Privacy Threshold Analysis (PTA)

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 1 of 9

PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.

Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under
the E-Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component
Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]

Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a
PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment
Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website,
www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email:
[email protected], phone: 202-343-1717.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 2 of 9

PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:

Application Forms for Conditional and Final Letters of Map Amendment
(LOMA) and Letters of Map Revision (LOMR) Based on Fill; Application
Form for Single Residential Lot or Structure Amendments to National Flood
Insurance Program Maps (OMB ICR No. 1660-0015)

Component:

Federal Emergency
Management Agency (FEMA)

Office or
Program:

Federal Insurance and
Mitigation Administration
(FIMA)

Xacta FISMA
Name (if
applicable):

Click here to enter text.

Xacta FISMA
Number (if
applicable):

Click here to enter text.

Type of Project or
Program:

Form or other Information
Collection

Project or
program
status:

Operational

Date first
developed:
Date of last PTA
update

Click here to enter a date.

Pilot launch
date:

Click here to enter a date.

October 21, 2010

Pilot end date:

Click here to enter a date.

ATO Status (if
applicable)

Choose an item.

ATO
expiration date
(if applicable):

Click here to enter a date.

PROJECT OR PROGRAM MANAGER
Name:

Luis Rodriguez

Office:

FEMA/FIMA/RAD

Title:

Branch Chief

Phone:

202.646.4064

Email:

[email protected]
v

INFORMATION SYSTEM SECURITY OFFICER (ISSO) (IF APPLICABLE)
Name:

Click here to enter text.

Phone:

Click here to enter text.

Email:

Click here to enter text.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 3 of 9

SPECIFIC PTA QUESTIONS
1. Reason for submitting the PTA: Renewal PTA
This FEMA PTA is part of the Office of Management and Budget (OMB) Information Collection
Resource (ICR) renewal process for OMB ICR No 1660-0015, Application Forms for Conditional and
Final Letters of Map Amendment and Letters of Map Revision Based on Fill; Application Form for
Single Residential Lot or Structure Amendments to National Flood Insurance Program Maps. There have
been no changes to the collection since the last PTA was approved by DHS on October 21, 2010.
The Department of Homeland Security’s Federal Emergency Management Agency (FEMA) administers
the National Flood Insurance Program (NFIP) and maintains the maps that depict flood hazard
information. Pursuant to 44 C.F.R. §§ 65 and 70, if an owner or lessee of property believes their property
has been inadvertently mapped in a Special Flood Hazard Area (SFHA), they may submit a request to
FEMA for a Letter of Map Amendment (LOMA). The request must include scientific or technical data
demonstrating that the property is reasonably safe from flooding and not in a SFHA. This request/
collection of information is part of the OMB ICR No. 1660-0015. The forms related to this collection
supplement the general information requirements in the above referenced NFIP regulations and establish
an organized and systematic approach to collect data needed to request removal from a SFHA.
The FEMA Mapping Information Platform (MIP) is the Information Technology (IT) system of record
that maintains LOMA information. The MIP is covered under the DHS/FEMA/PIA-028 - Mapping
Information Platform (MIP) Privacy Impact Assessment (PIA).

2. Does this system employ any of the
following technologies:
If you are using any of these technologies and
want coverage under the respective PIA for that
technology please stop here and contact the DHS
Privacy Office for further guidance.

Closed Circuit Television (CCTV)
Social Media
Web portal 1 (e.g., SharePoint)
Contact Lists
None of these

3. From whom does the Project or
Program collect, maintain, use, or
disseminate information?
1

This program does not collect any personally
identifiable information 2

Informational and collaboration-based portals in operation at DHS and its components that collect, use, maintain, and share
limited personally identifiable information (PII) about individuals who are “members” of the portal or “potential members” who
seek to gain access to the portal.
2
DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to
the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the
same.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 4 of 9

Please check all that apply.

Members of the public
DHS employees/contractors (list components):
Contractors working on behalf of DHS
Employees of other federal agencies

4. What specific information about individuals is collected, generated or retained?
From “Certifiers” (e.g. a Registered Professional Engineer or Licensed Land Surveyor; or a local
government official with authority over a community’s floodplain management activities), FEMA
collects:
•

Full name (First, Middle, Last)

•

Position or title

•

Company or community name

•

Six-digit NFIP Community Number

•

Mailing address

•

Telephone number

•

Fax number

•

Professional license number

•

Professional license expiration date

•

Signature

•

Signature date

•

Fill placement and date

•

Type of construction

•

Elevation data

•

Base Flood Elevation (BFE) data

From individuals (e.g. homeowners, investors, and property developers), FEMA collects:
•

Full name (First, Middle, Last)

•

Mailing address

•

Email address

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 5 of 9

•

Day-time telephone number

•

Fax number

•

Property Address

•

Fill placement and date

•

Type of construction

•

Legal Property Description

•

Signature or digital signature

•

Signature date

•

Credit card information:

•

•

Credit Card Type

•

Credit Card Number

•

Expiration Date

•

Billing Address

Check information:
•

Bank Account Type

•

Bank Routing Number

•

Bank Account number

4(a) Does the project, program, or system
retrieve information by personal identifier?
4(b) Does the project, program, or system
use Social Security Numbers (SSN)?
4(c) If yes, please provide the specific legal
basis and purpose for the collection of
SSNs:
4(d) If yes, please describe the uses of the
SSNs within the project, program, or
system:
4(e) If this project, program, or system is
an information technology/system, does it
relate solely to infrastructure?
For example, is the system a Local Area Network
(LAN) or Wide Area Network (WAN)?

No. Please continue to next question.
Yes. If yes, please list all personal identifiers
used: Name and Address
No.
Yes.
Click here to enter text.

Click here to enter text.

No. Please continue to next question.
Yes. If a log kept of communication traffic,
please answer the following question.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 6 of 9

4(f) If header or payload data 3 is stored in the communication traffic log, please detail the data
elements stored.
Click here to enter text.

5. Does this project, program, or system
connect, receive, or share PII with any
other DHS programs or systems 4?

No.
Yes. If yes, please list:
FEMA MIP

6. Does this project, program, or system
connect, receive, or share PII with any
external (non-DHS) partners or
systems?
6(a) Is this external sharing pursuant to
new or existing information sharing
access agreement (MOU, MOA, LOI,
etc.)?
7. Does the project, program, or system
provide role-based training for
personnel who have access in addition
to annual privacy training required of
all DHS personnel?

8. Per NIST SP 800-53 Rev. 4, Appendix
J, does the project, program, or system
maintain an accounting of disclosures
of PII to individuals/agencies who have
requested access to their PII?

3

No.
Yes. If yes, please list:
Click here to enter text.
Choose an item.
Please describe applicable information sharing
governance in place:

No.
Yes. If yes, please list:

No. What steps will be taken to develop and
maintain the accounting:
Yes. In what format is the accounting
maintained: Request for PII through the MIP
system uses system audit logs to track disclosures of
PII in addition to the FEMA Disclosure office
tracking FOIA/PA requests and responses.

When data is sent over the Internet, each unit transmitted includes both header information and the actual data being sent. The
header identifies the source and destination of the packet, while the actual data is referred to as the payload. Because header
information, or overhead data, is only used in the transmission process, it is stripped from the packet when it reaches its
destination. Therefore, the payload is the only data received by the destination system.
4
PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes. Often, these
systems are listed as “interconnected systems” in Xacta.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 7 of 9

9. Is there a FIPS 199 determination? 4

Unknown.
No.
Yes. Please indicate the determinations for each
of the following:
Confidentiality:
Low
Moderate

High

Undefined

Integrity:
Low

Moderate

High

Undefined

Availability:
Low
Moderate

High

Undefined

PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:

LeVar J. Sykes

Date submitted to Component Privacy
Office:

December 12, 2014

Date submitted to DHS Privacy Office:

December 29, 2014

Component Privacy Office Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
FEMA Privacy considers this collection a Privacy Sensitive System with coverage under the
DHS/FEMA/PIA-028 - Mapping Information Platform (MIP) PIA and the DHS/FEMA/NFIP/LOMA-1 National Flood Insurance Program (NFIP); Letter of Map Amendment (LOMA) SORN.
While there have been no changes to this specific collection since the last PTA adjudication, FEMA has
drafted the FEMA Flood Map Products and Services Records SORN which will update the subject
SORN. The purpose of the SORN update is to reflect changes to NFIP’s Flood Insurance Rate Maps and
to reflect FEMA’s collection of credit card information and its sharing of payment information with
Treasury.
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:

4

Eric M. Leckey

FIPS 199 is the Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal
Information and Information Systems and is used to establish security categories of information systems.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 8 of 9

PCTS Workflow Number:

1058571

Date approved by DHS Privacy Office:

December 30, 2014

PTA Expiration Date

December 30, 2017
DESIGNATION

Privacy Sensitive System:
Category of System:
Determination:

Yes

If “no” PTA adjudication is complete.

Form/Information Collection
If “other” is selected, please describe: Click here to enter text.
PTA sufficient at this time.
Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
DHS Policy for Computer-Readable Extracts Containing Sensitive PII
applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.
Paperwork Reduction Act (PRA) Clearance may be required. Contact
your component PRA Officer.
A Records Schedule may be required. Contact your component Records
Officer.

PIA:

System covered by existing PIA
DHS/FEMA/PIA-028 - Mapping Information Platform (MIP) PIA
SORN update is required.

SORN:

DHS/FEMA/NFIP/LOMA-1 - National Flood Insurance Program (NFIP); Letter of Map
Amendment (LOMA)
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
FEMA’s purpose for collecting LOMA related information is to reassess and determine whether a
property is within a SFHA. FEMA’s determination can impact an individual’s need for or cost of
federally back flood insurance. This information collection is a privacy sensitive system that collects PII
from the public to facilitate correspondence, to identify the property and property owner that will be
impacted by the LOMA, and to offset the cost associated with the services needed to evaluate and process
a LOMA. It is agreed that FEMA’s collection, use, and sharing is covered under the existing
DHS/FEMA/PIA-028 - Mapping Information Platform (MIP) PIA.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 9 of 9

Additionally, this collection will be covered under the FEMA Flood Map Products and Services SORN
that will update the DHS/FEMA/NFIP/LOMA-1 - National Flood Insurance Program (NFIP); Letter of
Map Amendment (LOMA) SORN.