Signed Privacy Impact Assessment (PIA) Form

PRIVACY IMPACT ASSESSMENT (PIA)
Prescribing Authority: Public Law 107-347, Section 208(b). Complete this form for Department of Housing
and Urban Development (HUD) information systems or electronic collections (referred to as "electronic
collections" for the purpose of this form) of information that collect, maintain, use, and / or disseminate
personally identifiable information (PII) about members of the public, Federal employees, and contractors. In the
case where no PII is collected, the PIA will serve as a conclusive determination that privacy requirements do not
apply to the system. Please be sure to use plain language and be as concise as possible.
For further information and instructions on how to fill out the PIA, please see the PIA Reference Guide.
HUD’s PIAs describe: (1) the legal authority that permits the collection of information; (2) the specific type of
information used by the system; (3) how and why the system uses the information; (4) whether the system
provides notice to individuals that their information is used by the system; (5) the length of time the system
retains information; (6) whether and with whom the system disseminates information; (7) procedures individuals
may use to access or amend information used by the system; and (8) physical, technical, and administrative
safeguards applied to the system to secure the information.

1. HUD INFORMATION SYSTEM: OMB 2502-0573, Housing Counseling Program – Application for
2. HUD DIVISON NAME:

Approval as a Housing Counseling Agency - SharePoint
Office of Housing Counseling, Office of Outreach and Capacity Building

3. CSAM ID:

Not Applicable ICR is not fully automated

Section 1: PII Description Summary (For Public Release)

a. The PII is: (Check all that apply)
✔ From members of the general public

From Federal employees and / or Federal contractors
From vendors

From a third-party source
Not Collected (Please proceed to Section 4)
Other (Please specify in the box below)

b. The PII is in a / an: (Check one)
New HUD information system
Existing HUD information system
Significantly modified HUD information system
(if selected, please describe the modification in
the box below)

New collection
✔ Existing collection

c. Describe the purpose of this HUD information system or project, including the types of personal
information collected in the system.
HUD uses information collected by Housing Counseling Program – Application for Approval as a Housing
Counseling Agency to evaluate whether applying organizations meet minimum requirements to participate in the
Housing Counseling Program. The information is initially collected and stored to SharePoint during the initial
screening to determine eligibility to participate in the program. After an agency is approved, the information tis
then used to build the agency's program profiles in the Housing Counseling System (HCS). Prior to this, the
organization's
not /stored
in HCS
until
the agency
approved
HUD.
d. Why
is the PIIinformation
collectedisand
or what
is the
intended
usehas
of been
the PII?
(e.g. by
verification,
identification,

authentication,
data matching, mission-related use, administrative use)
The personal information collected only includes the employment status, history, or information (e.g., title, position)
full name,
ssn, tax ID
for the of
agency
and agency
point of contacts
such as
theallprogram
The
PII is collected
fornumber
the purposes
verification
and identification
of an entity,
and
housingmanager
program and
executive director
full names,
work address.
associated
individuals
for administrative
and mission-related use.
There are two ways to participate in HUD's Housing Counseling Program. Organizations may apply directly to HUD 1
as one of the following: a Local Housing Counseling Agency (LHCA), an Intermediary (regional or national), a
multi-state organization (MSO), or as a state housing finance agency (SHFA). LHCAs may participate in the HUD
housing counseling program by participating through a HUD-approved Intermediary or State Housing Finance
Agency’s network. SHFA’s may also request to participate in the program, however they must still provide the

e. Do individuals have the opportunity to object to the collection of their PII?
If “Yes,” describe the method by which individuals can object to the PII collection.
If “No,” state the reason why individuals cannot object to the PII collection.

✔

Yes

No

The privacy statement on the form states that the information is provided on a voluntary basis. Per the Privacy Act
Statement individuals are given the opportunity to object.

f. Do individuals have the opportunity to consent to the specific uses of their PII?

✔

Yes

No

If “Yes,” describe the method by which individuals can give or withhold their consent.
If “No,” state the reason why individuals cannot give or withhold their consent.
Individuals are given the opportunity to object.

g. When an individual is asked to provide PII, a Privacy Act Statement (PAS) and / or a Privacy
Advisory must be provided. (Check as appropriate and provide the actual wording)
☐ Privacy Act Statement
☐
☐ Not Applicable
✔ Privacy Advisory
Disclosure: Under the Privacy Act, the information may be disclosed outside HUD without your consent for purposes
such as census activities and statistical research. The information will not be disclosed outside HUD without your
consent except to civil, criminal, or regulatory investigations or prosecutions, or to a Member of Congress or a
h. With
whom will
theinPII
be shared
within
HUD
Division
congressional
office
response
to anthrough
inquiry. data
All theexchange,
informationboth
requested
onyour
the form
HUD-9900
is and
voluntary.
The information
is required
to evaluate
new
applicants against Housing Counseling Program eligibility requirements
outside
your Division?
(Check
all that
apply)
only. If the information is not provided, the agency may not be considered for approval into HUD’s Housing
Counseling
application
is designed to be completed
byofapplicants
who are seeking approval to be a
Office
Housing Counseling
✔ WithinProgram.
☐
the HUD This
Office
/ Division
HUD-Approved Housing Counseling Agency. As of August 1, 2021, housing counseling required by or provided in
connection
HUD
programs
must only be provided by HUD certified housing counselors working for participating
☐ Other with
HUD
Office(s)
/ Division(s)
agencies approved to provide such housing counseling by HUD’s Office of Housing Counseling.

☐ Other federal agencies
☐ State & local agencies

☐ Contractors (Include name of contractor and
describe the language in the contract that safeguards
PII in the box below.)
☐ Other

i. Source(s) of the PII collected is / are: (Check all that apply & list all information systems if applicable)
☐ Databases
✔ Individuals
☐
☐ Publicly available data (e.g., obtained from
☐ Existing HUD information systems
☐ Other Federal information systems

internet, news feeds, court records)

The Information on the names are supplied manually by completion of the approved form.

j. How will the information be collected? (Check all that apply & list all Official Form Numbers if applicable)
☐ Email
✔

☐ Face-to-face contact
☐ Fax
☐ Information sharing /system-to-system
✔
☐ Official form

☐ Telephone interview
☐ Website / e-form
☐ Paper
☐ Other (if selected, enter information in the box )

form HUD-9900.

2

k. Does this HUD information system or project require a Privacy Act System of Records Notice (SORN)?
A SORN is required if the information system or project contains information about U.S. citizens or lawful
permanent U.S. residents that is retrieved by name of another unique identifier. PIA and Privacy Act SORN
information must be consistent.
Yes

✔

No

If “Yes,” enter SORN System Identifier:
If a SORN has not yet been published in the Federal Register, enter date of submission for approval.
If "No," explain why the SORN is not required.
Information is not retrieved by name or another unique identifier.

l. What is the National Archive and Records Administration (NARA) approved, pending, or general
records schedule (GRS) disposition authority for the system or for the records maintained in the system?
(Please consult Office of Records Management to assure that the following information is accurate)
(1) NARA Job Number or GRS Authority: GRS 1.2, item 10 DAA-GRS-2013-0008-0007; Appendix 17, item 20
(2) If pending, provide the date the SF-115 was submitted to NARA: NA
(3) Retention instructions:
Destroy 3 years after final action is taken on the file but longer retention is authorized if required for business use.
Cut off at end of calendar year in which financial assistance award case is closed out. Destroy when no longer needed
for reference or six years after cutoff, whichever is sooner, but longer retention is authorized if required for business use

m. What is the authority to collect information? A Federal law or Executive Order must authorize the
collection and maintenance of a system of records. For PII not collected or maintained in a system of
records, the collection or maintenance of the PII must be necessary to discharge the requirements of a statue
or Executive Order.
HUD has the authority to collect the social security number pursuant to the Housing Community Development Act of
1987 42 U.S.C 3543(a). The Office of Housing Counseling is responsible for administration of the Department’s Housing
Counseling Program, authorized by Section 106 of the Housing and Urban Development Act of 1968 (12 U.S.C. 1701w
and 1701x). New Certification Requirements Final Rule released December 14, 2016. Section 106 of the Housing and
Urban Development Act of 1968 (12 U.S.C. 1701x) (Section 106) was amended by Subtitle D of title XIV of the
Dodd-Frank Wall Street Reform and Consumer Protection Act (Pub. L. 111–203, 124 Stat. 1376, approved July 21,
2010).

n. Does this information system or project have an active and approved Office of Management and
Budget (OMB) Control Number?
This number indicates OMB approval to collect data from 10 or more members of the public in a 12-month
period regardless of form or format.
Yes No Pending
If “Yes,” list all applicable OMB Control Numbers, collection titles, and expiration dates.
If “No,” explain why OMB approval is not required in accordance with proper HUD authority.
If “Pending,” provide the date for the 60 and / or 30 day notice and the Federal Register citation.
✔

OMB 2502-0573, Housing Counseling Program – Application for Approval as a Housing Counseling Agency, expiration
date 01/31/2021.

3

Section 2: PII Risk Review
a. What PII will be collected or maintained on the information system or project: (Check all that apply)
☐ Age
☐ Alias
☐ Audio Recordings
☐ Biometrical Identifiers (e.g.,
fingerpri nt(s), iris image)
☐ Certificates (e.g., birth, death,
marriage)
☐ Citizenship(s)
☐ Credit Card Number
☐ Criminal records information
☐ Date of Birth
☐ Device identifiers (e.g., mobile
devices)
☐ Drivers’ License / State ID
Number
☐ Education Records
☐ Email Address(es)
☐ Employee Identification
Number

✔
☐ Employment

Status, History, or
Information (e.g., title, position)
☐ Fax Number
☐ Financial Information (e.g.,
credit report, account number)
☐ Foreign activities
✔
☐ Full Name
☐ Gender
☐ Geolocation Information
☐ Home Address
☐ Internet Cookie Containing PII
☐ Investigation Report or Database
☐ IP / MAC Address
☐ Legal Documents, Records
☐ Marital Status
☐ Military status or other
information
☐ Mother’s Maiden Name
☐ Passport Information

☐ Phone Number(s)
☐ Photographic Identifiers (e.g.,
photograph, video, x-ray)
☐ Place of Birth
☐ Protected Health Information
(PHI)
☐ Race / Ethnicity
☐ Religion
☐ Salary
☐ Sex
✔
☐ Social Security Number
(SSN) (Full or in a ny form)
✔
☐ Taxpayer ID
☐ User ID
☐ Vehicle Identifiers (e.g.,
license plate)
☐ Web uniform resource
locator(s)
✔
☐ Work Address
☐ Other (if selected, please
enter the information below)

b. If the SSN is collected, please list the proper HUD authority to do so.
HUD has the authority to collect the social security number pursuant to the Housing Community Development
Act of 1987 42 U.S.C 3543(a).

4

Section 3: PII Security Measures
a. How will the PII be secured? (Include any physical, administrative, technical controls, and other
controls place)
(1) Physical Controls. (Check all that apply)
Cipher locks
Combination locks
✔ Key cards
✔ Security Guards

Closed Circuit TV
✔ Identification badges
Safes
If Other, enter the information in the box below

(2) Administrative Controls. (Check all that apply)
Backups Secured Off-Site
Periodic Security Audits
Encryption of Backups
✔ Regular Monitoring of Users' Security Practices
✔ Methods to Ensure Only Authorized
If Other, enter the information in the box below
Personnel Access to PII
Submitted by email through encryption.

(3) Technical Controls (Check all that apply)
Biometrics
✔ Encryption of Data at Rest

Firewall
✔ Role-Based Access Controls
✔ Virtual Private Network (VPN)
✔ Encryption of Data in Transit
Used Only for Privileged (Elevated Roles)

Public Key Infrastructure Certificates
External Certificate Authority Certificates
✔ Least Privilege Access
✔ User Identification and Password
✔ PIV Card
Intrusion Detection System (IDS)
If Other, enter the information in the box below

b. What additional measures / safeguards have been put in place to address privacy risks for
this information system or electronic collection?

c. Where is PII stored associated with the system? (Check all that apply)
✔ In hard copy documents
☐
☐ On a centralized HUD server
☐ Other (Please specify in the box below)
☐ On individual HUD laptops
☐ In e-mails
Please specify selection(s) made.
All files are down-loaded to SharePoint. If emailed, uploaded into SharePoint and emails are deleted. D100 – HUD
SharePoint Server, D11O - MS Office 365 Email Server, Hard copy records are stored in locked file cabinet, only if
applicable.

Indicate the assessment and authorization status:
✔ Authorization to Operate (ATO)

Date Granted:
Date Granted:
ATO with Conditions
Denial of Authorization to Operate (DATO) Interim Date Granted:
Date Granted:
Authorization to Test (ATT)

5

Section 4: Review and Approval Signatures
Completion of the PIA requires coordination by the System Manager, Information System Security Officer, Privacy Liaison Officer, Record Liaison Officer and HUD
Records Officer BEFORE it is sent to the HUD Privacy Office. HUD Privacy will review/forward to Senior Agency Official for Privacy for review/signature.

System Manager:
Name: Rhonda J. Rivera
Digitally signed by: rhonda.j.

rhonda.j.
[email protected]
DN: CN = [email protected]
[email protected] Date: 2020.09.23 08:30:47 -07'00'

Signature: _____________________

Information System Security Officer:
Name: Dan Szparaga
Digitally signed by
DANIEL
DANIEL SZPARAGA
Date: 2020.09.23
SZPARAGA
15:52:16 -04'00'
Signature: _____________________

Records Management Liaison Officer:
Name: Isaac Livingston

Signature:

Digitally signed by: ISAAC LIVINGSTON
DN: CN = ISAAC LIVINGSTON C = US O
= U.S. Government OU = Department of
Housing and Urban Development, Office
of Housing
Date: 2020.09.24 10:15:31 -04'00'

ISAAC
LIVINGSTON
___________________

Privacy Liaison Officer:
Name: Nadine Smith
Digitally signed by
Nadine
Nadine Smith
Date: 2020.09.23
Smith
Signature: _____________________
11:42:50 -04'00'

HUD Records Officer:
Name: Marcus Smallwood
marcus.r.
[email protected]

Digitally signed by: marcus.r.
[email protected]
DN: CN = marcus.r.
[email protected]
Date: 2020.09.25 13:36:56 -04'00'

Signature: _____________________

HUD Chief Privacy Officer:
Name: LaDonne White

Signature: _____________________

Senior Agency Official for Privacy or Designee:
Name: John Bravacos

Signature: _____________________
PIA NUMBER:
PIA APPROVAL DATE
Once completed, only Section 1 of this PIA will be published to HUD's public website.

6