Ipa

Download: docx | pdf

U.S. DEPARTMENT OF

HOUSING AND URBAN DEVELOPMENT

Initial Privacy Assessment

Continuum of Care Homeless Assistance Grant Application – Continuum of Care Registration

[April 2017]

INITIAL PRIVACY ASSESSMENT (IPA)

The Initial Privacy Assessment (IPA) is use to determine whether a Privacy Impact Assessment (PIA) is required under the E-Government Act of 2002. The IPA is also used to determine if a System of Records Notice (SORN) is required under the Privacy Act of 1974.

The IPA is an administrative form created by the Privacy Branch to efficiently and effectively identify the use of Personally Identifiable Information (PII) across the Department. The IPA focuses on three areas of inquiry:

• Business data and business processes within each HUD program.

• Potential connections with individuals including the use of PII – any use of social security numbers must be specifically identified.

HUD’s program and support offices should ensure that its respective IPA is completed and sent to the Privacy Branch for approval. If SSNs are to be used, the IPA specifically identifies the justification and authority for using SSNs. Upon receipt of the IPA, the Privacy Branch determines the applicability of other privacy compliance requirements including the PIA and SORN. The IPA is complete when the Privacy Branch signs it and sends the final copy back to the identified point of contact.

Please complete this form and send it to the HUD Privacy Branch staff.

Janice Noble

Acting, Branch Chief

Privacy Branch

U.S. Department of Housing and Urban Development

[email protected]

If a PIA or SORN is required, a copy of the Privacy Impact Assessment and System of Records Notice form is available on the HUD Privacy Branch website, http://hudatwork.hud.gov/HUD/cio/po/i/privacy, on HUD@Work or directly from the HUD Privacy Branch via email: [email protected] to complete and return.

INITIAL PRIVACY ASSESSMENT (IPA) SUMMARY INFORMATION

Date Submitted for Review:

Name of System or Project: Continuum of Care Program Registration

System Name in CSAM: NA

Name of Program Office: Office of Special Needs Assistance Programs

Name of Project Manager or System Owner: Sherri Boyd

Email for Project Manager or System Owner: [email protected]

Phone Number for Project Manager or System Owner: (202) 402-6070

Status of Project:

	Paper-Only
	Combination of Paper and Electronic
	Electronic-Only
	Other: Please describe the type of project including paper based Privacy Act System of Records

* Note: For this form purpose, there is no distinction made between technologies/ systems managed by contractors. All technologies/systems should be initially reviewed for potential privacy impact.

Section I: The Entire IPA (Sections I and II) Should be Completed for New Systems or Projects. If this is an Existing System or Project Skip to Section II. Unless requested by the Office of Privacy, this section should not be completed for an existing System or Project.

1. Provide a general description of the system or project that describes: (a) the functionality of the system and the purpose that the records and/or system serve; (b) who has access to information in the system; (c) how information in the system is retrieved by the user; (d) how information is transmitted to and from the system; and (e) interconnections with other systems.

1. What is the functionality of the system and the purpose that the records and/or system serve?

HUD's annual CoC Program registration process, which precedes the opening of Hud’s annual Continuum of Care (CoC) Program Competition, requires each CoC to designate a Collaborative Applicant to register in advance of applying for funds under the CoC Program Competition Process.

2. Who has access to information in the system?

The Collaborative Applicant who is designated by the CoC.

3. How information in the system is retrieved by the user?

Each Collaborative Applicant must complete and submit a registration on behalf of the CoC in e-snaps.

4. How information is transmitted to and from the system?

The system is secured web-based software.

(e) What are the interconnections with other systems?

There are no other interconnections with other systems.

2. Have the IPA been reviewed and approved by the Departmental Privacy Officer

	YES
	NO (Please contact component privacy official before submitting official IPA.)

3. Status of System or Project

This is a new system or project in development

Specify expected production date: 5/1/13 Do not complete Section II.

This is an existing system or project.

After completing Section I, complete Section II.

4. System or project personal identifiers/sensitive information

YES	NO	Does the system or project collect, maintain use or disseminate other personal identifiers/ sensitive information (i.e., name, home address, home telephone number, date of birth, gender status, income/financial data. employment, medical history, criminal record, etc.)? There is no federal system. No personal/sensitive information is collected.

If yes, briefly describe the types of information about individuals in the system.

5. Does the information about individuals identify particular individuals (i.e., is the information linked or linkable to specific individuals, often referred to as personally identifiable information?)

	YES
	NO (If no, indicate below how the information is not identifiable to specific individuals.

There is no federal system. No personal/sensitive information is collected.

6. Does the personally identifiable information in the system pertain only to government employees, contractors, or consultants?

	YES (If yes, specify individual type.) ___________________________________
	NO (If no, indicate below how the information is not identifiable to specific individuals.

There is no federal system. No personal/sensitive information is collected.

7. Is there an existing Privacy Act System of Records Notice (SORN) that has been published in the Federal Register to cover the system? (Please consult with the component’s Privacy Act Officer if assistance is needed in responding to this question.)

	YES
	NO

There is no federal system. No personal/sensitive information is collected.

8. SSN usage

YES	NO	Do the project or system collect, maintain, use, or disseminate Social Security Numbers (SSNs)? (This includes truncated SSNs)

There is no federal system. No personal/sensitive information is collected.

If yes, please provide the purpose/legal authority authorizing the solicitation of SSNs:

9. Is there a Certification & Accreditation record for your system?

	YES (If yes, indicate the following:)
Confidentiality			Low		Moderate		High		Undefined
Integrity			Low		Moderate		High		Undefined
Availability			Low		Moderate		High		Undefined
	NO (If no, please identify the FISMA-reported system whose C&A covers this system.)
	DO NOT KNOW There is no federal system. No personal/sensitive information is collected.

II. EXISTING SYSTEM OR PROJECT

1. When was the system developed?

These are locally developed and operated systems. They have different development dates

2. If an existing system, has the system undergone any changes since April 17, 2003?

	YES (If yes, explain the nature of those changes and proceed to Question 3.) There is no federal system. See answer above.
	NO (If no, proceed to question 5.)

There is no federal system. See answer above.

3. Do the changes to the system or project involve a change in the type of records maintained, the individuals on whom records are maintained, or the use or dissemination of information from the system?

	YES
	NO

4. Please indicate if any of the following changes to the system or project have occurred: (Mark all boxes that apply.)

	A conversion from paper-based records to an electronic system.
	A change from information in a format that is anonymous or non-identifiable to a format that is identifiable to particular individuals.
	A new use of an IT system, including application of a new technology that changes how information in identifiable form is managed. (For example, a change that would create a more open environment and /or avenue for exposure of data that previously did not exist.)
	A change that results in information in identifiable form being merged, centralized, or matched with other databases.
	A new method of authenticating the use of an access to information in the identifiable form by members of the public.
	A systematic incorporation of databases of information in identifiable form purchased or obtained from commercial or public sources.
	A new interagency use of shared agency function that results in new uses or exchanges of information in identifiable form.
	A change that results in a new use of disclosure of information in identifiable form.
	A change that results in new items of information in identifiable form being added into the system.

5. Does a PIA for the system already exist?

	YES (If yes, provide the date and title of the PIA and whether the PIA is posted on the Privacy Office webpage.
	NO.

There is no federal system. See answer above.

IPA Determination/Approval

(To be completed by the Privacy Office)

DATE REVIEWED:

REVIEWERS NAME:

	This is NOT a Privacy Sensitive Project – the project contains no personal identifiers/sensitive information
	This IS a Privacy Sensitive Project
	PTA sufficient at this time
	A PIA is required
COMMENTS:

_____________________________ _________________________

Program Director Signature Date

[Title]

_____________________________ _________________________

Departmental Privacy Officer Signature Date

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
Author	h04105
File Modified	0000-00-00
File Created	2021-01-21