1625-0001 Pta

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 1 of 8

PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.

Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under
the E-Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component
Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]

Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a
PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment
Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website,
www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email:
[email protected], phone: 202-343-1717.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 2 of 8

PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:

Marine Casualty Reporting Damage Thresholds Inflation Adjustment

Component:

U.S. Coast Guard (USCG)

Office or
Program:

Office of Investigations &
Casualty Analysis

Xacta FISMA
Name (if
applicable):

N/A

Xacta FISMA
Number (if
applicable):

N/A

Type of Project or
Program:

Notice of Proposed
Rulemaking/Final Rule

Project or
program
status:

Existing

Date first
developed:
Date of last PTA
update

Not Applicable

Pilot launch
date:

N/A

Not Applicable

Pilot end date:

N/A

ATO Status (if
applicable)

Choose an item.

ATO
expiration date
(if applicable):

N/A

PROJECT OR PROGRAM MANAGER
Name:

CDR Randy S. Waddington

Office:

CG-INV

Title:

Program Manager

Phone:

202-372-1039

Email:

Randy.S.Waddington@uscg.
mil

INFORMATION SYSTEM SECURITY OFFICER (ISSO) (IF APPLICABLE)
Name:

N/A

Phone:

N/A

Email:

N/A

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 3 of 8

SPECIFIC PTA QUESTIONS
1. Reason for submitting the PTA: New PTA
The Coast Guard submits this PTA as part of the rulemaking process. The Coast Guard is amending the
property damage threshold amounts related to marine casualty reporting and serious marine incidents.
These threshold amounts are one of several criteria which determine whether a marine casualty is
reportable and whether the casualty rises to the level of a “serious marine incident.”
The Coast Guard proposes to amend two regulations in 46 CFR Part 4 by increasing the property damage
threshold amounts to account for inflation. The existing regulatory threshold amounts have been in place
since the 1980’s and have not kept up with price increases due to inflation.
The information requested is collected within and retained under the U.S. Coast Guard Marine
Information for Safety and Law Enforcement (MISLE) System of Records.
Additionally, MISLE Privacy Act exemptions are addressed in a final rule entitled, Privacy Act of 1974:
Implementation of Exemptions; Department of Homeland Security / U.S. Coast Guard – 013 Marine
Information for Safety and Law Enforcement System of Records dated December 4, 2009 (74 FR 63948).
This rulemaking does not change the information requested, collected or retained but merely changes the
threshold property damage criteria that determines whether the marine casualty is reportable or whether
the casualty meets the definition of a “serious marine incident.”
2. Does this system employ any of the
following technologies:
If you are using any of these technologies and
want coverage under the respective PIA for that
technology please stop here and contact the DHS
Privacy Office for further guidance.

Closed Circuit Television (CCTV)
Social Media
Web portal 1 (e.g., SharePoint)
Contact Lists
None of these

3. From whom does the Project or
Program collect, maintain, use, or
disseminate information?
1

This program does not collect any personally
identifiable information 2

Informational and collaboration-based portals in operation at DHS and its components that collect, use, maintain, and share
limited personally identifiable information (PII) about individuals who are “members” of the portal or “potential members” who
seek to gain access to the portal.
2
DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to
the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the
same.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 4 of 8

Please check all that apply.

Members of the public
DHS employees/contractors (list components):
Contractors working on behalf of DHS
Employees of other federal agencies

4. What specific information about individuals is collected, generated or retained?
As mentioned in 1. above, this project does not add/delete any information that is currently collected,
requested or retained but rather changes the property damage criteria in which the public is required to
notify the Coast Guard immediately and file a subsequent written report within 5 days of an incident that
meets the regulatory criteria. Information collected is retained within the MISLE database. This project
will decrease the number of reportable marine casualties and serious marine incidents, thereby, collecting
and retaining less information. For reference, detailed below is the information collected and their
corresponding regulatory cites.
CG-2692, Report of Marine Casualty, Commercial Diving Casualty, or OCS (Outer Continental
Shelf)-Related Casualty
(46 CFR 4.05-5 and Substance of marine casualty notice; 46 CFR 4.05-10 Written report
of marine casualty)
a. Name of vessel’s owner, telephone number, mailing address, and email address.
b. Name of Operator or Manager, telephone number, mailing address, and email address.
c. Name of Agent, telephone number, mailing address, and email address.
d. Name of Master or Person-in-Charge, telephone number, mailing address, and email address.
e. Name of Dive Supervisor, telephone number, mailing address, and email address.
f. Name of Pilot, telephone number, mailing address, and email address.
g. Name or position title for individuals with evidence of drug or alcohol use, evidence of intoxication,
or who refused to submit/cooperate in a timely chemical test.
h. Name of Person Making the Report, signature, title, mailing address, telephone number, and email
address.
CG-2692A, Barge Addendum
(46 CFR 4.05-5 and Substance of marine casualty notice; 46 CFR 4.05-10 Written report
of marine casualty)
a. Name of barge owner.
b. Name of Barge agent.
CG-2692B, Report of Mandatory Chemical Testing Following a Serious Marine Incident Involving
Vessels in Commercial Service Addendum
(CFR 4.05-12 Alcohol or drug use by individuals directly involved in casualties; CFR 4.06-3
Requirements for alcohol and drug testing following a serious marine incident; 46 CFR 4.06-60
Submission of reports and test results)

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 5 of 8

a. Name of individuals tested and whether they are holders of Merchant Mariners Credentials.
b. Name of individual conducting alcohol testing, mailing address, telephone number, and email
address.
c. Name of Person Making the Report, signature, title, mailing address, telephone number, and email
address.
CG-2692C, Personnel Casualty Addendum
(46 CFR 4.05-5 and Substance of marine casualty notice; 46 CFR 4.05-10 Written report
of marine casualty)
a. Name of injured, dead, or missing person; telephone number, mailing address, and email address.
Note: CG-2692D, Involved Persons and Witnesses Addendum only applies to OCS-related
casualties only and is not applicable to this project.

4(a) Does the project, program, or system
retrieve information by personal identifier?
4(b) Does the project, program, or system
use Social Security Numbers (SSN)?
4(c) If yes, please provide the specific legal
basis and purpose for the collection of
SSNs:
4(d) If yes, please describe the uses of the
SSNs within the project, program, or
system:
4(e) If this project, program, or system is
an information technology/system, does it
relate solely to infrastructure?

No. Please continue to next question.
Yes. If yes, please list all personal identifiers
used: Name, address, phone number, and/or email
addresses.
No.
Yes.
N/A

N/A

No. Please continue to next question.
Yes. If a log kept of communication traffic,
please answer the following question.

For example, is the system a Local Area Network
(LAN) or Wide Area Network (WAN)?
4(f) If header or payload data 3 is stored in the communication traffic log, please detail the data
elements stored.
N/A

3

When data is sent over the Internet, each unit transmitted includes both header information and the actual data being sent. The
header identifies the source and destination of the packet, while the actual data is referred to as the payload. Because header
information, or overhead data, is only used in the transmission process, it is stripped from the packet when it reaches its destination.
Therefore, the payload is the only data received by the destination system.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 6 of 8

5. Does this project, program, or system
connect, receive, or share PII with any
other DHS programs or systems 4?

No.
Yes. If yes, please list:
MISLE

6. Does this project, program, or system
connect, receive, or share PII with any
external (non-DHS) partners or
systems?
6(a) Is this external sharing pursuant to
new or existing information sharing
access agreement (MOU, MOA, LOI,
etc.)?

No.
Yes. If yes, please list:
Click here to enter text.

N/A

No.
7. Does the project, program, or system
provide role-based training for
personnel who have access in addition
to annual privacy training required of
all DHS personnel?

8. Per NIST SP 800-53 Rev. 4, Appendix
J, does the project, program, or system
maintain an accounting of disclosures
of PII to individuals who have
requested access to their PII?
9. Is there a FIPS 199 determination? 4

Yes. If yes, please list:
Formal instruction to Investigating Officers is
provided in obtaining & managing CG-2692 (series)
information at a resident course located in
Yorktown, VA.
No. What steps will be taken to develop and
maintain the accounting: Disclosures of PII are in
accordance with the MISLE SORN.
Yes. In what format is the accounting
maintained:
Unknown.
No.
Yes. Please indicate the determinations for each
of the following:
Confidentiality:
Low
Moderate

High

Undefined

Integrity:
4
PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes. Often, these
systems are listed as “interconnected systems” in Xacta.
4 FIPS 199 is the Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal
Information and Information Systems and is used to establish security categories of information systems.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 7 of 8

Low

Moderate

High

Undefined

Availability:
Low
Moderate

High

Undefined

PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:

Kenlinishia Tyler

Date submitted to Component Privacy
Office:

October 14, 2016

Date submitted to DHS Privacy Office:

December 19, 2016

Component Privacy Office Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
The Marine Casualty Reporting Damage Thresholds Inflation Adjustment is a privacy sensitive rule that
collects name, address, e-mail and telephone numbers. The DHS/USCG/PIA-008 and DHS/USCG-013
MISLE SORN provides coverage.

(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:

Michael Capparra

PCTS Workflow Number:

1136464

Date approved by DHS Privacy Office:

December 19, 2016

PTA Expiration Date

December 19, 2019
DESIGNATION

Privacy Sensitive System:
Category of System:
Determination:

Yes

If “no” PTA adjudication is complete.

Rule
If “other” is selected, please describe: Click here to enter text.
PTA sufficient at this time.

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis
Version number: 01-2014
Page 8 of 8

Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
DHS Policy for Computer-Readable Extracts Containing Sensitive PII
applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.
Paperwork Reduction Act (PRA) Clearance may be required. Contact
your component PRA Officer.
A Records Schedule may be required. Contact your component Records
Officer.
System covered by existing PIA
PIA:

If covered by existing PIA, please list:
DHS/USCG/PIA-008 Marine Information for Safety and Law Enforcement (MISLE) 2009
System covered by existing SORN

If covered by existing SORN, please list:
DHS/USCG-031 USCG Law Enforcement (ULE) System of Records, December 8, 2016,
81 FR 88697
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
The DHS Privacy Office finds that the Marine Casualty Reporting Damage Thresholds Inflation
Adjustment is a privacy sensitive rule that collects personally identifiable information (PII) as part of the
process of documenting maritime property damage criteria in which the public is required to notify the
Coast Guard following an incident. The rule change does not change the type of information that is
collected, rather it sets new standard for when the Coast Guard must be notified an incident. This
rulemaking does not change the information requested, collected or retained but merely changes the
threshold property damage criteria that determines whether the marine casualty is reportable or whether
the casualty meets the definition of a “serious marine incident.”
SORN:

The Privacy Office agrees with Coast Guard’s assertion that PIA coverage is provided by
DHS/USCG/PIA-008 Marine Information for Safety and Law Enforcement (MISLE), which assesses the
privacy risks associated with programs that collect and use the PII of individuals associated with vessels,
as well as investigatory information. SORN coverage is provided by DHS/USCG-031 USCG Law
Enforcement (ULE), which outlines the collection and maintenance of USCG case records and other
reported information relating to the safety, security, law enforcement, environmental, and compliance
activities of vessels, facilities, organizations engaged in marine transportation, and related persons.