Privacy Threshold Analysis (PTA)

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 1 of 8

PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.

Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under
the E-Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component
Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]

Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a
PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment
Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website,
www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email:
[email protected], phone: 202-343-1717.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 2 of 8

PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:

Controlled Equipment Request-Information Collection

Component:

Federal Emergency
Management Agency (FEMA)

Office or
Program:

Grant Programs Directorate

Xacta FISMA
Name (if
applicable):

N/A

Xacta FISMA
Number (if
applicable):

N/A

Type of Project or
Program:

Form or other Information
Collection

Project or
program
status:

Development

Date first
developed:
Date of last PTA
update: N/A

November 23, 2015

Pilot launch
date:

N/A

N/A

Pilot end date:

N/A

N/A

ATO
expiration date
(if applicable):
N/A

N/A

ATO Status (if
applicable):N/A

PROJECT OR PROGRAM MANAGER
Name:

Abigail Bordeaux

Office:

GPD-Office of the Assistant
Administrator

Title:

Management & Program
Analyst

Phone:

202-733-0140

Email:

[email protected].
gov

INFORMATION SYSTEM SECURITY OFFICER (ISSO) (IF APPLICABLE)
Name:

N/A

Phone:

N/A

Email:

N/A

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 3 of 8

SPECIFIC PTA QUESTIONS
1. Reason for submitting the PTA: New PTA

FEMA form 087-0-0-1 “Controlled Equipment Request” was developed to collect required
information as part of the implementation of Executive Order (EO) 13688: Federal Support for
Local Law Enforcement Equipment Acquisition, issued January 16, 2015, which established a
Prohibited Equipment List and a Controlled Equipment List Report for the purpose of identifying
actions that can improve federal support for the appropriate use, acquisition, and transfer of
controlled equipment by state, local, tribal, territorial, and private grant recipients. One of the
requirements of the report is to collect information on the grant recipient, their policies, training,
record keeping, etc.
FEMA form 087-0-0-1 includes only fields required to comply with the recommendations
(which were accepted by the President). The fillable nature of the form reduces the amount of
time and effort required for grant recipients to complete it. The information will be collected
from grant recipients (either state administrative agencies or other direct grant recipients).
FEMA GPD receives grant applicant information via the Non-Disaster Grants (ND-Grants)
system, which is a GPD system for managing applications and awards (this does not apply to
Assistance to Firefighters Grants). For forms that are submitted outside of the defined
application period or for Assistance to Firefighters Grants, the grant recipient will send the form
to the respective program analyst via email. Regardless of the timing of the submissions or
which way the information was received, 100% of submissions will be made electronically. Care
has been taken to reduce the required information to the absolute minimum.
As part of implementing the recommendations report, FEMA Grants Program Directorate (GPD)
will conduct compliance reviews, consistent with each grant program’s statutory or other
authorities. The focus of these reviews will be conducted as part of routine advanced monitoring
as appropriate by the GPD. GPD may provide part or all of the information collected to the
Federal Interagency Law Enforcement Equipment Working Group (LEEWG) for those purposes.
The LEEWG consist of many agencies across the federal government, as well as other state and
local agencies/organizations. For further information on the LEEWG, the following link has been
provided: https://www.whitehouse.gov/the-press-office/2015/01/16/executive-order-federalsupport-local-law-enforcement-equipment-acquisit.
The LEEWG is required to track controlled equipment inventory and sanctions. On occasion,
grant applicants will apply for funding to purchase the same equipment from multiple federal
agencies. The working group database, once implemented, will allow federal agencies to check
for redundant applications or existing sanctions prior to awarding funds for controlled
equipment. GPD does not and will not maintain a database. Until a system is in place for the
working group to accept the information, the information on the form will be kept in electronic

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 4 of 8

format in the ND-Grants system with the official grant file; and information is only retrieved by
organization/state/grant file name.
Grant files are maintained/stored in the ND-Grants system, and are retained there for 6 years
after cut off. After then, as electronic temporary records they will be destroyed via deletion.

2. Does this system employ any of the
following technologies:
If you are using any of these technologies and
want coverage under the respective PIA for that
technology please stop here and contact the DHS
Privacy Office for further guidance.

Closed Circuit Television (CCTV)
Social Media
Web portal 1 (e.g., SharePoint)
Contact Lists
None of these

3. From whom does the Project or
Program collect, maintain, use, or
disseminate information?
Please check all that apply.

This program does not collect any personally
identifiable information 2
Members of the public
DHS employees/contractors (list components):
Contractors working on behalf of DHS
Employees of other federal agencies

4. What specific information about individuals is collected, generated or retained?

Information about individuals (applicants/recipients/sub-recipients) to be collected:

First/Last name,
1

Informational and collaboration-based portals in operation at DHS and its components that collect, use, maintain, and share
limited personally identifiable information (PII) about individuals who are “members” of the portal or “potential members” who
seek to gain access to the portal.
2
DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to
the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the
same.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 5 of 8

Business address,
Position Title,
Organization Name,
Business phone number; and
Business Email Address.

4(a) Does the project, program, or system
retrieve information by personal identifier?
4(b) Does the project, program, or system
use Social Security Numbers (SSN)?
4(c) If yes, please provide the specific legal
basis and purpose for the collection of
SSNs:
4(d) If yes, please describe the uses of the
SSNs within the project, program, or
system:
4(e) If this project, program, or system is
an information technology/system, does it
relate solely to infrastructure?

No. Please continue to next question.
Yes. If yes, please list all personal identifiers
used:
No.
Yes.
N/A

N/A

No. Please continue to next question.
Yes. If a log kept of communication traffic,
please answer the following question.

For example, is the system a Local Area Network
(LAN) or Wide Area Network (WAN)?
4(f) If header or payload data 3 is stored in the communication traffic log, please detail the data
elements stored.
N/A

5. Does this project, program, or system
connect, receive, or share PII with any
other DHS programs or systems 4?

No.
Yes. If yes, please list:
Law Enforcement Equipment Working Group (see
section 1)

3
When data is sent over the Internet, each unit transmitted includes both header information and the actual data being sent. The
header identifies the source and destination of the packet, while the actual data is referred to as the payload. Because header
information, or overhead data, is only used in the transmission process, it is stripped from the packet when it reaches its destination.
Therefore, the payload is the only data received by the destination system.
4
PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes. Often, these
systems are listed as “interconnected systems” in Xacta.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 6 of 8

6. Does this project, program, or system
connect, receive, or share PII with any
external (non-DHS) partners or
systems?

6(a) Is this external sharing pursuant to
new or existing information sharing
access agreement (MOU, MOA, LOI,
etc.)?
7. Does the project, program, or system
provide role-based training for
personnel who have access in addition
to annual privacy training required of
all DHS personnel?

No.
Yes. If yes, please list:
Law Enforcement Equipment Working Group (see
section 1)
N/A
Please describe applicable information sharing
governance in place: N/A

No.
Yes. If yes, please list:

No. What steps will be taken to develop and
maintain the accounting:
8. Per NIST SP 800-53 Rev. 4, Appendix
J, does the project, program, or system
maintain an accounting of disclosures
of PII to individuals who have
requested access to their PII?

9. Is there a FIPS 199 determination? 4

Yes. In what format is the accounting
maintained:
This system does not collect or maintain SPII or PII
to the extent of PII collected is only individuals’
names. The additional information referenced is
related to the business or organization receiving
grants for their programs.
Unknown.
No.
Yes. Please indicate the determinations for each
of the following:

4

Confidentiality:
Low
Moderate

High

Undefined

Integrity:
Low

High

Undefined

Moderate

FIPS 199 is the Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal
Information and Information Systems and is used to establish security categories of information systems.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 7 of 8

Availability:
Low
Moderate

High

Undefined

PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:

LaKia Samuel

Date submitted to Component Privacy
Office:

December 18, 2015

Date submitted to DHS Privacy Office:

January 11, 2016

Component Privacy Office Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.

FEMA form 087-0-0-1 “Controlled Equipment Request” collects minimal contact information
for grant recipients to request controlled equipment, and has coverage under the following PIA:
DHS/FEMA/PIA-013 - Grant Management Programs
Grant Management Programs, February 19, 2015 (PDF, 20 pages).
No SORN coverage is required, as no information is retrieved by personal identifier.
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:

Tammi Hines

PCTS Workflow Number:

1117073

Date approved by DHS Privacy Office:

January 13, 2016

PTA Expiration Date

January 13, 2019
DESIGNATION

Privacy Sensitive System:
Category of System:
Determination:

Yes

If “no” PTA adjudication is complete.

Form/Information Collection
If “other” is selected, please describe: Click here to enter text.
PTA sufficient at this time.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 8 of 8

Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
DHS Policy for Computer-Readable Extracts Containing Sensitive PII
applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.
Paperwork Reduction Act (PRA) Clearance may be required. Contact
your component PRA Officer.
A Records Schedule may be required. Contact your component Records
Officer.
System covered by existing PIA
PIA:

If covered by existing PIA, please list: DHS/FEMA/PIA-013 - Grant Management

Programs
SORN:
If covered by existing SORN, please list: N/A
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.

DHS Privacy agrees with the above recommendation, that FEMA form 087-0-0-1 “Controlled
Equipment Request” collects minimal contact information for grant recipients to request
controlled equipment, and has the following coverage:
DHS/FEMA/PIA-013 - Grant Management Programs
Grant Management Programs, February 19, 2015 (PDF, 20 pages).
No SORN coverage is required, as information is not retrieved by personal identifier.