Download:
pdf |
pdfPrivacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
PRIVACY THRESHOLD ANALYSIS (PTA)
This form serves as the official determination by the DHS Privacy Office to
identify the privacy compliance requirements for all Departmental uses of
personally identifiable information (PII).
A Privacy Threshold Analysis (PTA) serves as the document used to identify
information technology (IT) systems, information collections/forms, technologies,
rulemakings, programs, information sharing arrangements, or pilot projects that involve
PII and other activities that otherwise impact the privacy of individuals as determined by
the Chief Privacy Officer, pursuant to Section 222 of the Homeland Security Act, and to
assess whether there is a need for additional Privacy Compliance Documentation. A PTA
includes a general description of the IT system, information collection, form, technology,
rulemaking, program, pilot project, information sharing arrangement, or other Department
activity and describes what PII is collected (and from whom) and how that information is
used and managed.
Please complete the attached Privacy Threshold Analysis and submit it to your
component Privacy Office. After review by your component Privacy Officer the PTA is sent
to the Department’s Senior Director for Privacy Compliance for action. If you do not have a
component Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
PIA@hq.dhs.gov
Upon receipt from your component Privacy Office, the DHS Privacy Office will review this
form and assess whether any privacy compliance documentation is required. If compliance
documentation is required – such as Privacy Impact Assessment (PIA), System of Records
Notice (SORN), Privacy Act Statement, or Computer Matching Agreement (CMA) – the DHS
Privacy Office or component Privacy Office will send you a copy of the relevant compliance
template to complete and return.
Privacy Threshold Analysis – IC/Form
Page 1 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
Privacy Threshold Analysis (PTA)
Specialized Template for
Information Collections (IC) and Forms
The Forms-PTA is a specialized template for Information Collections and Forms. This
specialized PTA must accompany all Information Collections submitted as part of the
Paperwork Reduction Act process (any instrument for collection (form, survey,
questionnaire, etc.) from ten or more members of the public). Components may use this PTA
to assess internal, component-specific forms as well.
Form Number:
Form Title:
Component:
Form Number(s): FEMA Form 089-0-24
Request for Fire Management Assistance Subgrant Form
Federal Emergency
Office:
Office of Response and
Management Agency
Recovery
(FEMA)
IF COVERED BY THE PAPERWORK REDUCTION ACT:
Collection Title:
Fire Management Assistance Grant Program
OMB Control
Number:
Collection status:
Name:
Office:
Phone:
Name:
1660 - 0058
Extension
OMB Expiration
Date:
Date of last PTA (if
applicable):
January 31, 2018
July 2, 2014
PROJECT OR PROGRAM MANAGER
Allen Wineland
Public Assistance Division
Title:
FMAG Program Manager
202-702-1472
Email:
Allen.wineland@fema.dhs.g
ov
COMPONENT INFORMATION COLLECTION/FORMS CONTACT
Millicent Brown
Privacy Threshold Analysis – IC/Form
Page 2 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
Office:
Phone:
Sr. Forms Management &
Information Collections
Analyst
(202) 212-7014
Email:
millicent.brown@fema.dhs.g
ov
SPECIFIC IC/Forms PTA QUESTIONS
Records Management
Branch, Information
Management Division
Title:
1. Purpose of the Information Collection or Form
a. Describe the purpose of the information collection or form. Please provide a
general description of the project and its purpose, including how it supports the DHS
mission, in a way a non-technical person could understand (you may use
information from the Supporting Statement).
If this is an updated PTA, please specifically describe what changes or upgrades are
triggering the update to this PTA.
When a Fire Management Assistance Grant (FMAG) declaration is awarded, it allows
FEMA Disaster Relief Funds to be used to reimburse eligible entities for fire suppression
operations and grant administration for the declared fire. While a State receives the
grant and serves as the sole recipient (grantee), one of its responsibilities is to reimburse
subrecipients (formally known as subgrantees) which are local and Indian Tribal
governments, as well as other entities such as police and fire departments for their work
for costs incurred for eligible fire suppression activities or supporting services. These
activities may include costs for lodging, food and food preparation, police barricading,
and any provision of on-scene supplies and other equipment and services needed as part
of fire suppression operations. Reimbursement may also be provided for evacuations
and sheltering.
The purpose of the Request for Fire Management Assistance Subgrant form is to identify
potential subgrant applicants (subrecipients) so the State, as grant administrator, can
ensure potential subrecipients are identified to determine whether or not they are
eligible. If they are eligible, the State will brief them on how to get reimbursed and if
necessary provide assistance with reimbursement applications.
Data requested includes the name of the applicant, (the applicant is not a person but a
political subdivision or public agency), DUNS number, business street address, city,
county, State, and postal code. The form also collects the name, phone numbers, street
address, fax number, and email address of the applicant’s authorized agent or alternate
agent.
Privacy Threshold Analysis – IC/Form
Page 3 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
The form requires that the subgrant applicant provide the physical location of and the
contact information for an authorized representative. The physical location is needed so
a determination can be made regarding whether or not the applicant was in the vicinity
of the wildland fire.
The contact information of the authorized agent or alternate is needed so FEMA regional
staff have a person to contact regarding the claims that are being processed for
reimbursement. This information is also needed to meet requirements of 2 CFR part 200
grant provisions.
b. List the DHS (or component) authorities to collect, store, and use this information.
If this information will be stored and used by a specific DHS component, list the
component-specific authorities.
The Federal Emergency Management Agency working through its 10 regions under the
provisions of Section 420 of the Robert T. Stafford Disaster Relief and Emergency
Assistance Act, 42, U.S.C 5187, as amended by § 303 of the Disaster Mitigation Act of
2000. 2 CFR part 200 also provides authority to request this information.
2. Describe the IC/Form
a. Does this form collect any
Personally Identifiable
Information” (PII1)?
b. From which type(s) of
individuals does this form
collect information?
(Check all that apply.)
☒ Yes
☐ No
☒ Members of the public
☒ U.S. citizens or lawful permanent
residents
☐ Non-U.S. Persons.
☐ DHS Employees
☐ DHS Contractors
☐ Other federal employees or contractors.
c. Who will complete and
submit this form? (Check
all that apply.)
☐ The record subject of the form (e.g., the
individual applicant).
1
Personally identifiable information means any information that permits the identity of an individual to be directly or indirectly inferred, including
any other information which is linked or linkable to that individual regardless of whether the individual is a U.S. citizen, lawful permanent resident,
visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Page 4 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
☐ Legal Representative (preparer, attorney,
etc.).
☐ Business entity.
If a business entity, is the only
information collected business contact
information?
☐ Yes
☐ No
☐ Law enforcement.
☐ DHS employee or contractor.
☒ Other individual/entity/organization that is
NOT the record subject. Please describe.
States, local governments and tribal governments.
d. How do individuals
complete the form? Check
all that apply.
☒ Paper.
A hard copy is stored in file cabinets at regional
offices. In some instances a copy may be uploaded to
EMMIE, the FEMA-wide grant database.
☒ Electronic. (ex: fillable PDF)
☐ Online web form. (available and submitted via
the internet)
Provide link:
e. What information will DHS collect on the form? List all PII data elements on the
form. If the form will collect information from more than one type of individual,
please break down list of data elements collected by type of individual.
For the Subgrant Applicant the following info is collected: Political subdivision or name
of eligible applicant, DUNS number, county (location of firefighting activities), street
address, city, county, state, and zip code of entity applying for a subgrant.
For the primary and alternate authorized agents FEMA collects the name of the
applicant, (the applicant is not a person but a political subdivision or public agency),
DUNS number, business street address, city, county, State, and postal code. The form
also collects the name, phone numbers, street address, fax number, and email address of
the applicant’s authorized agent or alternate agent.
Privacy Threshold Analysis – IC/Form
Page 5 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
f. Does this form collect Social Security number (SSN) or other element that is
stand-alone Sensitive Personally Identifiable Information (SPII)? Check all that
apply.
☐ Social Security number
☐ Alien Number (A-Number)
☐ Tax Identification Number
☐ Visa Number
☐ Passport Number
☐ Bank Account, Credit Card, or other
financial account number
☐ Other. Please list:
☐ DHS Electronic Data Interchange
Personal Identifier (EDIPI)
☐ Social Media Handle/ID
☐ Known Traveler Number
☐ Trusted Traveler Number (Global
Entry, Pre-Check, etc.)
☐ Driver’s License Number
☐ Biometrics
g. List the specific authority to collect SSN or these other SPII elements.
N/A
h. How will this information be used? What is the purpose of the collection?
Describe why this collection of SPII is the minimum amount of information
necessary to accomplish the purpose of the program.
N/A
i. Are individuals
☒ Yes. Please describe how notice is provided.
provided notice at the
A privacy notice will be included on the updated
time of collection by
version of the form.
DHS (Does the records
☐ No.
subject have notice of
the collection or is
form filled out by
third party)?
3. How will DHS store the IC/form responses?
a. How will DHS store
☒ Paper. Please describe.
the original,
Click here to enter text.
completed IC/forms?
☒ Electronic. Please describe the IT system that will
store the data from the form.
The forms are stored both electronically and in file
cabinets at regional and Headquarters Offices. The
Privacy Threshold Analysis – IC/Form
Page 6 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
electronic forms are stored in FEMA’s grant management
system database (EMMIE).
☐ Scanned forms (completed forms are scanned into
an electronic repository). Please describe the
electronic repository.
b. If electronic, how
does DHS input the
responses into the IT
system?
☒ Manually (data elements manually entered). Please
describe.
Selected data is captured via a keyboard entry from a
paper copy of the form. Data requested includes the
name of the applicant, (the applicant is not a person but a
political subdivision or public agency), street address,
city, county, State, and postal code. The name of the
applicant’s authorized agent, address, phone numbers,
street address, fax number, and email address are also
captured. .
☐ Automatically. Please describe.
Click here to enter text.
c. How would a user
search the
information
submitted on the
forms, i.e., how is the
information
retrieved?
☐ By a unique identifier.2 Please describe. If
information is retrieved by personal identifier, please
submit a Privacy Act Statement with this PTA.
Click here to enter text.
☒ By a non-personal identifier. Please describe.
Search by form name, fire name, or FMAG
Declaration number.
d. What is the records
retention
schedule(s)? Include
the records schedule
number.
DAP 4-2-1: TEMPORARY. Cut off when termination
memorandum is approved. Retire to FRC 1 year after
cutoff. Destroy 6 years
3 months after cutoff.
2
Generally, a unique identifier is considered any type of “personally identifiable information,” meaning any information that permits the identity
of an individual to be directly or indirectly inferred, including any other information which is linked or linkable to that individual regardless of
whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Page 7 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
e. How do you ensure
Managers and staff at each regional office and HQ office
that records are
have the primary responsibility to ensure records are
disposed of or deleted disposed, deleted, and preserved in accordance with DAP
in accordance with
4-2-1.
the retention
schedule?
f. Is any of this information shared outside of the original program/office? If yes,
describe where (other offices or DHS components or external entities) and why.
What are the authorities of the receiving party?
☐ Yes, information is shared with other DHS components or offices. Please describe.
Click here to enter text.
☐ Yes, information is shared external to DHS with other federal agencies, state/local
partners, international partners, or non-governmental entities. Please describe.
Click here to enter text.
☒ No. Information on this form is not shared outside of the collecting office.
Please include a copy of the referenced form and Privacy Act Statement (if
applicable) with this PTA upon submission.
Privacy Threshold Analysis – IC/Form
Page 8 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:
Heather K. Mills
Date submitted to component Privacy
Office:
Date submitted to DHS Privacy Office:
July 27, 2017
Have you approved a Privacy Act
Statement for this form? (Only
applicable if you have received a
waiver from the DHS Chief Privacy
Officer to approve component Privacy
Act Statements.)
July 28, 2017
☒ Yes. Please include it with this PTA
submission.
☐ No. Please describe why not.
Click here to enter text.
Component Privacy Office Recommendation:
Please include recommendation below, including what existing privacy compliance
documentation is available or new privacy compliance documentation is needed.
SORN Coverage:
DHS/FEMA – 009 Hazard Mitigation Disaster Public Assistance and Disaster Loan
Programs, 79 Fed. Reg. 16,015 (March 24, 2014).
PIA Coverage:
DHS/FEMA/PIA – 013 Grant Management Programs (February 19, 2015).
Privacy Threshold Analysis – IC/Form
Page 9 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
PRIVACY THRESHOLD ADJUDICATION
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:
Hannah Burgess
PCTS Workflow Number:
Date approved by DHS Privacy Office:
PTA Expiration Date
1148980
September 6, 2017
September 6, 2020
DESIGNATION
Privacy Sensitive IC or
Form:
Yes If “no” PTA adjudication is complete.
Determination:
☐ PTA sufficient at this time.
☐ Privacy compliance documentation determination in
progress.
☐ New information sharing arrangement is required.
☐ DHS Policy for Computer-Readable Extracts Containing SPII
applies.
☒ Privacy Act Statement required.
☒ Privacy Impact Assessment (PIA) required.
☒ System of Records Notice (SORN) required.
☐ Specialized training required.
☐ Other. Click here to enter text.
DHS IC/Forms Review:
DHS PRIV has commented on this ICR/Form.
Date IC/Form Approved Click here to enter a date.
by PRIV:
IC/Form PCTS Number: FEMA Form 078-0-24
Privacy Act
New e(3) statement is required.
Statement:
Privacy Notice Form 1660-058 FF 078-0-24
PTA:
New system PTA required.
Click here to enter text.
PIA:
System covered by existing PIA
Privacy Threshold Analysis – IC/Form
Page 10 of 11
Version number: 04-2016
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
If covered by existing PIA, please list: DHS/FEMA/PIA-013 Grant
Management Programs
If a PIA update is required, please list: Click here to enter text.
SORN:
Choose an item.
If covered by existing SORN, please list:
If a SORN update is required, please list: Click here to enter text.
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
The purpose of the Request for Fire Management Assistance Subgrant Form is to identify
potential subgrant applicants (subrecipients) so the State, as grant administrator, can
determine whether or not they are eligible. If they are eligible, the State will brief them on
how to get reimbursed and if necessary provide assistance with reimbursement
applications. The data collected includes the name of the applicant, (the applicant is not a
person but a political subdivision or public agency), DUNS number, business street
address, city, county, State, and postal code. The form also collects the name, phone
numbers, street address, fax number, and email address of the applicant’s authorized agent
or alternate agent.
The DHS Privacy Office finds that the form is privacy sensitive and a PIA is required
because FEMA collects information of members of the public, specifically a grant
applicant’s authorized agent or alternate agent. PIA coverage is provided by
DHS/FEMA/PIA – 013 Grant Management Program, which details FEMA’s collection of PII
as part of the grant application process. The DHS Privacy Office also finds that no SORN is
required, since information is not retrieved by personal identifier. A Privacy Notice,
however, is required because the form collects PII from federal employees or contractors.
The Privacy Notice submitted along with this form needs to be updated to accurately
reflect the applicant information and the individual completing the form.
Privacy Threshold Analysis – IC/Form
Page 11 of 11
Version number: 04-2016
�
| File Type | application/pdf |
| File Modified | 2017-09-06 |
| File Created | 2017-09-06 |