Download:
pdf |
pdfU.S. DEPARTMENT OF
HOUSING AND URBAN DEVELOPMENT
PRIVACY THRESHOLD ANALYSIS (PTA)
Research and Evaluation, Demonstration,
and Data Analysis and Utilization
Office of Policy Development and Research
Instruction & Template
[September 19,2017]
PRIVACY THRESHOLD ANALYSIS
The Privacy Threshold Analysis (PTA) is a compliance form developed by the Privacy Branch to
identify, across the Department, the use of Personally Identifiable Information (PII). The PTA is
the first step in the PII verification process, which focuses on these areas of inquiry:
•
Purpose for the information
•
Type of information
•
Sensitivity of the information
•
Use of the information
•
The risks to the information
Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is
required under the E-Government Act of 2002 or a System of Records Notice (SORN) is
required under the Privacy Act of 1974, as amended.
Complete the form and send it to your program Privacy Liaison Officer (PLO). If you have no
program Privacy Liaison Officer, please send the PTA to Marcus R. Smallwood, Acting Chief
Privacy Officer, Privacy Branch, U.S. Department of Housing and Urban Development,
451 7th Street, SW, Room 10139, Washington, DC 20410 or privacy@hud.gov.
Upon its receipt from your program PLO, the HUD Privacy Branch will review the completed
form. If it determines that a PIA or SORN is required, the HUD Privacy Branch will send you a
copy of the PIA and SORN templates to complete and return to the Branch.
PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:
The Notice of Funding Availability for Research and Evaluation,
Demonstration, and Data Analysis and Utilization (HUDRD)
Program:
Policy Development and Research (PD&R)
CSAM Name (if
applicable):
Click here to enter text.
CSAM Number
(if applicable):
Click here to enter text.
Type of Project or
Program:
Program
Project or
program
status:
Existing
Date first
developed:
Date of last PTA
update:
April 11, 2016
Pilot launch
date:
August 11, 2016
Click here to enter a date.
Pilot end date:
Click here to enter a date.
ATO Status (if
applicable)
Choose an item.
ATO
expiration date
(if applicable):
Click here to enter a date.
PROJECT OR PROGRAM MANAGER
Name:
Madlyn Wohlman Rodriguez
Office:
Policy Development and
Research (PD&R)
Title:
Grants Officer
Phone:
202 402 5939
Email:
madlyn.wohlmanrodriguez@
hud.gov
INFORMATION SYSTEM SECURITY OFFICER (ISSO) (IF APPLICABLE)
Name:
Click here to enter text.
Phone:
Click here to enter text.
Email:
Click here to enter text.
SPECIFIC PTA QUESTIONS
1. Reason for submitting the PTA: Choose an item.
Please provide a general description of the project and its purpose so a nontechnical person could
understand. If this is an updated PTA, please describe the changes and/or upgrades triggering the
update to this PTA. If this is a renewal, please state whether there were any changes to the project,
program, or system since the last version.
The Notice of Funding Availability for Research and Evaluation, Demonstration, and Data
Analysis and Utilization seeks to further PD&R’s mission to inform policy development and
implementation to improve life in American communities through conducting, supporting, and
sharing research, surveys, demonstrations, program evaluations, and best practices. This broad
mission addresses the following strategic goals
contained in HUD’s Strategic Plan:
(1) Strengthen the Nation’s Housing Market to Bolster the Economy and Protect Consumers;
(2) Meet the Need for Quality Affordable Rental Homes;
(3) Use Housing as a Platform to Improve Quality of Life; and
(4) Build Strong, Resilient, and Inclusive Communities.
2. Does this system employ the following
technologies?
If you are using these technologies and want
coverage under the respective PIA for that
technology, please stop here and contact the HUD
Privacy Branch for further guidance.
Social Media
Web portal1 (e.g., SharePoint)
Contact Lists
Public website (e.g., A website operated by
HUD, contractor, or other organization on behalf
of HUD)
None of these
3. From whom does the project or
program collect, maintain, use, or
disseminate information?
1
This program collects no personally identifiable
information2
Informational and collaboration-based portals in operation at HUD, and its programs that collect, use, maintain, and share limited
personally identifiable information (PII) about individuals who are “members” of the portal or “potential members” who seek to
gain access to the portal.
2
HUD defines personal information as “personally identifiable information,” or PII, as any information that permits the identity of
an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual, regardless
of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the
Please check all that apply.
Applicants for the Notice of Funding Availability for
Research and Evaluation, Demonstration, and Data
Analysis and Utilization research grants do not give
personal identifiable information only names of
principal investigators, researchers and contractors
– and submit only business addresses. They do not
personal email – only business email. They do not
give personal phone numbers – only business
information.
Members of the public
HUD employees/contractors (list programs)
Contractors working on behalf of HUD
Employees of other Federal agencies
Other (e.g., business entity)
4. What specific information about individuals is collected, generated, or retained?
Please provide a specific description of information collected, generated, or retained (such as full names,
maiden name, mother’s maiden name, alias, Social Security number, passport number, driver’s license
number, taxpayer identification number, patient identification number, financial account, credit card
number, street address, internet protocol, media access control, telephone number, mobile number,
business number, photograph image, x-rays, fingerprints, biometric image, template date (e.g., retain
scan, well-defined group of people),vehicle registration number, title number, and information about an
individual that is linked or linkable to one of the above (e.g., date of birth, place of birth, race, religion,
weight, activities, geographical indictors, employment information, medical information, education
information, financial information, etc.
4(a) Does the project, program, or system
retrieve information about U.S. Citizens or
lawfully admitted permanent resident
aliens using personal identifiers?
No. Please continue to the next question.
Yes. If yes, please list all personal identifiers
used:
Applicants for the Notice of Funding
Availability for Research and Evaluation,
Demonstration, and Data Analysis and
Utilization research grants do not give
personal identifiable information only names
of principal investigators, researchers and
contractors – and submit only business
addresses. They do not personal email – only
business email. They do not give personal
phone numbers – only business information.
Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial harm,
embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the same.
4(b) Does the project, program, or system
have an existing System of Records Notice
(SORN), that has already been published in
the Federal Register that covers the
information collected?
No. Please continue to the next question.
Yes. If yes, provide the system name and
number, and the Federal Register citation(s)
for the most recent complete notice and any
subsequent notices reflecting amendment
to the system
4(c) Has the project, program, or system
No. Please continue to the next question.
undergone any significant changes since the
Yes. If yes, please describe.
SORN?
4(d) Does the project, program, or system
No.
use Social Security numbers (SSN)?
Yes.
4(e) If yes to 4(d), please provide the
specific legal authority and purpose for the Click here to enter text.
collection of SSNs.
4(f) If yes to 4(d), please describe the uses of
Click here to enter text.
the SSNs within the project, program, or
system.
No. Please continue to next question.
4(g) If this project, program, or system is
an information technology/system, does it
Yes. If a log of communication traffic is kept,
relate solely to infrastructure?
please provide that information here.
For example, is the system a Local Area
Network (LAN) or Wide Area Network
(WAN)?
4(h) If header or payload data3 is stored in the communication traffic log, please detail the data
elements stored.
Click here to enter text.
5. Does this project, program, or system
connect, receive, or share PII with any
other HUD programs or systems?
3
No.
Yes. If yes, please list:
Click here to enter text.
Header: Information that is placed before the actual data. The header normally contains a small number of bytes of
control information, which is used to communicate important facts about the data that the message contains and how
it is to be interpreted and used. It serves as the communication and control link between protocol elements on different
devices.
Payload data: The actual data to be transmitted, often called the payload of the message (metaphorically borrowing a
term from the space industry!). Most messages contain some data of one form or another, but some actually contain
none: they are used only for control and communication purposes. For example, these may be used to set up or
terminate a logical connection before data is sent.
6. Does this project, program, or system
connect, receive, or share PII with any
external (non-HUD) partners or
systems?
No.
Yes. If yes, please list:
Click here to enter text.
6(a) Is this external sharing pursuant to a
new or existing information sharing
access agreement (MOU, MOA, etc.)?
No.
Yes. If yes, please choose from the dropdown
menu below:
Choose an item.
Please describe applicable information sharing
governance in place:
7. Does the project, program, or system
provide role-based training for
personnel who have access, in addition
to the annual privacy training required
of all HUD personnel?
No.
8. Per NIST SP 800-53 Rev. 4, Appendix
J, does the project, program, or system
maintain an accounting of disclosures
of PII to individuals/agencies who have
requested access to their PII?
No. What steps will be taken to develop and
maintain the accounting:
Yes. In what format is the accounting
maintained:
9. Is there a FIPS 199 determination?4
4
Yes. If yes, please list:
Unknown.
No.
Yes. Please indicate the determinations for each
of the following:
Confidentiality:
Low
Moderate
High
Integrity:
Low
Moderate
High
Availability:
Low
Moderate
High
FIPS 199 (Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal Information
and Information Systems) is used to establish security categories of information systems.
PRIVACY THRESHOLD ANALYSIS REVIEW
(TO BE COMPLETED BY PROGRAM PLO)
Program Privacy Liaison Reviewer:
Ronald Hill
Date submitted to Program Privacy
Office:
September 19, 2017
Date submitted to HUD Privacy Branch:
September 19, 2017
Program Privacy Liaison Officer Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
Click here to enter text.
(TO BE COMPLETED BY THE HUD PRIVACY BRANCH)
HUD Privacy Branch Reviewer:
Cindy Etheridge
Date approved by HUD Privacy Branch:
September 19, 2017
PTA Expiration Date:
September 21, 2020
DESIGNATION
Privacy Sensitive System:
Choose an item.
Category of System:
Choose an item.
If “other” is selected, please describe: Click here to enter text.
Determination:
If “no” PTA adjudication is complete.
PTA sufficient at this time.
Privacy compliance documentation determination in progress.
New information-sharing arrangement is required.
HUD Policy for Computer-Readable Extracts Containing Sensitive PII
applies.
Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.
Paperwork Reduction Act (PRA) Clearance may be required. Contact
your program PRA Officer.
A Records Schedule may be required. Contact your program Records
Officer.
Choose an item.
If covered by existing PIA, please list: N/A
Choose an item.
SORN:
If covered by existing SORN, please list: N/A
HUD Privacy Branch Comments:
PIA:
Please describe rationale for privacy compliance determination above.
Click here to enter text.
DOCUMENT ENDORSEMENT
DATE REVIEWED: 9/19/2017
PRIVACY REVIEWING OFFICIAL’S NAME: Cindy Etheridge
By signing below, you attest that the content captured in this document is accurate and complete
and meet the requirements of applicable Federal regulations and HUD internal policies.
SYSTEM OWNER
Madlyn Wohlman-Rodriquez/Office of University
Partnerships
Office of Policy Development and Research
MARCUS
SMALLWOOD
Digitally signed by: MARCUS SMALLWOOD
DN: CN = MARCUS SMALLWOOD C = US
O = U.S. Government OU = Department of
Housing and Urban Development, Office of
Administration
Date: 2017.09.19 09:49:54 -05'00'
CHIEF PRIVACY OFFICER
Marcus Smallwood/Privacy Officer
OFFICE OF ADMINISTRATION
Date
9/19/2017
9/19/2017
Date
File Type | application/pdf |
File Title | Microsoft Word - PTA_Template HUDRD16 mwr 9_19_17 |
Author | H51217 |
File Modified | 2017-09-19 |
File Created | 2017-09-19 |