Download:
pdf |
pdfPrivacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD ANALYSIS (PTA)
This form serves as the official determination by the DHS Privacy Office to
identify the privacy compliance requirements for all Departmental uses of
personally identifiable information (PII).
A Privacy Threshold Analysis (PTA) serves as the document used to identify
information technology (IT) systems, information collections/forms, technologies,
rulemakings, programs, information sharing arrangements, or pilot projects that involve
PII and other activities that otherwise impact the privacy of individuals as determined by
the Chief Privacy Officer, pursuant to Section 222 of the Homeland Security Act, and to
assess whether there is a need for additional Privacy Compliance Documentation. A PTA
includes a general description of the IT system, information collection, form, technology,
rulemaking, program, pilot project, information sharing arrangement, or other Department
activity and describes what PII is collected (and from whom) and how that information is
used and managed.
Please complete the attached Privacy Threshold Analysis and submit it to your
component Privacy Office. After review by your component Privacy Officer the PTA is sent
to the Department’s Senior Director for Privacy Compliance for action. If you do not have a
component Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]
Upon receipt from your component Privacy Office, the DHS Privacy Office will review this
form and assess whether any privacy compliance documentation is required. If compliance
documentation is required – such as Privacy Impact Assessment (PIA), System of Records
Notice (SORN), Privacy Act Statement, or Computer Matching Agreement (CMA) – the DHS
Privacy Office or component Privacy Office will send you a copy of the relevant compliance
template to complete and return.
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 1 of 11
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis (PTA)
Specialized Template for
Information Collections (IC) and Forms
The Forms-PTA is a specialized template for Information Collections and Forms. This
specialized PTA must accompany all Information Collections submitted as part of the
Paperwork Reduction Act process (any instrument for collection (form, survey,
questionnaire, etc.) from ten or more members of the public). Components may use this PTA
to assess internal, component-specific forms as well.
Form Number:
N/A
Form Title:
Component:
N/A
Transportation Security
Administration (TSA)
Office:
Security Policy and
Industry Engagement
(SPIE)
IF COVERED BY THE PAPERWORK REDUCTION ACT:
Collection Title:
Pipeline Operator Security Information
July 31, 2019
OMB Control
1652-0055
OMB Expiration
Number:
Date:
Collection status:
Extension
Date of last PTA (if
Click here to enter
applicable):
a date.
Name:
Office:
Phone:
Name:
Office:
Phone:
PROJECT OR PROGRAM MANAGER
Nathan Beam
SPIE
Title:
Click here to enter text.
571-227-1358
Email:
[email protected]
COMPONENT INFORMATION COLLECTION/FORMS CONTACT
Christina A. Walsh
IT
Title:
Program Specialist
571-227-2062
Email:
[email protected]
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 2 of 11
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
SPECIFIC IC/Forms PTA QUESTIONS
1. Purpose of the Information Collection or Form
a. Describe the purpose of the information collection or form. Please provide a
general description of the project and its purpose, including how it supports the DHS
mission, in a way a non-technical person could understand (you may use
information from the Supporting Statement).
If this is an updated PTA, please specifically describe what changes or upgrades are
triggering the update to this PTA.
1652-0055 covers the voluntary reporting of suspicious activities or security incident data by
pipeline industry representatives to TSA’s Transportation Security Operations Center
(TSOC) as prescribed in TSA’s Pipeline Security Guidelines available at
https://www.tsa.gov/for-industry/surface-transportation. The TSOC will collect the name and
contact information (company, phone number, email address) of the reporter.
b. List the DHS (or component) authorities to collect, store, and use this information.
If this information will be stored and used by a specific DHS component, list the
component-specific authorities.
ATSA, Pub. L. 107-71 (Nov. 19, 2001); 49 U.S.C. § 114(d); Pipeline Security Guidelines
2. Describe the IC/Form
a. Does this form collect any
Personally Identifiable
Information” (PII1)?
☒ Yes
☐ No
b. From which type(s) of
individuals does this form
collect information?
(Check all that apply.)
☒ Members of the public
☒ U.S. citizens or lawful permanent
residents
☒ Non-U.S. Persons.
☐DHS Employees
☐DHS Contractors
☐Other federal employees or contractors.
1
Personally identifiable information means any information that permits the identity of an individual to be directly or indirectly inferred, including
any other information which is linked or linkable to that individual regardless of whether the individual is a U.S. citizen, lawful permanent resident,
visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 3 of 11
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
c. Who will complete and
submit this form? (Check
all that apply.)
☐The record subject of the form (e.g., the
individual applicant).
☐Legal Representative (preparer, attorney, etc.).
☒ Business entity.
If a business entity, is the only
information collected business contact
information?
☒ Yes
☐No
☐Law enforcement.
☐DHS employee or contractor.
☐ Other individual/entity/organization that is
NOT the record subject. Please describe.
Click here to enter text.
d. How do individuals
complete the form? Check
all that apply.
☐ Paper.
☐ Electronic. (ex: fillable PDF)
☐ Online web form. (available and submitted via
the internet)
Provide link:
Individuals call or email the TSOC.
e. What information will DHS collect on the form? List all PII data elements on the
form. If the form will collect information from more than one type of individual,
please break down list of data elements collected by type of individual.
The TSOC will collect the name and contact information (company, phone number,
email address) of the reporter.
TSA requests that the following also be included in incident reporting: • The time
and location of the incident, as specifically as possible; • A description of the
incident or activity involved; • Which entities have been notified and what actions
have been taken; • The names and/or descriptions of persons involved or suspicious
parties and license plates as appropriate. The collection of the incident information
is covered by DHS/TSA/PIA-029, Operations Center Incident Management System.
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 4 of 11
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Appendix B of the TSA Pipeline Security Guidelines available at
https://www.tsa.gov/for-industry-/surface-transportation, notes that as the lead
Federal agency for pipeline security, TSA desires to be notified of all incidents which
are indicative of a possible deliberate attempt to disrupt pipeline operations or
activities that could be precursors to such an attempt.
f. Does this form collect Social Security number (SSN) or other element that is
stand-alone Sensitive Personally Identifiable Information (SPII)? Check all that
apply.
☐ Social Security number
☐ DHS Electronic Data Interchange
Personal Identifier (EDIPI)
☐ Alien Number (A-Number)
☐ Social Media Handle/ID
☐ Tax Identification Number
☐ Known Traveler Number
☐ Visa Number
☐ Trusted Traveler Number (Global
☐ Passport Number
Entry, Pre-Check, etc.)
☐ Bank Account, Credit Card, or other
☐ Driver’s License Number
financial account number
☐ Biometrics
☐ Other. Please list:
g. List the specific authority to collect SSN or these other SPII elements.
N/A
h. How will this information be used? What is the purpose of the collection?
Describe why this collection of SPII is the minimum amount of information
necessary to accomplish the purpose of the program.
N/A
i.
Are individuals
provided notice at the
time of collection by
DHS (Does the records
subject have notice of
the collection or is
form filled out by
third party)?
☒ Yes. Please describe how notice is provided.
Individuals voluntarily provide incident reporting
to TSA by calling or emailing the TSOC.
☐No.
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 5 of 11
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
3. How will DHS store the IC/form responses?
a. How will DHS store
☐Paper. Please describe.
the original,
Click here to enter text.
completed IC/forms?
☒ Electronic. Please describe the IT system that will
store the data from the form.
WebEOC
☐Scanned forms (completed forms are scanned into
an electronic repository). Please describe the
electronic repository.
Click here to enter text.
b. If electronic, how
does DHS input the
responses into the IT
system?
☒ Manually (data elements manually entered). Please
describe.
Click here to enter text.
☐Automatically. Please describe.
Click here to enter text.
c. How would a user
search the
information
submitted on the
forms, i.e., how is the
information
retrieved?
d. What is the records
retention
schedule(s)? Include
the records schedule
number.
☐By a unique identifier.2 Please describe. If
information is retrieved by personal identifier, please
submit a Privacy Act Statement with this PTA.
Click here to enter text.
☒ By a non-personal identifier. Please describe.
Incident number; location; “pipeline”
Security program records are permanent. Cut off
at end of calendar year. Transfer to FRC 3 years
after cutoff. Transfer to NARA 10 years after
cutoff. In accordance with NARA authority, N1560-04-10 Item 3.
2
Generally, a unique identifier is considered any type of “personally identifiable information,” meaning any information that permits the identity
of an individual to be directly or indirectly inferred, including any other information which is linked or linkable to that individual regardless of
whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 6 of 11
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
e. How do you ensure
The program office’s records liaison is
that records are
responsible for ensuring the regular review of and
disposed of or deleted
archival of eligible records.
in accordance with
the retention
schedule?
f. Is any of this information shared outside of the original program/office? If yes,
describe where (other offices or DHS components or external entities) and why.
What are the authorities of the receiving party?
☐Yes, information is shared with other DHS components or offices. Please describe.
Click here to enter text.
☒ Yes, information is shared external to DHS with other federal agencies, state/local
partners, international partners, or non-governmental entities. Please describe.
TSA may also share information with federal, state, or local law enforcement or
intelligence agencies or other organizations in accordance with the Privacy Act
and the routine uses identified in the TSOC-applicable Privacy Act system of
records notices (SORNs).
☐No. Information on this form is not shared outside of the collecting office.
Please include a copy of the referenced form and Privacy Act Statement (if
applicable) with this PTA upon submission.
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 7 of 11
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:
Jennifer L. Schmidt
Date submitted to component Privacy
Office:
Date submitted to DHS Privacy Office:
December 3, 2018
Have you approved a Privacy Act
Statement for this form? (Only
applicable if you have received a
waiver from the DHS Chief Privacy
Officer to approve component Privacy
Act Statements.)
December 3, 2018
☐Yes. Please include it with this PTA
submission.
☒ No. Please describe why not.
Records are not retrieved by a unique
personal identifier.
Component Privacy Office Recommendation:
Please include recommendation below, including what existing privacy compliance
documentation is available or new privacy compliance documentation is needed.
TSA Privacy recommends approval of this PTA. Collection of PII from members of the
public (pipeline industry representatives) is covered by DHS/ALL/PIA-006, DHS
General Contacts. SORN coverage is not required.
(PIA/SORN coverage for incident reporting and the collection/retrieving of available
PII therein is provided by DHS/TSA/PIA-029, Operations Center Incident
Management System; DHS/TSA/SORN-001, Transportation Security Enforcement
Record System and DHS/TSA/SORN-011 Transportation Security Intelligence Service
Files.)
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 8 of 11
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD ADJUDICATION
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:
Sean McGuinness
PCTS Workflow Number:
Date approved by DHS Privacy Office:
PTA Expiration Date
1173057
December 17, 2018
December 17, 2021
DESIGNATION
Privacy Sensitive IC or
Form:
Yes If “no” PTA adjudication is complete.
Determination:
☐PTA sufficient at this time.
☐Privacy compliance documentation determination in progress.
☐New information sharing arrangement is required.
☐DHS Policy for Computer-Readable Extracts Containing SPII
applies.
☐Privacy Act Statement required.
☒ Privacy Impact Assessment (PIA) required.
☒ System of Records Notice (SORN) required.
☐Specialized training required.
☐Other. Click here to enter text.
DHS IC/Forms Review:
DHS PRIV has not received this ICR/Form.
Date IC/Form Approved Click here to enter a date.
by PRIV:
IC/Form PCTS Number: Click here to enter text.
Privacy Act
Choose an item.
Statement:
A Privacy Act Statement is not required as information is not
retrieved via personal identifier. Records are retrieved by incident
number; location; “pipeline”
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 9 of 11
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PTA:
No system PTA required.
Click here to enter text.
PIA:
Choose an item.
If covered by existing PIA, please list: DHS/ALL/PIA-006 DHS General
Contacts and DHS/TSA/PIA-029 Operations Center Incident
Management System
If a PIA update is required, please list: Click here to enter text.
SORN:
Choose an item.
If covered by existing SORN, please list: DHS/TSA-001 Transportation
Security Enforcement Record System and DHS/TSA-011
Transportation Security Intelligence Service Files
If a SORN update is required, please list: Click here to enter text.
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
DHS Privacy finds that the Pipeline Operator Security Information collection is
privacy sensitive as it collects PII from members of the public (to include U.S. citizens
or lawful permanent residents and Non-U.S. Persons).
This collection includes voluntary reporting of suspicious activities or security
incident data by pipeline industry representatives to TSA’s Transportation Security
Operations Center (TSOC) as prescribed in TSA’s Pipeline Security Guidelines
available at https://www.tsa.gov/for-industry/surface-transportation. The TSOC
will collect the name and contact information (company, phone number, email
address) of the reporter. Individuals call or email the TSOC to submit their inquiries.
TSA requests that the following also be included in incident reporting: • The time
and location of the incident, as specifically as possible; • A description of the incident
or activity involved; • Which entities have been notified and what actions have been
taken; • The names and/or descriptions of persons involved or suspicious parties
and license plates as appropriate. The collection of the incident information is
covered by DHS/TSA/PIA-029 Operations Center Incident Management System.
Incident reports can be retrieved by Incident number; location; “pipeline.”
PRIV agrees with TSA Privacy that PIA coverage is provided under DHS/ALL/PIA-006
DHS General Contacts and DHS/TSA/PIA-029 Operations Center Incident
Management System (for incidents). DHS/ALL/PIA-006 outlines how DHS collects
contact information in order to distribute information and perform various other
administrative tasks. DHS/TSA/PIA-029 outlines how the Transportation Security
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 10 of 11
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Operations Center TSOC uses WebEOC to perform incident management,
coordination, and situational awareness functions for all modes of transportation.
SORN coverage for incident reporting and the collection/retrieving of available PII
therein is provided by DHS/TSA-001 Transportation Security Enforcement Record
System and DHS/TSA-011 Transportation Security Intelligence Service Files.
DHS/TSA-001 outlines how TSA maintains an enforcement and inspections system
for all modes of transportation for which TSA has security related duties and to
maintain records related to the investigation or prosecution of violations or
potential violations of Federal, State, local, or international criminal law. DHS/TSA011 outlines how TSA maintain records on intelligence, counterintelligence,
transportation security, and information systems security matters as they relate to
TSA's mission of protecting the nation's transportation systems. To identify potential
threats to transportation security, uphold and enforce the law, and ensure public
safety.
A Privacy Act Statement is not required as information is not retrieved via personal
identifier. Records are retrieved by incident number; location; pipeline.
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 11 of 11
�
| File Type | application/pdf |
| File Modified | 0000-00-00 |
| File Created | 0000-00-00 |