Pta

2502-0118 - PTA Template (508 Compliance) Signed by Privacy.pdf

Previous Participation Certification

PTA

OMB: 2502-0118

Document [pdf]
Download: pdf | pdf
PRIVACY THRESHOLD ANALYSIS (PTA)
Active Partners Performance System (APPS)
F24P

OMB Control Number: 2502-0118
Previous Participation Certification
Multifamily Housing
Instruction & Template

October 2018

United States Department of Housing and Urban Development
October 24, 2018

PRIVACY THRESHOLD ANALYSIS (PTA)
The PTA is a compliance form developed by the Privacy Branch to identify the use of Personally
Identifiable Information (PII) across the Department. The PTA is the first step in the PII verification
process, which focuses on these areas of inquiry:


Purpose for the information,



Type of information,



Sensitivity of the information,



Use of the information,



And the risk to the information.

Please use the attached form to determine whether a Privacy and Civil Liberties Impact Assessment
(PCLIA) is required under the E-Government Act of 2002 or a System of Record Notice (SORN) is
required under the Privacy Act of 1974, as amended.
Please complete this form and send it to your program Privacy Liaison Officer (PLO). If you have no
program Privacy Liaison Officer, please send the PTA to the HUD Privacy Branch:
John Bravacos, Senior Agency Official for Privacy
Privacy Branch
U.S. Department of Housing and Urban Development
privacy@hud.gov

Upon receipt from your program PLO, the HUD Privacy Branch will review this form. If a PCLIA or
SORN is required, the HUD Privacy Branch will send you a copy of the PCLIA and SORN templates to
complete and return.

United States Department of Housing and Urban Development
October 24, 2018

2

PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program
Name/OMB #:

Active Partners Performance System (APPS) F24P

Program:

Office of Housing

CSAM Name (if
applicable):

Active Partners Performance
System

CSAM Number
(if applicable):

1106

Type of Project or
Program:

IT System

Project or
program
status:

Existing

February 28, 2001

Pilot launch
date:

NA

December 19, 2017

Pilot end date:

NA

Complete

ATO
expiration date
(if applicable):

March 10, 2021

Date first
developed:
Date of last PTA
update:
ATO Status (if
applicable)

PROJECT OR PROGRAM MANAGER
Name:

Devasia Karimpanal

Office:

Business Relationships &
Support Contracts Division

Title:

Program Manager

Phone:

(202) 402-7682

Email:

Devasia.V.Karimpanal@hud.gov

INFORMATION SYSTEM SECURITY OFFICER (ISSO) (IF APPLICABLE)
Name:

Robert Anderson

Phone:

202-402-3978

Email:

Robert.C.Anderson@hud.gov

United States Department of Housing and Urban Development
October 24, 2018

3

SPECIFIC PTA QUESTIONS
1. Reason for submitting the PTA: New PTA

The Office of Housing and Urban Development Multifamily Housing Program is responsible
for the Active Partners Participation System (APPS). APPS automates the submission and
review of the HUD Previous Participation Certification (Form 2530). APPS services both HUD
and Industry users and collects Personally identifiable information (PII) during its registration
process.
APPS allows Industry partners to enter submissions and check on the status of submissions via
the Internet and enables HUD staff to review submissions online for Multifamily Housing and
Grant Administration, Residential Care Facilities, and Hospital Facilities. The implementation of
APPS greatly reduces the paperwork burden and preparation time for form 2530 submission.
APPS maintains and stores the industry information and incorporates it automatically into 2530
submissions enabling industry to create a submission with greater efficiency. APPS tracks
submissions through each stage of the submission life cycle, checks the 2530 applicants and their
principals against relevant information sources, and presents the findings automatically to the
HUD reviewer. APPS also maintains a history of 2530 submissions and the principals in each
industry entity allowing HUD to identify individuals and organizations that are participating or
seek to participate in a role in multifamily properties.
The information collected is necessary for the proper performance of Multifamily Housing
functions. An approved HUD-2530 submission is a prerequisite for industry partners to
participate in HUD projects. APPS contains data concerning principal participants in multifamily
housing projects, including their previous participation with HUD or other housing agencies. The
information collected allows HUD employees to track non-compliance of multifamily project
participants' by flagging the participants for non-compliance with regulatory and contractual
agreements. Flags are also used to evaluate the risk of the participants prior to approval for future
participation.
The records collected are all required to process certifications as defined by the systems operating
authorities. The data is used to support loan applications and case-binder files (via lenders) —
including borrower SSNs, salary, employment, race, loan servicing (MIP collections/refunds and
debt servicing for defaulted loans assigned to HUD), loan default tracking, and property
inspections.
The Privacy Threshold Analysis (PTA) is completed to be incorporated into the systems
certification and authorization process. A Privacy Impact Assessment for the system was
completed on July 10, 2017.

United States Department of Housing and Urban Development
October 24, 2018

4

2. Does this system employ the following
technologies?
If you are using these technologies and want
coverage under the respective PIA for that
technology, please stop here and contact the HUD
Privacy Branch for further guidance.

Social Media
Web portal1 (e.g., SharePoint)
Contact Lists
Public website (e.g. A website operated by
HUD, contractor, or other organization on behalf of
the HUD
None of these

This program collects no personally identifiable
information2
3. From whom does the Project or
Program collect, maintain, use, or
disseminate information?
Please check all that apply.

Members of the public
HUD employees/contractors (list programs):
Contractors working on behalf of HUD
Employees of other federal agencies
Other (e.g. business entity)
Industry, non-profit organizations

4. What specific information about individuals is collected, generated or retained?

SSN, name, work/personal address, work/personal telephone number, work/personal email
address.

1

Informational and collaboration-based portals in operation at HUD and its programs that collect, use, maintain, and share limited
personally identifiable information (PII) about individuals who are “members” of the portal or “potential members” who seek to
gain access to the portal.
2
HUD defines personal information as “Personally Identifiable Information” or PII, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to
the Department. “Sensitive PII” is PII, which if lost, compromised, or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and PII are treated the
same.

United States Department of Housing and Urban Development
October 24, 2018

5

4(a) Does the project, program, or system
retrieve information from the system about
a U.S. Citizen or lawfully admitted
permanent resident aliens by a personal
identifier?

4(b) Does the project, program, or system
have an existing System of Records Notice
(SORN) that has already been published in
the Federal Register that covers the
information collected?

4(c) Has the project, program, or system
undergone any significant changes since the
SORN?
4(d) Does the project, program, or system
use Social Security Numbers (SSN)?

No. Please continue to next question.
Yes. If yes, please list all personal identifiers
used: Electronic records are retrieved by

name, submission ID, and TIN
No. Please continue to next question.
Yes. If yes, provide the system name and
number, and the Federal Register citation(s) for the
most recent complete notice and any subsequent
notices reflecting amendment to the system.
The most recent notice was titled Amended
System of Records Notice, Active Partners
Performance System. The SORN was published
in the Federal Register on July 29, 2016 at 81 FR
50000-50002.
No. Please continue to next question.
Yes. If yes, please describe.
No.
Yes.

4(e) If yes, please provide the specific legal
authority and purpose for the collection of
SSNs:

The Department of Housing and Urban
Development (HUD) is authorized to collect
this information by law (42 U.S.C. 3535(d),
and by regulation at 24 CFR Subpart H
§200.210. HUD is authorized to collect the
Social Security Number (SSN) by Section
165(a) of the Housing and Community
Development Act of 1987, Public Law 100-242
(42 U.S.C. 3543).

4(f) If yes, please describe the uses of the
SSNs within the project, program, or
system:

The Housing and Community Development
Act of 1987, 42 U.S.C. 3543 requires persons
applying for a federally-insured or
guaranteed loan to furnish his/her SSN for
the identification of Participant records. This
act, permits HUD to use SSNs for automated
processing of and to make requests for
information as required with other public
agencies and private sector sources.

United States Department of Housing and Urban Development
October 24, 2018

6

4(g) If this project, program, or system is
an information technology/system, does it
relate solely to infrastructure?

No. Please continue to next question.
Yes. If a log kept of communication traffic,
please answer this question.

For example, is the system a Local Area Network
(LAN) or Wide Area Network (WAN)?
4(h) If header or payload data3 is stored in the communication traffic log, please detail the data
elements stored.
N/A

5. Does this project, program, or system
connect, receive, or share PII with any
other HUD programs or systems?

No.
Yes. If yes, please list:
Click here to enter text.
No.
Yes. If yes, please list:

6. Does this project, program, or system
connect, receive, or share PII with any
external (non-HUD) partners or
systems?

6(a) Is this external sharing pursuant to
new or existing information sharing
access agreement (MOU, MOA, etc.)?

7. Does the project, program, or system
provide role-based training for
personnel who have access in addition

3

•

F24 - Integrated Real Estate
Management System, Office of Program
System Management

•

P104 - Web Access Security System,
Office of the Chief Information Officer

•

P109 - Physical Assessment Sub-System,
Departmental Real Estate Assessment
Center

Choose an item. Not applicable.
Please describe applicable information sharing
governance in place:

No.
Yes. If yes, please list:

Header: Information that is placed before the actual data. The header normally contains a small number of bytes of
control information, which is used to communicate important facts about the data that the message contains and how
it is to be interpreted and used. It serves as the communication and control link between protocol elements on different
devices.
Payload data: The actual data to be transmitted, often called the payload of the message (metaphorically borrowing a
term from the space industry!) Most messages contain some data of one form or another, but some actually contain
none: they are used only for control and communication purposes. For example, these may be used to set up or
terminate a logical connection before data is sent.
United States Department of Housing and Urban Development
October 24, 2018 7

to annual privacy training required of
all HUD personnel?
No. What steps will be taken to develop and
maintain the accounting:

8. Per NIST SP 800-53 Rev. 4, Appendix
J, does the project, program, or system
maintain an accounting of disclosures
of PII to individuals/agencies who have
requested access to their PII?

9. Is there a FIPS 199 determination?4

Yes. In what format is the accounting
maintained: APPS is backed up on a regularly

scheduled basis to tape storage media.
Backups are kept on-site at HUD
Headquarters for a limited period of time,
and then they are forwarded. APPS
maintains an accounting of disclosures of PII
through HUD’s FOIA information system,
which is located in HUD’s Office of
Administration.
Unknown.
No.
Yes. Please indicate the determinations for each
of the following:
Confidentiality:
Low
Moderate

High

Integrity:
Low

Moderate

High

Availability:
Low
Moderate

High

4

FIPS 199 is the Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal
Information and Information Systems and is used to establish security categories of information systems.

United States Department of Housing and Urban Development
October 24, 2018

8

PRIVACY THRESHOLD ANALYSIS REVIEW
(TO BE COMPLETED BY PROGRAM PLO)
Program Privacy Liaison Reviewer:

Vivian Herring, PRA Liaison, OPPAD

Date submitted to Program Privacy
Office:

October 24, 2018

Date submitted to HUD Privacy Branch:

October 24, 2018

Program Privacy Liaison Officer Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
N/A

(TO BE COMPLETED BY THE HUD PRIVACY BRANCH)
HUD Privacy Branch Reviewer:

Cindy Etheridge

Date approved by HUD Privacy Branch:

October 24, 2018

PTA Expiration Date:

This PTA will suffice, however, if there are any changes,
an update will be required.
DESIGNATION

Privacy Sensitive System:

Choose an item.
Choose an item.

Category of System:
Determination:

If “no” PTA adjudication is complete.

If “other” is selected, please describe: Click here to enter text.
PTA sufficient at this time.
Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
HUD Policy for Computer-Readable Extracts Containing Sensitive PII
applies.
Privacy Act Statement required.
Privacy and Civil Liberties Impact Assessment (PCLIA) required.
System of Records Notice (SORN) required.
Paperwork Reduction Act (PRA) Clearance may be required. Contact
your program PRA Officer.
A Records Schedule may be required. Contact your program Records
Officer.

PIA:

Choose an item.
If covered by existing PCLIA, please list: Click here to enter text.
United States Department of Housing and Urban Development
October 24, 2018

9

SORN:

Choose an item.

If covered by existing SORN, please list: Click here to enter text.
HUD Privacy Branch Comments:
Please describe rationale for privacy compliance determination above.
Click here to enter text.

DOCUMENT ENDORSEMENT
DATE REVIEWED:
PRIVACY REVIEWING OFFICIALS NAME:

By signing below, you attest that the content captured in this document is accurate and complete
and meet the requirements of applicable federal regulations and HUD internal policies.

WINFRED CHAN

Digitally signed by: WINFRED CHAN
DN: CN = WINFRED CHAN C = US O = U.S. Government OU
= Department of Housing and Urban Development, Office of
Housing
Date: 2018.10.24 14:25:53 -05'00'

Date
SYSTEM OWNER
Winfred Chan
Office of Program System Management

JOHN
BRAVACOS

Digitally signed by: JOHN BRAVACOS
DN: CN = JOHN BRAVACOS C = US O = U.S.
Government OU = Department of Housing and
Urban Development, Office of the Secretary
Date: 2018.10.29 15:05:57 -05'00'

Date
CHIEF PRIVACY OFFICER
John Bravacos
Senior Agency Official for Privacy
Privacy Branch

United States Department of Housing and Urban Development
October 24, 2018

10


File Typeapplication/pdf
File Modified0000-00-00
File Created0000-00-00

© 2024 OMB.report | Privacy Policy