Download:
pdf |
pdfPrivacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD ANALYSIS (PTA)
This form serves as the official determination by the DHS Privacy Office to
identify the privacy compliance requirements for all Departmental uses of
personally identifiable information (PII).
A Privacy Threshold Analysis (PTA) serves as the document used to identify
information technology (IT) systems, information collections/forms, technologies,
rulemakings, programs, information sharing arrangements, or pilot projects that involve
PII and other activities that otherwise impact the privacy of individuals as determined by
the Chief Privacy Officer, pursuant to Section 222 of the Homeland Security Act, and to
assess whether there is a need for additional Privacy Compliance Documentation. A PTA
includes a general description of the IT system, information collection, form, technology,
rulemaking, program, pilot project, information sharing arrangement, or other Department
activity and describes what PII is collected (and from whom) and how that information is
used and managed.
Please complete the attached Privacy Threshold Analysis and submit it to your
component Privacy Office. After review by your component Privacy Officer the PTA is sent
to the Department’s Senior Director for Privacy Compliance for action. If you do not have a
component Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]
Upon receipt from your component Privacy Office, the DHS Privacy Office will review this
form and assess whether any privacy compliance documentation is required. If compliance
documentation is required – such as Privacy Impact Assessment (PIA), System of Records
Notice (SORN), Privacy Act Statement, or Computer Matching Agreement (CMA) – the DHS
Privacy Office or component Privacy Office will send you a copy of the relevant compliance
template to complete and return.
Privacy Threshold Analysis – IC/Form
Page 1 of 9
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis (PTA)
Specialized Template for
Information Collections (IC) and Forms
The Forms-PTA is a specialized template for Information Collections and Forms. This
specialized PTA must accompany all Information Collections submitted as part of the
Paperwork Reduction Act process (any instrument for collection (form, survey,
questionnaire, etc.) from ten or more members of the public). Components may use this PTA
to assess internal, component-specific forms as well.
Form Number:
N/A
Form Title:
N/A
Component:
U.S. Coast Guard (USCG) Office:
CG-REG
IF COVERED BY THE PAPERWORK REDUCTION ACT:
National Response Resource Inventory
Collection Title:
OMB Control
Number:
Collection status:
Name:
Office:
Phone:
Name:
Office:
Phone:
OMB Expiration
Date:
Date of last PTA (if
applicable):
1625-0102
Extension
April 30, 2017
N/A
PROJECT OR PROGRAM MANAGER
Mr. David Du Pont
CG-REG
Reg Dev Mgr
Title:
202-372-1497
[email protected]
Email:
COMPONENT INFORMATION COLLECTION/FORMS CONTACT
Mr. Anthony Smith
CG-612
PRA Coordinator
Title:
202-475-3532
[email protected]
Email:
Privacy Threshold Analysis – IC/Form
Page 2 of 9
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
SPECIFIC IC/Forms PTA QUESTIONS
1. Purpose of the Information Collection or Form
The purpose of the information collection is to improve the effectiveness of deploying
response equipment in the event of an oil spill. It may also be used in the development of
contingency plans.
There is no form associated with this collection. The Coast Guard maintains a Response
Resource Inventory (RRI) password-protected website for users to upload Oil Spill Removal
Organization (OSRO) information. The RRI contains basic business contact information
which may include the name and address of an individual.
The authority for this collection is section 4202 of the Oil Pollution Act of 1990 (Pub. L. 101380).
2. Describe the IC/Form
a. Does this form collect any
Personally Identifiable
Information” (PII1)?
b. From which type(s) of
individuals does this form
collect information?
(Check all that apply.)
c. Who will complete and
submit this form? (Check
all that apply.)
Yes
☐No
Members of the public
U.S. citizens or lawful permanent
residents
Non-U.S. Persons.
☐ DHS Employees
☐ DHS Contractors
☐ Other federal employees or contractors.
☐ The record subject of the form (e.g., the
individual applicant).
☐ Legal Representative (preparer, attorney, etc.).
Business entity.
If a business entity, is the only information
collected business contact information?
1
Personally identifiable information means any information that permits the identity of an individual to be directly or indirectly inferred, including
any other information which is linked or linkable to that individual regardless of whether the individual is a U.S. citizen, lawful permanent resident,
visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Page 3 of 9
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Yes
☐ No
☐ Law enforcement.
☐ DHS employee or contractor.
☐ Other individual/entity/organization that is
NOT the record subject. Please describe.
d. How do individuals
complete the form? Check
all that apply.
☐ Paper.
☐ Electronic. (ex: fillable PDF)
Online web form. (available and submitted via
the internet)
Provide link: https://cgrri.uscg.mil/logon.aspx
e. What information will DHS collect on the form?
The RRI contains basic business contact information which may include the name and
address of an individual.
f. Does this form collect Social Security number (SSN) or other element that is standalone Sensitive Personally Identifiable Information (SPII)? No.
☐ Social Security number
☐ Alien Number (A-Number)
☐ Tax Identification Number
☐ Visa Number
☐ Passport Number
☐ Bank Account, Credit Card, or other
financial account number
☐ Other. Please list:
☐ DHS Electronic Data Interchange
Personal Identifier (EDIPI)
☐ Social Media Handle/ID
☐ Known Traveler Number
☐ Trusted Traveler Number (Global
Entry, Pre-Check, etc.)
☐ Driver’s License Number
☐ Biometrics
g. List the specific authority to collect SSN or these other SPII elements.
N/A.
h. How will this information be used? What is the purpose of the collection? Describe
why this collection of SPII is the minimum amount of information necessary to
accomplish the purpose of the program.
N/A.
Privacy Threshold Analysis – IC/Form
Page 4 of 9
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
i. Are individuals
provided notice at the
time of collection by
DHS (Does the records
subject have notice of
the collection or is
form filled out by third
party)?
Yes. Please describe how notice is provided.
A Privacy Act Statement is on the RRI login webpage.
☐ No.
3. How will DHS store the IC/form responses?
a. How will DHS store
☐ Paper. Please describe.
the original,
Click here to enter text.
completed IC/forms?
Electronic. Please describe the IT system that will
store the data from the form.
The data is stored on the Coast Guard Maritime
Information eXchange (CGMIX) system.
☐ Scanned forms (completed forms are scanned into
an electronic repository). Please describe the
electronic repository.
b. If electronic, how
does DHS input the
responses into the IT
system?
☐ Manually (data elements manually entered). Please
describe.
Automatically. Please describe.
The data is input by an OSRO, not the Coast Guard.
c. How would a user
search the
information
submitted on the
forms, i.e., how is the
information
retrieved?
☐ By a unique identifier.2 Please describe. If
information is retrieved by personal identifier, please
submit a Privacy Act Statement with this PTA.
Click here to enter text.
By a non-personal identifier. Please describe.
A search can be done using OSRO-specific
information.
2
Generally, a unique identifier is considered any type of “personally identifiable information,” meaning any information that permits the identity
of an individual to be directly or indirectly inferred, including any other information which is linked or linkable to that individual regardless of
whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Page 5 of 9
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
A record is retained for the life of the OSRO; NARA
d. What is the records
retention schedule number N1-026-05-015.
retention
schedule(s)? Include
the records schedule
number.
As records are maintained in the CGMIX database,
e. How do you ensure
disposal/deletion is in accordance with the business rules
that records are
for the database.
disposed of or deleted
in accordance with
the retention
schedule?
f. Is any of this information shared outside of the original program/office?
☐ No. Information on this form is not shared outside of the collecting office.
☐ Yes, information is shared with other DHS components or offices. Please describe.
Click here to enter text.
Yes, information is shared external to DHS with other federal agencies, state/local
partners, international partners, or non-governmental entities. Please describe.
RRI data is shared with organizations responding to oil and hazardous materials spills;
however, only equipment information is shared. The information is shared by extracts
from RRI produced by the National Strike Force. Since no PII is shared, there are no
special protections for the information.
Please include a copy of the referenced form and Privacy Act Statement (if
applicable) with this PTA upon submission.
Privacy Threshold Analysis – IC/Form
Page 6 of 9
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office
Reviewer:
Robert Herrick
Date submitted to component
Privacy Office:
Date submitted to DHS Privacy
Office:
Have you approved a Privacy Act
Statement for this form? (Only
applicable if you have received a
waiver from the DHS Chief Privacy
Officer to approve component
Privacy Act Statements.)
September 27, 2017
October 4, 2017
☐ Yes. Please include it with this PTA
submission.
No. Please describe why not.
There is no CG form associated with this
collection; however the webpage PAS is provided
online, which will be revised accordingly.
Component Privacy Office Recommendation:
The National Response Resource Inventory collection improves the effectiveness of deploying
response equipment in the event of an oil spill. It may also be used in the development of
contingency plans.
The National Response Resource Inventory collection contains basic business contact
information which may include the name and address of an individual.
This collection is covered by DHS/USCG/PIA-022 Coast Guard Maritime Information eXchange
and DHS/USCG-013 Marine Information for Safety and Law Enforcement (MISLE).
Privacy Threshold Analysis – IC/Form
Page 7 of 9
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD ADJUDICATION
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:
Riley Dean
PCTS Workflow Number:
Date approved by DHS Privacy
Office:
PTA Expiration Date
1151349
October 4, 2017
October 4, 2020
DESIGNATION
Privacy Sensitive IC or
Form:
Yes If “no” PTA adjudication is complete.
Determination:
☐ PTA sufficient at this time.
☐ Privacy compliance documentation determination in
progress.
☐ New information sharing arrangement is required.
☐ DHS Policy for Computer-Readable Extracts Containing SPII
applies.
☐ Privacy Act Statement required.
X Privacy Impact Assessment (PIA) required.
☐ System of Records Notice (SORN) required.
☐ Specialized training required.
☐ Other. Click here to enter text.
DHS IC/Forms Review: Choose an item.
Click here to enter a date.
Date IC/Form
Approved by PRIV:
Click here to enter text.
IC/Form PCTS
Number:
Privacy Act
No
Statement:
There is no form associated with this collection, so no Privacy Act
Statement is required. However, USCG should work to update its notice
on the Response Resource Inventory (RRI) System website.
Privacy Threshold Analysis – IC/Form
Page 8 of 9
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PTA:
Choose an item.
PIA:
System covered by existing PIA
If covered by existing PIA, please list: DHS/USCG/PIA-022 Coast Guard
Maritime Information eXchange
If a PIA update is required, please list: Click here to enter text.
SORN:
Choose an item.
If covered by existing SORN, please list: Click here to enter text.
If a SORN update is required, please list: Click here to enter text.
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
USCG is submitting this PTA to discuss the National Response Resource Inventory
information collection, which is associated with OMB Control Number 1625-0102. This
collection helps improve the effectiveness of deploying response equipment in the event of
an oil spill and is used in the development of contingency plans. There is no form
associated with this collection. USCG maintains a Response Resource Inventory (RRI)
website for users to upload Oil Spill Removal Organization (OSRO) information. The RRI
contains basic business contact information (e.g., name and address of an individual) and
information about the vessel/equipment. The data is stored on the Coast Guard Maritime
Information eXchange (CGMIX) system. RRI data is shared with organizations responding
to oil and hazardous materials spills; however, only equipment information is shared.
The DHS Privacy Office agrees that this information collection is privacy-sensitive, noting
that no PII from this collection is shared via the CGMIX.
PIA coverage is provided by DHS/USCG/PIA-022 CGMIX, which outlines the risks of
providing USCG maritime-related information to the public and facilitates information
sharing to federal, state, and local governments. SORN coverage is not technically required
as the information is retrieved by search using OSRO-specific information. However,
DHS/USCG-013 Marine Information for Safety and Law Enforcement (MISLE) does provide
notice of this type of information collection.
Additionally, USCG should update the Privacy Act Statement on the Response Resource
Inventory (RRI) website to a Privacy Notice as it may be used by non-U.S. citizens who do
not hold Privacy Act rights.
Privacy Threshold Analysis – IC/Form
Page 9 of 9
Version number: 04-2016
�
| File Type | application/pdf |
| File Modified | 2017-10-05 |
| File Created | 2017-10-05 |