Download:
pdf |
pdfPrivacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD ANALYSIS (PTA)
This form serves as the official determination by the DHS Privacy Office to
identify the privacy compliance requirements for all Departmental uses of
personally identifiable information (PII).
A Privacy Threshold Analysis (PTA) serves as the document used to identify
information technology (IT) systems, information collections/forms, technologies,
rulemakings, programs, information sharing arrangements, or pilot projects that involve
PII and other activities that otherwise impact the privacy of individuals as determined by
the Chief Privacy Officer, pursuant to Section 222 of the Homeland Security Act, and to
assess whether there is a need for additional Privacy Compliance Documentation. A PTA
includes a general description of the IT system, information collection, form, technology,
rulemaking, program, pilot project, information sharing arrangement, or other Department
activity and describes what PII is collected (and from whom) and how that information is
used and managed.
Please complete the attached Privacy Threshold Analysis and submit it to your
component Privacy Office. After review by your component Privacy Officer the PTA is sent
to the Department’s Senior Director for Privacy Compliance for action. If you do not have a
component Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]
Upon receipt from your component Privacy Office, the DHS Privacy Office will review this
form and assess whether any privacy compliance documentation is required. If compliance
documentation is required – such as Privacy Impact Assessment (PIA), System of Records
Notice (SORN), Privacy Act Statement, or Computer Matching Agreement (CMA) – the DHS
Privacy Office or component Privacy Office will send you a copy of the relevant compliance
template to complete and return.
Privacy Threshold Analysis – IC/Form
Page 1 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis (PTA)
Specialized Template for
Information Collections (IC) and Forms
The Forms-PTA is a specialized template for Information Collections and Forms. This
specialized PTA must accompany all Information Collections submitted as part of the
Paperwork Reduction Act process (any instrument for collection (form, survey,
questionnaire, etc.) from ten or more members of the public). Components may use this PTA
to assess internal, component-specific forms as well.
Form Number:
None.
Form Title:
Emergency Management Performance Grant Program (EMPG)
Work Plan
Component:
Federal Emergency
Management Agency
(FEMA)
Office:
Grant Programs
Directorate
IF COVERED BY THE PAPERWORK REDUCTION ACT:
Collection Title:
Emergency Management Performance Grant Program (EMPG)
OMB Control
Number:
Collection status:
Name:
Office:
Phone:
1660-0126
Extension
OMB Expiration
Date:
Date of last PTA (if
applicable):
April 30, 2017
November 25, 2013
PROJECT OR PROGRAM MANAGER
Angel McLaurine-Qualls
Grant Programs
Title:
Program Specialist
Directorate
202-786-9532
Email:
[email protected]
Privacy Threshold Analysis – IC/Form
Page 2 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
COMPONENT INFORMATION COLLECTION/FORMS CONTACT
Name:
Sherina Greene
Office: Records
Title:
Management and Program
Management
Analyst
Division
Phone:
202-646-4343
Email:
[email protected].
gov
SPECIFIC IC/Forms PTA QUESTIONS
1. Purpose of the Information Collection or Form
a. Describe the purpose of the information collection or form. Please provide a
general description of the project and its purpose, including how it supports the DHS
mission, in a way a non-technical person could understand (you may use
information from the Supporting Statement).
If this is an updated PTA, please specifically describe what changes or upgrades are
triggering the update to this PTA.
The purpose of the Emergency Management Performance Grant (EMPG) Program is to
provide federal funds to states to assist state, local, territorial, and tribal governments in
preparing for all hazards, as authorized by Section 662 of the Post Katrina Emergency
Management Reform Act (6 U.S.C. § 762) and the Robert T. Stafford Disaster Relief and
Emergency Assistance Act (42 U.S.C. §§ 5121 et seq.).
Title VI of the Stafford Act authorizes DHS/FEMA to make grants for the purpose of
providing a system of emergency preparedness for the protection of life and property in
the United States from hazards and to vest responsibility for emergency preparedness
jointly in the Federal Government, states, and their political subdivisions. The Federal
Government, through the EMPG Program, provides necessary direction, coordination,
and guidance, and provides necessary assistance, as authorized in this title, to support a
comprehensive all hazards emergency preparedness system. The EMPG will provide
federal funds to assist state, local, tribal, and territorial emergency management agencies
to obtain the resources required to support the National Preparedness Goal’s (the Goal’s)
associated mission areas and core capabilities. The EMPG program supports the
Quadrennial Homeland Security Review Mission to Strengthen National Preparedness
and Resilience.
All EMPG Program applicants are required to submit a Work Plan using the state’s
recommended template that outlines the state’s emergency management sustainment
and enhancement efforts, including new and ongoing activities and projects, proposed
Privacy Threshold Analysis – IC/Form
Page 3 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
for the EMPG Program period of performance. The Work Plan consists of a Program and
Budget Narrative, Personnel Data Table, Training Data Table, Exercise Data Table, and
Grant Activities Outline. FEMA Regional Program Managers will work closely with states
to monitor Work Plans during the performance period and may request further
documentation from the recipients to clarify the projected work plan. In addition, FEMA
Regional Program Managers must approve final Work Plans before states may draw
down EMPG Program funds. Grant funds will be released upon approval of the state’s
final Work Plan.
The EMPG Work Plan does not collect, use, store, share, transmit, or disseminate
personally identifiable information (PII).
b. List the DHS (or component) authorities to collect, store, and use this information.
If this information will be stored and used by a specific DHS component, list the
component-specific authorities.
Section 662 of the Post Katrina Emergency Management Reform Act (6 U.S.C. § 762) and
the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. §§ 5121 et
seq.) and Title VI of the Stafford Act, authorizes DHS/FEMA to make grants for the
purpose of providing a system of emergency preparedness for the protection of life and
property in the United States from hazards and to vest responsibility for emergency
preparedness jointly in the Federal Government, states, and their political subdivisions.
2. Describe the IC/Form
a. Does this form collect any Personally
Identifiable Information” (PII 1)?
b. From which type(s) of individuals
does this form collect information?
(Check all that apply.)
☐ Yes
☒ No
☒ Members of the public
☒ U.S. citizens or lawful
permanent residents
☐ Non-U.S. Persons.
☐ DHS Employees
☐ DHS Contractors
☐ Other federal employees or
contractors.
1
Personally identifiable information means any information that permits the identity of an individual to be directly or indirectly inferred, including
any other information which is linked or linkable to that individual regardless of whether the individual is a U.S. citizen, lawful permanent resident,
visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Page 4 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
c. Who will complete and submit this
form? (Check all that apply.)
d. How do individuals complete the
form? Check all that apply.
☐ The record subject of the form
(e.g., the individual applicant).
☐ Legal Representative (preparer,
attorney, etc.).
☐ Business entity.
If a business entity, is the
only information collected
business contact
information?
☐ Yes
☐ No
☐ Law enforcement.
☐ DHS employee or contractor.
☒ Other
individual/entity/organization that is
NOT the record subject. Please
describe.
A point of contact from the state, local,
territorial or tribal agency completes
and submits the Work Plan via email
or mail.
☒ Paper.
☒ Electronic. (ex: fillable PDF)
☐ Online web form. (available and
submitted via the internet)
Provide link:
e. What information will DHS collect on the form? List all PII data elements on the
form. If the form will collect information from more than one type of individual,
please break down list of data elements collected by type of individual. Not
applicable, the Work Plan does not contain PII.
f. Does this form collect Social Security number (SSN) or other element that is
stand-alone Sensitive Personally Identifiable Information (SPII)? Check all that
apply. Not applicable.
Privacy Threshold Analysis – IC/Form
Page 5 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
☐ Social Security number
☐ Alien Number (A-Number)
☐ Tax Identification Number
☐ Visa Number
☐ Passport Number
☐ Bank Account, Credit Card, or other financial
account number
☐ Other. Please list:
☐ DHS Electronic Data
Interchange Personal Identifier
(EDIPI)
☐ Social Media Handle/ID
☐ Known Traveler Number
☐ Trusted Traveler Number
(Global Entry, Pre-Check, etc.)
☐ Driver’s License Number
☐ Biometrics
g. List the specific authority to collect SSN or these other SPII elements.
Not applicable.
h. How will this information be used? What is the purpose of the collection?
Describe why this collection of SPII is the minimum amount of information
necessary to accomplish the purpose of the program.
Not applicable.
i. Are individuals provided notice at
☐ Yes. Please describe how notice is
the time of collection by DHS (Does
provided.
the records subject have notice of the
☒ No.
collection or is form filled out by
third party)?
3. How will DHS store the IC/form responses?
a. How will DHS store
☒ Paper. Please describe.
the original,
The mailed-in EMGP Work Plans are scanned into
completed IC/forms?
the ND Grants system. After the scanning process
is complete, the Work Plans are placed in folders
by the governmental entity’s name. The folders
containing the Work Plans are stored in a locked
file cabinet in the EMGP workspace.
☒ Electronic. Please describe the IT system that will
store the data from the form.
Privacy Threshold Analysis – IC/Form
Page 6 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
b. If electronic, how
does DHS input the
responses into the IT
system?
c. How would a user
search the
information
submitted on the
forms, i.e., how is the
information
retrieved?
d. What is the records
retention
schedule(s)? Include
the records schedule
number.
e. How do you ensure
that records are
The electronic repository is DHS/FEMA’s NonDisaster Grants (ND Grants) system which is only
accessible to FEMA authorized users. Access is
further limited to FEMA authorized users directly
responsible for management of the program.
☐ Scanned forms (completed forms are scanned into
an electronic repository). Please describe the
electronic repository.
☐ Manually (data elements manually entered). Please
describe.
Click here to enter text.
☒ Automatically. Please describe.
The collection is uploaded electronically into the
IT system - Non-Disaster Grants System
(NDGrants) as an attachment.
☐ By a unique identifier. 2 Please describe. If
information is retrieved by personal identifier, please
submit a Privacy Act Statement with this PTA.
Click here to enter text.
☒ By a non-personal identifier. Please describe.
To search and retrieve information pertaining to
this collection, an application number or grantee
name (State, local, tribal, or territorial
governments) is inputted.
Files/Records are destroyed 3 years after final action is
taken on file, but longer retention is authorized if
required for business use, per PRC 12-2.
The FEMA Grant Programs Directorate (GPD) staff
adheres to the FEMA Disposition schedule, to ensure
2
Generally, a unique identifier is considered any type of “personally identifiable information,” meaning any information that permits the identity
of an individual to be directly or indirectly inferred, including any other information which is linked or linkable to that individual regardless of
whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Page 7 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
disposed of or deleted
in accordance with
the retention
schedule?
compliance with the records retention schedule, which
outlines timelines, description of files for records
destruction, and or disposal of relevant documents
associated with each Preparedness Grant Program.
f. Is any of this information shared outside of the original program/office? If yes,
describe where (other offices or DHS components or external entities) and why.
What are the authorities of the receiving party?
☐ Yes, information is shared with other DHS components or offices. Please describe.
Click here to enter text.
☐ Yes, information is shared external to DHS with other federal agencies, state/local
partners, international partners, or non-governmental entities. Please describe.
Click here to enter text.
☒ No. Information on this form is not shared outside of the collecting office.
Please include a copy of the referenced form and Privacy Act Statement (if
applicable) with this PTA upon submission.
Privacy Threshold Analysis – IC/Form
Page 8 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:
Date submitted to component Privacy
Office:
Date submitted to DHS Privacy Office:
Have you approved a Privacy Act
Statement for this form? (Only
applicable if you have received a
waiver from the DHS Chief Privacy
Officer to approve component Privacy
Act Statements.)
Christopher Rogers
December 1, 2016
Click here to enter a date.
☐ Yes. Please include it with this PTA
submission.
☒ No. Please describe why not.
The EMPG Work Plan does not collect PII.
Component Privacy Office Recommendation:
Please include recommendation below, including what existing privacy compliance
documentation is available or new privacy compliance documentation is needed.
FEMA Privacy recommends the EMPG Work Plan be adjudicated as non-privacy sensitive.
Privacy Threshold Analysis – IC/Form
Page 9 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD ADJUDICATION
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:
Emily Stoner
PCTS Workflow Number:
Date approved by DHS Privacy Office:
PTA Expiration Date
1140827
March 31, 2017
March 31, 2020
DESIGNATION
Privacy Sensitive IC or
Form:
No If “no” PTA adjudication is complete.
DHS IC/Forms Review:
DHS PRIV has not received this ICR/Form.
Determination:
☒ PTA sufficient at this time.
☐ Privacy compliance documentation determination in
progress.
☐ New information sharing arrangement is required.
☐ DHS Policy for Computer-Readable Extracts Containing SPII
applies.
☐ Privacy Act Statement required.
☐ Privacy Impact Assessment (PIA) required.
☐ System of Records Notice (SORN) required.
☐ Specialized training required.
☐ Other. Click here to enter text.
Date IC/Form Approved Click here to enter a date.
by PRIV:
IC/Form PCTS Number: Click here to enter text.
Privacy Act
e(3) statement not required.
Statement:
Click here to enter text.
PTA:
No system PTA required.
ND Grants PTA is current.
PIA:
Choose an item.
If covered by existing PIA, please list: Click here to enter text.
Privacy Threshold Analysis – IC/Form
Page 10 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
If a PIA update is required, please list: Click here to enter text.
SORN:
Choose an item.
If covered by existing SORN, please list: Click here to enter text.
If a SORN update is required, please list: Click here to enter text.
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
The DHS Privacy Office finds that the Emergency Management Performance Grant
(EMPG) Program Work Plan (OMB 1660-0126) is a non-privacy-sensitive collection
and does not require PIA or SORN coverage. The purpose of the EMPG Program is to
provide federal funds to states to assist state, local, territorial, and tribal
governments in preparing for all hazards. The EMPG Work Plan consists of a
Program and Budget Narrative, Personnel Data Table, Training Data Table, Exercise
Data Table, and Grant Activities Outline, which outlines the state’s emergency
management sustainment and enhancement efforts proposed for the EMPG Program
period of performance. The information collected in the Work Plan is used to
determine if states may draw down EMPG Program funds. This form does not collect,
use, store, share, transmit, or disseminate personally identifiable information (PII).
The DHS Privacy Office finds that PIA coverage is not required for this collection
because no PII is collected from the Work Plan. The Privacy Office finds that SORN
coverage is not required because information pertaining to this collection is
retrieved by application number or grantee name (state, local, tribal, or territorial
governments) and not by personal identifier.
A Privacy Act Statement is not required for this collection.
This PTA expires in 3 years.
Privacy Threshold Analysis – IC/Form
Page 11 of 11
Version number: 04-2016
�
| File Type | application/pdf |
| File Title | DHS PRIVACY OFFICE |
| Author | marilyn.powell |
| File Modified | 2017-03-31 |
| File Created | 2017-03-31 |