Privacy Threshold Analysis (PTA)

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

PRIVACY THRESHOLD ANALYSIS (PTA)
This form serves as the official determination by the DHS Privacy Office to
identify the privacy compliance requirements for all Departmental uses of
personally identifiable information (PII).
A Privacy Threshold Analysis (PTA) serves as the document used to identify
information technology (IT) systems, information collections/forms, technologies,
rulemakings, programs, information sharing arrangements, or pilot projects that involve
PII and other activities that otherwise impact the privacy of individuals as determined by
the Chief Privacy Officer, pursuant to Section 222 of the Homeland Security Act, and to
assess whether there is a need for additional Privacy Compliance Documentation. A PTA
includes a general description of the IT system, information collection, form, technology,
rulemaking, program, pilot project, information sharing arrangement, or other Department
activity and describes what PII is collected (and from whom) and how that information is
used and managed.
Please complete the attached Privacy Threshold Analysis and submit it to your
component Privacy Office. After review by your component Privacy Officer the PTA is sent
to the Department’s Senior Director for Privacy Compliance for action. If you do not have a
component Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]

Upon receipt from your component Privacy Office, the DHS Privacy Office will review this
form and assess whether any privacy compliance documentation is required. If compliance
documentation is required – such as Privacy Impact Assessment (PIA), System of Records
Notice (SORN), Privacy Act Statement, or Computer Matching Agreement (CMA) – the DHS
Privacy Office or component Privacy Office will send you a copy of the relevant compliance
template to complete and return.
Privacy Threshold Analysis – IC/Form

Page 1 of 13

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis (PTA)

Specialized Template for
Information Collections (IC) and Forms
The Forms-PTA is a specialized template for Information Collections and Forms. This
specialized PTA must accompany all Information Collections submitted as part of the
Paperwork Reduction Act process (any instrument for collection (form, survey,
questionnaire, etc.) from ten or more members of the public). Components may use this PTA
to assess internal, component-specific forms as well.
Form Number:
Form Title:

Form 010-0-7

Component:

Federal Emergency
Management Agency
(FEMA)

Resource Request Form
Office:

Response Directorate

IF COVERED BY THE PAPERWORK REDUCTION ACT:
Resource Request Form and Mission Assignment Form – Collection #1660Collection Title:
0047
1660-0047
February 28, 2021
OMB Control
OMB Expiration
Number:
Date:
Collection status:
Extension
Date of last PTA (if
August 29, 2017
applicable):
Name:
Office:

PROJECT OR PROGRAM MANAGER
Wayne Truax
Chief, Operations Capabilities
Response
Title:

Phone:

202-368-8233

Directorate/Operations
Division/Crisis Management
Section

Office

Email:

[email protected]

COMPONENT INFORMATION COLLECTION/FORMS CONTACT
Privacy Threshold Analysis – IC/Form

Page 2 of 13

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Name:
Office:

John Walls

Phone:

202-674-4936
Email:
[email protected]
SPECIFIC IC/Forms PTA QUESTIONS

Response
Directorate/Operations
Division/Crisis Management
Section

Title:

Program Specialist

1. Purpose of the Information Collection or Form
Describe the purpose of the information collection or form. Please provide a general
description of the project and its purpose, including how it supports the DHS mission, in a
way a non-technical person could understand (you may use information from the
Supporting Statement).

The Federal Emergency Management Agency (FEMA) submits this PTA for the renewal of FEMA Form
010-0-7 Resource Request Form (RRF) as part of information collection 1660-0047. The form is used
by states and other federal agencies (OFA) outside of FEMA to request FEMA disaster assistance, as
well to define what disaster assistance it will provide in response to such a request. Although there are
no changes to the form since the last adjudicated PTA, three data elements (title, organization, and fax
number) are data fields in Form 010-0-7 that were not included in the last PTA.
Background
FEMA’s information collection 1660-0047 010-0-7, Resource Request Form (RRF), includes the form
used by states and other federal agencies outside of FEMA to request FEMA disaster assistance, as
well as the form that FEMA uses to define what disaster assistance it will provide in response to such a
request. The information collected explains which State(s) require assistance, what needs to be
accomplished, details any resource shortfalls, and explains what assistance is required to meet these
needs.
When the States make a request for assistance to respond to a disaster, the form provides
acknowledgement that the tasks are beyond the capability of the state to respond. This form documents
the type of assistance required. FEMA uses this information to determine that the assistance requested
is the result of a disaster, not a pre-existing condition and that the type of response is appropriate.
The RRF is part of the Mission Assignment (MA) Process. A MA is a work order that FEMA issues to
another federal agency directing the completion of specific task. When FEMA obtains resources using
an MA, a standard MA process is as followed. The MA process begins with the identification of a need
for Federal assistance, and proceeds when the state, local, tribal, or territorial government submits the
resource request to FEMA. FEMA will review the request, approve the request, and determine the
appropriate course of action in order to meet the request. FEMA will approve the course of action, and
finally complete the section III of the RRF. Once the information collected and manually inputted into
WebEOC CMS, the form is reviewed, approved, and then processed through WebEOC CMS by either
the Mission Assignment Team, contracting, OFA, for data review and to transfer data to the FEMA
Form 010-0-8 MA.
Privacy Threshold Analysis – IC/Form

Page 3 of 13

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Assistance requested provides a description of the work needed, location, and POC information. The
person at the delivery site coordinating reception and utilization of the requested resources, 24-hour
contact information required. The OFA is responsible for the execution of mission assignments, and
the agency assigns an Action Officer as the lead for each mission assignment. A FEMA PM is
assigned to a mission assignment and is responsible for coordinating with the Federal agency being
tasked to prepare the statement of work, timelines, and the initial cost estimate.
Requestors seeking Federal assistance submit requests on the Resource Request Board in FEMA’s Web
Emergency Operations Center Crisis Management System, (WebEOC CMS). The request board contains
the automated version of the RRF (FF 010-0-7) to request Federal assistance during an incident, and the
Resource Request Tracker. Paper copies of the RRF will be accepted in the event the WebEOC CMS
system is not available, or if the requestor does not have access to the system.
FEMA collects limited PII on this form in order to identify the appropriate Points of Contact (POC)
from the state, local, tribal, or territorial entity making the request for assistance, the delivery site, the
other federal agency (OFA), and the FEMA project manager. The form is used to determine which
State(s) require assistance, what needs to be accomplished, detail any resource shortfalls, and explain what
assistance is required to meet these needs. When the States make a request for assistance to respond to a
disaster, the form provides acknowledgement that the tasks are beyond the capability of the state to
respond. This form documents the type of assistance required. FEMA uses this information to
determine that the assistance requested is the result of a disaster, not a pre-existing condition and that
the type of response is appropriate. A full list of data elements is listed in Section 2e.

a. List the DHS (or component) authorities to collect, store, and use this information.
If this information will be stored and used by a specific DHS component, list the
component-specific authorities.
Under Section 653 of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C.
5121 et seq), FEMA is authorized to provide assistance to States based on needs before, during and after a
disaster has impacted the state. Information collected explains which State(s) require assistance, what
needs to be accomplished, details any resource shortfalls, and explains what assistance is required to meet
these needs. Title 44 CFR Part 206.5 provides the mechanism by which FEMA collects the information
necessary to determine what resources are needed and if a mission assignment is appropriate.

2. Describe the IC/Form
a. Does this form collect any
Personally Identifiable
Information” (PII 1)?

☒ Yes
☐ No

1
Personally identifiable information means any information that permits the identity of an individual to be directly or indirectly inferred, including
any other information which is linked or linkable to that individual regardless of whether the individual is a U.S. citizen, lawful permanent resident,
visitor to the U.S., or employee or contractor to the Department.

Privacy Threshold Analysis – IC/Form

Page 4 of 13

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

b. From which type(s) of
individuals does this form
collect information?
(Check all that apply.)

c. Who will complete and
submit this form? (Check
all that apply.)

d. How do individuals
complete the form? Check
all that apply.

☒ Members of the public
☒ U.S. citizens or lawful permanent
residents
☐ Non-U.S. Persons.
☒ DHS Employees
☐ DHS Contractors
☒ Other federal employees or contractors.

☒ The record subject of the form (e.g., the
individual applicant).
☐ Legal Representative (preparer, attorney,
etc.).
☐ Business entity.
If a business entity, is the only
information collected business contact
information?
☐ Yes
☐ No
☐ Law enforcement.
☐ DHS employee or contractor.
☒ Other individual/entity/organization that is
NOT the record subject. Please describe.
State, local, tribal, or territorial government’s
points of contact completes this form.
☒ Paper.
☒ Electronic. (ex: fillable PDF)
☒ Online web form. (available and submitted via
the internet)
Provide link: WebEOC CMS https://femacms.WebEOC
CMS.us/eoc7/

e. What information will DHS collect on the form? List all PII data elements on the
form. If the form will collect information from more than one type of individual,
please break down list of data elements collected by type of individual.
The following work-related PII is collected from FEMA employees, Federal employees and
contractors, and State, Local, Tribal, and Territorial employees on Form 010-0-7 (RRF):
•

Requestor (work-related PII)

Privacy Threshold Analysis – IC/Form

Page 5 of 13

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

o
o
o
o
o
o
•

•

Name
Title
Phone Number
Organization
Fax No.
E-mail Address

Delivery Site POC (work-related PII)
o Name
o Phone Number/24-hour phone number
o E-mail Address
o Delivery Location
o Street Address
o City
o State
o Zip

Other Federal Agency (OFA) Action Officer (work-related PII)
o Name
o Phone Number/24-hour phone number
o E-mail Address

The following work-related PII is collected from FEMA employees on Form 010-0-7 (RRF):
•

FEMA Project Manager (work-related PII)
o Name
o Phone Number/24-hour phone number
o E-mail Address

f. Does this form collect Social Security number (SSN) or other element that is
stand-alone Sensitive Personally Identifiable Information (SPII)? Check all that
apply.
☐ Social Security number
☐ DHS Electronic Data Interchange
Personal Identifier (EDIPI)
☐ Alien Number (A-Number)
☐ Social Media Handle/ID
☐ Tax Identification Number
☐ Known Traveler Number
☐ Visa Number
☐ Trusted Traveler Number (Global
☐ Passport Number
Entry, Pre-Check, etc.)
☐ Bank Account, Credit Card, or other
☐ Driver’s License Number
financial account number
☐ Biometrics
☐ Other. Please list:
g. List the specific authority to collect SSN or these other SPII elements.

Privacy Threshold Analysis – IC/Form

Page 6 of 13

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

N/A
h. How will this information be used? What is the purpose of the collection?
Describe why this collection of SPII is the minimum amount of information
necessary to accomplish the purpose of the program.
N/A
i. Are individuals
☒ Yes. Please describe how notice is provided.
provided notice at the
A Privacy Notice is on the form that describes the
time of collection by
reasons for collecting the individuals’ PII.
DHS (Does the records
☐ No.
subject have notice of
the collection or is
form filled out by
third party)?

3. How will DHS store the IC/form responses?
a. How will DHS store
☐ Paper. Please describe.
the original,
Click here to enter text.
completed IC/forms?
☒ Electronic. Please describe the IT system that will
store the data from the form.

FEMA Form 010-0-7 data is stored in WebEOC CMS
https://femacms.WebEOC CMS.us/eoc7/

WebEOC CMS is a web-enabled, crisis information management
system that acquires event response information and then shares it
with Emergency Managers to help them make sound decisions
quickly. The system is hosted on Amazon’s Web Services public
cloud environment and is operated by contractor personnel. The
system is Personal Identification Verification (PIV) card-enabled.

☒ Scanned forms (completed forms are scanned into
an electronic repository). Please describe the
electronic repository.

Paper forms are used and scanned.. Once scanned into the
WebEOC system, the paper copies are shred

b. If electronic, how
does DHS input the
Privacy Threshold Analysis – IC/Form

☒ Manually (data elements manually entered). Please
describe.
Page 7 of 13

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

responses into the IT
system?

The form data is manually entered into WebEOC CMS, which
stores/manages all Mission Assignment-related information.

c. How would a user
search the
information
submitted on the
forms, i.e., how is the
information
retrieved?

☒ By a unique identifier. 2 Please describe. If
information is retrieved by personal identifier, please
submit a Privacy Act Statement with this PTA.

d. What is the records
retention
schedule(s)? Include
the records schedule
number.

☐ Automatically. Please describe.
Click here to enter text.

The PII fields are searchable and can be retrieved in
WebEOC CMS by Requester name, City, State, OFA
Action Officer Name, and FEMA Project Manager Name.

☐ By a non-personal identifier. Please describe.

EDP-2-1-1, Hardcopy or Analog Input/Source Records
Previously Scheduled as Temporary, TEMPORARY. Destroy
immediately after verification of successful conversion, but
longer retention is authorized if required for business use.
DAP-4-1, Public Assistance Files, TEMPORARY. Cut off when
final audit and applicant appeals are resolved and completed.
Retire to FRC 1 year after cutoff. Destroy 6 years 3 months after
cutoff.
Records are manually destroyed in accordance with the Records
Retention Schedules.

e. How do you ensure
that records are
disposed of or deleted
in accordance with
the retention
schedule?
f. Is any of this information shared outside of the original program/office? If yes,
describe where (other offices or DHS components or external entities) and why.
What are the authorities of the receiving party?
☐ Yes, information is shared with other DHS components or offices. Please describe.
2

Generally, a unique identifier is considered any type of “personally identifiable information,” meaning any information that permits the identity
of an individual to be directly or indirectly inferred, including any other information which is linked or linkable to that individual regardless of
whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department.

Privacy Threshold Analysis – IC/Form

Page 8 of 13

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

☒ Yes, information is shared external to DHS with other federal agencies, state/local
partners, international partners, or non-governmental entities. Please describe.
Yes, FEMA shares this form with the other federal agencies (OFA) that have a role in providing
support and Department of Defense (DOD).

☐ No. Information on this form is not shared outside of the collecting office.

Please include a copy of the referenced form and Privacy Act Statement (if
applicable) with this PTA upon submission.

Privacy Threshold Analysis – IC/Form

Page 9 of 13

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:

Date submitted to component Privacy
Office:
Date submitted to DHS Privacy Office:
Have you approved a Privacy Act
Statement for this form? (Only
applicable if you have received a
waiver from the DHS Chief Privacy
Officer to approve component Privacy
Act Statements.)

Hasan Mansori
July 29, 2020

☒ Yes. Please include it with this PTA
submission.
☐ No. Please describe why not.
Click here to enter text.

Component Privacy Office Recommendation:
SORN:
DHS/ALL – 002 – Department of Homeland Security (DHS) Mailing and Other Lists Systems, 73 Fed.
Reg. 71,659 (November 25, 2008).
DHS/ALL - 004 - General Information Technology Access Account Records System (GITAARS), 77
Fed. Reg. 70, 792 (November 27, 2012).
DHS/FEMA-009 Hazard Mitigation Disaster Public Assistance and Disaster Loan Programs March 24,
2014 79 FR 16015
These SORNS are necessary because eCAPS can be searched by personal identifier, but the record is not
about an individual. The record is about the request for assistance from the state.
PIA:
DHS/ALL/PIA-006 Department of Homeland Security General Contact Lists
DHS/FEMA/PIA-023 Enterprise Coordination and Approval Processing System (eCAPS) (May 21,
2012).
DHS/FEMA/PIA-023 applies because the data collected is stored in eCAPS and the eCAPS PIA was
specifically written to cover the use of these forms. This PIA will need to be updated to reflect the
necessary SORN coverage.

Privacy Threshold Analysis – IC/Form

Page 10 of 13

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

PRIVACY THRESHOLD ADJUDICATION
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:

Joseph Thomas (Sr. Analyst Hannah Burgess)

PCTS Workflow Number:
Date approved by DHS Privacy Office:
PTA Expiration Date

Click here to enter text.
October 2, 2020
October 2, 2023

DESIGNATION

Privacy Sensitive IC or
Form:

Yes If “no” PTA adjudication is complete.

DHS IC/Forms Review:

Choose an item.

Determination:

☐ PTA sufficient at this time.
☐ Privacy compliance documentation determination in
progress.
☐ New information sharing arrangement is required.
☐ DHS Policy for Computer-Readable Extracts Containing SPII
applies.
☒ Privacy Act Statement required.
☒ Privacy Impact Assessment (PIA) required.
☒ System of Records Notice (SORN) required.
☐ Specialized training required.
☐ Other. Click here to enter text.

Date IC/Form Approved Click here to enter a date.
by PRIV:
IC/Form PCTS Number: Click here to enter text.
Privacy Act
Choose an item.
Statement:
Click here to enter text.
PTA:
Choose an item.
Click here to enter text.
PIA:
PIA update is required.

Privacy Threshold Analysis – IC/Form

Page 11 of 13

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

If covered by existing PIA, please list: DHS/ALL/PIA-006 Department of
Homeland Security General Contact Lists
If a PIA update is required, please list: DHS/FEMA/PIA-023 Enterprise
Coordination and Approval Processing System (eCAPS) (May 21, 2012).
SORN:
System covered by existing SORN
If covered by existing SORN, please list: DHS/ALL-002 Department of
Homeland Security (DHS) Mailing and Other Lists System November 25,
2008, 73 FR 71659; DHS/ALL-004 General Information Technology
Access Account Records System (GITAARS) November 27, 2012, 77 FR
70792; DHS/FEMA-009 Hazard Mitigation Disaster Public Assistance
and Disaster Loan Programs March 24, 2014 79 FR 16015
If a SORN update is required, please list: Click here to enter text.
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.

FEMA is submitting this renewal PTA to discuss form 010-0-07, Resource Request Form (RRF),
a sub-form to FEMA’s Form 010-0-08, which is used by states and other federal agencies
outside of FEMA to request FEMA disaster assistance, and is also used by FEMA to define what
disaster assistance it will provide in response to such a request. The information collected
explains what needs to be accomplished, details resource shortfalls, and explains what assistance
is required.
FEMA collects limited PII on this form in order to identify the appropriate points of contact
from the entity making the request for assistance, the delivery site, the other federal agency, and
the FEMA project manager.
All PII elicited by Form 010-0-07 is manually entered into FEMA’s Enterprise Coordination and
Approval Processing System (eCAPS), which is a FEMA intranet application that supports the
initiation, tracking, financing, coordination and management of direct aid and technical
assistance to disaster sites.
The DHS Privacy Office agrees that Form 010-0-07 is privacy sensitive because it collects PII
from disaster management contacts. The DHS Privacy Office also agrees that PIA coverage for
Form 010-0-07 is provided by DHS/FEMA/PIA-023 Enterprise Coordination and Approval
Processing System (eCAPS), however this PIA will need to be updated to reflect necessary
SORN coverage. Additionally, the DHS Privacy Office finds that Form 010-0-07 is also
covered by DHS/ALL/PIA-006 Department of Homeland Security General Contact Lists

Privacy Threshold Analysis – IC/Form

Page 12 of 13

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

because the form collects contact information in order to distribute information and perform
administrative tasks.
PRIV further agrees that SORN coverage is required because information is retrieved within
eCAPS by personal identifiers. Coverage is provided by DHS/FEMA-009 Hazard Mitigation
Disaster Public Assistance and Disaster Loan Programs, which covers information collected in
order to administer disaster grants and loan programs. Coverage is also provided by DHS/ALL002 DHS Mailing and Other Lists System, which covers the collection of information in order to
create mailing or contact lists, and by DHS/ALL-004 General Information Technology Access
Account Records, which covers the collection of information in order to provide authorized
individuals access to and interaction with DHS information technology resources, and enables
DHS to maintain lists of individuals who are appropriate organizational points of contact.
PRIV acknowledges that the forms have been amended since the last PTA adjudication to
include appropriate Privacy Act statements and thanks FEMA for their compliance.

Privacy Threshold Analysis – IC/Form

Page 13 of 13

Version number: 04-2016