Download:
pdf |
pdfU.S. DEPARTMENT OF
HOUSING AND URBAN DEVELOPMENT
PRIVACY THRESHOLD ANALYSIS (PTA)
National Standards for the Physical
Inspection of Real Estate (NSPIRE)
Demonstration
Public and Indian Housing-Real Estate
Assessment Center
Instruction & Template
April, 2019
PRIVACY THRESHOLD ANALYSIS (PTA)
The PTA is a compliance form developed by the Privacy Branch to identify the use of Personally
Identifiable Information (P11) across the Department. The PTA is the first step in the P11 verification
process, which focuses on these areas of inquiry:
•
Purpose for the information,
•
Type of information,
a
Sensitivity of the information,
Use of the information,
•
And the risk to the information.
Please use the attached form to determine whether a Privacy Impact Assessment (PTA) is required under
the E-Government Act of 2002 or a System of Record Notice (SORN) is required under the Privacy Act
of 1974, as amended.
Please complete this form and send it to your program Privacy Liaison Officer (PLO), If you have no
program Privacy Liaison Officer, please send the PTA to the HUD Privacy Branch:
Marcus Smallwood, Acting, Chief Privacy Officer
Privacy Branch
U.S. Department of Housing and Urban Development
privacy @hud.gov
Upon receipt from your program PLO, the HUD Privacy Branch will review this form. If a PTA or SORN
is required, the HUD Privacy Branch will send you a copy of the PTA and SORN templates to complete
and return.
PRIVACY THRESHOLD ANALYSIS (PTA)
SUMMARY INFORMATION
Project or
Program Name:
Click here to enter text.
Program:
Public and Indian Housing (PIH)
CSAM Name (if
applicable):
Click here to enter text.
.
.
CSAM Number
(if applicable):
Click here to enter text.
.
.
Type of Project or
Program:
Form or other Information
Collection
Project or
program
status:
Pilot
Date first
developed:
Date of last PTA
update:
March 1, 2019
Pilot launch
date:
September 2, 2019
N/A
Pilot end date:
September 2, 2021
Not started
ATO
expiration date
(if applicable):
Click here to enter a date.
.
.
.
.
ATO Status (if
applicable)
PROJECT OR PROGRAM MANAGER
Name:
Daniel R. Williams
Office:
PIH REAC
Title:
Program Manager
Phone:
202-475-8873
Email:
Daniel .R.Williams @ hud.gov
-
INFORMATION SYSTEM SECURITY OFFICER (ISSO) (IF APPLICABLE)
Name:
Dallas Blair
Phone:
202-475-8699
Email:
dallas.c.blair@hud.gov
SPECIFIC PTA QUESTIONS
1. Reason for submitting the PTA: Choose an item.
Annual property inspections are a chief component of good management principles in real estate. HUD-assisted and
insured properties have a regulatory obligation to conduct and retain annual inspections. HUD is conducting a
Demonstration to test a new inspection model and will seek voluntary participation from HUD-assisted properties.
Property owners that volunteer will be asked to submit an annual self-inspection of their property. This information will
allow HUD to analyze specific property conditions while also evaluating larger trends in affordable housing. This
information will also enable HUD to determine if property owners are conducting year-round maintenance on their
property and help determine if they are fulfilling their obligation to provide safe and healthy housing to their tenants.
2. Does this system employ the following
technologies?
.
If
you
are
using
these
PIA for that
please stop here and contact the HUD
Privacy Branch forfurther gttidance.
Social Media
Web portal1 (e.g., SharePoint)
technologies and want
coverage tinder the respective
technology,
LI
LI
LI
Contact Lists
LI
None of these
Public website (e.g. A website operated by
HUD, contractor, or other organization on behalf of
the HUD
This program collects no personally identifiable
information2
3. From whom does the Project or
Program collect, maintain, use, or
disseminate information?
Please check all that
.
.
.
.
apply.
LI
LI
LI
LI
Members of the public
HUD employees/contractors (list programs):
Contractors working on behalf of HUD
Employees of other federal agencies
Other (e.g. business entity)
4. What specific information about individuals is collected, generated or retained?
Informational and collaboration-based portals in operation at HUD and its programs that collect, use, maintain, and share limited
personally identifiable information (P11) about individuals who are “members” of the portal or “potential members” who seek to
gain access to the portal.
2
HUD defines personal information as “Personally Identifiable Information” or P11, which is any information that permits the
identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual,
regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to
the Department. “Sensitive P11” is P11, which if lost, compromised, or disclosed without authorization, could result in substantial
harm, embarrassment, inconvenience, or unfairness to an individual. For the purposes of this PTA, SPII and P11 are treated the
same.
Please provide a specific description of information collected, generated, or retained (sttch asfitll names,
maiden name, mother’s maiden name, alias, social security number, passport number driver’s license
nttmber taxpayer identification number, patient identification nttmber, financial account, credit card
number, street, internet protocol, media access control, telephone number, mobile number, business
number, photograph image, x-rays, fingerprints, biometric image, template date(e.g. retain scan, welldefined group ofpeople),vehicle registration number, title number and information about an indttvial that
is linked or linkable to one of the above (e.g. date of date, place of birth, race, religion, weight, activities,
geographical indictors, employment information, medial information, education information, financial
information) and etc.
The information collected, generated, or retained relates solely to a property’s physical condition, to
ensure that basic housing standards are present and maintained. HUD will ask approximately 4,500 public
housing agencies (PHAs), and owners and agents (OA) (collectively referred to as POAs) to participate in
the NSPIRE Demonstration through a voluntary application process. As part of this Demonstration, HUD
will collect the following information:
1. POAs will be provided with self-inspection software that will enable them to easily document and
submit deficiencies that are present within dwelling units across the rolling calendar year. In lieu of
submitting a self-inspection report, POAs can electronically submit work order receipts from across the
rolling calendar year.
2. POAs will submit a property profile documenting the: owner/company name, physical address, type of
housing (e.g. section 8), structure type, number of buildings, number of floors, number of units, if there is
an attached garage, types of fuel-burning appliances, and an updated floor plan.
3. POAs will submit an electronic copy of the building system certificates including, elevators, fire alarm
systems, sprinkler systems, boilers (HVAC or domestic water), and lead-based paint inspection reports.
4. POAs will submit a list of local code violations for which the property was cited over the rolling
calendar year.
This collection does not include any information related to the tenants and HUD is not requesting or
collecting any information related to P11 or FTI.
4(a) Does the project, program, or system
retrieve information from the system about
a U.S. Citizen or lawfully admitted
permanent resident aliens by a personal
identifier?
No. Please continue to next question.
LI Yes. If yes, please list all personal identifiers
used:
4(b) Does the project, program, or system
have an existing System of Records Notice
(SORN) that has already been published in
the Federal Register that covers the
information collected?
No. Please continue to next question.
LI Yes. If yes, provide the system name and
number, and the Federal Register
citation(s) for the most recent complete notice and
any subsequent notices
reflecting amendment to the system
4(c)Has the project, program, or system
undergone any significant changes since the
SORN?
No. Please continue to next question.
LI
Yes. If yes, please describe.
4(d) Does the project, program, or system
use Social Security Numbers (SSN)?
4(e) If yes, please provide the specific legal
authority and purpose for the collection of
No.
Yes.
N/A
SSNs:
4(1) If yes, please describe the uses of the
SSNs within the project, program, or
system:
4(g) If this project, program, or system is
an information technology/system, does it
relate solely to infrastructure?
.
.
N/A
Li
No. Please continue to next question.
Yes. If a log kept of communication traffic,
please answer this question.
For example, is the system a Local Area Network
(MN) or Wide Area Network (WAN)?
4(h) If header or payload data3 is stored in the communication traffic log, please detail the data
elements stored.
N/A
5. Does this project, program, or system
connect, receive, or share P11 with any
other HUD programs or systems?
No.
LI
Yes.
If yes,
please list:
Click here to enter text.
6. Does this project, program, or system
connect, receive, or share P11 with any
external (non-HUD) partners or
systems?
V
N 0.
LI
Yes.
Click
.
.
6(a) Is this external sharing pursuant to
If yes,
please list:
here to enter text.
Choose an item.
new or existing information sharing
Please describe applicable information sharing
access agreement (MOU, MOA, etc.)?
governance in place:
7. Does the project, program, or system
provide role-based training for
personnel who have access in addition
No.
LI
Yes.
If yes,
please list:
Header: Information that is placed before the actual data. The header normally contains a small number of bytes of
control information, which is used to communicate important facts about the data that the message contains and how
it is to be interpreted and used. It serves as the communication and control link between protocol elements on different
devices.
Payload data: The actual data to be transmitted, often called the payload of the message (metaphorically borrowing a
term from the space industry!) Most messages contain some data of one form or another, but some actually contain
none: they are used only for control and communication purposes. For example, these may be used to set up or
terminate a logical connection before data is sent.
to annual privacy training required of
all HUD personnel?
8. Per NIST SP 800-53 Rev. 4, Appendix
J, does the project, program, or system
maintain an accounting of disclosures
of P11 to individuals/agencies who have
requested access to their P11?
9. Is there a FIPS 199 determination?4
No. What steps will be taken to develop and
maintain the accounting: N/A
Yes. In what format is the accounting
maintained:
Unknown.
No.
Yes. Please indicate the determinations for each
of the following:
Confidentiality:
Low
Moderate
High
Integrity:
Low
Moderate
High
Availability:
Low
Moderate
High
PRIVACY THRESHOLD ANALYSIS REVIEW
(TO BE COMPLETED BY PROGRAM PLO)
Program Privacy Liaison Reviewer:
Click here to enter text.
Date submitted to Program Privacy
Office:
Click here to enter a date.
Date submitted to HUD Privacy Branch:
Click here to enter a date.
Program Privacy Liaison Officer Recommendation:
Please include recommendation below, including what new privacy compliance documentation is needed.
Click here to enter text.
(TO BE COMPLETED BY THE HUD PRIVACY BRANCH)
SidnLHJ Publication 199, Standards for Security Categorization of Federal
FIPS 199 is the [
Information and Information Systems and is used to establish security categories of information systems.
‘
HUD Privacy Branch Reviewer:
Click here to enter text.
Date approved by HUB Privacy Branch:
Click here to enter a date.
PTA Expiration Date:
Click here to enter a date.
DESIGNATION
Choose an item.
Privacy Sensitive System:
Choose an item.
Category of System:
Determination:
If “no” PTA adjudication is complete.
If “other” is selected, please describe: Click here to enter text.
PTA sufficient at this time.
E Privacy compliance documentation determination in progress.
New information sharing arrangement is required.
HUD Policy for Computer-Readable Extracts Containing Sensitive P11
applies.
J Privacy Act Statement required.
Privacy Impact Assessment (PTA) required.
System of Records Notice (SORN) required.
Paperwork Reduction Act (PRA) Clearance may be required. Contact
your program PRA Officer.
A Records Schedule may be required. Contact your program Records
Officer.
PIA:
SORN:
Ch oose an i em.
If covered by existing PTA, please list: Click here to enter text.
Choose an item.
If covered by existing SORN, please list: Click here to enter text.
HUB Privacy Branch Comments:
Please describe rationale for privacy compliance determination above.
Click here to enter text.
DOCUMENT ENDORSMENT
DATE REVIEWED:
PRIVACY REVIEWING OFFICIALS NAME:
By signing below, you attest that the content captured in this document is accurate and complete
and meet the requirements of applicable federal regulations and HUD internal policies.
L/(
27
-
Date
SYSTEM OWNER
Daniel R. Williams
PIH-REAC
—
Program Manager
Date
CHIEF PRIVACY OFFICER
<>
OFFICE OF ADMINISTRATION
/
File Type | application/pdf |
File Modified | 0000-00-00 |
File Created | 0000-00-00 |