Download:
pdf |
pdfPrivacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD ANALYSIS (PTA)
This form serves as the official determination by the DHS Privacy Office to
identify the privacy compliance requirements for all Departmental uses of
personally identifiable information (PII).
A Privacy Threshold Analysis (PTA) serves as the document used to identify
information technology (IT) systems, information collections/forms, technologies,
rulemakings, programs, information sharing arrangements, or pilot projects that involve
PII and other activities that otherwise impact the privacy of individuals as determined by
the Chief Privacy Officer, pursuant to Section 222 of the Homeland Security Act, and to
assess whether there is a need for additional Privacy Compliance Documentation. A PTA
includes a general description of the IT system, information collection, form, technology,
rulemaking, program, pilot project, information sharing arrangement, or other Department
activity and describes what PII is collected (and from whom) and how that information is
used and managed.
Please complete the attached Privacy Threshold Analysis and submit it to your
component Privacy Office. After review by your component Privacy Officer the PTA is sent
to the Department’s Senior Director for Privacy Compliance for action. If you do not have a
component Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]
Upon receipt from your component Privacy Office, the DHS Privacy Office will review this
form and assess whether any privacy compliance documentation is required. If compliance
documentation is required – such as Privacy Impact Assessment (PIA), System of Records
Notice (SORN), Privacy Act Statement, or Computer Matching Agreement (CMA) – the DHS
Privacy Office or component Privacy Office will send you a copy of the relevant compliance
template to complete and return.
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 1 of 10
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis (PTA)
Specialized Template for
Information Collections (IC) and Forms
The Forms-PTA is a specialized template for Information Collections and Forms. This
specialized PTA must accompany all Information Collections submitted as part of the
Paperwork Reduction Act process (any instrument for collection (form, survey,
questionnaire, etc.) from ten or more members of the public). Components may use this PTA
to assess internal, component-specific forms as well.
Form Number:
TSA Form 418
Form Title:
MD-3 PIN Application
Component:
Transportation Security
Administration (TSA)
Office:
SPIE
IF COVERED BY THE PAPERWORK REDUCTION ACT:
Collection Title:
Maryland Three Airports “MD-3”: Enhanced Security Procedures
for Operations at Certain Airports in the Washington, DC,
Metropolitan Area Flight Restricted Zone
OMB Control
1652-0029
OMB Expiration
November 30, 2018
Number:
Date:
Collection status:
Revision
Date of last PTA (if
Click here to enter
applicable):
a date.
PROJECT OR PROGRAM MANAGER
Name:
Kathie Stapleton
Office:
SPIE
Title:
MD-3 Program Manager
[email protected]
Phone:
571/227-3216
Email:
Name:
Office:
Phone:
COMPONENT INFORMATION COLLECTION/FORMS CONTACT
Christina Walsh
IT
Title:
PRA Officer
[email protected]
571/227- 2062
Email:
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 2 of 10
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
SPECIFIC IC/Forms PTA QUESTIONS
1. Purpose of the Information Collection or Form
a. Describe the purpose of the information collection or form. Please provide a
general description of the project and its purpose, including how it supports the DHS
mission, in a way a non-technical person could understand (you may use
information from the Supporting Statement). If this is an updated PTA, please
specifically describe what changes or upgrades are triggering the update to this
PTA.
The purpose of the collection is so that TSA can conduct Security Threat
Assessments (STA) on individuals who operate an aircraft to or from, or serve as
the security coordinator at, College Park Airport (CGS), Potomac Airfield (VKX),
and Washington Executive/Hyde Field (W32). In order to perform the STA, TSA
requires the completion of TSA Form No. 418, MD-3 Personal Identification Number
(PIN) Application. TSA is revising this collection by providing an electronic option
for the submission of the form.
b. List the DHS (or component) authorities to collect, store, and use this information.
If this information will be stored and used by a specific DHS component, list the
component-specific authorities.
49 USC § 114(f) – TSA is authorized to assess threats to transportation and conduct
STA’s on transportation security personnel. 49 CFR Part 1562.1 - Maryland Three
Airports: Enhanced Security Procedures for Operations at Certain Airports in the
Washington, DC, Metropolitan Area Flight Restricted Zone. In addition, FAA
regulation 14 CFR Part 93 details the enhanced security procedures required for
aircraft operators utilizing the MD-3 airports.
2. Describe the IC/Form
a. Does this form collect any
Personally Identifiable
Information” (PII1)?
☒ Yes
☐No
1
Personally identifiable information means any information that permits the identity of an individual to be directly or indirectly inferred, including
any other information which is linked or linkable to that individual regardless of whether the individual is a U.S. citizen, lawful permanent resident,
visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 3 of 10
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
b. From which type(s) of
individuals does this form
collect information?
(Check all that apply.)
☒ Members of the public
☒ U.S. citizens or lawful permanent
residents
☐Non-U.S. Persons.
☐DHS Employees
☐DHS Contractors
☐Other federal employees or contractors.
c. Who will complete and
submit this form? (Check
all that apply.)
☒ The record subject of the form (e.g., the
individual applicant).
☐Legal Representative (preparer, attorney, etc.).
☐ Business entity.
If a business entity, is the only
information collected business contact
information?
☐Yes
☐ No
☐Law enforcement.
☐DHS employee or contractor.
☐Other individual/entity/organization that is
NOT the record subject. Please describe.
Click here to enter text.
d. How do individuals
complete the form? Check
all that apply.
☒ Paper. Paper forms may be faxed to TSA.
☒ Electronic. (ex: fillable PDF) Electronic forms
may be emailed to [email protected].
☐Online web form. (available and submitted via
the internet)
Provide link:
e. What information will DHS collect on the form? List all PII data elements on the
form. If the form will collect information from more than one type of individual,
please break down list of data elements collected by type of individual.
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 4 of 10
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
From aircraft operators and/or security coordinators: full name; social security
number (last 4 only); address; telephone number; date of birth; valid FAA airman
or student pilot certificate number and medical certificate; and fingerprints.
Applicants must also submit a list of the aircraft make, model, and FAA registration
number of each aircraft the applicant intends to operate to or from Maryland
Three airports. Applicants must also present a valid government ID such as a
driver’s license or passport to the airport manager.
f. Does this form collect Social Security number (SSN) or other element that is
stand-alone Sensitive Personally Identifiable Information (SPII)? Check all that
apply.
☒ Social Security number
☐ DHS Electronic Data Interchange
Personal Identifier (EDIPI)
☐ Alien Number (A-Number)
☐ Social Media Handle/ID
☐ Tax Identification Number
☐ Known Traveler Number
☐ Visa Number
☐ Trusted Traveler Number (Global
☐ Passport Number
Entry, Pre-Check, etc.)
☐ Bank Account, Credit Card, or other
☐ Driver’s License Number
financial account number
☒ Biometrics
☐ Other. Please list:
g. List the specific authority to collect SSN or these other SPII elements.
9 CFR Part 1562.1; EO 9397, as amended.
h. How will this information be used? What is the purpose of the collection?
Describe why this collection of SPII is the minimum amount of information
necessary to accomplish the purpose of the program.
To positively identify applicants and conduct an accurate STA on them including a
fingerprint-based Criminal History Records Check (CHRC).
i.
Are individuals
provided notice at the
time of collection by
DHS (Does the records
subject have notice of
the collection or is
☒ Yes. Please describe how notice is provided.
Individuals must sign the form.
☐No.
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 5 of 10
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
form filled out by
third party)?
3. How will DHS store the IC/form responses?
a. How will DHS store
☒ Paper. Please describe.
the original,
Filed alphabetically by airport in a secure file
completed IC/forms?
cabinet.
☒ Electronic. Please describe the IT system that will
store the data from the form.
Filed alphabetically by airport on a stand-alone
computer.
☐Scanned forms (completed forms are scanned into
an electronic repository). Please describe the
electronic repository.
Click here to enter text.
b. If electronic, how
does DHS input the
responses into the IT
system?
☒ Manually (data elements manually entered). Please
describe.
Click here to enter text.
☐Automatically. Please describe.
Click here to enter text.
c. How would a user
search the
information
submitted on the
forms, i.e., how is the
information
retrieved?
d. What is the records
retention
schedule(s)? Include
☐By a unique identifier.2 Please describe. If
information is retrieved by personal identifier, please
submit a Privacy Act Statement with this PTA.
Click here to enter text.
☒ By a non-personal identifier. Please describe.
By airport.
Cut off at end of calendar year. Transfer to Federal
Records Center after 3 years, NARA after 10 years
(N1-560-04-10, Item 3)
2
Generally, a unique identifier is considered any type of “personally identifiable information,” meaning any information that permits the identity
of an individual to be directly or indirectly inferred, including any other information which is linked or linkable to that individual regardless of
whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 6 of 10
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
the records schedule
number.
e. How do you ensure
Records are reviewed annually.
that records are
disposed of or deleted
in accordance with
the retention
schedule?
f. Is any of this information shared outside of the original program/office? If yes,
describe where (other offices or DHS components or external entities) and why.
What are the authorities of the receiving party?
☒ Yes, information is shared with other DHS components or offices. Please describe.
Fingerprints are shared with IDENT.
☒ Yes, information is shared external to DHS with other federal agencies, state/local
partners, international partners, or non-governmental entities. Please describe.
Fingerprints are shared with the FBI for the CHRC’s. The information may be
shared with FAA relevant to the issuance of a security clearance, license or
other credential. The information may be shared with the Terrorist Screening
Center (TSC) to resolve potential watch list matches. TSA also may share the
information it receives with Federal, State or local law enforcement or
intelligence agencies or other organizations, in accordance with the routine
uses identified in the applicable Privacy Act SORN, DHS/TSA 002,
Transportation Security Threat Assessment System (TSTAS).
☐ No. Information on this form is not shared outside of the collecting office.
Please include a copy of the referenced form and Privacy Act Statement (if
applicable) with this PTA upon submission.
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 7 of 10
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:
Jennifer L. Schmidt
Date submitted to component Privacy
Office:
Date submitted to DHS Privacy Office:
September 14, 2018
Have you approved a Privacy Act
Statement for this form? (Only
applicable if you have received a
waiver from the DHS Chief Privacy
Officer to approve component Privacy
Act Statements.)
September 14, 2018
☒ Yes. Please include it with this PTA
submission. See below.
☐No. Please describe why not.
Click here to enter text.
Component Privacy Office Recommendation:
Please include recommendation below, including what existing privacy compliance
documentation is available or new privacy compliance documentation is needed.
TSA Privacy recommends approval of this PTA. TSA Form 418 is privacy sensitive as
it collects personal information from members of the pubic. PIA coverage is provided
by DHS/TSA/PIA-022, MD-3 Airports. SORN coverage is not necessary because the
forms are not retrieved by a personal identifier; however, DHS/TSA/SORN-002
Transportation Security Threat Assessment System is applicable.
The current Privacy Act Statement on the form reads:
AUTHORITY: 49 USC 114 authorizes collection of this information. PRINCIPAL
PURPOSE(S): TSA will use this information to process your application to fly to, from,
or through the airspace of the College Park, Hyde Field, and Potomac airports located
in Maryland. ROUTINE USES: TSA may share this information with FAA when
relevant to the issuance of security clearance, license or other credential. For further
information, please consult DHS/TSA 002 Transportation Security Threat
Assessment System. DISCLOSURE: Voluntary; Failure to provide the requested
information may result in the denial of your request to take off, land, or fly through
the airspace of the Maryland 3 airports.
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 8 of 10
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD ADJUDICATION
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:
Sean McGuinness
PCTS Workflow Number:
Date approved by DHS Privacy Office:
PTA Expiration Date
1169443
September 28, 2018
September 28, 2021
DESIGNATION
Privacy Sensitive IC or
Form:
Yes If “no” PTA adjudication is complete.
Determination:
☐PTA sufficient at this time.
☐Privacy compliance documentation determination in progress.
☐New information sharing arrangement is required.
☐DHS Policy for Computer-Readable Extracts Containing SPII
applies.
☒ Privacy Act Statement required.
☒ Privacy Impact Assessment (PIA) required.
☒ System of Records Notice (SORN) required.
☐Specialized training required.
☐Other. Click here to enter text.
DHS IC/Forms Review:
DHS PRIV has not received this ICR/Form.
Date IC/Form Approved Click here to enter a date.
by PRIV:
IC/Form PCTS Number: Click here to enter text.
Privacy Act
Choose an item.
Statement:
The current Privacy Act Statement on the form is sufficient.
PTA:
Choose an item.
System PTA approved and on file with PRIV
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 9 of 10
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PIA:
Choose an item.
If covered by existing PIA, please list: DHS/TSA/PIA-022 MD-3
Airports
If a PIA update is required, please list: Click here to enter text.
SORN:
Choose an item.
If covered by existing SORN, please list: DHS/TSA-002 Security Threat
Assessment System
If a SORN update is required, please list: Click here to enter text.
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
DHS Privacy Office finds that the MD-3 PIN Application (TSA Form 418) is privacy
sensitive as it collects PII from members of the public (to include U.S. citizens or
lawful permanent residents).
The purpose of the collection is so that TSA can conduct Security Threat Assessments
(STA) on individuals who operate an aircraft to or from, or serve as the security
coordinator at, College Park Airport (CGS), Potomac Airfield (VKX), and Washington
Executive/Hyde Field (W32). TSA confirms that applicants must also present a valid
government ID such as a driver’s license or passport to the airport manager,
however, the driver’s license and passport number will not be collected.
PRIV agrees with TSA Privacy that PIA coverage is provided under DHS/TSA/PIA-022
MD-3 Airports. DHS/TSA/PIA-022 outlines how TSA conducts name-based Security
Threat Assessments (STA) and fingerprint-based Criminal History Records Checks
(CHRCs) on pilots who operate aircraft and apply for privileges to fly to or from the
three General Aviation airports in the Washington, D.C. restricted flight zones
(Potomac Airfield, Washington Executive/Hyde Field, and College Park Airport),
otherwise known as the Maryland Three (MD-3) program, and for the Airport
Security Coordinator (ASC)1 at a MD-3 airport.
PRIV finds that SORN coverage is provided under DHS/TSA-002 Security Threat
Assessment System. This SORN outlines how TSA collects and maintains records
related to security threat assessments, employment investigations, and evaluations
that the TSA conducts on certain individuals for security purposes.
Privacy Act Statement approved concurrently with this PTA.
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 10 of 10
�
| File Type | application/pdf |
| File Modified | 2018-09-28 |
| File Created | 2018-09-28 |