Pta

ESG Recordkeeping PTA 9-11-2019.docx

EMERGENCY SOLUTIONS GRANT DATA COLLECTION

PTA

OMB: 2506-0089

Document [docx]
Download: docx | pdf


U.S. DEPARTMENT OF

HOUSING AND URBAN DEVELOPMENT






PRIVACY THRESHOLD ANALYSIS (PTA)


ESG Recordkeeping

Office of Special Needs Assistance Programs





June 25, 2019


PRIVACY THRESHOLD ANALYSIS (PTA)


The PTA is a compliance form developed by the Privacy Branch to identify the use of Personally Identifiable Information (PII) across the Department. The PTA is the first step in the PII verification process, which focuses on these areas of inquiry:

  • Purpose for the information,

  • Type of information,

  • Sensitivity of the information,

  • Use of the information,

  • And the risk to the information.

Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under the E-Government Act of 2002 or a System of Record Notice (SORN) is required under the Privacy Act of 1974, as amended.

Please complete this form and send it to your program Privacy Liaison Officer (PLO). If you have no program Privacy Liaison Officer, please send the PTA to the HUD Privacy Branch:


Marcus Smallwood, Acting, Chief Privacy Officer

Privacy Branch

U.S. Department of Housing and Urban Development



[email protected]


Upon receipt from your program PLO, the HUD Privacy Branch will review this form. If a PIA or SORN is required, the HUD Privacy Branch will send you a copy of the PIA and SORN templates to complete and return.

PRIVACY THRESHOLD ANALYSIS (PTA)



Summary Information

Project or Program Name:

ESG Recordkeeping

Program:

CSAM Name (if applicable):

Click here to enter text.

CSAM Number (if applicable):

Click here to enter text.

Type of Project or Program:

Project or program status:

Date first developed:

July 12, 2012

Pilot launch date:

Click here to enter a date.

Date of last PTA update:

October 31, 2016

Pilot end date:

Click here to enter a date.

ATO Status (if applicable)

ATO expiration date (if applicable):

Click here to enter a date.



PROJECT OR PROGRAM MANAGER

Name:

Marlisa Grogan

Office:

Office of Special Needs Assistance Programs

Title:

Click here to enter text.

Phone:

6036667510 EXT 3049

Email:

[email protected]



INFORMATION SYSTEM SECURITY OFFICER (ISSO) (if applicable)

Name:

Click here to enter text.

Phone:

Click here to enter text.

Email:

Click here to enter text.






Specific PTA Questions

1. Reason for submitting the PTA:

On May 20, 2009, Congress passed the Homeless Emergency Assistance and Rapid Transition to Housing Act of 2009 (HEARTH Act). The HEARTH Act revises the Emergency Shelter Grants program and renames the program the Emergency Solutions Grants (ESG) program. The change in the program’s name reflects the change in the program’s focus from addressing the needs of homeless people in emergency or transitional shelters to assisting people in quickly regaining stability in permanent housing after experiencing a housing crisis and/or homelessness. The key changes that reflect this new emphasis are the expansion of the homelessness prevention component of the program and the addition of new rapid re-housing assistance components.

The statutory provisions and the implementing interim regulations found at 24 CFR 576 that govern the program require recordkeeping requirements first captured in the 6 month clearance package approved in June 2012.

The Emergency Solutions Grants program places an increased emphasis on targeted and coordinated use of local resources. The implementing interim regulations require that ESG recipients consult with local Continuums of Care within their geographic areas (§ 576.400(a)) and requires recipients and subrecipients to coordinate ESG assistance to program participants with other targeted homeless services (§ 576.400(b)) and other mainstream resources available within the community (§ 576.400(c)).

All persons who receive ESG assistance must have an initial evaluation and periodic re-evaluations (every three months for homelessness prevention assistance and annually for rapid re-housing assistance) to ensure that they meet HUD’s eligibility criteria (§ 576.401(a) and (b)). The implementing regulations for the ESG program also require recipients to develop written standards to determine, among other things, the amount and type of assistance each eligible individual or family may receive when they present for assistance (§ 576.400(d)).

Once an individual or family becomes a program participant, the ESG recipient or subrecipient must connect the program participant to other mainstream resources to help the individual or family obtain and maintain housing stability (§ 576.401(d)), develop a housing retention plan (§ 576.401(e)), and ensure that the individual or family is residing in a unit or shelter that meets habitability standards (§ 576.401(d)).

The recipient must establish termination of assistance procedures and must follow them before terminating assistance to any program participant receiving ESG assistance (§ 576.402).

To ensure that programs carried out with ESG funds meet the needs of homeless persons and persons at risk of homelessness within the geographic area, ESG recipients and subrecipients, not including States, must have a homeless or formerly homeless person serve on the board or other decision making body (§ 576.405).

The recipient and subrecipient must keep records verifying that all of the program requirements have been met (§ 576.500) and ensure that these records are maintained in a secure and confidential manner. Recipients must monitor subrecipients to ensure that program requirements are being met and take sanctions against subrecipients if the requirements are not being met (§ 576.501(c)).

Due to the repeal of Section 443 of the McKinney-Vento Homeless Assistance Act, ESG recipients initially had to follow the environmental review procedures under 24 CFR part 50, which assigns HUD all environmental review responsibilities. However, the President signed into law H.R. 4348 on July 6, 2012, which corrects certain provisions of the HEARTH Act, including the requirement that ESG recipients follow 24 CFR part 50. As a result, recipients and subrecipients assume environmental review responsibilities under 24 CFR part 58. This does not affect the burden hours calculation, as neither part 50 nor part 58 are under the purview of the regulations that govern this program. As a result of this and further clarification, however, we have removed the Environmental Review form from the collection package.





  1. Does this system employ the following technologies?

If you are using these technologies and want coverage under the respective PIA for that technology, please stop here and contact the HUD Privacy Branch for further guidance.

Social Media

Web portal2 (e.g., SharePoint)

Contact Lists

Public website (e.g. A website operated by HUD, contractor, or other organization on behalf of the HUD

None of these


  1. From whom does the Project or Program collect, maintain, use, or disseminate information?

Please check all that apply.

This program collects no personally identifiable information3

Members of the public

HUD employees/contractors (list programs):

Contractors working on behalf of HUD

Employees of other federal agencies

Other (e.g. business entity)



  1. What specific information about individuals is collected, generated or retained?


HUD requires recipients of ESG funds to carry out certain program requirements and maintain records that the program requirements were carried out. HUD Field Offices, HUD Headquarters, and ESG recipients use this information to track compliance with the statutory and regulatory provisions. If HUD identifies that the recipient has not been meeting the requirements of this program, it may take the remedial actions set forth in § 576.501(b).



§ 576.500(w) of the interim ESG regulations states that recipients and subrecipient must develop and implement procedures to ensure that all records containing personally identifying information will be kept secure and confidential; the address or location of any domestic violence, dating violence, sexual assault, or stalking shelter project will not be made public, except with written authorization of the person responsible for the operation of shelter; and the address or location of any housing of a program participant will not be made public, except as provided under a preexisting privacy policy of the recipient or subrecipient and consistent with state and local laws regarding privacy and obligations of confidentiality.



Recordkeeping information is not centralized, nor is the data stored in systems that can be accessed by the program office or Department. Each grant recipient maintains its own records and must produce information only in the event of an monitoring request as appropriate to determine regulatory compliance. No personally identified information is captured in any federal system, nor is it shared in any way with the program office.


4(a) Does the project, program, or system retrieve information from the system about a U.S. Citizen or lawfully admitted permanent resident aliens by a personal identifier?

No. Please continue to next question.

Yes. If yes, please list all personal identifiers used:


4(b) Does the project, program, or system have an existing System of Records Notice (SORN) that has already been published in the Federal Register that covers the information collected?

No. Please continue to next question.

Yes. If yes, provide the system name and number, and the Federal Register

citation(s) for the most recent complete notice and any subsequent notices

reflecting amendment to the system


4(c)Has the project, program, or system undergone any significant changes since the SORN?

No. Please continue to next question.

Yes. If yes, please describe.


4(d) Does the project, program, or system use Social Security Numbers (SSN)?

No.

Yes.


4(e) If yes, please provide the specific legal authority and purpose for the collection of SSNs:

Click here to enter text.


4(f) If yes, please describe the uses of the SSNs within the project, program, or system:

Click here to enter text.


4(g) If this project, program, or system is an information technology/system, does it relate solely to infrastructure?


For example, is the system a Local Area Network (LAN) or Wide Area Network (WAN)?

No. Please continue to next question.

Yes. If a log kept of communication traffic, please answer this question.


4(h) If header or payload data4 is stored in the communication traffic log, please detail the data elements stored.

Click here to enter text.



  1. Does this project, program, or system connect, receive, or share PII with any other HUD programs or systems?


No.

Yes. If yes, please list:

Click here to enter text.

  1. Does this project, program, or system connect, receive, or share PII with any external (non-HUD) partners or systems?


No.

Yes. If yes, please list:

Click here to enter text.

6(a) Is this external sharing pursuant to new or existing information sharing access agreement (MOU, MOA, etc.)?


Please describe applicable information sharing governance in place:

7. Does the project, program, or system provide role-based training for personnel who have access in addition to annual privacy training required of all HUD personnel?

No.

Yes. If yes, please list:

  1. Per NIST SP 800-53 Rev. 4, Appendix J, does the project, program, or system maintain an accounting of disclosures of PII to individuals/agencies who have requested access to their PII?

No. What steps will be taken to develop and maintain the accounting: This PRA does not share PII with anyone.

Yes. In what format is the accounting maintained:

  1. Is there a FIPS 199 determination?5

Unknown.

No.

Yes. Please indicate the determinations for each of the following:

Confidentiality:

Low Moderate High



Integrity:

Low Moderate High



Availability:

Low Moderate High






PRIVACY THRESHOLD ANALYSIS REVIEW

(To be Completed by PROGRAM PLO)

Program Privacy Liaison Reviewer:

Click here to enter text.


Date submitted to Program Privacy Office:

Click here to enter a date.


Date submitted to HUD Privacy Branch:

Click here to enter a date.


Program Privacy Liaison Officer Recommendation:

Please include recommendation below, including what new privacy compliance documentation is needed.

Click here to enter text.

(To be Completed by the HUD Privacy Branch)

HUD Privacy Branch Reviewer:

Click here to enter text.

Date approved by HUD Privacy Branch:

Click here to enter a date.

PTA Expiration Date:

Click here to enter a date.

DESIGNATION

Privacy Sensitive System:

If “no” PTA adjudication is complete.


Category of System:

If “other” is selected, please describe: Click here to enter text.


Determination: PTA sufficient at this time.

Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
HUD Policy for Computer-Readable Extracts Containing Sensitive PII applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.
Paperwork Reduction Act (PRA) Clearance may be required. Contact your program PRA Officer.
A Records Schedule may be required. Contact your program Records Officer.


PIA:

If covered by existing PIA, please list: Click here to enter text.


SORN:

If covered by existing SORN, please list: Click here to enter text.


HUD Privacy Branch Comments:

Please describe rationale for privacy compliance determination above.

Click here to enter text.



DOCUMENT ENDORSMENT



DATE REVIEWED:

PRIVACY REVIEWING OFFICIALS NAME:



By signing below, you attest that the content captured in this document is accurate and complete and meet the requirements of applicable federal regulations and HUD internal policies.






SYSTEM OWNER

<< INSERT NAME/TITLE>>


Date

<<INSERT PROGRAM OFFICE>>














CHIEF PRIVACY OFFICER

<<INSERT NAME/TITLE>>


Date

OFFICE OF ADMINISTRATION









2 Informational and collaboration-based portals in operation at HUD and its programs that collect, use, maintain, and share limited personally identifiable information (PII) about individuals who are “members” of the portal or “potential members” who seek to gain access to the portal.

3 HUD defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual, regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the same.

4 Header: Information that is placed before the actual data. The header normally contains a small number of bytes of control information, which is used to communicate important facts about the data that the message contains and how it is to be interpreted and used. It serves as the communication and control link between protocol elements on different devices.

Payload data: The actual data to be transmitted, often called the payload of the message (metaphorically borrowing a term from the space industry!) Most messages contain some data of one form or another, but some actually contain none: they are used only for control and communication purposes. For example, these may be used to set up or terminate a logical connection before data is sent.

5 FIPS 199 is the Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal Information and Information Systems and is used to establish security categories of information systems.



File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File TitleDHS PRIVACY OFFICE
Authormarilyn.powell
File Modified0000-00-00
File Created2021-01-15
© 2024 OMB.report | Privacy Policy