Download:
pdf |
pdfPrivacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD ANALYSIS (PTA)
This form serves as the official determination by the DHS Privacy Office to
identify the privacy compliance requirements for all Departmental uses of
personally identifiable information (PII).
A Privacy Threshold Analysis (PTA) serves as the document used to identify
information technology (IT) systems, information collections/forms, technologies,
rulemakings, programs, information sharing arrangements, or pilot projects that involve
PII and other activities that otherwise impact the privacy of individuals as determined by
the Chief Privacy Officer, pursuant to Section 222 of the Homeland Security Act, and to
assess whether there is a need for additional Privacy Compliance Documentation. A PTA
includes a general description of the IT system, information collection, form, technology,
rulemaking, program, pilot project, information sharing arrangement, or other Department
activity and describes what PII is collected (and from whom) and how that information is
used and managed.
Please complete the attached Privacy Threshold Analysis and submit it to your
component Privacy Office. After review by your component Privacy Officer the PTA is sent
to the Department’s Senior Director for Privacy Compliance for action. If you do not have a
component Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]
Upon receipt from your component Privacy Office, the DHS Privacy Office will review this
form and assess whether any privacy compliance documentation is required. If compliance
documentation is required – such as Privacy Impact Assessment (PIA), System of Records
Notice (SORN), Privacy Act Statement, or Computer Matching Agreement (CMA) – the DHS
Privacy Office or component Privacy Office will send you a copy of the relevant compliance
template to complete and return.
Privacy Threshold Analysis – IC/Form
Page 1 of 11
Version number: 04-2016
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis (PTA)
Specialized Template for
Information Collections (IC) and Forms
The Forms-PTA is a specialized template for Information Collections and Forms. This
specialized PTA must accompany all Information Collections submitted as part of the
Paperwork Reduction Act process (any instrument for collection (form, survey,
questionnaire, etc.) from ten or more members of the public). Components may use this PTA
to assess internal, component-specific forms as well.
Form Number:
Form Title:
1652-0051
Rail Transportation Security
Component:
Transportation Security
Office: Office of Security Policy and
Administration (TSA)
Industry Engagement (OSPIE)
IF COVERED BY THE PAPERWORK REDUCTION ACT:
Collection Title:
Rail Transportation Security
OMB Control
1652-0051
Number:
Collection status: Extension
Name:
Office:
Phone:
Name:
Office:
Phone:
OMB Expiration
October 31, 2018
Date:
Date of last PTA (if
2014
applicable):
PROJECT OR PROGRAM MANAGER
Nina Case
OSPIE
Title:
Surface Division
571-227-2438
Email:
[email protected]
COMPONENT INFORMATION COLLECTION/FORMS CONTACT
Glenn Stoll
Information Management
Title:
IMPS Director, Forms
Program Section (IMPS)
Management Officer
571-227-5175
Privacy Threshold Analysis – IC/Form
Email:
Page 2 of 11
[email protected]
Version number: 04-2016
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
SPECIFIC IC/Forms PTA QUESTIONS
1. Purpose of the Information Collection or Form
a. Describe the purpose of the information collection or form. Please provide a
general description of the project and its purpose, including how it supports the DHS
mission, in a way a non-technical person could understand (you may use
information from the Supporting Statement).
If this is an updated PTA, please specifically describe what changes or upgrades are
triggering the update to this PTA.
TSA is seeking to renew the collection of information for the Rail Transportation
Security regulation, 49 CFR 1520 and 1580. This information collection enhances
the security of the Nation’s freight and passenger rail systems by requiring certain
rail carriers, shippers and receivers in a High Threat Urban Area (HTUA) to:
designate a Rail Security Coordinator (RSC) and Alternate RSC; report significant
security concerns; provide the location and shipping information of rail cars under
their physical custody and control; and document the secure exchange of custody
of rail cars carrying Rail Security-Sensitive Materials (RSSM). These requirements
provide TSA with a point of contact for covered entities; support timely
communication of vital security information between TSA and stakeholders;
analysis of information to develop threat assessments and allocation of security
resources; and ensure certain rail cars are not left unattended in a non-secure
area.
b. List the DHS (or component) authorities to collect, store, and use this information.
If this information will be stored and used by a specific DHS component, list the
component-specific authorities.
49 CFR 1520 and 1580 codified the scope of TSA’s existing inspection program and
requires regulated parties to allow TSA and Department of Homeland Security
(DHS) officials to enter, inspect, and test property, facilities, conveyances, and
records relevant to rail security. This rule also requires that regulated parties
designate rail security coordinators and report significant security concerns. This
rule further requires that freight rail carriers and certain facilities handling
specified hazardous materials be able to report location and shipping information
to TSA upon request and implement chain of custody requirements to ensure a
positive and secure exchange of specified hazardous materials.
Privacy Threshold Analysis – IC/Form
Page 3 of 11
Version number: 04-2016
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
2. Describe the IC/Form
a. Does this form collect any
Personally Identifiable
Information” (PII1)?
b. From which type(s) of
individuals does this form
collect information?
(Check all that apply.)
c. Who will complete and
submit this form? (Check
all that apply.)
d. How do individuals
complete the form? Check
all that apply.
☒ Yes
☐ No
☒ Members of the public
☒ U.S. citizens or lawful permanent
residents
☒ Non-U.S. Persons.
☐ DHS Employees
☐ DHS Contractors
☐ Other federal employees or contractors.
☐ The record subject of the form (e.g., the
individual applicant).
☐ Legal Representative (preparer, attorney,
etc.).
☒ Business entity.
If a business entity, is the only
information collected business contact
information?
☒ Yes
☐ No
☐ Law enforcement.
☐ DHS employee or contractor.
☐ Other individual/entity/organization that is
NOT the record subject. Please describe.
Click here to enter text.
☐ Paper.
☒ Electronic. (ex: fillable PDF)
☐ Online web form. (available and submitted via
the internet)
Provide link:
1
Personally identifiable information means any information that permits the identity of an individual to be directly or indirectly inferred, including
any other information which is linked or linkable to that individual regardless of whether the individual is a U.S. citizen, lawful permanent resident,
visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Page 4 of 11
Version number: 04-2016
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
e. What information will DHS collect on the form? List all PII data elements on the
form. If the form will collect information from more than one type of individual,
please break down list of data elements collected by type of individual.
Railroad Security Coordinator business contact info: Name, title,
company/railroad name, mailing address, phone number, and email address. Also
captured are names of individuals attending/witnessing the transfer of custody of
rail cars.
f. Does this form collect Social Security number (SSN) or other element that is
stand-alone Sensitive Personally Identifiable Information (SPII)? Check all that
apply.
☐ Social Security number
☐ DHS Electronic Data Interchange
Personal Identifier (EDIPI)
☐ Alien Number (A-Number)
☐ Social Media Handle/ID
☐ Tax Identification Number
☐ Known Traveler Number
☐ Visa Number
☐ Trusted Traveler Number (Global
☐ Passport Number
Entry, Pre-Check, etc.)
☐ Bank Account, Credit Card, or other
☐ Driver’s License Number
financial account number
☐ Biometrics
☐ Other. Please list:
N/A
g. List the specific authority to collect SSN or these other SPII elements.
N/A
h. How will this information be used? What is the purpose of the collection?
Describe why this collection of SPII is the minimum amount of information
necessary to accomplish the purpose of the program.
TSA will use this information to ensure regulated parties are in compliance with
security requirements.
i.
Are individuals
provided notice at the
time of collection by
DHS (Does the records
subject have notice of
the collection or is
Privacy Threshold Analysis – IC/Form
☒ Yes. Please describe how notice is provided.
Requirements to provide information are
outlined in the rule. Information is provided by
the business entity.
☐ No.
Page 5 of 11
Version number: 04-2016
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
form filled out by
third party)?
3. How will DHS store the IC/form responses?
a. How will DHS store
☐ Paper. Please describe.
the original,
Click here to enter text.
completed IC/forms?
☒ Electronic. Please describe the IT system that will
b. If electronic, how
does DHS input the
responses into the IT
system?
Privacy Threshold Analysis – IC/Form
store the data from the form.
☒ Scanned forms (completed forms are scanned into
an electronic repository). Please describe the
electronic repository.
TSA’s Performance and Results Information
System (PARIS) is used to track and provide
information to aviation and multimodal surface
transportation security programs with incident
data related to investigations, inspections and
enforcement activities initiated by TSA against
individuals, transportation sector facilities, and
other entities involved in incidents that may or
may not have led to an investigations or legal
action. Information is retained for security
management purposes related to development of
lessons learned, best practices, corrective actions
and the prosecution of violators of transportation
security regulations.
☒ Manually (data elements manually entered). Please
describe.
The original information is maintained by the
regulated party. During an inspection, the
inspector takes a photo or scans in the record
containing the name or unique identifying
employee number and saves the image to PARIS.
☐ Automatically. Please describe.
Page 6 of 11
Version number: 04-2016
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
c. How would a user
☐ By a unique identifier.2 Please describe. If
search the
information is retrieved by personal identifier, please
information
submit a Privacy Act Statement with this PTA.
submitted on the
forms, i.e., how is the
☒ By a non-personal identifier. Please describe.
information
Tracking number, date, or rail region or area
retrieved?
d. What is the records
Records input to PARIS are maintained for seven
retention
years after cut-off in accordance with NARA
schedule(s)? Include
authority N1-560-12-002 Item 3.
the records schedule
number.
e. How do you ensure
Rail Transportation Security records in PARIS are
that records are
reviewed periodically and any older than seven
disposed of or deleted
years since cut-off are deleted.
in accordance with
the retention
schedule?
f. Is any of this information shared outside of the original program/office? If yes,
describe where (other offices or DHS components or external entities) and why.
What are the authorities of the receiving party?
☒ Yes, information is shared with other DHS components or offices. Please describe.
Significant security concerns are reported to Transportation Security
Operations Center.
☒ Yes, information is shared external to DHS with other federal agencies, state/local
partners, international partners, or non-governmental entities. Please describe.
Significant security concerns may be shared with other law enforcement or
intelligence agencies.
☐ No. Information on this form is not shared outside of the collecting office.
2
Generally, a unique identifier is considered any type of “personally identifiable information,” meaning any information that permits the identity
of an individual to be directly or indirectly inferred, including any other information which is linked or linkable to that individual regardless of
whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Page 7 of 11
Version number: 04-2016
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Please include a copy of the referenced form and Privacy Act Statement (if
applicable) with this PTA upon submission.
Privacy Threshold Analysis – IC/Form
Page 8 of 11
Version number: 04-2016
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:
Jennifer L. Schmidt
Date submitted to component Privacy
Office:
Date submitted to DHS Privacy Office:
December 22, 2017
Have you approved a Privacy Act
Statement for this form? (Only
applicable if you have received a
waiver from the DHS Chief Privacy
Officer to approve component Privacy
Act Statements.)
January 2, 2018
☐ Yes. Please include it with this PTA
submission.
☒ No. Please describe why not.
Records are not retrieved by a unique
personal identifier.
Component Privacy Office Recommendation:
Please include recommendation below, including what existing privacy compliance
documentation is available or new privacy compliance documentation is needed.
TSA Privacy recommends approval of this Information Collection PTA. This
collection is privacy sensitive because it maintains PII on members of the public;
thus a PIA is required. PIA coverage is provided by DHS/TSA/PIA-038 Performance
and Results Information System (PARIS). No SORN coverage is required because
records are not retrieved by a unique personal identifier.
Privacy Threshold Analysis – IC/Form
Page 9 of 11
Version number: 04-2016
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD ADJUDICATION
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:
Sean McGuinness
PCTS Workflow Number:
Date approved by DHS Privacy Office:
PTA Expiration Date
1156714
January 25, 2021
January 25, 2021
DESIGNATION
Privacy Sensitive IC or
Form:
Yes If “no” PTA adjudication is complete.
Determination:
☐ PTA sufficient at this time.
☐ Privacy compliance documentation determination in
progress.
☐ New information sharing arrangement is required.
☐ DHS Policy for Computer-Readable Extracts Containing SPII
applies.
☐ Privacy Act Statement required.
☒ Privacy Impact Assessment (PIA) required.
☐ System of Records Notice (SORN) required.
☐ Specialized training required.
☐ Other. Click here to enter text.
DHS IC/Forms Review:
DHS PRIV has not received this ICR/Form.
Date IC/Form Approved Click here to enter a date.
by PRIV:
IC/Form PCTS Number: Click here to enter text.
Privacy Act
Choose an item.
Statement:
Privacy Act Statement is not required as information is not
retrieved by personal identifier
PTA:
No system PTA required.
Click here to enter text.
PIA:
System covered by existing PIA
Privacy Threshold Analysis – IC/Form
Page 10 of 11
Version number: 04-2016
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
If covered by existing PIA, please list: DHS/TSA/PIA-038 Performance
and Results Information System (PARIS)
If a PIA update is required, please list: Click here to enter text.
SORN:
If covered by existing SORN, please list: Click here to enter text.
If a SORN update is required, please list: Click here to enter text.
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
DHS Privacy Office finds that the Rail Transportation Security form is privacy
sensitive as it collects PII from members of the public (to include U.S. citizens or
lawful permanent residents and Non-U.S. Persons).
The Rail Transportation Security form collects PII from certain rail carriers,
shippers and receivers in High Threat Urban Areas (HTUA) to: designate a Rail
Security Coordinator (RSC) and Alternate RSC; report significant security concerns;
provide the location and shipping information of rail cars under their physical
custody and control; and document the secure exchange of custody of rail cars
carrying Rail Security-Sensitive Materials (RSSM).
PRIV agrees with TSA Privacy that PIA coverage is provided under DHS/TSA/PIA-038
Performance and Results Information System (PARIS). PARIS maintains personally
identifiable information (PII) about individuals, including witnesses, involved in
security incidents or regulatory enforcement activities.
SORN coverage is not required as information is not retrieved via personal
identifier.
A Privacy Act Statement is not required as information is not retrieved via personal
identifier. Information is retrieved by
PRIV recommends that a link is added to the program webpage that points to
guidance on information that should be entered into an e-mail inquiry.
Privacy Threshold Analysis – IC/Form
Page 11 of 11
Version number: 04-2016
File Type | application/pdf |
File Modified | 2018-01-25 |
File Created | 2018-01-25 |