. No. 108-264 Section 205, 42 U.S.C. §
4102A, Title 44 DFR 62.20. This process requires both WYO and NFIP DSA flood
insurance policyholders to submit a written, signed appeal letter to FEMA/FIMA
explaining the nature of their claim, names and titles of persons contacted, dates of
contact, contact information, and details of the contract relevant to their claim
appeal and also submit a copy of the insurer’s written denial of the claim, in whole
or in part.
b. List the DHS (or component) authorities to collect, store, and use this information.
If this information will be stored and used by a specific DHS component, list the
component-specific authorities.
The NFIP codified as 42 U.S.C. § 4001, et sec. and authorized by Pub. L. 90-448
(1968) and expanded by Pub. L. 93-234 (1973); Pub. L. 93-234; National Flood
Insurance Reform Act of 1994 (NFIA); Title V of the Riegle Community
Development and Investment Act of 1994 (Pub. L. 103-325); Section 205 of The
Bunning-Bereuter-Blumenauer Flood Insurance Reform Act (FIRA) of 2004; Pub. L.
108-264 Section 205; 42 U.S.C. § 4102A; and Title 44 Code of Federal Regulations
(C.F.R.) § 62.20.
2. Describe the IC/Form
a. Does this form collect any
Personally Identifiable
Information” (PII1)?
b. From which type(s) of
individuals does this form
☒ Yes
☐ No
☒ Members of the public
1
Personally identifiable information means any information that permits the identity of an individual to be directly or indirectly inferred, including
any other information which is linked or linkable to that individual regardless of whether the individual is a U.S. citizen, lawful permanent resident,
visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Page 5 of 13
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
collect information?
(Check all that apply.)
☒ U.S. citizens or lawful permanent
residents
☐ Non-U.S. Persons.
☐ DHS Employees
☐ DHS Contractors
☐ Other federal employees or contractors.
c. Who will complete and
submit this form? (Check
all that apply.)
☒ The record subject of the form (e.g., the
individual applicant).
☐ Legal Representative (preparer, attorney,
etc.).
☐ Business entity.
If a business entity, is the only
information collected business contact
information?
☐ Yes
☐ No
☐ Law enforcement.
☐ DHS employee or contractor.
☒ Other individual/entity/organization that is
NOT the record subject. Please describe.
FIMA’s Direct Servicing Agent will assign an
insurance adjuster to complete the information on
behalf of the insured.
d. How do individuals
complete the form? Check
all that apply.
☒ Paper.
☒ Electronic. (ex: fillable PDF)
☐ Online web form. (available and submitted via
the internet)
Provide link:
e. What information will DHS collect on the form? List all PII data elements on the
form. If the form will collect information from more than one type of individual,
please break down list of data elements collected by type of individual.
Name of individual, property address, phone number, email address, building and
contents value, damage estimates, Attorney’s name and contact information,
Privacy Threshold Analysis – IC/Form
Page 6 of 13
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
f. Does this form collect Social Security number (SSN) or other element that is
stand-alone Sensitive Personally Identifiable Information (SPII)? Check all that
apply.
☐ Social Security number
☐ Alien Number (A-Number)
☐ Tax Identification Number
☐ Visa Number
☐ Passport Number
☐ Bank Account, Credit Card, or other
financial account number
☐ Other. Please list:
☐ DHS Electronic Data Interchange
Personal Identifier (EDIPI)
☐ Social Media Handle/ID
☐ Known Traveler Number
☐ Trusted Traveler Number (Global
Entry, Pre-Check, etc.)
☐ Driver’s License Number
☐ Biometrics
g. List the specific authority to collect SSN or these other SPII elements.
Not applicable
h. How will this information be used? What is the purpose of the collection?
Describe why this collection of SPII is the minimum amount of information
necessary to accomplish the purpose of the program.
Not applicable
i.
Are individuals
provided notice at the
time of collection by
DHS (Does the records
subject have notice of
the collection or is
form filled out by
third party)?
☒ Yes. Please describe how notice is provided.
Individuals are notified by their insurance agent
and/or adjuster that collection of this information
is required in order to consider claim for possible
payment. Additionally, FEMA provides Privacy Act
Statements forms completed by policyholders.
☐ No.
3. How will DHS store the IC/form responses?
Privacy Threshold Analysis – IC/Form
Page 7 of 13
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
a. How will DHS store
the original,
completed IC/forms?
☐ Paper. Please describe.
Click here to enter text.
☒ Electronic. Please describe the IT system that will
store the data from the form.
FEMA stores the files in the FloodConnect system
and information from the files in the NFIP
Information Technology Systems (ITS).
☒ Scanned forms (completed forms are scanned into
an electronic repository). Please describe the
electronic repository.
Click here to enter text.
b. If electronic, how
does DHS input the
responses into the IT
system?
☒ Manually (data elements manually entered). Please
describe.
FEMA enter data into the NFIP DSA FloodConnect
System to process claims. WYO and FEMA enter
information from the form or FloodConnect into
NFIP ITS for tracking and reporting purposes.
☐ Automatically. Please describe.
Click here to enter text.
c. How would a user
search the
information
submitted on the
forms, i.e., how is the
information
retrieved?
☒ By a unique identifier.2 Please describe. If
information is retrieved by personal identifier, please
submit a Privacy Act Statement with this PTA.
Policy number, Policyholder name, or property
address
☐ By a non-personal identifier. Please describe.
d. What is the records
retention
schedule(s)? Include
the records schedule
number.
Pursuant to National Archives and Records
Administration (NARA) Authority No. N1-311-86-1,
Item 2A212(2)(b), claim records are maintained for
six years and three months after final action, unless
litigation exists. Additionally, in accordance with
NARA Authority No. N1-311-86-1, Item
2
Generally, a unique identifier is considered any type of “personally identifiable information,” meaning any information that permits the identity
of an individual to be directly or indirectly inferred, including any other information which is linked or linkable to that individual regardless of
whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Page 8 of 13
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
2A13a(1), claims records with pending litigation are
destroyed after review by FEMA’s Office of Chief
Counsel.
e. How do you ensure
DHS/FEMA requires all FEMA employees and
that records are
contractors to take initial and annual refresher
disposed of or deleted
Records Management and Privacy Act Awareness
in accordance with
training. Additionally, the FIMA has records
the retention
custodian(s) that liason with the FEMA Records
schedule?
Management Program to ensure awareness of Federal
statutes, policies, and procedures for records
management.
f. Is any of this information shared outside of the original program/office? If yes,
describe where (other offices or DHS components or external entities) and why.
What are the authorities of the receiving party?
☐ Yes, information is shared with other DHS components or offices. Please describe.
Click here to enter text.
☒ Yes, information is shared external to DHS with other federal agencies, state/local
partners, international partners, or non-governmental entities. Please describe.
FEMA shares information WYO companies, flood modelling companies,
Reinsurance Brokers, or Reinsurance companies.
☐ No. Information on this form is not shared outside of the collecting office.
Please include a copy of the referenced form and Privacy Act Statement (if
applicable) with this PTA upon submission.
Privacy Threshold Analysis – IC/Form
Page 9 of 13
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:
LeVar J. Sykes
Date submitted to component Privacy
Office:
Date submitted to DHS Privacy Office:
Click here to enter a date.
Have you approved a Privacy Act
Statement for this form? (Only
applicable if you have received a
waiver from the DHS Chief Privacy
Officer to approve component Privacy
Act Statements.)
Click here to enter a date.
☐ Yes. Please include it with this PTA
submission.
☒ No. Please describe why not.
FEMA is drafting a Privacy Act Statement
that will include sharing/access in
response to the NFIP Reinsurance Program.
Component Privacy Office Recommendation:
Please include recommendation below, including what existing privacy compliance
documentation is available or new privacy compliance documentation is needed.
FEMA recommends coverage for this collection and the associated forms under
DHS/FEMA/PIA – 011 NFIP ITS PIA and the associated DHS/FEMA – 003 NFIP Files
SORN.
Privacy Threshold Analysis – IC/Form
Page 10 of 13
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD ADJUDICATION
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:
Kevin Mullinix
PCTS Workflow Number:
Date approved by DHS Privacy Office:
PTA Expiration Date
Click here to enter text.
January 13, 2017
January 13, 2020
DESIGNATION
Privacy Sensitive IC or
Form:
Yes If “no” PTA adjudication is complete.
Determination:
☐ PTA sufficient at this time.
☐ Privacy compliance documentation determination in
progress.
☐ New information sharing arrangement is required.
☐ DHS Policy for Computer-Readable Extracts Containing SPII
applies.
☒ Privacy Act Statement required.
☒ Privacy Impact Assessment (PIA) required.
☒ System of Records Notice (SORN) required.
☐ Specialized training required.
☐ Other. Click here to enter text.
DHS IC/Forms Review:
DHS PRIV has approved this ICR/Form.
Date IC/Form Approved January 13, 2017
by PRIV:
IC/Form PCTS Number: Click here to enter text.
Privacy Act
e(3) statement update is required.
Statement:
Click here to enter text.
PTA:
No system PTA required.
Click here to enter text.
PIA:
System covered by existing PIA
If covered by existing PIA, please list: Click here to enter text.
Privacy Threshold Analysis – IC/Form
Page 11 of 13
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
If a PIA update is required, please list: Click here to enter text.
SORN:
System covered by existing SORN
If covered by existing SORN, please list: Click here to enter text.
If a SORN update is required, please list: Click here to enter text.
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
FEMA is submitting the FEMA National Flood Insurance Program (NFIP) Proof of Loss
Forms Collection PTA Update pursuant to a three year PTA expiration (October 30,
2016). FEMA is also submitting this PTA Update because FEMA is removing FEMA
Form 086-0-012 Statement as to Full Cost of Repair or Replacement under the
Replacement Cost Coverage, Subject to the Terms and Conditions of this Policy from
Collection 1660-0005. This information will be collected using other forms within
this collection.
The DHS Privacy Office finds that the FEMA NFIP Proof of Loss Forms Collection
consisting of 15 forms under OMB Control Number: 1660-0005 is a privacy sensitive
collection, requiring PIA coverage. FEMA uses the information collected in this form
for claims processing, claims appeals, to verify the accuracy of NFIP policies and
claims, determine flood insurance eligibility, confirm current fiscal year and
determine future fiscal year insurance premium rates, generate a list of all
communities that have been approved by NFIP to participate in the program, and
create user access accounts. Because the form is submitted by members of the
public, or by insurance adjusters on behalf of the insured and the form is retrievable
by unique identifier, then the form meets the requirements to be considered part of
a system of records. Therefore a Privacy Act Statement is required, and SORN
coverage is necessary. PRIV agrees with FEMA’s assertion that PIA coverage is
provided by DHS/FEMA/PIA – 011 NFIP Information Technology System PIA, which
assess the risks associated with individuals who who purchase, as well as those who
process, flood insurance policies from NFIP and individuals requesting access to the
system. PRIV finds that SORN coverage is provided by DHS/FEMA-003 - National
Flood Insurance Program Files which outlines FEMA’s collection and maintenance of
records from individuals who claim losses due to flooding; flood insurance claimants
who appeal flood loss decisions; individuals requesting NFIP information; applicants
(individuals or certifiers); Severe Repetitive Loss (SRL) property owners (previously
known as Repetitive Loss Target Group); independent insurance agents; WYO
insurance companies and WYO company agents; representatives from communities
Privacy Threshold Analysis – IC/Form
Page 12 of 13
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
that submit Community Rating System (CRS) applications; and certified flood
adjusters.
Privacy Threshold Analysis – IC/Form
Page 13 of 13
Version number: 04-2016
�
| File Type | application/pdf |
| File Modified | 2017-01-13 |
| File Created | 2017-01-13 |