Download:
pdf |
pdfPrivacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@dhs.gov
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 1 of 8
PRIVACY THRESHOLD ANALYSIS (PTA)
This form is used to determine whether
a Privacy Impact Assessment is required.
Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is required under
the E-Government Act of 2002 and the Homeland Security Act of 2002.
Please complete this form and send it to your component Privacy Office. If you do not have a component
Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
PIA@hq.dhs.gov
Upon receipt from your component Privacy Office, the DHS Privacy Office will review this form. If a
PIA is required, the DHS Privacy Office will send you a copy of the Official Privacy Impact Assessment
Guide and accompanying Template to complete and return.
A copy of the Guide and Template is available on the DHS Privacy Office website,
www.dhs.gov/privacy, on DHSConnect and directly from the DHS Privacy Office via email:
pia@hq.dhs.gov, phone: 202-343-1717.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@dhs.gov
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 2 of 8
PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:
ICR 1660-0058 Fire Management Assistance Grant Program
Component:
Federal Emergency
Management Agency (FEMA)
Office or
Program:
ORR
Xacta FISMA
Name (if
applicable):
NA
Xacta FISMA
Number (if
applicable):
NA
Type of Project or
Program:
Form or other Information
Collection
Project or
program
status:
Existing
Date first
developed:
Date of last PTA
update
October 30, 2001
Pilot launch
date:
Click here to enter a date.
July 15, 2011
Pilot end date:
Click here to enter a date.
ATO Status (if
applicable)
Choose an item.
ATO
expiration date
(if applicable):
Click here to enter a date.
PROJECT OR PROGRAM MANAGER
Name:
Allen Wineland
Office:
FEMA Recovery Directorate
Title:
FMAG Program Analyst
Phone:
202-646-3661
Email:
Allen.Wineland@fema.dhs.go
v
INFORMATION SYSTEM SECURITY OFFICER (ISSO) (IF APPLICABLE)
Name:
NA
Phone:
NA
Email:
NA
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@dhs.gov
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 3 of 8
SPECIFIC PTA QUESTIONS
1. Reason for submitting the PTA: Renewal PTA
Please provide a general description of the project and its purpose in a way a non-technical person could
understand. If this is an updated PTA, please describe what changes and/or upgrades that are triggering
the update to this PTA. If this is a renewal please state whether or not there were any changes to the
project, program, or system since the last version.
The Fire Management Assistance Grant Program (FMAGP) collects data in order to provide Fire
Management Assistance. The FMAGP is authorized by section 420 of the Stafford Act (42 U.S.C. 5187).
The regulations published in 44 CFR Part 204 govern the FMAGP and detail the program procedures,
eligibility, and requirements.
Fire Management Assistance is available to state, local and tribal governments for the mitigation,
management, and control of fires on publicly or privately owned forests or grasslands that threaten such
destruction as would constitute a major disaster. The Fire Management Assistance declaration process is
initiated when a state official submits a request for assistance to the FEMA Regional Director because a
"threat of major disaster" exists. The entire process is accomplished on an expedited basis and a FEMA
decision is rendered in a matter of hours.
To begin the FMAGP application process, the Governor of a State or the Governor’s Authorized
Representative (GAR) submits a request for a FMAGP declaration. The only information collected is the
name, work email address, work phone number, and work mailing address of the state employees or
officials who complete the forms. FMAGP staff uses the contact information for questions regarding the
applicant’s grant assistance submission.
No changes or updates have been made.
2. Does this system employ any of the
following technologies:
If you are using any of these technologies and
want coverage under the respective PIA for that
technology please stop here and contact the DHS
Privacy Office for further guidance.
Closed Circuit Television (CCTV)
Social Media
Web portal1 (e.g., SharePoint)
Contact Lists
None of these
3. From whom does the Project or
Program collect, maintain, use, or
1
This program does not collect any personally
identifiable information2
Informational and collaboration-based portals in operation at DHS and its components that collect, use, maintain, and share
limited personally identifiable information (PII) about individuals who are “members” of the portal or “potential members” who
seek to gain access to the portal.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@dhs.gov
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 4 of 8
disseminate information?
Please check all that apply.
Members of the public
DHS employees/contractors (list components):
Contractors working on behalf of DHS
Employees of other federal agencies
4. What specific information about individuals is collected, generated or retained?
Please provide a specific description of information that is collected, generated, or retained (such as
names, addresses, emails, etc.) for each category of individuals.
The only information that is collected are the name, work email address, work phone number, and work
mailing address of the state employee(s)/official(s) who complete the forms in case they need to be
contacted on questions regarding their grant assistance submission.
4(a) Does the project, program, or system
retrieve information by personal identifier?
4(b) Does the project, program, or system
use Social Security Numbers (SSN)?
4(c) If yes, please provide the specific legal
basis and purpose for the collection of
SSNs:
4(d) If yes, please describe the uses of the
SSNs within the project, program, or
system:
4(e) If this project, program, or system is
an information technology/system, does it
relate solely to infrastructure?
For example, is the system a Local Area Network
(LAN) or Wide Area Network (WAN)?
2
No. Please continue to next question.
Yes. If yes, please list all personal identifiers
used:
No.
Yes.
NA
NA
No. Please continue to next question.
Yes. If a log kept of communication traffic,
please answer the following question.
DHS defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to
the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the
same.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@dhs.gov
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 5 of 8
4(f) If header or payload data3 is stored in the communication traffic log, please detail the data
elements stored.
NA
5. Does this project, program, or system
connect, receive, or share PII with any
other DHS programs or systems4?
No.
Yes. If yes, please list:
Click here to enter text.
6. Does this project, program, or system
connect, receive, or share PII with any
external (non-DHS) partners or
systems?
6(a) Is this external sharing pursuant to
new or existing information sharing
access agreement (MOU, MOA, LOI,
etc.)?
7. Does the project, program, or system
provide role-based training for
personnel who have access in addition
to annual privacy training required of
all DHS personnel?
8. Per NIST SP 800-53 Rev. 4, Appendix
J, does the project, program, or system
maintain an accounting of disclosures
of PII to individuals who have
requested access to their PII?
3
No.
Yes. If yes, please list:
Click here to enter text.
Choose an item.
Please describe applicable information sharing
governance in place:
No.
Yes. If yes, please list:
No. What steps will be taken to develop and
maintain the accounting: N/A this is not an IT
system.
Yes. In what format is the accounting
maintained:
When data is sent over the Internet, each unit transmitted includes both header information and the actual data being sent. The
header identifies the source and destination of the packet, while the actual data is referred to as the payload. Because header
information, or overhead data, is only used in the transmission process, it is stripped from the packet when it reaches its
destination. Therefore, the payload is the only data received by the destination system.
4
PII may be shared, received, or connected to other DHS systems directly, automatically, or by manual processes. Often, these
systems are listed as “interconnected systems” in Xacta.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@dhs.gov
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 6 of 8
9. Is there a FIPS 199 determination?4
Unknown.
No.
Yes. Please indicate the determinations for each
of the following:
Confidentiality:
Low
Moderate
High
Undefined
Integrity:
Low
Moderate
High
Undefined
Availability:
Low
Moderate
High
Undefined
PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:
Kathryn Fong
Date submitted to Component Privacy
Office:
June 2, 2014
Date submitted to DHS Privacy Office:
Click here to enter a date.
Component Privacy Office Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
No updates have been made. FEMA Privacy recommends this ICR continue to be covered under
DHS/FEMA/PIA-013 Grants Management Program and DHS/FEMA-004 Grants Management
Information Files SORN.
4
FIPS 199 is the Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal
Information and Information Systems and is used to establish security categories of information systems.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@dhs.gov
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 7 of 8
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:
Jameson A. Morgan
PCTS Workflow Number:
1023918
Date approved by DHS Privacy Office:
July 2, 2014
PTA Expiration Date
July 2, 2017
DESIGNATION
Privacy Sensitive System:
Category of System:
Determination:
Yes
If “no” PTA adjudication is complete.
Form/Information Collection
If “other” is selected, please describe: Click here to enter text.
PTA sufficient at this time.
Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
DHS Policy for Computer-Readable Extracts Containing Sensitive PII
applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.
Paperwork Reduction Act (PRA) Clearance may be required. Contact
your component PRA Officer.
A Records Schedule may be required. Contact your component Records
Officer.
System covered by existing PIA
PIA:
SORN:
If covered by existing PIA, please list: DHS/FEMA/PIA – 013 DHS/FEMA PIA- Grant
Management Programs
System covered by existing SORN
If covered by existing SORN, please list: DHS/FEMA 004 Grant Management
Information Files
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
The DHS Privacy Office agrees with the FEMA Privacy Office that FMAGP is privacy sensitive system
with coverage required under the DHS/FEMA/PIA – 013 Grant Management Programs PIA and the
DHS/FEMA – 004 Grant Management Information Files SORN.
Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@dhs.gov
www.dhs.gov/privacy
Privacy Threshold Analysis
Version number: 01-2014
Page 8 of 8
This PTA was submitted as a renewal PTA. There have not been any changes since the last PTA was
adjudicated on 7/17/2012. All privacy documentation will remain in place and continue to cover this
system. The 2012 PTA adjudication comments were as follows:
“Fire Management Assistance Grants Program/ proposed rule is covered under an existing PIA
DHS/FEMA/PIA-013-Grant Management Programs and SORN DHS/FEMA 004 Grant Management
Information Files. The PIA and SORN cover the FEMA’s collection of PII in order to administer its grant
programs… All of the data elements involved in this collection comply with the existing PIA and
SORN.”
File Type | application/pdf |
File Title | DHS PRIVACY OFFICE |
Author | marilyn.powell |
File Modified | 2014-07-02 |
File Created | 2014-07-02 |