Privacy Threshold Analysis (PTA)

PTA-Form Mitigation Planning_122816.docx

State/Local/Tribal Hazard Mitigation Plans

Privacy Threshold Analysis (PTA)

OMB: 1660-0062

Document [docx]
Download: docx | pdf

Privacy Office

U.S. Department of Homeland Security

Washington, DC 20528

202-343-1717, [email protected]

www.dhs.gov/privacy



PRIVACY THRESHOLD ANALYSIS (PTA)


This form serves as the official determination by the DHS Privacy Office to identify the privacy compliance requirements for all Departmental uses of personally identifiable information (PII).


A Privacy Threshold Analysis (PTA) serves as the document used to identify information technology (IT) systems, information collections/forms, technologies, rulemakings, programs, information sharing arrangements, or pilot projects that involve PII and other activities that otherwise impact the privacy of individuals as determined by the Chief Privacy Officer, pursuant to Section 222 of the Homeland Security Act, and to assess whether there is a need for additional Privacy Compliance Documentation. A PTA includes a general description of the IT system, information collection, form, technology, rulemaking, program, pilot project, information sharing arrangement, or other Department activity and describes what PII is collected (and from whom) and how that information is used and managed.


Please complete the attached Privacy Threshold Analysis and submit it to your component Privacy Office. After review by your component Privacy Officer the PTA is sent to the Department’s Senior Director for Privacy Compliance for action. If you do not have a component Privacy Office, please send the PTA to the DHS Privacy Office:


Senior Director, Privacy Compliance

The Privacy Office

U.S. Department of Homeland Security

Washington, DC 20528

Tel: 202-343-1717


[email protected]


Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form and assess whether any privacy compliance documentation is required. If compliance documentation is required – such as Privacy Impact Assessment (PIA), System of Records Notice (SORN), Privacy Act Statement, or Computer Matching Agreement (CMA) – the DHS Privacy Office or component Privacy Office will send you a copy of the relevant compliance template to complete and return.



Privacy Threshold Analysis (PTA)


Specialized Template for

Information Collections (IC) and Forms


The Forms-PTA is a specialized template for Information Collections and Forms. This specialized PTA must accompany all Information Collections submitted as part of the Paperwork Reduction Act process (any instrument for collection (form, survey, questionnaire, etc.) from ten or more members of the public). Components may use this PTA to assess internal, component-specific forms as well.


Form Number:

Not applicable


Form Title:

Not applicable


Component:


Office:

Federal Insurance and Mitigation Administration (FIMA), Risk Management Directorate (RMD), Planning Safety & Building Sciences Division, Planning & Safety Branch



If covered by the paperwork reduction act:

Collection Title:

State/Local/Tribal Hazard Mitigation Plans


OMB Control Number:

1660-0062

OMB Expiration Date:

July 31, 2017

Collection status:

Date of last PTA (if applicable):

February 15, 2011


PROJECT OR PROGRAM MANAGER

Name:

Jennifer Burmester

Office:

DHS FEMA

Title:

Program Manager

Phone:

202 646 4325

Email:

[email protected]


COMPONENT Information Collection/FORMS contact

Name:

Levi Harrell

Office:

Records Management Division

Title:

Management and Program Analyst

Phone:

202 212 3968

Email:

[email protected]

SPECIFIC IC/Forms PTA QUESTIONS


  1. Purpose of the Information Collection or Form

  1. Describe the purpose of the information collection or form. Please provide a general description of the project and its purpose, including how it supports the DHS mission, in a way a non-technical person could understand (you may use information from the Supporting Statement).

If this is an updated PTA, please specifically describe what changes or upgrades are triggering the update to this PTA.

This PTA is a routine update required as the current Office of Management and Budget (OMB) (Control Number 1660-0062) approved collection of State/Local/Tribal Hazard Mitigation Plans expires on July 31, 2017.

Section 322 of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (Stafford Act), 42 U.S.C. § 5165, as amended by the Disaster Mitigation Act of 2000 (DMA 2000), Pub. L. No. 106-390, provides the framework for mitigation planning by state, tribal, and local governments. The purpose of mitigation planning is to identify the natural hazards that might impact the planning area, identify actions and activities to reduce any losses from the hazards, and establish a coordinated process to implement the plan, taking advantage of a wide-range of resources.

To be eligible for certain types of Federal Emergency Management Agency (FEMA) non-emergency assistance, such as Public Assistance Categories C-G (PA C-G), Fire Management Assistance Grants (FMAG), and Hazard Mitigation Assistance (HMA), states, tribal, and local governments are required to have a FEMA-approved mitigation plan that meets the criteria established in the federal regulations at Title 44 Code of Federal Regulations (CFR) Part 201 Mitigation Planning (44 CFR Part 201). Mitigation plans must be updated and submitted to FEMA for review and approval every 5 years to maintain eligibility.

As part of the review and approval process, FEMA corresponds with the state, tribal, and/or local government official / point of contact, including providing the approval letter and the mitigation plan review document.

  1. List the DHS (or component) authorities to collect, store, and use this information. If this information will be stored and used by a specific DHS component, list the component-specific authorities.

As stated above, under Section 322 of the Stafford Act, as amended by the DMA 2000, and implementing regulations (44 CFR Part 201), FEMA requires a mitigation plan to be approved by FEMA in order for the state, tribal, and local government to be eligible for certain types of FEMA assistance, such as PA C-G, FMAG, and HMA.



  1. Describe the IC/Form

  1. Does this form collect any Personally Identifiable Information” (PII1)?

Yes

No


  1. From which type(s) of individuals does this form collect information? (Check all that apply.)

Members of the public

U.S. citizens or lawful permanent residents

Non-U.S. Persons.

DHS Employees

DHS Contractors

Other federal employees or contractors.

  1. Who will complete and submit this form? (Check all that apply.)

The record subject of the form (e.g., the individual applicant).

Legal Representative (preparer, attorney, etc.).

Business entity.

If a business entity, is the only information collected business contact information?

Yes

No

Law enforcement.

DHS employee or contractor.

Other individual/entity/organization that is NOT the record subject. Please describe.

Click here to enter text.


  1. How do individuals complete the form? Check all that apply.

Paper.

Electronic. (ex: fillable PDF)

Online web form. (available and submitted via the internet)

Provide link:


  1. What information will DHS collect on the form? List all PII data elements on the form. If the form will collect information from more than one type of individual, please break down list of data elements collected by type of individual.

Specific requirements for State/Local/Tribal Mitigation Plans are described in 44 CFR Part 201 as well as in guidance / policies issued by FEMA (see FEMA’s Mitigation Planning Laws, Regulations, and Policies website at https://www.fema.gov/hazard-mitigation-planning-laws-regulations-policies).


The information collection includes business points of contact, such as name, business address, business phone number, and business e-mail, to allow for correspondence between FEMA and the state, tribal, and/or local governments submitting the mitigation plan.

  1. Does this form collect Social Security number (SSN) or other element that is stand-alone Sensitive Personally Identifiable Information (SPII)? Check all that apply. Not applicable – SSN / SPII not collected.

Social Security number

Alien Number (A-Number)

Tax Identification Number

Visa Number

Passport Number

Bank Account, Credit Card, or other financial account number

Other. Please list:


DHS Electronic Data Interchange Personal Identifier (EDIPI)

Social Media Handle/ID

Known Traveler Number

Trusted Traveler Number (Global Entry, Pre-Check, etc.)

Driver’s License Number

Biometrics


  1. List the specific authority to collect SSN or these other SPII elements.

Not applicable – SSN / SPII not collected.

  1. How will this information be used? What is the purpose of the collection? Describe why this collection of SPII is the minimum amount of information necessary to accomplish the purpose of the program.

SPII not collected. Under the 44 CFR Part 201, FEMA requires a mitigation plan to be approved by FEMA in order for the State/local/Tribal government to be eligible for certain types of FEMA assistance, such as PA C-G, FMAG, and HMA. Mitigation plans must be updated and submitted to FEMA for review and approval every 5 years to maintain eligibility.

  1. Are individuals provided notice at the time of collection by DHS (Does the records subject have notice of the collection or is form filled out by third party)?

Yes. Please describe how notice is provided.

Click here to enter text.

No.




  1. How will DHS store the IC/form responses?

  1. How will DHS store the original, completed IC/forms?

Paper. Please describe.

Some offices may still receive paper copies of plans but most Regions receive electronic copies.

Electronic. Please describe the IT system that will store the data from the form.

Documents are stored on Regional shared drives.

Scanned forms (completed forms are scanned into an electronic repository). Please describe the electronic repository.

  1. If electronic, how does DHS input the responses into the IT system?

Manually (data elements manually entered). Please describe.

Automatically. Please describe.

Click here to enter text.

  1. How would a user search the information submitted on the forms, i.e., how is the information retrieved?

By a unique identifier.2 Please describe. If information is retrieved by personal identifier, please submit a Privacy Act Statement with this PTA.

By a non-personal identifier. Please describe.

Each Regional office follows its own protocols for information retrieval from shared drives but most likely files documents by State, Tribal, and/or local government and /or mitigation plan.

  1. What is the records retention schedule(s)? Include the records schedule number.

  • NARA_Auth: “N1-311-01-7, Item 1”

  • Disposition: “TEMPORARY. Cut off when project closed, voided or withdrawn. Retire to FRC 3 year after cutoff. Destroy 6 years 3 months after cutoff.”

  1. How do you ensure that records are disposed of or deleted in accordance with the retention schedule?

Each FEMA Program office has a Records Custodian or Records Liaison Officer that provides guidance, awareness, and training on proper records management.



  1. Is any of this information shared outside of the original program/office? If yes, describe where (other offices or DHS components or external entities) and why. What are the authorities of the receiving party?

Yes, information is shared with other DHS components or offices. Please describe.

FEMA does not share the mitigation plans but does shared information on mitigation plan status with other FEMA components to determine eligibility for PA C-G, FMAG, and HMA. Mitigation plan status is also available via a Geospatial Information System (GIS) mapping service. For more information on mitigation plan status, visit the FEMA website: https://www.fema.gov/hazard-mitigation-plan-status.

Yes, information is shared external to DHS with other federal agencies, state/local partners, international partners, or non-governmental entities. Please describe.

As part of the review and approval process, FEMA corresponds with the state, tribal, and/or local government official / point of contact, including providing the approval letter and the mitigation plan review document.

No. Information on this form is not shared outside of the collecting office.

FEMA does not share the mitigation plans.






Please include a copy of the referenced form and Privacy Act Statement (if applicable) with this PTA upon submission.




PRIVACY THRESHOLD REVIEW


(To be Completed by COMPONENT PRIVACY OFFICE)


Component Privacy Office Reviewer:

LeVar J. Sykes



Date submitted to component Privacy Office:

Click here to enter a date.


Date submitted to DHS Privacy Office:

Click here to enter a date.



Have you approved a Privacy Act Statement for this form? (Only applicable if you have received a waiver from the DHS Chief Privacy Officer to approve component Privacy Act Statements.)


Yes. Please include it with this PTA submission.

No. Please describe why not.

Click here to enter text.



Component Privacy Office Recommendation:

Please include recommendation below, including what existing privacy compliance documentation is available or new privacy compliance documentation is needed.

Click here to enter text.






PRIVACY THRESHOLD ADJUDICATION


(To be Completed by the DHS Privacy Office)


DHS Privacy Office Reviewer:

Click here to enter text.

PCTS Workflow Number:

Click here to enter text.

Date approved by DHS Privacy Office:

Click here to enter a date.

PTA Expiration Date

Click here to enter a date.


DESIGNATION


Privacy Sensitive IC or Form:

If “no” PTA adjudication is complete.

Determination:

PTA sufficient at this time.

Privacy compliance documentation determination in progress.

New information sharing arrangement is required.

DHS Policy for Computer-Readable Extracts Containing SPII applies.

Privacy Act Statement required.

Privacy Impact Assessment (PIA) required.

System of Records Notice (SORN) required.

Specialized training required.

Other. Click here to enter text.


DHS IC/Forms Review:


Date IC/Form Approved by PRIV:

Click here to enter a date.

IC/Form PCTS Number:

Click here to enter text.

Privacy Act Statement:

Click here to enter text.

PTA:

Click here to enter text.

PIA:

If covered by existing PIA, please list: Click here to enter text.

If a PIA update is required, please list: Click here to enter text.

SORN:

If covered by existing SORN, please list: Click here to enter text.

If a SORN update is required, please list: Click here to enter text.

DHS Privacy Office Comments:

Please describe rationale for privacy compliance determination above.

Click here to enter text.



1 Personally identifiable information means any information that permits the identity of an individual to be directly or indirectly inferred, including any other information which is linked or linkable to that individual regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department.

2 Generally, a unique identifier is considered any type of “personally identifiable information,” meaning any information that permits the identity of an individual to be directly or indirectly inferred, including any other information which is linked or linkable to that individual regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department.


Privacy Threshold Analysis – IC/Form Version number: 04-2016

Page 7 of 7


File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File TitleDHS PRIVACY OFFICE
Authormarilyn.powell
File Modified0000-00-00
File Created2021-01-22

© 2024 OMB.report | Privacy Policy