Download:
pdf |
pdfU.S. Department of Housing and
Urban Development
Office of Housing
Housing Counseling System (HCS/ F11)
Privacy Impact Assessment
September 2008
�DOCUMENT ENDORSEMENT
I have carefully assessed the Privacy Impact Assessment (PIA) for Housing Counseling System
(HCS) with a sub-module as a database naming Client Activity Report System (CARS). This
document has been completed in accordance with the requirement set forth by the E-Government
Act of 2002 and OMB Memorandum 03-22 which requires that "Privacy Impact Assessments"
(PIAs) be conducted for all new and/ or significantly altered IT Systems, and Information
Collection Requests.
ENDORSEMENT SECTION
Please check the appropriate statement.
X
The document is accepted.
The document is accepted pending the changes noted.
The document is not accepted.
Based on our authority and judgment, the data captured in this document is current and accurate.
/S/ David Huynh
OCIO GTM/PROJECT LEADER, DAVID T. HUYNH
Office of the Chief Information Officer
U.S. Department of Housing and Urban Development
09/09/08
Date
/S/ George Grotheer
SYSTEM MANAGER/PROJECT SPONSOR MANAGER,
GEORGE H. GROTHEER
Office of Housing/Single Family Housing
U.S. Department of Housing and Urban Development
09/09/08
Date
/S/ Brian Siebenlist
ALT SYSTEM MANAGER/ PROJECT SPONSOR MANAGER,
BRIAN SIEBENLIST
Office of Housing/Single Family Housing
U.S. Department of Housing and Urban Development
_09/09/08
Date
/S/ Margaret E. Burns
PROGRAM AREA DIRECTOR, MARGARET E. BURNS
Office of Housing/Single Family Housing
U.S. Department of Housing and Urban Development
09/09/08
Date
2
�N/A
DEPARTMENTAL PRIVACY ADVOCATE
Office of the Chief Information Officer
U. S. Department of Housing and Urban Development
/S/ Donna Robinson-Staton
DEPARTMENTAL PRIVACY ACT OFFICER, DONNA
ROBINSON-STATON
Office of the Chief Information Officer
U. S. Department of Housing and Urban Development
Date
09/09/08
Date
3
�TABLE OF CONTENTS
DOCUMENT ENDORSEMENT ................................................................................................ 2
TABLE OF CONTENTS ............................................................................................................. 4
SECTION 1: BACKGROUND................................................................................................... 5
Importance of Privacy Protection – Legislative Mandates:........................................................ 5
What is the Privacy Impact Assessment (PIA) Process? ............................................................ 6
Who Completes the PIA?............................................................................................................ 6
When is a Privacy Impact Assessment (PIA) Required?............................................................ 6
What are the Privacy Act Requirements? ................................................................................... 7
Why is the PIA Summary Made Publicly Availble? .................................................................. 7
SECTION 2 – COMPLETING A PRIVACY IMPACT ASSESSMENT................................ 8
Question 1: Provide a brief description of what personal information is collected................... 8
Question 2: Type of electronic system or information collection............................................ 10
Question 3: Why is the personally identifiable information being collected? How will it be
used? ......................................................................................................................................... 11
Question 4: Will you share the information with others? ........................................................ 12
Question 5: Can individuals “opt-out” by declining to provide personal information or by
consenting only to particular use (e.g., allowing their financial information to be used for basic
rent eligibility determination, but for not for sharing with other government agencies)?........ 12
Question 6: How will the privacy of the information be protected/ secured? What are the
administrative and technological controls?............................................................................... 13
Question 7: If privacy information is involved, by what data elements can it be retrieved?... 14
SECTION 3: DETERMINATION BY HUD PRIVACY ACT OFFICER........................... 14
4
�FINAL/APPROVED
U.S. DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT
PRIVACY IMPACT ASSESSMENT (PIA) FOR:
“HOUSING COUNSELING SYSTEM (HCS)”
PCAS #: 00251390
September 2008
NOTE: See Section 2 for PIA answers and Section 3 for Privacy Advocate’s determination.
SECTION 1: BACKGROUND
Importance of Privacy Protection – Legislative Mandates:
HUD is responsible for ensuring the privacy and confidentiality of the information it collects on
members of the public, beneficiaries of HUD programs, business partners, and its own
employees. These people have a right to expect that HUD will collect, maintain, use, and
disseminate identifiable personal information only as authorized by law and as necessary to carry
out agency responsibilities.
The information HUD collects is protected by the following legislation and regulations:
• Privacy Act of 1974, as amended affords individuals the right to privacy in records that
are maintained and used by Federal agencies. (See
http://www.usdoj.gov/foia/privstat.htm; see also HUD Handbook1325.1 at
www.hudclips.org);
• Computer Matching and Privacy Protection Act of 1988 is an amendment to the Privacy
Act that specifies the conditions under which private information may (or may not) be
shared among government agencies. (See http://www.usdoj.gov/foia/privstat.htm);
• Freedom of Information Act of 1966, as amended
(http://www.usdoj.gov/oip/foia_updates/Vol_XVII_4/page2.htm) provides for the
disclosure of information maintained by Federal agencies to the public, while allowing
limited protections for privacy. See also HUD’s Freedom of Information Act Handbook
(HUD Handbook 1327.1 at www.hudclips.org);
• E-Government Act of 2002 requires Federal agencies to conduct Privacy Impact
Assessments (PIAs) on its electronic systems. (See http://frwebgate.access.gpo.gov/cgibin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ347.107.pdf; see also the
summary of the E-Government Act at
http://www.whitehouse.gov/omb/egov/pres_state2.htm);
• Federal Information Security Management Act of 2002 (which superceded the Computer
Security Act of 1987) provides a comprehensive framework for ensuring the
effectiveness of information security controls over information resources that support
Federal operations and assets, etc. See also the codified version of Information Security
5
�•
regulations at Title 44 U.S. Code chapter 35 subchapter II
(http://uscode.house.gov/search/criteria.php); and
OMB Circular A-130, Management of Federal Information Resources, Appendix I
(http://www.whitehouse.gov/omb/circulars/a130/appendix_i.pdf) defines Federal Agency
responsibilities for maintaining records about individuals.
Access to personally identifiable information will be restricted to those staff that has a need to
access the data to carry out their duties; and they will be held accountable for ensuring privacy
and confidentiality of the data.
What is the Privacy Impact Assessment (PIA) Process?
The Privacy Impact Assessment (PIA) is a process that evaluates issues related to the privacy of
personally identifiable information in electronic systems. See background on PIAs and the 7
questions that need to be answered, at: http://www.hud.gov/offices/cio/privacy/pia/pia.cfm.
Personally identifiable information is defined as information that actually identifies an
individual, e.g., name, address, social security number (SSN), or identifying number or code; or
other personal/ sensitive information such as race, marital status, financial information, home
telephone number, personal e-mail address, etc. Of particular concern is the combination of
multiple identifying elements. For example, knowing name + SSN + birth date + financial
information would pose more risk to privacy than just name + SSN alone.
The PIA:
• Identifies the type of personally identifiable information in the system (including any
ability to combine multiple identifying elements on an individual);
• Identifies who has access to that information (whether full access or limited access
rights); and
• Describes the administrative controls that ensure that only information that is necessary
and relevant to HUD’s mission is included.
Who Completes the PIA?
Both the program area System Owner and the IT Project Leader worked together to complete the
PIA. The System Owner describes what personal data types are collected, how the data is used,
and who has access to the personal data. The IT Project Leader describes whether technical
implementation of the System Owner’s requirements presents any risks to privacy, and what
controls are in place to restrict access of personally identifiable information.
When is a Privacy Impact Assessment (PIA) Required?
1. New Systems: Any new system that will contain personal information on members of the
public requires a PIA, per OMB requirements (this covers both major and non-major
systems).
6
�2. Existing Systems: Where there are significant modifications involving personal
information on members of the public, or where significant changes been made to the system
that may create a new privacy risk, a PIA is required.
3. Information Collection Requests, per the Paperwork Reduction Act (PRA):
Agencies must obtain OMB approval for new information collections from ten or more
members of the public. If the information collection is both a new collection and automated,
then a PIA is required.
What are the Privacy Act Requirements?
Privacy Act. The Privacy Act of 1974, as amended (http://www.usdoj.gov/foia/privstat.htm)
requires that agencies publish a Federal Register Notice for public comment on any intended
information collection. Privacy Act Systems of Records are created when information pertaining
to an individual is collected and maintained by the Department, and is retrieved by the name of
the individual or by some other identifying number, symbol, or other identifying particular
assigned to an individual. The E-Government Act of 2002 requires PIAs for electronic systems
as well as information collection requests that are automated. So, there is a relationship between
the new PIA requirement (when automation is involved) and the long-standing Privacy Act
System of Records Notices (for both paper-based and automated records that are of a private
nature). For additional information, contact the Departmental Privacy Act Officer in the Office
of the Chief Information Officer.
Why is the PIA Summary Made Publicly Available?
The E-Government Act of 2002 requires that the analysis and determinations resulting from the
PIA be made publicly available. The Privacy Advocate in HUD’s Office of the Chief
Information Officer (OCIO) is responsible for publishing the PIA summary on HUD’s web site.
See: http://www.hud.gov/offices/cio/privacy/pia/pia.cfm.
7
�SECTION 2 – COMPLETING A PRIVACY IMPACT ASSESSMENT
Please submit answers to the Departmental Privacy Act Officer in the Office of the Chief
Information Officer (OCIO). If any question does not apply, state Not Applicable (N/A) for that
question, and briefly explain why it is not applicable.
Program Area: Office of Housing/Single Family Program Support Division
Program Area Manager: Margaret Burns, Director of Office of Single Family Program
Development, (202) 708-2121
Subject matter expert in the program area: George Grotheer, Project Manager, Program
Support Division, (202) 402-2294; Brian Siebenlist, Alt. Project Sponsor Manager, Deputy
Director Housing, Program Support Division, (202)402-5415
IT Project Leader: David Huynh, Office of the Chief Information Officer, Office of Systems
Integration and Efficiency, 202-402-7493
For IT Systems:
• Name of system: Housing Counseling System/Client Activity Report System
(HCS/CARS)
• PCAS #: 00251390 for operation and maintenance
• OMB Unique Project Identifier #: N/A
• System Code: F11
For Information Collection Requests:
• Name of Information Collection Request: N/A
• OMB Control #: N/A
Question 1: Provide a brief description of what personal information is collected.
The Housing Counseling System (HCS) maintains a file of housing counseling agencies which
are working with HUD. HCS collects personal information of people participating in the
Housing Counseling Program who receives housing counseling from HUD approved Housing
Counseling Agencies. Currently, the data collected is not displayed to any user of the Housing
Counseling System but rather used to aggregate housing counseling agency performance. At this
time the PIA and SORN is revisited and updated, as necessary to expand on new capabilities and
to incorporate updates to accurately identify the official responsible for managing the system.
Personal information is for HUD use only and is not available for public access.
If this automated system (or Information Collection Request) involves personally identifiable
information on members of the public, then mark any of the categories that apply below:
Personal Identifiers:
X Name - mandatory
X Social Security Number (SSN).- voluntary
Other identification number (specify type):
X Birth date
X Home address - mandatory
8
�X
X
Home telephone - mandatory
Personal e-mail address
Fingerprint/ other “biometric”
Other (specify):
None
Comment:
Personal/ Sensitive Information:
X Race/ ethnicity - mandatory
X Gender/ sex - mandatory
X Marital status - mandatory
X Spouse name
X # of children - mandatory
X Income/ financial data (specify type of data, such as salary, Federal taxes paid, bank
account number, etc.): mandatory
X Employment history:
X Education level
Medical history/ information
X Disability m
Criminal record
Other (specify):
None
Comment:
Question 2: Will any of the personally identifiable information be accessed remotely or
physically removed? If yes, what security controls are in place to protect the information e.g.,
encryptions (give details below)?
Yes
No
If yes, Proceed to answering the following questions.
Have the security controls been reviewed and approved by the
Information Security Officer?
What security controls are in place to protect the information (e.g., encryptions)?
What HUD approved application is used to grant remote access (e.g., VPN, Citrix)?
Is there a policy in place restricting remote access from certain locations outside the
Department (For example: Policy may permit remote access, but prohibits access from a
particular place; such as, Kinko’s/Starbuck) or is remote access permitted from all areas
outside the Department?
Is there a policy that identifies “if” or “if not” downloading and remote storage of this
information is allowed (For example: Policy may permit remote access, but prohibit
downloading and local storage)?
Comment:
9
�Question 3: Type of electronic system or information collection.
A. If a new electronic system (or one in development): Mark any of the following that
apply:
Yes
No
A. If a new electronic system (or one in development): Is this a new
electronic system (implemented after April 2003, the effective date of
the E-Government Act of 2002)? .
a. Does the system require authentication?
b. Is the system browser-based?
c. Is the system external-facing (with external users that require
authentication)?
Comment
B. If an existing electronic system: Mark any of the following conditions for your existing
system that OMB defines as a “trigger” for requiring a PIA (if not applicable, mark N/A):
N/A Conversion: When paper-based records that contain personal information are
converted to an electronic system
N/A From Anonymous (Non-Identifiable) to “Non-Anonymous” (Personally
Identifiable): When any systems application transforms an existing database or
data collection so that previously anonymous data becomes personally identifiable
N/A Significant System Management Changes: When new uses of an existing
electronic system significantly change how personal information is managed in the
system. (Example #1: when new “relational” databases could combine multiple
identifying data elements to more easily identify an individual. Example #2:
when a web portal extracts data elements from separate databases, and thereby
creates a more open environment for exposure of personal data)
N/A Merging Databases: When government databases are merged, centralized,
matched, or otherwise significantly manipulated so that personal information
becomes more accessible (with special concern for the ability to combine multiple
identifying elements)
N/A New Public Access: When new public access is given to members of the public or
to business partners (even if the system is protected by password, digital
certificate, or other user-authentication technology)
N/A Commercial Sources: When agencies systematically incorporate into databases
any personal data from commercial or public sources (ad hoc queries of such
sources using existing technology does not trigger the need for a PIA)
N/A New Inter-agency Uses: When agencies work together (such as the federal EGov initiatives), the lead agency should prepare the PIA
N/A Business Process Re-engineering: When altering a business process results in
significant new uses, disclosures, or additions of personal data
N/A Alteration in Character of Data: When adding new personal data raises the risks
to personal privacy (for example, adding financial information to an existing
database that contains name and address)
10
�C. If an Information Collection Request (ICR): Is this a new Request that will collect
data that will be in an automated system? Agencies must obtain OMB approval for
information collections from 10 or more members of the public. The E-Government Act of
2002 requires a PIA for ICRs only if the collection of information is a new request and the
collected data will be in an automated system.
Yes, this is a new ICR and the data will be automated
X No, the ICR does not require a PIA because it is not new or automated)
Comment:
Question 4: Why is the personally identifiable information being collected? How will it be
used?
Mark any that apply:
Homeownership:
Credit checks (eligibility for loans)
Loan applications and case-binder files (via lenders) – including borrower SSNs,
salary, employment, race, and other information
Loan servicing (MIP collections/refunds and debt servicing for defaulted loans
assigned to HUD)
Loan default tracking
Issuing mortgage and loan insurance
X Other (specify): Housing Counseling program performance
Comment:
Rental Housing Assistance:
X Eligibility for rental assistance or other HUD program benefits
Characteristics on those receiving rental assistance (for example, race/ethnicity, # of
children, age)
Property inspections
Other (specify):
Comment:
Grants:
X
X
Grant application scoring and selection – if any personal information on the grantee
is included
Disbursement of funds to grantees – if any personal information is included
Other (specify): Agency information only, no personal/client information
Comment:
Fair Housing:
Housing discrimination complaints and resulting case files
Other (specify):
11
�Comment:
Internal operations:
Employee payroll or personnel records
Payment for employee travel expenses
Payment for services or products (to contractors) – if any personal information on
the payee is included
Computer security files – with personal information in the database, collected in
order to grant user IDs
Other (specify):
Comment:
Other lines of business (specify uses):
X HCS is a management tool used to research/analysis the impact of housing
counseling programs.
Question 5: Will you share the information with others? (e.g., another agency for a
programmatic purpose or outside the government)?
Mark any that apply:
Federal agencies?
State, local, or tribal governments?
Public Housing Agencies (PHAs) or Section 8 property owners/agents?
X FHA-approved lenders?
Credit bureaus (review/retrieve information only)
Local and national organizations?
Non-profits?
Faith-based organizations?
Builders/ developers?
X Others? (specify): To HUD-approved counseling agencies for the purpose of
providing supportive counseling services, and other program who provide supportive
services. To other HUD system to verify mortgage eligibility.
Comment:
Question 6: Can individuals “opt-out” by declining to provide personal information or by
consenting only to particular use (e.g., allowing their financial information to be used for
basic rent eligibility determination, but for not for sharing with other government
agencies)?
X
Yes, they can “opt-out” by declining to provide private information or by consenting
only to particular use
12
�No, they can’t “opt-out” – all personal information is required
Comment:
If Yes, please explain the issues and circumstances of being able to opt-out (either for specific
data elements or specific uses of the data): Individual preferences.
Question 7: How will the privacy of the information be protected/ secured? What are the
administrative and technological controls?
Mark any that apply and give details if requested:
X
System users must log-in with a password
Agency POC, HUD GTR, other associated government officials are required to use
SSNs and Mother’s Maiden Name to sign into the system for the first time. This
data is maintained in the database but never displayed. Afterwards the user is
permitted to personalize their password.
X
When an employee leaves:
• How soon is the user ID terminated? (1 day, 1 week, 1 month, unknown)?
The F11/HCS Security Administrator terminates user IDs by HUD’s termination
procedures. Access is deleted from the F11/HCS servers within one (1) day and
upon notification by supervisor and/or manager access is deleted/de-activated form.
• How do you know that the former employee no longer has access to your
system? (explain your procedures or describe your plan to improve):
Once removed by the F11/HCS Security Administrator, access is denied from the
F11/HCS system. User account information is deleted and deactivated. Every quarter
(4 times) per year, the F11/HCS Security Administrator contacts appropriate
managers and/or supervisors for each agency/program to recertify all employees
who are to have access to F11/HCS. Specifically, they certify that those employees
are still at the Agency, and it is still within their authorized duties to have system
access.
Are access rights selectively granted, depending on duties and need-to-know? If
Yes, specify the approximate # of authorized users who have either:
• Full access rights to all data in the system: 7
• Limited/restricted access rights to only selected data: 3522
Are disks, tapes, and printouts that contain personal information locked in cabinets
when not in use? (explain your procedures, or describe your plan to improve): Yes,
records are maintained in confidential files with access limited to those whose
official duties require access.
X
X
X
If data from your system is shared with another system or data warehouse, who is
responsible for protecting the privacy of data that came from your system but now
resides in another? Explain the existing privacy protections, or your plans to
improve: Data on HECM counseling services are inputted into CHUMS and on
HUD’s web site listing participating agencies.
13
�X
Other methods of protecting privacy (specify):
Comment: No sensitive data is shared with any other organization.
Question 8: If privacy information is involved, by what data elements is it retrieved?
Mark any that apply:
X
X
X
Name:
Social Security Number (SSN)
Identification number (specify type): Case Numbers
Birth date
Race/ ethnicity
Marital status
Spouse name
Home address
Home telephone
Personal e-mail address
Other (specify):
None
Comment: Client Property Address
Other Comments (or details on any Question above):
SECTION 3: DETERMINATION BY HUD PRIVACY ADVOCATE
The appropriate security safeguards are in place to protect the confidentiality and restrict access
to the personal information collected.
14
�
| File Type | application/pdf |
| File Title | PRELIMINARY PRIVACY IMPACT ASSESSMENT |
| Author | Jeanette Smith |
| File Modified | 2008-09-10 |
| File Created | 2008-09-10 |