Download:
pdf |
pdfPrivacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 1 of 7
PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.
Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under
the E-Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component
Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]
Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a
PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment
Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website,
www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email:
[email protected], phone: 202-343-1717.
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 2 of 7
PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:
The Declaration Process: Requests for Preliminary Damage Assessment (PDA),
Requests for Supplemental Federal Disaster Assistance, Appeals, and Requests for
Cost Share Adjustments [ICR 1660-0009]
Component:
Federal Emergency
Management Agency (FEMA)
Office or
Program:
Office of Response &
Recovery
Xacta FISMA
Name (if
applicable):
Click here to enter text.
Xacta FISMA
Number (if
applicable):
Click here to enter text.
Type of Project or
Program:
Form or other Information
Collection
Project or
program
status:
Existing
Date first
developed:
Date of last PTA
update
April 1, 1979
Pilot launch
date:
Click here to enter a date.
April 30, 2012
Pilot end date:
Click here to enter a date.
ATO Status (if
applicable)
Choose an item.
ATO
expiration date
(if applicable):
Click here to enter a date.
PROJECT OR PROGRAM MANAGER
Name:
Dean Webster
Office:
Office of Response &
Recovery
Title:
Chief, Declarations Unit
Phone:
202-646-2833
Email:
[email protected]
INFORMATION SYSTEM SECURITY OFFICER (ISSO) (IF APPLICABLE)
Name:
N/A
Phone:
N/A
Email:
N/A
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 3 of 7
SPECIFIC PTA QUESTIONS
1. Reason for submitting the PTA: Renewal PTA
If a State is impacted by an event of a severity and magnitude that is beyond its response capabilities, the
State Governor may seek a declaration by the President that a major disaster or emergency exists under
sections 401 and 501 of the Stafford Act (42 U.S.C. §§ 5170 and 5190). These requests are submitted
through FEMA Form 010-0-13. FEMA evaluates the requests and provides recommendations of
appropriate response actions to the President. If the request is granted, the State may be eligible to
receive assistance under 42 U.S.C. §§ 5170a, 5170b, 5170c; 5172, 5173, and 5174.
FEMA uses FEMA Form 010-0-13 to collect information from the requesting State. The form prompts a
State to describe the impact of the disaster or emergency when seeking a Presidential declaration. With
this, DHS/FEMA is able to effectively process, analyze, and evaluate declaration requests. DHS/FEMA
analyzes the State’s information submitted in the form to determine what recommendations to make to the
President. Based on this information, the President decides whether to grant the request. The form
contains:
• Governor’s name
• Name of the State’s point of contact
• Incident/disaster date
• Type of incident/disaster
• Description of damages
• Description of the nature and amount of local resources used by the State
• Type of assistance being requested
• Designated counties and/or tribes within the state to receive assistance
FEMA’s Declarations Unit maintains the State’s completed form on the unit’s shared drive. The form is
shared with a limited number of employees on staff who have a need to know. As noted above, FEMA
Form 010-0-13 only collects minimal PII information; none of which is SPII. The data is neither
retrieved nor retrievable by personally identifiable information. Rather, the information is retrieved by
State specific or disaster specific information of a non‐identifiable nature.
2. Does this system employ any of the
following technologies:
If you are using any of these technologies and
want coverage under the respective PIA for that
technology please stop here and contact the DHS
Privacy Office for further guidance.
Closed Circuit Television (CCTV)
Social Media
Web portal 1 (e.g., SharePoint)
Contact Lists
1
Informational and collaboration-based portals in operation at DHS and its components that collect, use, maintain, and share
limited personally identifiable information (PII) about individuals who are “members” of the portal or “potential members” who
seek to gain access to the portal.
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 4 of 7
None of these
3. From whom does the Project or
Program collect, maintain, use, or
disseminate information?
Please check all that apply.
This program does not collect any personally
identifiable information 2
Members of the public
DHS employees/contractors (list components):
Contractors working on behalf of DHS
Employees of other federal agencies
4. What specific information about individuals is collected, generated or retained?
Governor’s point of contact: First and last name and general office phone number.
4(a) Does the project, program, or system
retrieve information by personal identifier?
4(b) Does the project, program, or system
use Social Security Numbers (SSN)?
4(c) If yes, please provide the specific legal
basis and purpose for the collection of
SSNs:
4(d) If yes, please describe the uses of the
SSNs within the project, program, or
system:
4(e) If this project, program, or system is
an information technology/system, does it
relate solely to infrastructure?
2
No. Please continue to next question.
Yes. If yes, please list all personal identifiers
used:
No.
Yes.
n/a
n/a
No. Please continue to next question.
Yes. If a log kept of communication traffic,
please answer the following question.
DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to
the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the
same.
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 5 of 7
For example, is the system a Local Area Network
(LAN) or Wide Area Network (WAN)?
4(f) If header or payload data 3 is stored in the communication traffic log, please detail the data
elements stored.
N/A
5. Does this project, program, or system
connect, receive, or share PII with any
other DHS programs or systems 4?
No.
Yes. If yes, please list:
Click here to enter text.
6. Does this project, program, or system
connect, receive, or share PII with any
external (non-DHS) partners or
systems?
No.
Yes. If yes, please list:
Click here to enter text.
6(a) Is this external sharing pursuant to
new or existing information sharing
access agreement (MOU, MOA, LOI,
etc.)?
7. Does the project, program, or system
provide role-based training for
personnel who have access in addition
to annual privacy training required of
all DHS personnel?
8. Per NIST SP 800-53 Rev. 4, Appendix
J, does the project, program, or system
maintain an accounting of disclosures
of PII to individuals who have
requested access to their PII?
N/A
No.
Yes. If yes, please list:
No. What steps will be taken to develop and
maintain the accounting:
This system collects very minimal PII, none of
which is SPII. Specifically, the only PII collected is
individuals’ names serving in a public business
contact capacity. The other information refers to
additional information related to the disaster.
Yes. In what format is the accounting
maintained:
3
When data is sent over the Internet, each unit transmitted includes both header information and the actual data being sent. The
header identifies the source and destination of the packet, while the actual data is referred to as the payload. Because header
information, or overhead data, is only used in the transmission process, it is stripped from the packet when it reaches its destination.
Therefore, the payload is the only data received by the destination system.
4
PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes. Often, these
systems are listed as “interconnected systems” in Xacta.
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 6 of 7
9. Is there a FIPS 199 determination? 4
Unknown.
No.
Yes. Please indicate the determinations for each
of the following:
Confidentiality:
Low
Moderate
High
Undefined
Integrity:
Low
Moderate
High
Undefined
Availability:
Low
Moderate
High
Undefined
PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:
LaKia Samuel
Date submitted to Component Privacy
Office:
November 20, 2015
Date submitted to DHS Privacy Office:
January 21, 2016
Component Privacy Office Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
FEMA Form 010-0-13 is used by States points of contact (POCs) for the purpose of requesting a
Presidential disaster declaration. The form collects basic contact information from the State POCs and a
description of the State’s devastation resulting from the incident. This collection [ICR 1660-0009] has
coverage under the DHS/FEMA/PIA-013 –Grants Management PIA. Information is not filed or retrieved
by use of a name or personal identifier. Therefore, this collection does not require SORN coverage.
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
4
DHS Privacy Office Reviewer:
Tammi Hines
PCTS Workflow Number:
1118167
Date approved by DHS Privacy Office:
February 10, 2016
FIPS 199 is the Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal
Information and Information Systems and is used to establish security categories of information systems.
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 7 of 7
February 10, 2019
PTA Expiration Date
DESIGNATION
Privacy Sensitive System:
Yes
If “no” PTA adjudication is complete.
Form/Information Collection
Category of System:
If “other” is selected, please describe: Click here to enter text.
Determination:
PTA sufficient at this time.
Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
DHS Policy for Computer-Readable Extracts Containing Sensitive PII
applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.
Paperwork Reduction Act (PRA) Clearance may be required. Contact
your component PRA Officer.
A Records Schedule may be required. Contact your component Records
Officer.
PIA:
SORN:
Existing PIA
If covered by existing PIA, please list: DHS/FEMA/PIA-013 – Grants Management
N/A
If covered by existing SORN, please list:
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
The purpose for this PTA Renewal is to review, annotate the review, and ensure there is privacy
compliance coverage for this initiative. DHS-Privacy agrees with the above recommendation that FEMA
Form 010-0-13 is used to collect basic contact information for State POCs requesting Presidential
Disaster Declaration of a state impacted by a disaster. PIA coverages is provided under:
DHS/FEMA/PIA-013 – Grants Management, as this system only collects minimal contact information
and no SPII, SORN coverage is not required.
�
| File Type | application/pdf |
| File Modified | 0000-00-00 |
| File Created | 0000-00-00 |