Privacy Threshold Analysis (PTA)

Privacy Threshold Analysis - PTA.docx

Voucher Management System (VMS) Section 8 Budget and Financial Form

Privacy Threshold Analysis (PTA)

OMB: 2577-0282

⚠️ Notice: This form may be outdated. More recent filings and information on OMB 2577-0282 can be found here:

2023-05-11 - No material or nonsubstantive change to a currently approved collection

Document [docx]

Download: docx | pdf

U.S. DEPARTMENT OF

HOUSING AND URBAN DEVELOPMENT

PRIVACY THRESHOLD ANALYSIS (PTA)

Voucher Management System

Office of Public Housing, Financial Management Center

January 23, 2018

PRIVACY THRESHOLD ANALYSIS (PTA)

The PTA is a compliance form developed by the Privacy Branch to identify the use of Personally Identifiable Information (PII) across the Department. The PTA is the first step in the PII verification process, which focuses on these areas of inquiry:

Purpose for the information,
Type of information,
Sensitivity of the information,
Use of the information,
And the risk to the information.

Please use the attached form to determine whether a Privacy and Civil Liberties Impact Assessment (PCLIA) is required under the E-Government Act of 2002 or a System of Record Notice (SORN) is required under the Privacy Act of 1974, as amended.

Please complete this form and send it to your program Privacy Liaison Officer (PLO). If you have no program Privacy Liaison Officer, please send the PTA to the HUD Privacy Branch:

John Bravacos, Acting, Chief Privacy Officer

Privacy Branch

U.S. Department of Housing and Urban Development

[email protected]

Upon receipt from your program PLO, the HUD Privacy Branch will review this form. If a PCLIA or SORN is required, the HUD Privacy Branch will send you a copy of the PCLIA and SORN templates to complete and return.

PRIVACY THRESHOLD ANALYSIS (PTA)

Summary Information

Project or Program Name:	Voucher Management System
Program:
CSAM Name (if applicable):	VMS	CSAM Number (if applicable):	1005
Type of Project or Program:		Project or program status:
Date first developed:	June 5, 2004	Pilot launch date:	n/a
Date of last PTA update:	n/a	Pilot end date:	n/a
ATO Status (if applicable)		ATO expiration date (if applicable):	April 16, 2018

PROJECT OR PROGRAM MANAGER

Name:	Robert Boepple
Office:	PIH – FMC	Title:	Director, FMC
Phone:	816-426-6199	Email:	[email protected]

INFORMATION SYSTEM SECURITY OFFICER (ISSO) (if applicable)

Name:	Dallas Blair
Phone:	202-475-8699	Email:	[email protected]

Specific PTA Questions

1. Reason for submitting the PTA:

Please provide a general description of the project and its purpose so a non-technical person could understand. If this is an updated PTA, please describe what changes and/or upgrades triggering the update to this PTA. If this is a renewal please state whether there were any changes to the project, program, or system since the last version.

PIH-REAC provides HUD with accurate, credible, and reliable information assessing the condition of HUD's housing portfolio. PIH-REAC technology is based on an Internet database of comprehensive and objective information drawn from existing government systems and from an on-going program of property inspections, analysis of financial and management reports, and resident surveys.

To assist PIH-REAC and its partners, VMS system facilitates an electronic monthly submission of program data by the PHAs. This data is accessible by users in PIH, FMC, FMD, Field Offices (FOs), and Headquarters (HQ). PHAs enter their lease and expense data using the web-based VMS system. The system allows users the ability to generate and print quarterly reports that assist them with budgeting and funding activities.

VMS is an online web-based system. Data is entered online via the Internet (http://www.hud.gov) and stored in a REACS Oracle database. Authorized users (internal and external) sign onto the system via the Internet, going through the firewall and the Web Access Security System (WASS), which uses Webauthority to validate the User ID and Password, and then enter data. Permissions are granted using the role and action codes associated with the User ID and Password.

2 Informational and collaboration-based portals in operation at HUD and its programs that collect, use, maintain, and share limited personally identifiable information (PII) about individuals who are “members” of the portal or “potential members” who seek to gain access to the portal.

3 HUD defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual, regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the same.

4 Header: Information that is placed before the actual data. The header normally contains a small number of bytes of control information, which is used to communicate important facts about the data that the message contains and how it is to be interpreted and used. It serves as the communication and control link between protocol elements on different devices.

Payload data: The actual data to be transmitted, often called the payload of the message (metaphorically borrowing a term from the space industry!) Most messages contain some data of one form or another, but some actually contain none: they are used only for control and communication purposes. For example, these may be used to set up or terminate a logical connection before data is sent.

5 FIPS 199 is the Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal Information and Information Systems and is used to establish security categories of information systems.

United States Department of Housing and Urban Development

December 23, 2021

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
Author	Groomes, Brittani J
File Modified	0000-00-00
File Created	2021-12-23

What specific information about individuals is collected, generated or retained?
No PII is collected. This system's primary purpose is to monitor and manage Public Housing Agency (PHA) use of vouchers. VMS collects PHA data that enables HUD to fund, obligate, and disburse funding in a timely manner based on actual PHA use. The information collected are number counts or totals for the various categories of vouchers. Housing Directors report on the number of each voucher that they have issued and for how long it was utilized during the 90 day reporting cycle.
4(a) Does the project, program, or system retrieve information from the system about a U.S. Citizen or lawfully admitted permanent resident aliens by a personal identifier?	X No. Please continue to next question. Yes. If yes, please list all personal identifiers used:
4(b) Does the project, program, or system have an existing System of Records Notice (SORN) that has already been published in the Federal Register that covers the information collected?	X No. Please continue to next question. Yes. If yes, provide the system name and number, and the Federal Register citation(s) for the most recent complete notice and any subsequent notices reflecting amendment to the system
4(c)Has the project, program, or system undergone any significant changes since the SORN?	X No. Please continue to next question. Yes. If yes, please describe.
4(d) Does the project, program, or system use Social Security Numbers (SSN)?	X No. Yes.
4(e) If yes, please provide the specific legal authority and purpose for the collection of SSNs:	n/a
4(f) If yes, please describe the uses of the SSNs within the project, program, or system:	n/a
4(g) If this project, program, or system is an information technology/system, does it relate solely to infrastructure? For example, is the system a Local Area Network (LAN) or Wide Area Network (WAN)?	X No. Please continue to next question. Yes. If a log kept of communication traffic, please answer this question.
4(h) If header or payload data⁴ is stored in the communication traffic log, please detail the data elements stored.
n/a

Program Privacy Liaison Reviewer:
Date submitted to Program Privacy Office:	January 25, 2018
Date submitted to HUD Privacy Branch:	January 25, 2018
Program Privacy Liaison Officer Recommendation: Please include recommendation below, including what new privacy compliance documentation is needed.
Click here to enter text.

HUD Privacy Branch Reviewer:	Conique Key
Date approved by HUD Privacy Branch:	January 25, 2018
PTA Expiration Date:	Every 3 years

Privacy Sensitive System:		If “no” PTA adjudication is complete.
Category of System:		If “other” is selected, please describe: Click here to enter text.
Determination: PTA sufficient at this time. Privacy compliance documentation determination in progress. New information sharing arrangement is required. HUD Policy for Computer-Readable Extracts Containing Sensitive PII applies. Privacy Act Statement required. Privacy and Civil Liberties Impact Assessment (PCLIA) required. System of Records Notice (SORN) required. Paperwork Reduction Act (PRA) Clearance may be required. Contact your program PRA Officer. A Records Schedule may be required. Contact your program Records Officer.
PIA:	No PII is being collected
SORN:	Sorn is not required
HUD Privacy Branch Comments: Please describe rationale for privacy compliance determination above.
Click here to enter text.


		01/29/2018
SYSTEM OWNER Ted Taylor		Date
Office of Public and Indian Housing



CHIEF PRIVACY OFFICER John Bravacos		Date
OFFICE OF ADMINISTRATION