Download:
pdf |
pdfU.S. DEPARTMENT OF
HOUSING AND URBAN DEVELOPMENT
PRIVACY THRESHOLD ANALYSIS (PTA)
Multifamily Default Status Report
0MB Number 2502-0041
Office of Multifamily Asset Management and
Portfolio Oversight
Instruction & Template
10/10/2018
United States Department of Housing and Urban Development
January 30, 2019
�PRIVACY THRESHOLD ANALYSIS (PTA)
The PTA is a compliance form developed by the Privacy Branch to identify the use of Personally
Identifiable Information (P11) across the Department. The PTA is the first step in the P11 verification
process, which focuses on these areas of inquiry:
•
Purpose for the information,
•
Type of information,
•
Sensitivity of the information,
•
Use of the information,
•
And the risk to the information.
Please use the attached form to determine whether a Privacy and Civil Liberties Impact Assessment
(PCLIA) is required under the E-Government Act of 2002 or a System of Record Notice (SORN) is
required under the Privacy Act of 1974, as amended.
Please complete this form and send it to your program Privacy Liaison Officer (PLO). If you have no
program Privacy Liaison Officer, please send the PTA to the HUD Privacy Branch:
John Bravacos, Senior Agency Official for Privacy
Privacy Branch
U.S. Department of Housing and Urban Development
[email protected]
Upon receipt from your program PLO, the HUD Privacy Branch will review this form. If a PCLIA or
SORN is required, the HUD Privacy Branch will send you a copy of the PCLIA and SORN templates to
complete and return.
United States Department of Housing and Urban Development
January 30,2019
2
�PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:
Multifamily Default Status Report
Program:
Office of Housing
CSAM Name (if
applicable):
N/A
CSAM Number
(if applicable):
N/A
•
Type of Project or
Program:
IT System
Project or
program
status:
Existing
1999
Pilot launch
date:
Click here to enter a date.
N/A
Pilot end date:
May 8, 2016
Choose an item.
ATO
expiration date
(if applicable):
2000
Date first
developed:
Date of last PTA
update:
.
ATO Status (if
applicable)
.
PROJECT OR PROGRAM MANAGER
Name:
Brian A. Murray
Office:
Office of Multifamily Asset
Management and Portfolio
Oversight
Title:
Acting Director
Phone:
202 402 2059
Email:
[email protected]
INFORMATION SYSTEM SECURITY OFFICER (1550) (IF APPLICABLE)
Name:
Sharon Parker
Phone:
202 402 2557
Email:
[email protected]
United States Department of Housing and Urban Development
January 30, 2019
3
�SPECIFIC PTA QUESTIONS
1. Reason for submitting the PTA: New PTA
This is a collection renewal and there have been no changes to the project since the last version
The regulations at 24 CFR 207.256 through 207.258 require a mortgagee to notify HUD when a
mortgage payment is in default (more than 30 days past due), and to submit an election to assign
a defaulted loan to HUD within a specified timeframe from the date of default. The regulation at
24 CFR 200 requires lenders to submit delinquency, default, election to assign, and other related
loan information statuses electronically to HUD. Lenders previously used HUD Form 92426 for
these submissions, however, with the implementation of the regulation requiring electronic
notification, the Multifamily Delinquency and Default Reporting System (MDDR) was
established to replace the paper form HUD-92426. HUD uses the information as an early
warning mechanism to work with project owners and lenders to develop a plan that will reinstate
a loan and avoid an insurance claim. It also provides HUD staff a mechanism for mortgagee
compliance with HUD’s loan servicing procedures and assignments.
2. Does this system employ the following
technologies?
Ifyoit are using these technologies and want
coverage under the respective PIA for that
technology, please stop here and contact the HUD
Privacy Branch forficrther gitidance.
LI
Social Media
Web portal1 (e.g., SharePoint)
LI
Contact Lists
Public website (e.g. A website operated by
HUD, contractor, or other organization on behalf of
the HUD
LI
None of these
Informational and collaboration-based portals in operation at HUD and its programs that collect, use, maintain, and share limited
personally identifiable information (P11) about individuals who are “members” of the portal or “potential members” who seek to
gain access to the portal.
United States Department of Housing and Urban Development
January 30, 2019
4
�This program collects no personally identifiable
information2
3. From whom does the Project or
Program collect, maintain, use, or
•
disseminate information?
Please check alt that apply.
Members of the public
HUD employees/contractors (list programs):
Contractors working on behalf of HUD
Employees of other federal agencies
Other (e.g. business entity) Lenders
4. What specific information about individuals is collected, generated or retained?
There is no specific information about individuals collected when lenders make submissions to the system. They
report information on delinquent and defaulted multifamily insured loans. The lender name is identified, the
multifamily project name, multifamily projectnumber, the amount of the unpaid principal balance of the loan, the
amount of the loan in default, i.e., principal, interest, escrow accounts. There is also a place for an email address for
the contact person at the lender to receive notifications of their submissions.
4(a) Does the project, program, or system
retrieve information from the system about
a U.S. Citizen or lawfully admitted
permanent resident aliens by a personal
identifier?
4(b) Does the project, program, or system
have an existing System of Records Notice
(SORN) that has already been published in
the Federal Register that covers the
information collected?
4(c)Has the project, program, or system
•
undergone any significant changes since the
SORN?
4(d) Does the project, program, or system
use Social Security Numbers (SSN)?
4(e) if yes, please provide the specific legal
authority and purpose for the collection of
SSNs:
2
HUD
No. Please continue to next question.
Yes. If yes, please list all personal identifiers
used:
No. Please continue to next question.
Yes. Multifamily Delinquency and Default
Reporting System, 12/20/2007
jj
No. Please continue to next question.
Yes. If yes, please describe.
No.
Yes.
Not applicable.
defines personal information as “Personally Identifiable Information” or
P11.
which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a
the Department. “Sensitive
P11”
is
P11,
U.S.
which
citizen, lawful permanent resident, visitor to the
if lost,
U.S.,
or employee or contractor to
compromised, or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual.
For the purposes of this
PTA. SPII
and
PIT
are treated the
same.
United States Department of Housing and Urban Development
January
30, 2019
5
�If yes, please describe the uses of the
SSNs within the project, program, or
system:
4(g) If this project, program, or system is
an information technology/system, does it
4(f)
Not applicable.
No. Please continue to next question.
relate solely to infrastructure?
Yes. Web-enabled system,WASS connection
through FHA Connection
For example, is the system a Local Area Network
(MN) or Wide Area Network (WAN)?
4(h) if header or payload data3 is stored in the communication traffic log, please detail the data
elements stored.
Click here to enter text.
5. Does this project, program, or system
connect, receive, or share P11 with any
other HUD programs or systems?
No.
Yes.
If yes,
please list:
Click here to enter text.
6. Does this project, program, or system
connect, receive, or share P11 with any
external (non-HUD) partners or
systems?
N 0.
Yes. If yes,
please
list:
Click here to enter text.
.
.
6(a) Is this external sharing pursuant to
new or existing information sharing
access agreement (MOU, MOA, etc.)?
7. Does the project, program, or system
provide role-based training for
personnel who have access in addition
to annual privacy training required of
all HUD personnel?
8. Per NIST SP 800-53 Rev. 4, Appendix
J, does the project, program, or system
maintain_an_accounting_of disclosures
.
.
.
.
.
Choose an item. Not applicable.
Please
describe
applicable information sharing
governance in place:
No.
isi
Yes. If yes,
please
list:
Security Training
j No. What steps will be
maintain the accounting:
taken to develop and
Header: Information that is placed before the actual data. The header normally contains a small number of bytes of
control information, which is used to communicate important facts about the data that the message contains and how
it is to be interpreted and used. It serves as the communication and control link between protocol elements on different
devices.
Payload data: The actual data to be transmitted, often called the payload of the message (metaphorically borrowing a
term from the space industry!) Most messages contain some data of one form or another, but some actually contain
none: they are used only for control and communication purposes. For example, these may be used to set up or
terminate a logical connection before data is sent.
United States Department of Housing and Urban Development
January 30, 2019
6
�of P11 to individuals/agencies who have
requested access to their P11?
9. Is there a FIPS 199 determination?4
LI Yes. In what format is the accounting
maintained:
Unknown.
LIN0.
LI Yes. Please indicate the determinations for each
of the following:
Confidentiality:
LI Low L Moderate
LI High
Integrity:
LI Low LI Moderate
LI High
Availability:
LI Low LI Moderate
LI High
PRIVACY THRESHOLD ANALYSIS REVIEW
(TO BE COMPLETED BY PROGRAM PLO)
Program Privacy Liaison Reviewer:
Vivian Herring
Date submitted to Program Privacy
Office:
January 30, 2019
Date submitted to HUD Privacy Branch:
January 30, 2019
Program Privacy Liaison Officer Recommendation:
Please inclttde recommendation below, including what new privacy compliance docttmentation is needed.
Click here to enter text.
(TO BE COMPLETED BY THE HUD PRIVACY BRANCH)
HUD Privacy Branch Reviewer:
Cindy Etheridge
Date approved by HUD Privacy Branch:
December 7, 2018
.
.
PTA Expiration Date:
This PTA will suffice, however, if this are any changes, an
update will be required.
DESIGNATION
Privacy Sensitive System:
Choose an item.
If “no” PTA adjudication is complete.
fIPS 199 is the FcdetiI Inlormition Iroecssin Standard Publication 199, Standards for Security Categorization of Federal
Information and Information Systems and is used to establish security categories of information systems.
United States Department of Housing and Urban Development
January 30, 2019
7
�Choose an item.
Category of System:
If “other” is selected, please describe: Click here to enter text.
Determination:
PTA sufficient at this time.
Privacy compliance documentation determination in progress.
LI New information sharing arrangement is required.
HUD Policy for Computer-Readable Extracts Containing Sensitive PIT
applies.
Privacy Act Statement required.
Privacy and Civil Liberties Impact Assessment (PCLTA) required.
LI System of Records Notice (SORN) requited.
LI Paperwork Reduction Act (PRA) Clearance may be required. Contact
your program PRA Officer.
A Records Schedule may be required. Contact your program Records
Officer.
PIA:
SORN:
Choose an item.
If covered by existing PCLIA, please list: Click here to enter text.
Choose an item.
If covered by existing SORN, please list: Click here to enter text.
HUD Privacy Branch Comments: The Multifamily Delinquency and Default Report System
(MDDR) was established to replace the paper form HUD-92426.
Please describe rationale for privacy comptiance determination above.
Click here to enter text.
DOCUMENT ENDORSMENT
DATE REVIEWED:
PRIVACY REVIEWING OFFICIALS NAME:
By signing below, you attest that the content captured in this document is accurate and complete
and meet the requirements of applicable federal regulations and HUD internal policies.
United States Department of Housing and Urban Development
January 30, 2019
8
�Date
SYSTEM OWNER
Brian A. Murray, Acting Director
Office of Asset Management and Portfolio
Oversight
Date
Jon Bravacos
Senior Agency Official for Privacy
Privacy Branch
OFFICE OF ADMINISTRATION
United States Department of Housing and Urban Development
January 30,2019
9
�
| File Type | application/pdf |
| File Modified | 2019-04-02 |
| File Created | 2019-04-02 |