Signed Privacy Impact Assessment (PIA) Form

PRIVACY IMPACT ASSESSMENT (PIA)
Prescribing Authority: Public Law 107-347, Section 208(b). Complete this form for Department of Housing
and Urban Development (HUD) information systems or electronic collections (referred to as "electronic
collections" for the purpose of this form) of information that collect, maintain, use, and / or disseminate
personally identifiable information (PII) about members of the public, Federal employees, and contractors. In the
case where no PII is collected, the PIA will serve as a conclusive determination that privacy requirements do not
apply to the system. Please be sure to use plain language and be as concise as possible.
For further information and instructions on how to fill out the PIA, please see the PIA Reference Guide.
HUD’s PIAs describe: (1) the legal authority that permits the collection of information; (2) the specific type of
information used by the system; (3) how and why the system uses the information; (4) whether the system
provides notice to individuals that their information is used by the system; (5) the length of time the system
retains information; (6) whether and with whom the system disseminates information; (7) procedures individuals
may use to access or amend information used by the system; and (8) physical, technical, and administrative
safeguards applied to the system to secure the information.
OMB 2502-0574, "The Housing Counseling Program: Agency
1. HUD INFORMATION SYSTEM: Performance
Review (HUD-9910 form)

2. HUD DIVISON NAME:

Office of Housing Counseling / Office of Oversight and Accountability

3. CSAM ID:

CSAM Code 956

Section 1: PII Description Summary (For Public Release)

a. The PII is: (Check all that apply)
From members of the general public
From Federal employees and / or Federal contractors
From vendors

From a third-party source
✔ Not Collected (Please proceed to Section 4)

Other (Please specify in the box below)

b. The PII is in a / an: (Check one)
New HUD information system
Existing HUD information system
Significantly modified HUD information system
(if selected, please describe the modification in
the box below)

New collection
✔ Existing collection

c. Describe the purpose of this HUD information system or project, including the types of personal
information collected in the system.

d. Why is the PII collected and / or what is the intended use of the PII? (e.g. verification, identification,
authentication, data matching, mission-related use, administrative use)

1

e. Do individuals have the opportunity to object to the collection of their PII?
If “Yes,” describe the method by which individuals can object to the PII collection.
If “No,” state the reason why individuals cannot object to the PII collection.

Yes

No

f. Do individuals have the opportunity to consent to the specific uses of their PII?

Yes

No

If “Yes,” describe the method by which individuals can give or withhold their consent.
If “No,” state the reason why individuals cannot give or withhold their consent.

g. When an individual is asked to provide PII, a Privacy Act Statement (PAS) and / or a Privacy
Advisory must be provided. (Check as appropriate and provide the actual wording)
☐ Privacy Act Statement
☐ Privacy Advisory
☐ Not Applicable

h. With whom will the PII be shared through data exchange, both within your HUD Division and
outside your Division? (Check all that apply)
☐ Within the HUD Office / Division

☐ Other HUD Office(s) / Division(s)
☐ Other federal agencies
☐ State & local agencies

☐ Contractors (Include name of contractor and
describe the language in the contract that safeguards
PII in the box below.)
☐ Other

i. Source(s) of the PII collected is / are: (Check all that apply & list all information systems if applicable)
☐ Databases
☐ Individuals
☐ Publicly available data (e.g., obtained from
☐ Existing HUD information systems
☐ Other Federal information systems

internet, news feeds, court records)

j. How will the information be collected? (Check all that apply & list all Official Form Numbers if applicable)
☐ Email
☐ Face-to-face contact
☐ Fax
☐ Information sharing /system-to-system
☐ Official form

☐ Telephone interview
☐ Website / e-form
☐ Paper
☐ Other (if selected, enter information in the box )

2

k. Does this HUD information system or project require a Privacy Act System of Records Notice (SORN)?
A SORN is required if the information system or project contains information about U.S. citizens or lawful
permanent U.S. residents that is retrieved by name of another unique identifier. PIA and Privacy Act SORN
information must be consistent.
Yes

No

If “Yes,” enter SORN System Identifier:
If a SORN has not yet been published in the Federal Register, enter date of submission for approval.
If "No," explain why the SORN is not required.

l. What is the National Archive and Records Administration (NARA) approved, pending, or general
records schedule (GRS) disposition authority for the system or for the records maintained in the system?
(Please consult Office of Records Management to assure that the following information is accurate)
(1) NARA Job Number or GRS Authority: GRS 1.2, item 10 DAA-GRS-2013-0008-0007; Appendix 17, item 20
(2) If pending, provide the date the SF-115 was submitted to NARA: N/A
(3) Retention instructions:
Destroy 3 years after final action is taken on the file but longer retention is authorized if required for business use.
Cut off at end of calendar year in which financial assistance award case is closed out. Destroy when no longer needed
for reference or six years after cutoff, whichever is sooner, but longer retention is authorized if required for business use

m. What is the authority to collect information? A Federal law or Executive Order must authorize the
collection and maintenance of a system of records. For PII not collected or maintained in a system of
records, the collection or maintenance of the PII must be necessary to discharge the requirements of a statue
or Executive Order.

n. Does this information system or project have an active and approved Office of Management and
Budget (OMB) Control Number?
This number indicates OMB approval to collect data from 10 or more members of the public in a 12-month
period regardless of form or format.
Yes No Pending
If “Yes,” list all applicable OMB Control Numbers, collection titles, and expiration dates.
If “No,” explain why OMB approval is not required in accordance with proper HUD authority.
If “Pending,” provide the date for the 60 and / or 30 day notice and the Federal Register citation.

3

Section 2: PII Risk Review
a. What PII will be collected or maintained on the information system or project: (Check all that apply)
☐ Age
☐ Alias
☐ Audio Recordings
☐ Biometrical Identifiers (e.g.,
fingerpri nt(s), iris image)
☐ Certificates (e.g., birth, death,
marriage)
☐ Citizenship(s)
☐ Credit Card Number
☐ Criminal records information
☐ Date of Birth
☐ Device identifiers (e.g., mobile
devices)
☐ Drivers’ License / State ID
Number
☐ Education Records
☐ Email Address(es)
☐ Employee Identification
Number

☐ Employment Status, History, or
Information (e.g., title, position)
☐ Fax Number
☐ Financial Information (e.g.,
credit report, account number)
☐ Foreign activities
☐ Full Name
☐ Gender
☐ Geolocation Information
☐ Home Address
☐ Internet Cookie Containing PII
☐ Investigation Report or Database
☐ IP / MAC Address
☐ Legal Documents, Records
☐ Marital Status
☐ Military status or other
information
☐ Mother’s Maiden Name
☐ Passport Information

☐ Phone Number(s)
☐ Photographic Identifiers (e.g.,
photograph, video, x-ray)
☐ Place of Birth
☐ Protected Health Information
(PHI)
☐ Race / Ethnicity
☐ Religion
☐ Salary
☐ Sex
☐ Social Security Number
(SSN) (Full or in a ny form)
☐ Taxpayer ID
☐ User ID
☐ Vehicle Identifiers (e.g.,
license plate)
☐ Web uniform resource
locator(s)
☐ Work Address
☐ Other (if selected, please
enter the information below)

b. If the SSN is collected, please list the proper HUD authority to do so.

4

Section 3: PII Security Measures
a. How will the PII be secured? (Include any physical, administrative, technical controls, and other
controls place)
(1) Physical Controls. (Check all that apply)
Cipher locks
Combination locks
Key cards
Security Guards

Closed Circuit TV
Identification badges
Safes
If Other, enter the information in the box below

(2) Administrative Controls. (Check all that apply)
Backups Secured Off-Site
Periodic Security Audits
Encryption of Backups
Regular Monitoring of Users' Security Practices
Methods to Ensure Only Authorized
If Other, enter the information in the box below
Personnel Access to PII

(3) Technical Controls (Check all that apply)
Biometrics
Encryption of Data at Rest
Firewall
Role-Based Access Controls
Virtual Private Network (VPN)
Encryption of Data in Transit
Used Only for Privileged (Elevated Roles)

Public Key Infrastructure Certificates
External Certificate Authority Certificates
Least Privilege Access
User Identification and Password
PIV Card
Intrusion Detection System (IDS)
If Other, enter the information in the box below

b. What additional measures / safeguards have been put in place to address privacy risks for
this information system or electronic collection?

c. Where is PII stored associated with the system? (Check all that apply)
☐ In hard copy documents
☐ On a centralized HUD server
☐ Other (Please specify in the box below)
☐ On individual HUD laptops
☐ In e-mails
Please specify selection(s) made.

Indicate the assessment and authorization status:
Date Granted:
Authorization to Operate (ATO)
Date Granted:
ATO with Conditions
Denial of Authorization to Operate (DATO) Interim Date Granted:
Date Granted:
Authorization to Test (ATT)

5

Section 4: Review and Approval Signatures
Completion of the PIA requires coordination by the System Manager, Information System Security Officer, Privacy Liaison Officer, Record Liaison Officer and HUD
Records Officer BEFORE it is sent to the HUD Privacy Office. HUD Privacy will review/forward to Senior Agency Official for Privacy for review/signature.

System Manager:
Name: Colleen A. Weiser
signed by
Colleen A. Digitally
Colleen A. Weiser
Date: 2020.10.19
Weiser
09:01:36 -04'00'
Signature: _____________________

Information System Security Officer:
Name: Tracene Davis

Signature: _____________________

Records Management Liaison Officer:
Name: Isaac Livingston

Signature: ___________________

Privacy Liaison Officer:
Name: Dan Szparaga

Signature: _____________________

HUD Records Officer:
Name: Marcus Smallwood

Signature: _____________________

HUD Chief Privacy Officer:
Name: LaDonne White

Signature: _____________________

Senior Agency Official for Privacy or Designee:
Name:

Signature: _____________________
PIA NUMBER:
PIA APPROVAL DATE
Once completed, only Section 1 of this PIA will be published to HUD's public website.

6