Download:
pdf |
pdfU.S. DEPARTMENT OF
HOUSING AND URBAN DEVELOPMENT
PRIVACY THRESHOLD ANALYSIS (PTA)
Low-Income Housing Tax Credit (LIHTC)
Data Collection
PD&R
Office of Policy Development and Research
May 14, 2019
PRIVACY THRESHOLD ANALYSIS
The Privacy Threshold Analysis (PTA) is a compliance form developed by the Privacy Branch to
identify, across the Department, the use of Personally Identifiable Information (PIT). The PTA is
the first step in the PIT verification process, which focuses on these areas of inquiry:
•
Purpose for the information
•
Type of information
•
Sensitivity of the information
•
Use of the information
•
The risks to the information
Please use the attached form to determine whether a Privacy Impact Assessment (PIA) is
required under the F-Government Act of 2002 or a System of Records Notice (SORN) is
required under the Privacy Act of 1974, as amended.
Complete the form and send it to your program Privacy Liaison Officer (PLO). If you have no
program Privacy Liaison Officer, please send the PTA to Marcus R. Smaliwood, Acting Chief
Privacy Officer, Privacy Branch, U.S. Department of Housing and Urban Development,
451 7th Street, SW, Room 10139, Washington, DC 20410 or privacy@hud.gov.
Upon its receipt from your program PLO, the HUD Privacy Branch will review the completed
form. If it determines that a PIA or SORN is required, the HUD Privacy Branch will send you a
copy of the PIA and SORN templates to complete and return to the Branch.
PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:
Low-Income Housing Tax Credit (LfflTC) Data Collection
PD&R
Program:
Policy Development and Research (PD&R)
CSAM Name (j’
applicable):
N/A
.
Type of Project or
Program:
Date first
developed:
Date of last PTA
update:
CSAM Number
(if applicable):
N/A
Form or other Information
Collection
Project or
program
status:
Existing
2010
Pilot launch
date:
N/A
2016
Pilot end date:
N/A
Choose an item.
ATO
expiration date
(if applicable):
N/A
.
.
.
ATO Status (if
applicable)
.
PROJECT OR PROGRAM MANAGER
Name:
Michael Hollar
Office:
PD&R
Title:
Senior Economist
Phone:
202-402-5878
Email:
michael.k.hollarhud.gov
INFORMATION SYSTEM SECURITY OFFICER (ISSO) (If APPLICABLE)
Name:
N/A
Phone:
N/A
Email:
N/A
SPECIFIC PTA QUESTIONS
1. Reason for submitting the PTA: Choose an item.
the project and its purpose so
Please provide a general description of
understand.
a nontechnical person could
If this is an updated PTA, please describe the changes and/or upgrades triggering the
update to this PTA.
If this is a renewal, please state whether there were any changes to the project,
program, or system since the last version.
Section 283 5(d) of the Housing and Economic Recovery Act, or HERA, (Public Law 110289, approved July 30, 2008) amended Title I of the U.S. Housing Act of 1937 (42 U.S.C.
1437 et seq.) (1937 Act) to add anew section 36 (codified as 42 U.S.C. 1437z-$) that
requires each state agency that administers low income housing tax credits under section 42
of the Internal Revenue Code of 1986 (low-income housing tax credits or LIHTC) to furnish
to HUD, not less than annually, information concerning the race, ethnicity, family
composition, age, income, use of rental assistance under section 8(o) of the U.S. Housing Act
of 1937 or other similar assistance, disability status, and monthly rental payments of
households residing in each property receiving such credits through such agency. This data
collection implements this mandate.
The PTA is being updated because the data collection forms are being renewed in accordance with
the PRA Act.
2. Does this system employ the following
technologies?
Social Media
Web portal1 (e.g., SharePoint)
Ifyou are using these technologies and want
coverage under the respective PIA for that
Contact Lists
technology, please stop here and contact the
HUD Privacy Branch forfurther guidance.
3. From whom does the project or
program collect, maintain, use, or
Public website (e.g., A website operated by
HUD, contractor, or other organization on behalf
of HUD)
LI
None of these
LI
This program collects no personally identifiable
information2
disseminate information?
Please check all that apply.
Members of the public
LI
HUD employees/contractors (list programs)
Informational and collaboration-based portals in operation at HUD, and its programs that collect, use, maintain, and share limited
personally identifiable information (P11) about individuals who are “members” of the portal or “potential members” who seek to
gain access to the portal.
2
HUD defines personal information as “personally identifiable information,” or P11, as any information that permits the identity of
an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual, regardless
of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the
Department. “Sensitive P11” is P11, which if lost, compromised, or disclosed without authorization, could result in substantial harm,
embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and P11 are treated the same.
D
Contractors working on behalf of HUD
Employees of other Federal agencies
Other (e.g., business entity)
4. What specific information about individuals is collected, generated, or retained?
Please provide a spectfic description of inform ation collected, generated, or retained (sttch asfttll
itantes, maiden name, ni other’s maiden name, alias, Social Secttrity ntunber, passport numnber,
driver’s license nttntber, taxpayer ideittfication nttmber, patient identtficatiomt nttmber, financial
account, credit card number, street address, interitet protocol, in edia access control, telephone
number, mobile number, business number, photograph image, x—rays,fingerprints, biometric
image, template date (e.g., retain scan, welt-defined grottp ofpeopfr), vehicle registration it umber,
title mutmber, and imtformnation abotit an individual that is linked or linkable to one of the above
(e.g., date of birth, place of birth, race, retigiomt, weight, activities, geographical indictors,
employment information, medical information, education information, financial informnatioit, etc.
Name, race, ethnicity, disability status, date of birth and last 4 digits of SSN for all
LIHTC household members, building address of all LIHTC units, household
income and rent of all LIHTC tenants.
4(a) Does the project, program, or system
retrieve information about U.S. Citizens or
lawfully admitted permanent resident
aliens using personal identifiers?
4(b) Does the project, program, or system
have an existing System of Records Notice
(SORN), that has already been published in
the Federal Register that covers the
information collected?
4(c) Has the project, program, or system
undergone any significant changes since the
SORN?
4(d) Does the project, program, or system
use Social Security numbers (SSN)?
4(e) If yes to 4(d), please provide the
specific legal authority and purpose for the
collection of SSNs.
No. Please continue to the next question.
Yes. If yes, please list all personal identifiers
used.
No. Please continue to the next question.
Yes. If yes, provide the system name and
number, and the federal Register citation(s)
for the most recent complete notice and any
subsequent noticQs reflecting amendment
to the system
D No. Please continue to the next question.
Yes. If yes, please describe.
The data collection migrated to HUB’s Secure
Systems environment.
No.
Yes.
Section 2835(d) of the Housing and Economic
Recovery Act, or HERA, (Public Law 1 10-289,
approved July 30, 2008). The last 4 digits of SSN are
collected to facilitate matching data with HUB
programs.
4(1)
If yes to 4(d), please describe the uses of
the SSNs within the project, program,
or
system.
The last 4 digits of tenant $$Ns are collected in
order to facilitate matching data with HUD
programs for research purposes.
4(g) If this project, program, or system is
No. Please continue to next question.
an information technology/system, does it
Yes. If a log of communication traffic is kept,
please provide that information here.
relate solely to infrastructure?
For example, is the system a Local Area
Network (LAN) or Wide Area Network
(WAN)?
4(h) If header or payload data3 is stored in the communication traffic log, please detail the data
elements stored.
N/A
5.
Does this project, program, or system
connect, receive, or share
other
6.
BUD
PH with
any
programs or systems?
No.
Yes. If yes, please list:
Click here to enter text.
Does this project, program, or system
connect, receive, or share
PH with
LI
Yes. If yes, please list:
Click here to enter text.
systems?
6(a) Is this external sharing pursuant to a
new or existing information sharing
access agreement
(MOU, MOA,
No.
any
external (non-BUD) partners or
etc.)?
No.
LI Yes. If yes, please choose from the dropdown
menu below:
Choose an item.
Please describe applicable information sharing
governance in place:
Header: Information that is placed before the actual data. The header normally contains a small number of bytes of
control information, which is used to communicate important facts about the data that the message contains and how
it is to be interpreted and used. It serves as the communication and control link between protocol elements on different
devices.
Payload data: The actual data to be transmitted, often called the payload of the message (metaphorically borrowing a
term from the space industry!). Most messages contain some data of one form or another, but some actually contain
none: they are used only for control and communication purposes. For example, these may be used to set up or
terminate a logical connection before data is sent.
7. Does the project, program, or system
provide role-based training for
personnel who have access, in addition
to the annual privacy training required
of all HUP personnel?
8.
Per NIST SP 800-53 Rev. 4, Appendix
J, does the project, program, or system
maintain an accounting of disclosures
of P11 to individuals/agencies who have
requested access to their PH?
9. Is there a FIPS 199 determination?4
No.
LI
Yes. If yes, please list:
This is a Public Use Database.
LI
No. What steps will be taken to develop and
maintain the accounting:
Yes. In what format is the accounting
maintained:
LI Unknown.
No.
LI Yes. Please indicate the determinations for each
of the following:
Confidentiality:
LI Low LI Moderate LI High
Integrity:
LI Low LI Moderate LI High
Availability:
LI Low LI Moderate LI High
PRIVACY THRESHOLD ANALYSIS REVIEW
(TO BE COMPLETED BY PROGRAM PLO)
Program Privacy Liaison Reviewer:
Ronald Hill
Date submitted to Program Privacy
Office:
April 3, 2019
Date submitted to HUD Privacy Branch:
April 4, 2019
Program Privacy Liaison Officer Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
FIPS 199 (Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal Information
and Information Systems) is used to establish security categories of information systems.
(TO BE COMPLETED BY THE HUB PRIVACY BRANCH)
HUB Privacy Branch Reviewer:
Conique Key
Date approved by HUB Privacy Branch:
Click here to enter a date.
PTA Expiration Date:
Every 3 years
DESIGNATION
Privacy Sensitive System:
Choose an item.
Category of System:
Choose an item.
If “other” is selected, please describe: Click here to enter text.
Determination:
If “no” PTA adjudication is complete.
E PTA sufficient at this time.
Privacy compliance documentation determination in progress.
L New information-sharing arrangement is required.
L HUD Policy for Computer-Readable Extracts Containing Sensitive P11
applies.
L Privacy Act Statement required.
Privacy Impact Assessment (PIA) required.
System of Records Notice (SORN) required.
Paperwork Reduction Act (PRA) Clearance may be required. Contact
your program PRA Officer.
U
A Records Schedule may be required. Contact your program Records
Officer.
New PIA is required.
If covered by existing PIA, please list: Click here to enter text.
Choose an item.
If covered by existing SORN, please list: Click here to enter text.
HUB Privacy Branch Comments:
Please describe rationale for privacy compliance determination above.
Click here to enter text.
PIA:
DOCUMENT ENDORSEMENT
DATE REVIEWED:
PRIVACY REVIEWING OFFICIAL’S NAME: Conigue Key
By signing below, you attest that the content captured in this document is accurate and complete
and meet the requirements of applicable Federal regulations and HUD internal policies.
OWNER
Michael Hollar
Office of Policy Development and Research
Date
JOHN
BRAV
ACO
S
Digitally signed by: JOHN BRAVACOS
DN: CN = JOHN BRAVACOS C = US O = U.S. Government OU = Department of Housing and Urban Development,
Office of the Secretary
Date: 2019.05.21 11:19:07 -04'00'
CHIEF PRIVACY OFFICER
John Bravacos
OFFICE OF ADMINISTRATION
Date
File Type | application/pdf |
File Modified | 0000-00-00 |
File Created | 0000-00-00 |