Initial Privacy Assessment

Initial Privacy Assessment (2).docx

Public/Private Partnerships for the Mixed-Finance Development of Public Housing Units

Initial Privacy Assessment

OMB: 2577-0275

Document [docx]
Download: docx | pdf




U.S. DEPARTMENT OF

HOUSING AND URBAN DEVELOPMENT






INITIAL PRIVACY ASSESSMENT (IPA)


Public/Private Partnerships for the Mixed-Finance Development of

Public Housing Units


Office of Public Housing Investmen

Urban Utilization Division, PIU


Instruction & Template


December 12, 2011


INTRODUCTION



What is an Initial Privacy Assessment?

An Initial Privacy Assessment (IPA) is designed to assess whether a Privacy Impact Assessment (PIA), a Privacy Act system of records notice (SORN), and/or other related privacy documents are required. The responses to the IPA will provide a foundation for determining if either a PIA or SORN or both will be required, and will also help to identify any policy concerns.


The IPA incorporates the matters previously addressed in the Department’s Privacy Identifiable Information (PII) Survey, and thus replaces the survey.


When should an IPA be completed?

An IPA should be completed for all information collection activities, whether the system is electronic or contains only records in paper form, and should be completed before commencement of any testing or pilot project of an information system or prior to implementing new information collections requests. Additionally, an IPA should be completed any time there is a change to the information system or collection to determine whether there are any privacy issues as a result of such a change.


Who should complete the IPA?

The IPA should be written and reviewed by a combination of the component’s (e.g., Privacy Act Officer, System Owner, Project Leaders, Paperwork Reduction Act Compliance Officers), and the program-specific office responsible for the system or information collections.


How is the IPA related to the Capital Planning, Certification and Accreditation, and Paperwork Reduction Act process?

Upon completion and approval of the IPA by the Privacy Officer the official document may be uploaded into the C&A tool, and provided as part of the IT Capital Planning, and Paperwork Reduction Act package as validation of the completed evaluation. The completed IPA demonstrates that the program components have consciously considered privacy and related requirements as part of the overall information activities. For an IT system that does not require a C&A, such as a minor application that runs on a system that does require a C&A, an IPA still should be completed to determine if other related privacy documentation are required for that system or project.


Where should the completed IPA be sent?

A copy of the completed IPA should be sent to the Office of Privacy Project Leads for review. The Privacy Officer will review the IPA and determine what additional privacy documentation is required, and then will advise the Program component accordingly.


Initial Privacy Assessment



SECTION I: INFORMATION ABOUT THE SYSTEM OR PROJECT



Date Submitted for Review: 12/12/2011


Project Name/Acronym: Public/Private Partnerships for the Mixed-Finance Development of Public Housing Units


System Owner/Contact information: Lawrence Gnessin, 202-402-2676


Project Leader/Contact Information: Susan Wilson, 202-402-4500




Which of the following describes the type of records in the system:




Paper-Only


Combination of Paper and Electronic


System/Project



Other: Please describe the type of project is the system or program, including paper based Privacy Act System of Records, Rules, or Technologies’.



<<ADD ANSWER HERE>>



Note: For this form purpose, there is no distinction made between technologies/systems managed by contractors. All technologies/systems should be initially reviewed for potential privacy impact.


Question 1: Provide a general description of the system or Project. The following questions are intended to define the scope of the information in the system, information collection, or project, specifically the nature of the information and the sources from which it is obtained.


  1. From whom is the information collected (i.e., government employees, contractors, or consultants, state, local government entities, or general public)?


State and local government entities (Public Housing Authorities)



  1. What is the functionality of the system, information collection, or project and the purpose that the records and/or system serve?


This information Collection allows HUD to perform due diligence before approving its investment in a Mixed-Finance development. The information is collected to ensure that the mixed-finance development effort has sufficient funds to reach completion, remain financially viable, and follow HUD legal and programmatic guidelines for housing project development or rehabilitation, ownership and use restrictions, as well as preserving HUD’s rights to the project.



c. How is information transmitted to and from the system, information collection, or project?


The information is overnight mailed by the Respondent to HUD.



d. What are the interconnections with other systems or projects?


None


QUESTION 2: Have the IPA been reviewed and approved by the Chief Privacy Officer


No


(If no, please contact component privacy official for official approval)


QUESTION 3: What is the Status of system, information collection, or project


  1. If this is a new system, information collection, or project, specify expected production date.


This is a paper-only ICR that remedies PRA non-compliance issues and reinstates existing information collections.


  1. If an existing system, information collection, or project, specify date of production.

Mixed-Finance public housing development has been in existence since 1998 and was approved under OMB Control Number 2577-0157 until 1/31/2011. These information collections are being reinstated under a new OMB Control Number, along with several existing documents that are being collected without OMB approval.



QUESTION 4: Does this system, information collection, or project collect personal identifiers/sensitive information


YES



NO



Does the system, information collection, or project collect personal/sensitive information? (e.g. name, address, personal email address, gender/sex, race/ethnicity, income/financial data, employment history, medical history, Social Security Number, Tax Identification Number, Employee Identification Number, FHA Case Number). Includes PII that may be part of a registration process?


If yes, specific data sets collected or provided, and the legal authorities, arrangement, and/or agreement authorize the collection of information (i.e. must include authorities that cover all information collection activities, including Social Security Numbers)?


Not applicable



QUESTION 5: Does the information about individuals identify particular individuals (i.e., is the information linked or linkable to specific individuals, often referred to as personally identifiable information?)



Not applicable


QUESTION 6: What type of Notice(s) are provided to the individual on the scope of information collected, the opportunity to consent to uses of said information, the opportunity to decline to provide information. (A notice may include a posted privacy policy, a Privacy Act notice on form(s), and/or a system of records notice published in the Federal Register.)



  1. Was any form of notice provided to the individual prior to collection of information? If yes, please provide a copy of the notice as an appendix. (A notice may include a posted privacy policy, a Privacy Act notice on form(s), and/or a system of records notice published in the Federal Register.) If notice was not published, why not?


Not applicable. All respondents are PHAs.



  1. Do individuals have an opportunity and/or right to decline to provide information?


Not applicable


  1. Do individuals have an opportunity to consent to particular uses of the information, and if so, what is the procedure by which an individual would provide such consent?


Not applicable


QUESTION 7: Is there a Certification & Accreditation record for your system? (This question does not apply to Information Collection Requests)


<<ADD ANSWER HERE>>


Specify below the systems categorization. If not available identify the FISMA-reported system whose Certification and Accreditation covers this system.


<<ADD ANSWER HERE>>


Confidentiality

Low

Moderate

High

Undefined

Integrity

Low

Moderate

High

Undefined

Availability

Low

Moderate

High

Undefined








SECTION II - Existing System or Project

(Only complete Section II if this is an existing system, information collection, or project).



QUESTION 1: When was the system, information collection, or project developed?


1998



QUESTION 2: If an existing system, information collection, or project, has the system or project undergone any changes since April 17, 2003?



Program changes include modifying required collection forms and documents through the date of this ICR.



QUESTION 3: Do the changes to the system, information collection, or project involve a change in the type of records maintained, the individuals on whom records are maintained, or the use or dissemination of information from the system?


No



QUESTION 4: Please indicate if any of the following changes to the system or project have occurred: (Mark all boxes that apply.)


A conversion from paper-based records to an electronic system.


A change from information in a format that is anonymous or non-identifiable to a format that is identifiable to particular individuals.


A new use of an IT system, including application of a new technology that changes how information in identifiable form is managed. (For example, a change that would create a more open environment and /or avenue for exposure of data that previously did not exist.)


A change that results in information in identifiable form being merged, centralized, or matched with other databases.


A new method of authenticating the use of an access to information in the identifiable form by members of the public.


A systematic incorporation of databases of information in identifiable form purchased or obtained from commercial or public sources.


A new interagency use of shared agency function that results in new uses or exchanges of information in identifiable form.


A change that results in a new use of disclosure of information in identifiable form.


A change that results in new items of information in identifiable form being added into the system.



QUESTION 5: Does a PIA for the system or project already exist? If yes, please provide a copy of the notice as an appendix.



No

Privacy Office determination


(To be completed by the Privacy Office)




This is NOT a privacy sensitive system, information collection or project – the system, information collection, or project contains no personal identifiers/sensitive information




This IS a Privacy Sensitive Project



IPA sufficient at this time




A PIA is required



The existing PIA requires an update/deletion



A SORN is required



The existing SORN requires an update or should be deleted



Other


COMMENTS:













DOCUMENT ENDORSMENT



DATE REVIEWED:

REVIEWERS NAME:



By Signing below you attest that the content captured in this document is accurate and complete and meet the requirements of applicable federal regulations and HUD internal policies.










SYSTEM OR PROJECT OWNER

<< INSERT NAME/TITLE>>



Date

<<INSERT PROGRAM OFFICE>>















PROGRAM AREA MANAGER

<<INSERT NAME/TITLE>>


Date

<<INSERT PROGRAM OFFICE>>














CHIEF PRIVACY OFFICER,

<<INSERT NAME>>


Date

Office of the Chief Information Officer



U. S. Department of Housing and Urban Development





File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File TitleAttached for your immediate attention is the electronic copy of the SSN and PII memorandum distributed to Departmental Principle
AuthorNadine Craft
File Modified0000-00-00
File Created2021-01-31

© 2024 OMB.report | Privacy Policy