Download:
pdf |
pdfU.S. DEPARTMENT OF
HOUSING AND URBAN DEVELOPMENT
PRIVACY THRESHOLD ANALYSIS (PTA)
HUD-Administered Small Cities Program
Performance Assessment Report
Office of Community Planning and
Development
May 7, 2019
United States Department of Housing and Urban Development
May 22, 2019
�PRIVACY THRESHOLD ANALYSIS (PTA)
The PTA is a compliance form developed by the Privacy Branch to identify the use of Personally
Identifiable Information (P11) across the Department. The PTA is the first step in the PIT verification
process, which focuses on these areas of inquiry:
•
Purpose for the information,
•
Type of information,
•
Sensitivity of the information,
•
Use of the information,
•
And the risk to the information.
Please use the attached form to determine whether a Privacy and Civil Liberties Impact Assessment
(PCLTA) is required under the E-Government Act of 2002 or a System of Record Notice (SORN) is
required under the Privacy Act of 1974, as amended.
Please complete this form and send it to your program Privacy Liaison Officer (PLO). If you have no
program Privacy Liaison Officer, please send the PTA to the HUD Privacy Branch:
John Bravacos, Senior Agency Official for Privacy
Privacy Branch
U.S. Department of Housing and Urban Development
privacy @hud.gov
Upon receipt from your program PLO, the HUD Privacy Branch will review this form. If a PCLIA or
SORN is required, the HUD Privacy Branch will send you a copy of the PCLTA and SORN templates to
complete and return.
United States Department of Housing and Urban Development
May22,20l9
2
�PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:
HUD-Admimstered Small Cities Program Performance Assessment Report
Program:
Community Planning and Development (CPD)
CSAM Name (if
applicable):
N/A
.
Type of Project or
Program:
Date first
developed:
Date of last PTA
update:
ATO Status (if
applicable)
.
.
CSAM Number
(if applicable):
N/A
Form or other Information
Collection
Project or
program
status:
May 21, 1991
Pilot launch
date:
N/A
May 7, 2019
Pilot end date:
N/A
Choose an item.
N/A
ATO
expiration date
(if applicable):
N/A
.
.
Existing
PROJECT OR PROGRAM MANAGER
Name:
James Höemann
Office:
Community Planning and
Development
Phone:
202-402-5716
INFORMATION SYSTEM SECURITY OFFICER (ISSO) (IF APPLICABLE)
Name:
N/A
Phone:
N/A
Email:
N/A
United States Department of Housing and Urban Development
May22,2019
3
�SPECIFIC PTA QUESTIONS
1. Reason for submitting the PTA: Choose an item.
This is a renewal of a previously approved collection. The information collected
from grant recipients participating in the HUD administered CDBG program
provides HUD with financial and physical development status of each activity
funded. These reports are used to determine grant recipient performance. There
have been no changes to the program since the last version of this document.
2. Does this system employ the following
technologies?
.
Li
Web portal1 (e.g., SharePoint)
If you are itsing these technologies and want
coverage ttnder the respective PIA for that
technology, please stop here and contact the NUD
Privacy
Branch for further guidance.
Social Media
Li
Contact Lists
Public website (e.g. A website operated by
HUD, contractor, or other organization on behalf of
the HUD
None of these
This program collects no personally identifiable
information2
3. From whom does the Project or
Program collect, maintain, use, or
disseminate information?
Please check alt that apply.
.
.
.
.
Members of the public
HUD employees/contractors (list programs):
Contractors working on behalf of HUD
Employees of other federal agencies
Other (e.g. business entity)
4. What specific information about individuals is collected, generated or retained?
Informational and collaboration-based portals in operation at HUD and its programs that collect, use, maintain, and share limited
personally identifiable information (P11) about individuals who are “members” of the portal or “potential members” who seek to
gain access to the portal.
HUD defines personal information as “Personally Identifiable Information” or P11, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to
the Department. “Sensitive P11” is P11, which if lost, compromised. or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA. SP1I and P11 are treated the
same.
United States Department of Housing and Urban Development
May22,20l9
4
�Please provide a specic description of information collected, generated, or retained (such as full names,
maiden name, mother’s maiden name, alias, social security numbe,; passport numnbem; driver’s license
number, taxpayer identtfication numbe,; patient identWcation numbe,; financial account, credit card
number, street, internet protocol, media access control, telephone number, mobile nttmber, bttsiness
number, photograph image, x-rays, fingerprints, biometric image, template date(e.g. retain scan, welldefined grottp ofpeople), vehicle registration number, title number and information about an indttvial that
is linked or linkable to one of the above (e.g. date of date, place of birth, race, religion, weight, activities,
geographical indictors, employment information, medial information, education information, financial
information) and etc.
No personally identifiable information is collected. The report consists of HUD Form 4052 and
a set of required narratives, including the grantee (which is generally a state government), the
grant number assigned by HUD, the reporting period, activity number, name of physical
development activity by street address and by census tract, whether there is a direct benefit
activity initiated or not, budgeted amount of each activity, funds expended, any unliquidated
obligations, unobligated balances, program income and other narrative requirements.
4(a) Does the project, program, or system
retrieve information from the system about
a U.S. Citizen or lawfully admitted
permanent resident aliens by a personal
identifier?
No. Please continue to next question.
Yes. If yes, please list all personal identifiers
used:
4(b) Does the project, program, or system
have an existing System of Records Notice
(SORN) that has already been published in
the Federal Register that covers the
information collected?
No. Please continue to next question.
LI Yes. If yes, provide the system name and
number, and the Federal Register
citation(s) for the most recent complete notice and
any subsequent notices
reflecting amendment to the system
.
4(c)Has the project, program, or system
undergone any significant changes since the
No.
.
Yes.
Please continue to next question.
If yes, please describe.
SORN?
4(d) Does the project, program, or system
use Social Security Numbers (SSN)?
4(e) 11 yes, please provide the specific legal
authority and purpose for the collection of
SSNs:
4(f) if yes, please describe the uses of the
SSNs within the project, program, or
system:
4(g) if this project, program, or system is
an information technology/system, does it
relate solely to infrastructure?
.
.
No.
Yes.
N/A
N/A
No. Please continue to next question.
.
For example, is the system a Local Area Network
(LAN) or Wide Area Network (WAN)?
LI
Yes. If a log kept of communication traffic,
please answer this question.
United States Department of Housing and Urban Development
May22,2019
5
�4(h) If header or payload data3 is stored in the communication traffic log, please detail the data
elements stored.
N/A
5. Does this project, program, or system
connect, receive, or share P1! with any
other HUB programs or systems?
No.
LI
Yes. If yes, please list:
Click here to enter text.
6. Does this project, program, or system
connect, receive, or share P11 with any
external (non-HUD) partners or
systems?
No.
LI
Yes. If yes, please list:
Click here to enter text.
6(a) Is this external sharing pursuant to
new or existing information sharing
access agreement (MOU, MOA, etc.)?
Choose an item.
Please describe applicable information sharing
governance in place:
N/A
7. Does the project, program, or system
provide role-based training for
personnel who have access in addition
to annual privacy training required of
all HUD personnel?
8.
Per NIST SP 800-53 Rev. 4, Appendix
J, does the project, program, or system
maintain an accounting of disclosures
of P11 to individuals/agencies who have
requested access to their P11?
9. Is there a FIPS 199 determination?4
No.
LI
Yes. If yes, please list:
No. What steps will be taken to develop and
maintain the accounting:
LI
Yes. In what format is the accounting
maintained:
LI Unknown.
No.
Header: Information that is placed before the actual data. The header normally contains a small number of bytes of
control information, which is used to communicate important facts about the data that the message contains and how
it is to be interpreted and used. It serves as the communication and control link between protocol elements on different
devices.
Payload data: The actual data to be transmitted, often called the payload of the message (metaphorically borrowing a
term from the space industry!) Most messages contain some data of one form or another, but some actually contain
none: they are used only for control and communication purposes. For example, these may be used to set up or
terminate a logical connection before data is sent.
FIPS 199 is the ldaaI lntuiiitiun
Standard Publication 199, Standards for Security Categorization of Federal
Information and Information Systems and is used to establish security categories of information systems.
United States Department of Housing and Urban Development
May22,2019
6
�LI Yes.
Please indicate the determinations for each
of the following:
Co nfl den ti al ity:
LI Low LI Moderate
LI High
Integrity:
LI Low LI Moderate
LI High
Availability:
LI Low LI Moderate
LI High
PRIVACY THRESHOLD ANALYSIS REVIEW
(TO BE COMPLETED BY PROGRAM PLO)
Program Privacy Liaison Reviewer:
Urnell Johnson
Date submitted to Program Privacy
Office:
M ay 10 2019
Date submitted to HUD Privacy Branch:
May 21, 2019
Program Privacy Liaison Officer Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
Click here to enter text.
N/A
(TO BE COMPLETED BY THE HUD PRIVACY BRANCH)
HUD Privacy Branch Reviewer:
Cindy Etheridge
Date approved by HUD Privacy Branch:
Click here to enter a date.
.
This PTA will suffice, however, if there are any changes,
an update will be required.
.
PTA Expiration Date:
DESIGNATION
Privacy Sensitive System:
Category of System:
Choose an item.
If “no” PTA adjudication is complete.
Choose an item.
If “other” is selected, please describe: Click here to enter text.
Determination:
XLI PTA sufficient at this time.
LI Privacy compliance documentation determination in progress.
LI New information sharing arrangement is required.
United States Department of Housing and Urban Development
May22,2019
7
�LI New information sharing arrangement is required.
LI HUD Policy for Computer-Readable Extracts Containing Sensitive PIT
applies.
LI Privacy Act Statement required.
LI Privacy and Civil Liberties Impact Assessment (PCLIA) required.
LI System of Records Notice (SORN) required.
LI Paperwork Reduction Act (PRA) Clearance may be required. Contact
your program PRA Officer.
LI A Records Schedule may be required. Contact your program Records
Officer.
PIA:
SORN•
Choose an item.
If covered by existing PCLIA, please list: Click here to enter text.
Choose an item.
If covered by existing SORN, please list: Click here to enter text.
HUB Privacy Branch Comments: This PTA will suffice at this time, however; if there are any
changes, an update will be required.
Please describe rationale for privacy compliance determination above.
Click here to enter text.
United States Department of Housing and Urban Development
May22,2019
8
�DOCUMENT ENDORSMENT
DATE REVIEWED:
PRIVACY REVIEWING OFFICIALS NAME:
By signing below, you attest that the content captured in this document is accurate and complete
and meet the requirements of applicable federal regulations and HUD internal policies.
&y
Date
OWNER
James Höernann, Deputy Director
Cornrncm ity Planning and DevelopmentJOffIce of
Block Grant Assistance
Date
John Bravacos
Senior Agency Officiat for Privacy
Privacy Branch
OFFICE OF ADMINISTRATION
United States Department of Housing and Urban Development
May22,2019
9
�
| File Type | application/pdf |
| File Modified | 0000-00-00 |
| File Created | 2019-06-19 |