Download: docx | pdf

U.S. DEPARTMENT OF

HOUSING AND URBAN DEVELOPMENT

Initial Privacy Assessment

State Community Development Block Grant Program

Office of Community Planning and Development

Template July 2015

March 10, 2017

INITIAL PRIVACY ASSESSMENT (IPA)

The Initial Privacy Assessment (IPA) is use to determine whether a Privacy Impact Assessment (PIA) is required under the E-Government Act of 2002. The IPA is also used to determine if a System of Records Notice (SORN) is required under the Privacy Act of 1974.

The IPA is an administrative form created by the Privacy Branch to efficiently and effectively identify the use of Personally Identifiable Information (PII) across the Department. The IPA focuses on three areas of inquiry:

• Business data and business processes within each HUD program.

• Potential connections with individuals including the use of PII – any use of social security numbers must be specifically identified.

HUD’s program and support offices should ensure that its respective IPA is completed and sent to the Privacy Branch for approval. If SSNs are to be used, the IPA specifically identifies the justification and authority for using SSNs. Upon receipt of the IPA, the Privacy Branch determines the applicability of other privacy compliance requirements including the PIA and SORN. The IPA is complete when the Privacy Branch signs it and sends the final copy back to the identified point of contact.

Please complete this form and send it to the HUD Privacy Branch staff.

Janice Noble

Acting, Branch Chief

Privacy Branch

U.S. Department of Housing and Urban Development

[email protected]

If a PIA or SORN is required, a copy of the Privacy Impact Assessment and System of Records Notice form is available on the HUD Privacy Branch website, http://hudatwork.hud.gov/HUD/cio/po/i/privacy, on HUD@Work or directly from the HUD Privacy Branch via email: [email protected] to complete and return.

INITIAL PRIVACY ASSESSMENT (IPA) SUMMARY INFORMATION

Date Submitted for Review: [Date]

Name of System or Project: Integrated Disbursement & Information System (IDIS) Online/ State Community Development Block Grant Program/CDBG

System Name in CSAM: None

Name of Program Office: Office of Community Planning and Development

Name of Project Manager or System Owner: Valerie D. Coleman

Email for Project Manager or System Owner: [email protected]

Phone Number for Project Manager or System Owner: 202-402-4389

Type of Project:

☒ Information Technology and/or System IDIS

☐ A Notice of Proposed Rule Making or a Final Rule:

☒ Form or other Information Collection: Form HUD 40108

☒ Other: Colonias Consultation

SPECIFIC QUESTIONS

1. Describe the project and its purpose:

There are three components of this OMB collection, 2506-0085.

• The first, and largest component is the reporting by grantees on the accomplishments and use of CDBG funds. There are grantee-held records and reporting online through web-based forms in the Integrated Disbursement and Information System (IDIS).

• The second component is the HUD 40108 form for State grantees to report that they have made grant awards to local governments as required. This is separate from the first only because this reporting element is not integrated into IDIS.

• The third component is the colonias consultation process, although a questionnaire is involved, the purpose is consultation in determining the percentage of the set-aside amount.

2. Status of Project:

☐ This is a new development effort.

☒ This is an existing project.

Date first developed: 1996

Date last updated: Following a major transition to the online format in FY 2010, IDIS has been regularly updated, with the current Version 11.12 released 9/12/2016

3. From whom do you collect, process, or retain information on: (Please check all that apply)

☒ HUD Employees

☒ Contractors working on behalf of HUD

☐ The Public

☐ The System does not contain any such information.

3. Do you use or collect Social Security Numbers (SSNs)? (This includes truncated SSNs)

☒ No.

☐ Yes. Why does the program collect SSNs? Provide the function of the SSN and the legal authority to do so:

3. What information about individuals could be collected, generated or retained?

HUD’s Integrated Disbursement and Information System (IDIS) is used by State CDBG grantees to report performance and compliance with the statutory and regulatory conditions of the program. Information reported in IDIS about individuals is limited to those members of grantee’s staff, and includes their names, titles, addresses and phone numbers. Separately, the addresses of State CDBG-funded activities are also reported in IDIS. However, the identity of individuals benefiting from the program is not collected in IDIS.

This burden also includes the record-keeping requirements placed on the State and the units of general local government. For certain activity-types, the grantee-held records would contain information on individuals benefitting from the State CDBG program. The information may include individual’s names, addresses, family-size, family-income, and employment status for the purposes of determining eligibility. Activities that generate an area-benefit (based on HUD-provided data), address slums and blight, or serve an urgent community need, would typically not have information on specific individuals. Activities that provide area-benefit (based on local survey), housing, jobs, or client services would have records on individuals. Such records are maintained by the grantee and made available to HUD for monitoring the performance of the program participants and ensuring compliance with all program requirements.

The HUD 40108 form and the Colonias Consultation do not involve the collection of information about individuals, nor are they integrated into IDIS.

6. If this project is a technology/system, does it relate solely to infrastructure? [For example, is the system a Local Area Network (LAN) or Wide Area Network (WAN)]?

☒ No. Please continue to the next question.

☐ Yes. Is there a log kept of communication traffic?

☐No. Please continue to the next question.

☐ Yes. What type of data is recorded in the log? (Please choose all that apply.)

☐ Header

☐ Payload Please describe the data that is logged.

6. Does the system connect, receive, or share Personally Identifiable Information with any other HUD systems?

☒ No.

☐ Yes. Please list the systems:

Is this external sharing pursuant to new or existing information sharing access agreement (MOU, MOA, LOI, etc.)?

Not applicable.

6. Does the system meet all of the following requirements?

There will be a group of records under the control of an agency that contains a personal identifier (such as a name, date of birth, SSN, Employee Number, fingerprint, etc.) of U.S. citizens and lawful permanent residents;

Contains at least one other item of personal data (such as home address, performance rating, blood type, etc.); and

The data about the subject individual IS retrieved by the name or unique identifier assigned to the individual.

☒ No.

☐ Yes.

If yes is there an existing System of Record Notice?

☐ No.

☐ Yes.

9. Is there an Authorization to Operate record within OCIO’s FISMA tracking system CSAM?

☐ Unknown

☒ No

☐ Yes. Please indicate the determinations for each of the following:

Confidentiality: ☐ Low ☐ Moderate ☐ High

Integrity: ☐ Low ☐ Moderate ☐ High

Availability: ☐ Low ☐ Moderate ☐ High

PRIVACY DETERMINATION

(TO BE COMPLETED BY THE HUD PRIVACY BRANCH)

Date reviewed by the HUD Privacy Branch: <Insert Date.>

Name of the HUD Privacy Branch Reviewer: <Please enter name of reviewer.>

DESIGNATION

☐ This is NOT a Privacy Sensitive System – the system contains no Personally Identifiable Information.

☐ This IS a Privacy Sensitive System

Category of System

☐ IT System

☐ Legacy System

☐ HR System

☐ Rule

☐ Other: ____________________________

Determination

☐ IPA sufficient at this time

☐ Privacy compliance documentation determination in progress

☐ PIA is not required at this time

☐ PIA is required

☐ System covered by existing PIA:

☐ New PIA is required

☐ PIA update is required

☐ SORN not required at this time

☐ SORN is required

☐ System covered by existing SORN:

☐ New SORN is required

HUD PRIVACY BRANCH COMMENTS:

DOCUMENT ENDORSEMENT

DATE REVIEWED:

PRIVACY REVIEWING OFFICIALS NAME:

By signing below you attest that the content captured in this document is accurate and complete and meet the requirements of applicable federal regulations and HUD internal policies.

SYSTEM OWNER << INSERT NAME/TITLE>>		Date
<<INSERT PROGRAM OFFICE>>
CHIEF PRIVACY OFFICER <<INSERT NAME/TITLE>>		Date
OFFICE OF ADMINISTRATION

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
Author	h04105
File Modified	0000-00-00
File Created	2021-01-22