Download:
pdf |
pdfPrivacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD ANALYSIS (PTA)
This form serves as the official determination by the DHS Privacy Office to
identify the privacy compliance requirements for all Departmental uses of
personally identifiable information (PII).
A Privacy Threshold Analysis (PTA) serves as the document used to identify
information technology (IT) systems, information collections/forms, technologies,
rulemakings, programs, information sharing arrangements, or pilot projects that involve
PII and other activities that otherwise impact the privacy of individuals as determined by
the Chief Privacy Officer, pursuant to Section 222 of the Homeland Security Act, and to
assess whether there is a need for additional Privacy Compliance Documentation. A PTA
includes a general description of the IT system, information collection, form, technology,
rulemaking, program, pilot project, information sharing arrangement, or other Department
activity and describes what PII is collected (and from whom) and how that information is
used and managed.
Please complete the attached Privacy Threshold Analysis and submit it to your
component Privacy Office. After review by your component Privacy Officer the PTA is sent
to the Department’s Senior Director for Privacy Compliance for action. If you do not have a
component Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
[email protected]
Upon receipt from your component Privacy Office, the DHS Privacy Office will review this
form and assess whether any privacy compliance documentation is required. If compliance
documentation is required – such as Privacy Impact Assessment (PIA), System of Records
Notice (SORN), Privacy Act Statement, or Computer Matching Agreement (CMA) – the DHS
Privacy Office or component Privacy Office will send you a copy of the relevant compliance
template to complete and return.
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 1 of 12
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Privacy Threshold Analysis (PTA)
Specialized Template for
Information Collections (IC) and Forms
The Forms-PTA is a specialized template for Information Collections and Forms. This
specialized PTA must accompany all Information Collections submitted as part of the
Paperwork Reduction Act process (any instrument for collection (form, survey,
questionnaire, etc.) from ten or more members of the public). Components may use this PTA
to assess internal, component-specific forms as well.
Form Number:
Form Title:
Component:
Federal Emergency
Management Agency
(FEMA)
Office:
National
Preparednes
s Directorate
(NPD),
Technologica
l Hazards
Division
(THD),
Radiological
Emergency
Preparednes
s Program
(REPP),
Records
Management
IF COVERED BY THE PAPERWORK REDUCTION ACT:
Collection Title:
Click here to enter a
OMB Control
1660-0024
OMB Expiration
date.
Number:
Date:
Collection status:
Revision
Date of last PTA (if
October 22, 2021
applicable):
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 2 of 12
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Name:
Office:
Phone:
Name:
Office:
Phone:
PROJECT OR PROGRAM MANAGER
Renae Connell
THD-REP-P&D
Title:
Emergency Management
Specialist
202.657.2294
Email:
[email protected]
v
COMPONENT INFORMATION COLLECTION/FORMS CONTACT
Millicent Brown
Records Management
Title:
Management Analyst
Branch
202.646.2814
Email:
[email protected]
ov
SPECIFIC IC/Forms PTA QUESTIONS
1. Purpose of the Information Collection or Form
a. Describe the purpose of the information collection or form. Please provide a
general description of the project and its purpose, including how it supports the DHS
mission, in a way a non-technical person could understand (you may use
information from the Supporting Statement).
If this is an updated PTA, please specifically describe what changes or upgrades are
triggering the update to this PTA.
There are no changes made to this collection.
FEMA’s Technological Hazards Division’s (THD) Radiological Emergency Preparedness (REP)
Program submits this PTA for the renewal of information collection 1660-0024, which expires on
10/22/2024.
Background
FEMA’s REP program coordinates the National effort to provide State, local, territorial, and tribal
(SLTT) governments with relevant and executable planning, training, and exercise guidance and
policies necessary to ensure that adequate capabilities exist to prevent, protect against, mitigate the
effects of, respond to, and recover from incidents involving commercial nuclear power plants (NPPs).
The program assists SLTT governments in the development and conduct of off-site radiological
emergency planning and preparedness activities within the emergency planning zones (EPZs) of
Nuclear Regulatory Commission (NRC)-licensed commercial nuclear power facilities. The REP
program is a voluntary program wherein SLTT governments send letters or other official
correspondence to FEMA to request assistance, which in turn prompts FEMA to send out the ICR
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 3 of 12
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
1660-0024 materials to facilitate additional information collection. Information that FEMA collects
under this ICR will be retrieved by Headquarters or by the FEMA Region where the commercial NPP
is located. Currently, only 44 CFR Part 352 has an existing OMB Collection.
To carry out REP program responsibilities mandated by 44 CFR Parts 350 – 354, FEMA is engaged in
a cooperative effort with SLTT governments and other Federal agencies in the development of state
and local offsite plans and preparedness to mitigate, respond and recover from radiological
emergencies at commercial nuclear power facilities.
FEMA provides a guide or template for the emergency plans; however, the plans are submitted in the
format of the state, local, territorial, or tribal organization’s preference. Emergency plans are updated
periodically as needed.
As part of the review and approval process, FEMA corresponds with SLTT points of contact, including
providing an approval letter and the mitigation plan review document. The name and contact
information of the points of contact are collected within the required mitigation plan documentation.
b. List the DHS (or component) authorities to collect, store, and use this information.
If this information will be stored and used by a specific DHS component, list the
component-specific authorities.
This collection is authorized 44 CFR, Parts 350, 351, and 354.
2. Describe the IC/Form
a. Does this form collect any
Personally Identifiable
Information” (PII1)?
b. From which type(s) of
individuals does this form
collect information?
(Check all that apply.)
☒ Yes
☐ No
☒ Members of the public
☒ U.S. citizens or lawful permanent
residents
☐ Non-U.S. Persons.
☐ DHS Employees
☐ DHS Contractors
☐ Other federal employees or contractors.
1
Personally identifiable information means any information that permits the identity of an individual to be directly or indirectly inferred, including
any other information which is linked or linkable to that individual regardless of whether the individual is a U.S. citizen, lawful permanent resident,
visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 4 of 12
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
c. Who will complete and
submit this form? (Check
all that apply.)
☒ The record subject of the form (e.g., the
individual applicant).
☒ Legal Representative (preparer, attorney,
etc.).
☐ Business entity.
If a business entity, is the only
information collected business contact
information?
☐ Yes
☐ No
☐ Law enforcement.
☐ DHS employee or contractor.
☐ Other individual/entity/organization that is
NOT the record subject. Please describe.
Click here to enter text.
d. How do individuals
complete the form? Check
all that apply.
☒ Paper.
☒ Electronic. (ex: fillable PDF)
☐ Online web form. (available and submitted via
the internet)
Provide link:
e. What information will DHS collect on the form? List all PII data elements on the
form. If the form will collect information from more than one type of individual,
please break down list of data elements collected by type of individual.
The information collected includes business points of contact from state, local, territorial, and tribal
governments, such as name, business address, business address, business phone number, and business
e-mail, to allow for correspondence between FEMA and state, local, territorial, and/or tribal
governments submitting emergency plans.
f. Does this form collect Social Security number (SSN) or other element that is
stand-alone Sensitive Personally Identifiable Information (SPII)? Check all that
apply. N/A
☐ Social Security number
☐ DHS Electronic Data Interchange
Personal Identifier (EDIPI)
☐ Alien Number (A-Number)
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 5 of 12
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
☐ Tax Identification Number
☐ Visa Number
☐ Passport Number
☐ Bank Account, Credit Card, or other
financial account number
☐ Other. Please list:
☐ Social Media Handle/ID
☐ Known Traveler Number
☐ Trusted Traveler Number (Global
Entry, Pre-Check, etc.)
☐ Driver’s License Number
☐ Biometrics
g. List the specific authority to collect SSN or these other SPII elements.
N/A
h. How will this information be used? What is the purpose of the collection?
Describe why this collection of SPII is the minimum amount of information
necessary to accomplish the purpose of the program.
N/A
i.
Are individuals
provided notice at the
time of collection by
DHS (Does the records
subject have notice of
the collection or is
form filled out by
third party)?
☐ Yes. Please describe how notice is provided.
Click here to enter text.
☒ No.
3. How will DHS store the IC/form responses?
a. How will DHS store
☐ Paper. Please describe.
the original,
Click here to enter text.
completed IC/forms?
☒ Electronic. Please describe the IT system that will
store the data from the form.
The original, completed IC/forms will be stored on shared drive
and/or Preparedness Toolkit (PrepToolkit) a highly flexible
framework that enables software and information integration with
other FEMA and third-party information system.
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 6 of 12
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
☐ Scanned forms (completed forms are scanned into
an electronic repository). Please describe the
electronic repository.
Click here to enter text.
b. If electronic, how
does DHS input the
responses into the IT
system?
☒ Manually (data elements manually entered). Please
describe.
Compiled/collected information will be manually uploaded and
entered onto the NPD/FEMA/THD Shared drive.
☐ Automatically. Please describe.
Click here to enter text.
c. How would a user
search the
information
submitted on the
forms, i.e., how is the
information
retrieved?
☐ By a unique identifier.2 Please describe. If
information is retrieved by personal identifier, please
submit a Privacy Act Statement with this PTA.
Click here to enter text.
☒ By a non-personal identifier. Please describe.
Information is retrieved from NPD/FEMA/THD Shared drive by
searching the name of the state, local, tribal, or territorial entity.
d. What is the records
retention
schedule(s)? Include
the records schedule
number.
Per NARA Authority N1-311-97-1, the records are permanent.
Cutoff at end of fiscal year. Retain current fiscal year and last 4
years in the HQ office. Retire records, separated by facility, 5
years after cutoff, to the Washington National Records Center.
Transfer to the National Archives 20 years after the expected date
for completion of decommissioning procedures.
e. How do you ensure
that records are
disposed of or deleted
in accordance with
the retention
schedule?
The THD staff adheres to the FEMA disposition schedule to
ensure compliance with the records retention schedule, which
outlines timelines, description of files for records destruction,
and/or disposal of relevant documents.
2
Generally, a unique identifier is considered any type of “personally identifiable information,” meaning any information that permits the identity
of an individual to be directly or indirectly inferred, including any other information which is linked or linkable to that individual regardless of
whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 7 of 12
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
f. Is any of this information shared outside of the original program/office? If yes,
describe where (other offices or DHS components or external entities) and why.
What are the authorities of the receiving party?
☒ Yes, information is shared with other DHS components or offices. Please describe.
In accordance with the 44 C.F.R. § 352, Subpart B, FEMA may call upon any other federal agency to
participate in planning for the use of Federal facilities and resources in the licensee offsite emergency
response plan. Licensee business contact information may be shared with such agencies as needed to
assist with the offsite emergency planning and preparedness activities. With respect to making Part 350
reasonable assurance determinations, FEMA may be supported by other Federal agencies, as necessary,
by conducting inspections, providing staff assistance visits SAVs), organizing, conducting and
reviewing training, participating in, observing and evaluating drills and exercises, and by being an
engaged partner with Federal, State, local, and Tribal government officials and industry stakeholders.
State and local officials’ business contact information may be shared with such agencies as needed to
assist with the offsite emergency planning and preparedness activities.
☒ Yes, information is shared external to DHS with other federal agencies, state/local
partners, international partners, or non-governmental entities. Please describe.
In accordance with the 44 C.F.R. § 350.1, FEMA establishes policy and procedures for the review and
approval of state and local emergency plans and preparedness for the offsite effects of a radiological
emergency which may occur at a commercial nuclear power facility. With respect to making Part 350
reasonable assurance determinations, FEMA may be supported by other Federal agencies, as necessary,
by conducting inspections, providing staff assistance visits (SAVs), organizing, conducting and
reviewing training, participating in, observing and evaluating drills and exercises, and by being an
engaged partner with Federal, State, local, and Tribal government officials and industry stakeholders.
State and local officials’ business contact information may be shared with such agencies as
needed to assist with the offsite planning and preparedness activities.
☐ No. Information on this form is not shared outside of the collecting office.
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 8 of 12
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
Please include a copy of the referenced form and Privacy Act Statement (if
applicable) with this PTA upon submission.
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 9 of 12
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:
Tracy Kwakye
Date submitted to component Privacy
Office:
Date submitted to DHS Privacy Office:
August 22, 2024
Have you approved a Privacy Act
Statement for this form? (Only
applicable if you have received a
waiver from the DHS Chief Privacy
Officer to approve component Privacy
Act Statements.)
Click here to enter a date.
☐ Yes. Please include it with this PTA
submission.
☒ No. Please describe why not.
N/A
The program retrieves information by the name of the
state, local, territory, or tribal entity.
Component Privacy Office Recommendation:
Please include recommendation below, including what existing privacy compliance
documentation is available or new privacy compliance documentation is needed.
FEMA Privacy recommends the following coverage:
PIA: DHS/ALL/PIA – 006 DHS General Contacts List
SORN: N/A
SORN coverage is unnecessary as the program retrieves information by the name of the state, local,
territory, or tribal entity.
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 10 of 12
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
PRIVACY THRESHOLD ADJUDICATION
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:
Ke’Angela Crawford
PCTS Workflow Number:
Date approved by DHS Privacy Office:
PTA Expiration Date
0017997
September 19, 2024
September 19, 2027
DESIGNATION
Privacy Sensitive IC or
Form:
Yes If “no” PTA adjudication is complete.
Determination:
☐ PTA sufficient at this time.
☐ Privacy compliance documentation determination in
progress.
☐ New information sharing arrangement is required.
☐ DHS Policy for Computer-Readable Extracts Containing SPII
applies.
☐ Privacy Act Statement required.
☒ Privacy Impact Assessment (PIA) required.
☐ System of Records Notice (SORN) required.
☐ Specialized training required.
☐ Other. Click here to enter text.
DHS IC/Forms Review:
Choose an item.
Date IC/Form Approved Click here to enter a date.
by PRIV:
IC/Form PCTS Number: Click here to enter text.
Privacy Act
Choose an item.
Statement:
Click here to enter text.
PTA:
Choose an item.
Click here to enter text.
PIA:
System covered by existing PIA
If covered by existing PIA, please list:
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 11 of 12
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, [email protected]
www.dhs.gov/privacy
• DHS/ALL/PIA – 006 DHS General Contacts List.
If a PIA update is required, please list: Click here to enter text.
SORN:
Choose an item.
If covered by existing SORN, please list: Click here to enter text.
If a SORN update is required, please list: Click here to enter text.
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
FEMA is submitting this renewal PTA for the information collection 1660-0024,
Radiological Emergency Preparedness Program (REPP), Records Management. Since the
previously approved PTA, there have been no changes to the program.
This PTA documents the provisioning of FEMA’s REP program which coordinates the
National effort to provide SLTT governments with relevant and executable planning,
training, and exercise guidance and policies necessary to ensure that adequate capabilities
exist to prevent, protect against, mitigate the effects of, respond to, and recover from
incidents involving commercial nuclear power plants (NPPs).
As part of the review and approval process, FEMA corresponds with SLTT points of contact,
including providing an approval letter and the mitigation plan review document. The name
and contact information of the points of contact are collected within the required
mitigation plan documentation.
The DHS Privacy Office (PRIV) finds that this information collection is privacy sensitive,
requiring PIA coverage because PII is collected from members of the public. PRIV concurs
with FEMA Privacy that PIA coverage is provided by DHS/ALL/PIA-006 DHS General
Contact Lists, which pertains to the collection of contact information to conduct agency
operations. PRIV finds that SORN coverage is not required, because data is retrieved based
on the name of the state, local, territory, or tribal entity, rather than by a unique identifier.
Privacy Threshold Analysis – IC/Form
Version number: 04-2016
Page 12 of 12
�
| File Type | application/pdf |
| File Modified | 2024-09-19 |
| File Created | 2024-09-19 |