Privacy Threshold Analysis (PTA)

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

PRIVACY THRESHOLD ANALYSIS (PTA)
This form serves as the official determination by the DHS Privacy Office to
identify the privacy compliance requirements for all Departmental uses of
personally identifiable information (PII).
A Privacy Threshold Analysis (PTA) serves as the document used to identify
information technology (IT) systems, information collections/forms, technologies,
rulemakings, programs, information sharing arrangements, or pilot projects that involve
PII and other activities that otherwise impact the privacy of individuals as determined by
the Chief Privacy Officer, pursuant to Section 222 of the Homeland Security Act, and to
assess whether there is a need for additional Privacy Compliance Documentation. A PTA
includes a general description of the IT system, information collection, form, technology,
rulemaking, program, pilot project, information sharing arrangement, or other Department
activity and describes what PII is collected (and from whom) and how that information is
used and managed.
Please complete the attached Privacy Threshold Analysis and submit it to your
component Privacy Office. After review by your component Privacy Officer the PTA is sent
to the Department’s Senior Director for Privacy Compliance for action. If you do not have a
component Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]

Upon receipt from your component Privacy Office, the DHS Privacy Office will review this
form and assess whether any privacy compliance documentation is required. If compliance
documentation is required – such as Privacy Impact Assessment (PIA), System of Records
Notice (SORN), Privacy Act Statement, or Computer Matching Agreement (CMA) – the DHS
Privacy Office or component Privacy Office will send you a copy of the relevant compliance
template to complete and return.
Privacy Threshold Analysis – IC/Form

Page 1 of 11

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Privacy Threshold Analysis (PTA)

Specialized Template for
Information Collections (IC) and Forms
The Forms-PTA is a specialized template for Information Collections and Forms. This
specialized PTA must accompany all Information Collections submitted as part of the
Paperwork Reduction Act process (any instrument for collection (form, survey,
questionnaire, etc.) from ten or more members of the public). Components may use this PTA
to assess internal, component-specific forms as well.
Form Number:
Form Title:
Component:

089-22
Tribal Homeland Security Grant Program Investment
Justification
Federal Emergency
Office:
Grant Programs
Management Agency
Directorate
(FEMA)

IF COVERED BY THE PAPERWORK REDUCTION ACT:
Collection Title:
Tribal Homeland Security Grant Program Investment Justification
September 24, 2022
OMB Control
1660-0113
OMB Expiration
Number:
Date:
Collection status:
Revision
Date of last PTA (if
May 31, 2020
applicable):
Name:
Office:
Phone:
Name:
Office:

PROJECT OR PROGRAM MANAGER
Cornelius K. Jackson
Click here to enter text.
Title:
Preparedness Officer
Email:
[email protected]
s.gov

COMPONENT INFORMATION COLLECTION/FORMS CONTACT
Millicent Brown
OCAO
Title:
Program Analyst

Privacy Threshold Analysis – IC/Form

Page 2 of 11

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

Phone:

202-646-2814

Email:

[email protected]
ov
SPECIFIC IC/Forms PTA QUESTIONS

1. Purpose of the Information Collection or Form
a. Describe the purpose of the information collection or form. Please provide a
general description of the project and its purpose, including how it supports the DHS
mission, in a way a non-technical person could understand (you may use
information from the Supporting Statement).
If this is an updated PTA, please specifically describe what changes or upgrades are
triggering the update to this PTA.
Federal Emergency Management Agency (FEMA) submits this renewal Privacy
Threshold Analysis (PTA) in accordance with the three-year renewal policy. There have
been no changes to FEMA’s Tribal Homeland Security Grant Program (THSGP) since the
last PTA update.

THSGP (formerly the State Homeland Security Program (SHSP) – Tribal) is authorized by
Sections 2004 and 2005 of the Homeland Security Act of 2002, as amended by Section
101, Title I of the Implementing Recommendations of the 9/11 Commission Act of 2007,
Public Law 110-53, (6 U.S.C. §605 and 606). THSGP provides supplemental funding to
eligible tribes to help strengthen the Nation against risks associated with potential
terrorist attacks. THSGP supports building and sustaining capabilities through planning,
equipment, training, and exercise activities. The THSGP plays an important role in the
implementation of Presidential Policy Directive 8 (PPD-8) by supporting the
development and sustainment of core capabilities. Core capabilities are essential for the
execution of each of the five mission areas outlined in the National Preparedness Goal
(the Goal). The development and sustainment of these core capabilities are not exclusive
to any single level of government or organization, but rather require the combined effort
of the whole community. The THSGP supports all core capabilities in the Prevention,
Protection, Mitigation, Response, and Recovery mission areas based on allowable costs.
Files and information on PPD-8 can be found at http://www.fema.gov/ppd8.
The purpose of the information collection by FEMA is: 1) to ensure that applicants for
THSGP funds meet the eligibility requirements mandated in the Homeland Security Act
2002 (Public Law 107-296) as amended by Section 101 of 6 U.S.C. §605 and 606; and 2)
to ensure the applicants, if awarded will complete investments/projects that further the
intent of the THSGP of developing and sustaining DHS/FEMA’s core capabilities.
Applicants through this collection have to outline and provide costs for
projects/investments that address 1 or more of the mission areas of the National
Preparedness Goal.

Privacy Threshold Analysis – IC/Form

Page 3 of 11

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

b. List the DHS (or component) authorities to collect, store, and use this information.
If this information will be stored and used by a specific DHS component, list the
component-specific authorities.
FEMA’s Tribal Homeland Security Grant Program (THSGP) (formerly the State Homeland
Security Program (SHSP) – Tribal) is authorized by Sections 2004 and 2005 of the
Homeland Security Act of 2002, as amended by Section 101, Title I of the Implementing
Recommendations of the 9/11 Commission Act of 2007, Public Law 110-53, (6 U.S.C.
§605 and 606). In order to comply with the Authorizing Statutes noted above,
DHS/FEMA issues a Notice of Funding Opportunity (NOFO) which outlines applicant
eligibility, instructions for applying, and terms and conditions to be satisfied by the
recipient.

2. Describe the IC/Form
a. Does this form collect any
Personally Identifiable
Information” (PII 1)?

b. From which type(s) of
individuals does this form
collect information?
(Check all that apply.)

c. Who will complete and
submit this form? (Check
all that apply.)

☒ Yes
☐ No

☒ Members of the public
☒ U.S. citizens or lawful permanent
residents
☐ Non-U.S. Persons.
☐ DHS Employees
☐ DHS Contractors
☐ Other federal employees or contractors.

☒ The record subject of the form (e.g., the
individual applicant).
☒ Legal Representative (preparer, attorney,
etc.).
☒ Business entity.

1
Personally identifiable information means any information that permits the identity of an individual to be directly or indirectly inferred, including
any other information which is linked or linkable to that individual regardless of whether the individual is a U.S. citizen, lawful permanent resident,
visitor to the U.S., or employee or contractor to the Department.

Privacy Threshold Analysis – IC/Form

Page 4 of 11

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

d. How do individuals
complete the form? Check
all that apply.

If a business entity, is the only
information collected business contact
information?
☒ Yes
☐ No
☐ Law enforcement.
☐ DHS employee or contractor.
☐ Other individual/entity/organization that is
NOT the record subject. Please describe.
Click here to enter text.

☐ Paper.
☒ Electronic. (ex: fillable PDF)
☐ Online web form. (available and submitted via
the internet)
Provide link:

e. What information will DHS collect on the form? List all PII data elements on the
form. If the form will collect information from more than one type of individual,
please break down list of data elements collected by type of individual.
-Name (individual completing application/authorized by entity)
-Position (within applying entity)
-Address (business address)
-Phone (business phone)
-email (business email)
-Name of applying entity

f. Does this form collect Social Security number (SSN) or other element that is
stand-alone Sensitive Personally Identifiable Information (SPII)? Check all that
apply. N/A
☐ Social Security number
☐ DHS Electronic Data Interchange
Personal Identifier (EDIPI)
☐ Alien Number (A-Number)
☐ Social Media Handle/ID
☐ Tax Identification Number
☐ Known Traveler Number
☐ Visa Number
☐ Trusted Traveler Number (Global
☐ Passport Number
Entry, Pre-Check, etc.)

Privacy Threshold Analysis – IC/Form

Page 5 of 11

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

☐ Bank Account, Credit Card, or other
☐ Driver’s License Number
financial account number
☐ Biometrics
☐ Other. Please list:
N/A
g. List the specific authority to collect SSN or these other SPII elements.
Click here to enter text.
No SSN’s or SPII information is required with this collection.

h. How will this information be used? What is the purpose of the collection?
Describe why this collection of SPII is the minimum amount of information
necessary to accomplish the purpose of the program.
Click here to enter text.
No SSN’s or SPII information is required with this collection.
i.

Are individuals
provided notice at the
time of collection by
DHS (Does the records
subject have notice of
the collection or is
form filled out by
third party)?

☐ Yes. Please describe how notice is provided.
Click here to enter text.
☒ No.

3. How will DHS store the IC/form responses?
a. How will DHS store
☐ Paper. Please describe.
the original,
Click here to enter text.
completed IC/forms?
☐ Electronic. Please describe the IT system that will

store the data from the form.
Click here to enter text.
☒ Scanned forms (completed forms are scanned into
an electronic repository). Please describe the
electronic repository.
Click here to enter text.

Privacy Threshold Analysis – IC/Form

Page 6 of 11

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

b. If electronic, how
does DHS input the
responses into the IT
system?
c. How would a user
search the
information
submitted on the
forms, i.e., how is the
information
retrieved?

☐ Manually (data elements manually entered). Please
describe.
Click here to enter text.
☒ Automatically. Please describe.
Click here to enter text.

☐ By a unique identifier. 2 Please describe. If
information is retrieved by personal identifier, please
submit a Privacy Act Statement with this PTA.
Click here to enter text.
☒ By a non-personal identifier. Please describe.
To search and retrieve information pertaining to
this collection, an application number or applicant
name (tribe name) is input. The application
number is associated with the Tribe, not the
Tribe’s Point of Contact, which the Tribe could at
any time without a change in application number.
Files/records are deleted 6 years and 3 months after
grant close-out, and all audit and appeals are resolved
and completed (PRC-13-4)

d. What is the records
retention
schedule(s)? Include
the records schedule
number.
e. How do you ensure
FEMA Records Management Manual 5400.2a outlines
that records are
timelines and descriptions of files. Responsible
disposed of or deleted
employees have to follow the dictates of FEMA
in accordance with
Manual 5400.2a to ensure compliance with the
the retention
retention schedule.
schedule?
f. Is any of this information shared outside of the original program/office? If yes,
describe where (other offices or DHS components or external entities) and why.
What are the authorities of the receiving party?
☐ Yes, information is shared with other DHS components or offices. Please describe.
Click here to enter text.
2

Generally, a unique identifier is considered any type of “personally identifiable information,” meaning any information that permits the identity
of an individual to be directly or indirectly inferred, including any other information which is linked or linkable to that individual regardless of
whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department.

Privacy Threshold Analysis – IC/Form

Page 7 of 11

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

☐ Yes, information is shared external to DHS with other federal agencies, state/local
partners, international partners, or non-governmental entities. Please describe.
Click here to enter text.
☒ No. Information on this form is not shared outside of the collecting office.

Please include a copy of the referenced form and Privacy Act Statement (if
applicable) with this PTA upon submission.

Privacy Threshold Analysis – IC/Form

Page 8 of 11

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:

Date submitted to component Privacy
Office:
Date submitted to DHS Privacy Office:
Have you approved a Privacy Act
Statement for this form? (Only
applicable if you have received a
waiver from the DHS Chief Privacy
Officer to approve component Privacy
Act Statements.)

Philomina Dorkenoo
July 25, 2022
July 27, 2022

☐ Yes. Please include it with this PTA
submission.
☒ No. Please describe why not.
Though the THSGP will collect PII on its
Investment Justification form, it will not
retrieve information by a personal
identifier. The program will retrieve
information by tribal name or application
number. This collection does not meet the
definition of a system of record. Therefore,
the agency is not required to provide (e)(3)
Privacy Act Statement.

Component Privacy Office Recommendation:
Please include recommendation below, including what existing privacy compliance
documentation is available or new privacy compliance documentation is needed.
FEMA Privacy recommends PIA coverage continue under DHS/FEMA/PIA-013 - Grant
Management Programs.
SORN coverage is not required, because the information is retrieved by applicant
number and applicant name (tribe name).

Privacy Threshold Analysis – IC/Form

Page 9 of 11

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

PRIVACY THRESHOLD ADJUDICATION
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:

Joseph Thomas

PCTS Workflow Number:
Date approved by DHS Privacy Office:
PTA Expiration Date

Click here to enter text.
August 5, 2022
August 5, 2025

DESIGNATION

Privacy Sensitive IC or
Form:

Yes If “no” PTA adjudication is complete.

DHS IC/Forms Review:

Choose an item.

Determination:

☐ PTA sufficient at this time.
☐ Privacy compliance documentation determination in
progress.
☐ New information sharing arrangement is required.
☐ DHS Policy for Computer-Readable Extracts Containing SPII
applies.
☐ Privacy Act Statement required.
☒ Privacy Impact Assessment (PIA) required.
☐ System of Records Notice (SORN) required.
☐ Specialized training required.
☐ Other. Click here to enter text.

Date IC/Form Approved Click here to enter a date.
by PRIV:
IC/Form PCTS Number: Click here to enter text.
Privacy Act
Choose an item.
Statement:
Click here to enter text.
PTA:
Choose an item.
Click here to enter text.
PIA:
System covered by existing PIA
Privacy Threshold Analysis – IC/Form

Page 10 of 11

Version number: 04-2016

Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy

If covered by existing PIA, please list: DHS/FEMA/PIA-013 - Grant
Management Programs.
If a PIA update is required, please list: Click here to enter text.
SORN:
Choose an item.
If covered by existing SORN, please list: Click here to enter text.
If a SORN update is required, please list: Click here to enter text.
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.

FEMA has submitted this PTA renewal to discuss Form 089-22 Tribal Homeland Security
Grant Program (THSGP) Investment Justification, which collects information to ensure that
applicants meet the eligibility requirements, and if awarded the grant, ensure that the
applicant will complete investments/projects that further the intent of the THSGP. There
have been no significant changes since the previous adjudication.
PII collected on the form includes name, position, and business phone, email, and mailing
address. As such, DHS PRIV concurs that the collection remains privacy-sensitive, requiring
PIA coverage as it collects information from members of the public. Coverage is provided
by FEMA/PIA-013 Grant Management Programs, which assess the risks associated with the
use of PII as part of the grant award, management, and lifecycle process.

SORN coverage is not required as information is not retrieved by personal identifier, but
rather by application number or applicant (tribe) name.

Privacy Threshold Analysis – IC/Form

Page 11 of 11

Version number: 04-2016