Pta

FEMA PTA Mitigation (MT) Electronic Grants (eGrants) to PRIV 20140318.docx

Mitigation Grant Programs /e-Grants

PTA

OMB: 1660-0072

Document [docx]
Download: docx | pdf

Privacy Office

U.S. Department of Homeland Security

Washington, DC 20528

202-343-1717, pia@dhs.gov

www.dhs.gov/privacy


Privacy Threshold Analysis

Version number: 01-2014

Page 6 of 6


PRIVACY THRESHOLD ANALYSIS (PTA)

This form is used to determine whether
a Privacy Impact Assessment is required.


Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under the E-Government Act of 2002 and the Homeland Security Act of 2002. 

Please complete this form and send it to your component Privacy Office. If you do not have a component Privacy Office, please send the PTA to the DHS Privacy Office:


Senior Director, Privacy Compliance

The Privacy Office

U.S. Department of Homeland Security

Washington, DC 20528

Tel: 202-343-1717



PIA@hq.dhs.gov


Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment Guide and accompanying Template to complete and return.

A copy of the Guide and Template is available on the DHS Privacy Office website, www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email: pia@hq.dhs.gov, phone: 202-343-1717.

PRIVACY THRESHOLD ANALYSIS (PTA)



Summary Information

Project or Program Name:

Mitigation (MT) Electronic Grants (eGrants)

Component:

Office or Program:

Federal Insurance and Mitigation Administration (FIMA)

Xacta FISMA Name (if applicable):

MT eGrants

Xacta FISMA Number (if applicable):

FEM-01843-MAJ-01843

Type of Project or Program:

Project or program status:

Date first developed:

August 1, 2003

Pilot launch date:

Click here to enter a date.

Date of last PTA update

February 10, 2011

Pilot end date:

Click here to enter a date.

ATO Status (if applicable)

ATO expiration date (if applicable):

July 15, 2016



PROJECT OR PROGRAM MANAGER

Name:

Jennifer East

Office:

Risk Reduction/GDAT

Title:

System Team Lead

Phone:

202-646-2908

Email:

Jennifer.East@fema.dhs.gov



INFORMATION SYSTEM SECURITY OFFICER (ISSO) (if applicable)

Name:

John Fowler

Phone:

202-264-2679

Email:

John.Fowler@associates.fema.dhs.gov






Specific PTA Questions

1. Reason for submitting the PTA:

The Federal Insurance and Mitigation Administration (FIMA) own and operate the Mitigation (MT) Electronic Grants (eGrants) system. FIMA conducts this MT eGrants PTA during this ongoing Security Authorization renewal process and as part of OMB ICR No. 1660-0072 review, update, and renewal process.

MT eGrants is both an internal (government-facing) system and an external facing system. This system is also part of OMB ICR No. 1660-0072. Grant applicants and sub-applicants (States, Federally-recognized Indian Tribal governments, territories, and local governments) access the external site to submit their applications. FEMA staff use the internal systems to review the applications and to award and monitor awarded grants. MT eGrants processes applications for the following components of the Hazard Mitigation Assistance (HMA) grant programs: Pre-Disaster Mitigation (PDM), Flood Mitigation Assistance (FMA), Repetitive Flood Claims (RFC) and Severe Repetitive Loss (SRL). During the application process, the grant applicant provides personally identifiable information (PII) of its point of contacts (POCs) for the sole purpose of correspondence between FEMA and the applicant. Also, MT eGrants collects the name, address, other property information such as the flood insurance policy information for the purpose of determining HMA funding eligibility and to prevent duplication of benefits. There are no forms associated with OMB ICR No. 1660-0072.

MT eGrants currently has coverage by the DHS/FEMA/PIA-006 FEMA National Emergency Management Information System MT eGrants System Privacy Impact Assessment (PIA) and the DHS/FEMA-009 Hazard Mitigation Assistance (HMA) Grant Programs System of Records System of Records Notice (SORN), 77 Fed. Reg. 17,783 (July 23, 2012).(PLEASE NOTE THAT THIS SORN IS BEING REVISED)

Individuals access MT eGrants through the FEMA Authentication and Provisioning Services (APS). FEMA APS is currently covered by the DHS/FEMA/PIA-031 Authentication and Provisioning Services (APS) PIA and the DHS/ALL-004 General Information Technology Access Account Records System (GITAARS) SORN 77 Fed. Reg. 70,792 (Nov. 27, 2012).

FIMA shares MT eGrant information with the FEMA Enterprise Data Warehouse (EDW). FIMA shares this information with EDW for storage and reporting purposes. The FEMA EDW is currently covered by the DHS/FEMA/PIA-026 Operational Data Store and Enterprise Data Warehouse PIA.



  1. Does this system employ any of the following technologies:

If you are using any of these technologies and want coverage under the respective PIA for that technology please stop here and contact the DHS Privacy Office for further guidance.

Closed Circuit Television (CCTV)

Social Media

Web portal1 (e.g., SharePoint)

Contact Lists

None of these


  1. From whom does the Project or Program collect, maintain, use, or disseminate information?

Please check all that apply.

This program does not collect any personally identifiable information2

Members of the public

DHS employees/contractors (list components):

Contractors working on behalf of DHS

Employees of other federal agencies



  1. What specific information about individuals is collected, generated or retained?



The FEMA MT eGrants system collects the following information from individual property owners that are included in a state’s HMA Grant Program grant application: name, telephone number(s) (home, work/business, and/or mobile), property address(es) (damaged, mailing, and email), flood insurance policy number, flood insurance policy provider, flood insurance policy/coverage status.



The FEMA MT eGrants system also collects the following point of contact information from grant applicants: name, work/business address, work/business telephone number, and work/business email address.





4(a) Does the project, program, or system retrieve information by personal identifier?

No. Please continue to next question.

Yes. If yes, please list all personal identifiers used:


4(b) Does the project, program, or system use Social Security Numbers (SSN)?

No.

Yes.


4(c) If yes, please provide the specific legal basis and purpose for the collection of SSNs:

Click here to enter text.


4(d) If yes, please describe the uses of the SSNs within the project, program, or system:

Click here to enter text.


4(e) If this project, program, or system is an information technology/system, does it relate solely to infrastructure?


For example, is the system a Local Area Network (LAN) or Wide Area Network (WAN)?

No. Please continue to next question.

Yes. If a log kept of communication traffic, please answer the following question.


4(f) If header or payload data3 is stored in the communication traffic log, please detail the data elements stored.

Click here to enter text.




  1. Does this project, program, or system connect, receive, or share PII with any other DHS programs or systems4?


No.

Yes. If yes, please list:

FEMA’s Enterprise Data Warehouse

  1. Does this project, program, or system connect, receive, or share PII with any external (non-DHS) partners or systems?


No.

Yes. If yes, please list:

Click here to enter text.

6(a) Is this external sharing pursuant to new or existing information sharing access agreement (MOU, MOA, LOI, etc.)?


Please describe applicable information sharing governance in place:


7. Does the project, program, or system provide role-based training for personnel who have access in addition to annual privacy training required of all DHS personnel?


No.

Yes. If yes, please list:

http://www.fema.gov/mitigation-egrants-system-0

  1. Per NIST SP 800-53 Rev. 4, Appendix J, does the project, program, or system maintain an accounting of disclosures of PII to individuals who have requested access to their PII?

No. What steps will be taken to develop and maintain the accounting:

Yes. In what format is the accounting maintained: MT eGrants audit logs are generated via syslog. The audit records capture event information including user account name, user IP address, timestamp of event, and type of event. MT eGrants administrators following the Enterprise Audit Logging SOP, dated April 30, 2012.

  1. Is there a FIPS 199 determination?4

Unknown.

No.

Yes. Please indicate the determinations for each of the following:

Confidentiality:

Low Moderate High Undefined



Integrity:

Low Moderate High Undefined



Availability:

Low Moderate High Undefined






PRIVACY THRESHOLD REVIEW

(To be Completed by COMPONENT PRIVACY OFFICE)

Component Privacy Office Reviewer:

LeVar J. Sykes


Date submitted to Component Privacy Office:

Click here to enter a date.


Date submitted to DHS Privacy Office:

Click here to enter a date.


Component Privacy Office Recommendation:

Please include recommendation below, including what new privacy compliance documentation is needed.

The FEMA Privacy Office recommends that FEMA MT eGrants be classified as a Privacy Sensitive System with coverage by the following existing PIA and SORN:

PIA: DHS/FEMA/PIA-006 National Emergency Management Information System Mitigation (MT) Electronic Grants (eGrants) System

SORN: DHS/FEMA-009 – HMA Grant Programs SORN, 77 Fed Reg. 17,783 (July 23, 2012).


(To be Completed by the DHS Privacy Office)

DHS Privacy Office Reviewer:

Click here to enter text.

PCTS Workflow Number:

Click here to enter text.

Date approved by DHS Privacy Office:

Click here to enter a date.

PTA Expiration Date

Click here to enter a date.

DESIGNATION

Privacy Sensitive System:

If “no” PTA adjudication is complete.


Category of System:

If “other” is selected, please describe: Click here to enter text.


Determination: PTA sufficient at this time.

Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
DHS Policy for Computer-Readable Extracts Containing Sensitive PII applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.
Paperwork Reduction Act (PRA) Clearance may be required. Contact your component PRA Officer.
A Records Schedule may be required. Contact your component Records Officer.


PIA:

If covered by existing PIA, please list: Click here to enter text.


SORN:

If covered by existing SORN, please list: Click here to enter text.


DHS Privacy Office Comments:

Please describe rationale for privacy compliance determination above.

Click here to enter text.



1 Informational and collaboration-based portals in operation at DHS and its components that collect, use, maintain, and share limited personally identifiable information (PII) about individuals who are “members” of the portal or “potential members” who seek to gain access to the portal.

2 DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual, regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the same.

3 When data is sent over the Internet, each unit transmitted includes both header information and the actual data being sent. The header identifies the source and destination of the packet, while the actual data is referred to as the payload. Because header information, or overhead data, is only used in the transmission process, it is stripped from the packet when it reaches its destination. Therefore, the payload is the only data received by the destination system.

4 PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes. Often, these systems are listed as “interconnected systems” in Xacta.

4 FIPS 199 is the Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal Information and Information Systems and is used to establish security categories of information systems.


File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File TitleDHS PRIVACY OFFICE
Authormarilyn.powell
File Modified0000-00-00
File Created2021-01-27

© 2024 OMB.report | Privacy Policy