Pia

PRIVACY IMPACT ASSESSMENT (PIA)
PRESCRIBING AUTHORITY: DoD Instruction 5400.16, "DoD Privacy Impact Assessment (PIA) Guidance". Complete this form for Department of Defense
(DoD) information systems or electronic collections of information (referred to as an "electronic collection" for the purpose of this form) that collect, maintain, use,
and/or disseminate personally identifiable information (PII) about members of the public, Federal employees, contractors, or foreign nationals employed at U.S.
military facilities internationally. In the case where no PII is collected, the PIA will serve as a conclusive determination that privacy requirements do not apply to
system.
1. DOD INFORMATION SYSTEM/ELECTRONIC COLLECTION NAME:

Enterprise Military Housing II (eMH - II)
3. PIA APPROVAL DATE:

2. DOD COMPONENT NAME:

Department of the Navy

SECTION 1: PII DESCRIPTION SUMMARY (FOR PUBLIC RELEASE)
a. The PII is: (Check one. Note: foreign nationals are included in general public.)
From members of the general public

From Federal employees and/or Federal contractors

From both members of the general public and Federal employees and/or
Federal contractors

Not Collected (if checked proceed to Section 4)

b. The PII is in a: (Check one)
New DoD Information System

New Electronic Collection

Existing DoD Information System

Existing Electronic Collection

Significantly Modified DoD Information System
c. Describe the purpose of this DoD information system or electronic collection and describe the types of personal information about individuals
collected in the system.

The Enterprise Military Housing System (eMH) is an integrated, web based housing application with a common data warehouse and
business modules that automate critical headquarter, region and installation Housing business processes. This includes automation
government owned, leased and privatized family and unaccompanied housing programs in addition to furnishings and community housing
services. The single sign on eMH system contains unclassified housing business modules.
eMH supports the determination of an individual's eligibility for Navy, Marine Corps, Army and Air Force family and unaccompanied
housing (including privatized housing) and notification for subsequent assignment to housing or granting a waiver to allow occupancy of
private housing, determine priority and list individual's name on appropriate housing waiting list, manage or monitor housing occupancy,
facilitate the leasing of community housing, Privatization portfolio management, and provide housing information to military components
and government agencies. eMH also supports the community referral program for the Navy, Marine Corps, Army, Air Force and Coast
Guard to include determining eligibility for the Rental Property Program.
Personal information collected includes the fields on the DD Form 1746 and contemporary fields supporting the Application for Assignment
to Housing including: Full name, DOD ID number, gender, marital status, marriage date, birth date, current home address, permanent home
address, work phone number, home phone number, cell phone number, work email address, home email address, rank/rate, pay grade,
civilian pay grade equivalent, branch of service, geographic bachelor, voluntarily or involuntarily separated, time involuntarily separated, last
unit, location of last assignment, official departure date of last unit, agency or type of civilian, length of service, time remaining on active
duty, service start date, expiration of obligated services date, date of rank, projected rotation date, projected rotation location, current unit,
reporting date, estimated family arrival date, name of employer, housing allowance begin and stop dates, entitlement condition type,
entitlement condition end date, entitlement condition start date, personnel type, handicap and accessible housing requirements, criminal
conviction, cigarette smoking habits, power of attorney and type, breed and size of pet.
If applicable, data for related and non-related dependents to include:
Total number in family, full name, DOD ID number, birth date, gender, relation to primary applicant, dependent start date with primary
applicant, dependent end date with primary applicant, entitlement condition type, entitlement condition end date, entitlement condition start
date, work phone number, home phone number, cell phone number, work email address, home email address, current mailing address,
permanent mailing address, rank/rate, current unit, departure date from losing unit, branch of service, pay grade, civilian pay grade
equivalent, service start date, date of rank, time remaining on active duty, estimated family arrival date, projected rotation date, criminal
conviction, cigarette smoking habits, handicap and accessible housing requirements.
Other pertinent housing information is collected for primary applicants and dependents to include:
particular housing preferences; special health problems; copies of permanent change of station orders; temporary orders; emergency contact
full name, home, cell and work phone number and relation; detaching endorsement from prior duty station; and pet health records.
d. Why is the PII collected and/or what is the intended use of the PII? (e.g., verification, identification, authentication, data matching, mission-related use,
administrative use)

Identification and Verification: To Determine eligibility for housing and housing services, manage housing occupancy, support local and
DD FORM 2930, JUN 2017

PREVIOUS EDITION IS OBSOLETE.

AEM Designer

Page 1 of 9

national security and support the budgeting and distribution of housing entitlements.
Administrative: PII data is used to validate eligibility for family and unaccompanied housing and to provide housing services; establish
priority for wait lists for government controlled housing; support the leasing of privatized and community housing; support the budgeting,
execution and validation of housing entitlements; determine current and future requirements or government controlled housing; support
safety, security, environmental and medical investigations, disaster and emergency response.
Yes

e. Do individuals have the opportunity to object to the collection of their PII?

No

(1) If "Yes," describe the method by which individuals can object to the collection of PII.
(2) If "No," state the reason why individuals cannot object to the collection of PII.

Individuals may object to the collection of their Pll by not completing the application for housing and housing services. Objection to any
collection of Pll may be made in person or in writing via letter or email. Completion of a housing application is required to be determined
eligible for housing and housing resident support services.
f. Do individuals have the opportunity to consent to the specific uses of their PII?

Yes

No

(1) If "Yes," describe the method by which individuals can give or withhold their consent.
(2) If "No," state the reason why individuals cannot give or withhold their consent.

By completing an application for housing, individuals consent to allow Housing to validate housing eligibility requirements. Additionally,
consent is provided for Housing to use information for urgent reporting to assist with high level decision making.
g. When an individual is asked to provide PII, a Privacy Act Statement (PAS) and/or a Privacy Advisory must be provided. (Check as appropriate and
provide the actual wording.)
Privacy Act Statement

Privacy Advisory

Not Applicable

AUTHORITY: 5 USC 301 Department Regulations
PURPOSE AND USES: The principal purpose is to provide information on the requirement of military personnel for government/
privatization quarters. The information is revised and filed in the Housing Office for use in assisting military personnel to obtain/maintain
government/privatization quarters.
EFFECTS OF NONDISCLOSURE: Disclosure of this information is voluntary; however, nondisclosure would make it difficult, if not
impossible, to assist an individual in obtaining government/privatization quarters.
h. With whom will the PII be shared through data exchange, both within your DoD Component and outside your Component? (Check all that apply)

DoN Housing entitlement (BAH) program offices such as
OPNAV NI and PSDs, Naval Education Training Command
Specify. (NETC), Navy Bureau of Medicine and Surgery (BUMED),
Navy Security (NCIS), Safety (Fire, Police) offices, and
United States Marine Corps.
United States Air Force, United States Army, United States
Coast Guard, National Guard, Office of the Secretary of
Defense, Defense Manpower Data Center, National Security
Specify.
Agency, Defense Intelligence Agency, Defense Logistics
Agency and housing entitlement (BAH) program offices,
health, safety, and security offices.

Within the DoD Component

Other DoD Components

CENSUS Bureau, Department of Homeland Security

Other Federal Agencies

Specify.

State and Local Agencies

Specify.

Contractor (Name of contractor and describe the language in
the contract that safeguards PII. Include whether FAR privacy
clauses, i.e., 52.224-1, Privacy Act Notification, 52.224-2,
Privacy Act, and FAR 39.105 are included in the contract.)

eMH Contractors with contracts containing FAR privacy
clauses in addition to mandatory non-disclosure agreements.
Specify.
Family and Unaccompanied Housing Privatization Partners
and sub-contractors.

Other (e.g., commercial providers, colleges).

Specify.

i. Source of the PII collected is: (Check all that apply and list all information systems if applicable)
Individuals

Databases

Existing DoD Information Systems

Commercial Systems

Other Federal Information Systems

Pll data is collected from individuals completing an application for housing, face to face or phone interview, direct input into website, the
Defense Enrollment Eligibility Reporting system (DEERS) and housing privatization partners.
DD FORM 2930, JUN 2017

PREVIOUS EDITION IS OBSOLETE.

AEM Designer

Page 2 of 9

j. How will the information be collected? (Check all that apply and list all Official Form Numbers if applicable)
E-mail

Official Form (Enter Form Number(s) in the box below)

Face-to-Face Contact

Paper

Fax

Telephone Interview

Information Sharing - System to System

Website/E-Form

Other (If Other, enter the information in the box below)

DD1746 Application for Housing
k. Does this DoD Information system or electronic collection require a Privacy Act System of Records Notice (SORN)?
A Privacy Act SORN is required if the information system or electronic collection contains information about U.S. citizens or lawful permanent U.S. residents that
is retrieved by name or other unique identifier. PIA and Privacy Act SORN information must be consistent.
Yes

No

If "Yes," enter SORN System Identifier

NM11101-1

SORN Identifier, not the Federal Register (FR) Citation. Consult the DoD Component Privacy Office for additional information or http://dpcld.defense.gov/
Privacy/SORNs/
or
If a SORN has not yet been published in the Federal Register, enter date of submission for approval to Defense Privacy, Civil Liberties, and Transparency
Division (DPCLTD). Consult the DoD Component Privacy Office for this date
If "No," explain why the SORN is not required in accordance with DoD Regulation 5400.11-R: Department of Defense Privacy Program.

l. What is the National Archives and Records Administration (NARA) approved, pending or general records schedule (GRS) disposition authority
for the system or for the records maintained in the system?
(1) NARA Job Number or General Records Schedule Authority.

N1-NU-86-5

(2) If pending, provide the date the SF-115 was submitted to NARA.

(3) Retention Instructions.

Records are retained for up to three years after termination of housing occupancy and then destroyed. eMH system hard drives and media are
destroyed using National Security Agency/Central Security Service (NSA/CSS) approved methods. Paper records containing PII or sensitive
information are destroyed using NSA/CSS evaluated crosscut shredders.
m. What is the authority to collect information? A Federal law or Executive Order must authorize the collection and maintenance of a system of
records. For PII not collected or maintained in a system of records, the collection or maintenance of the PII must be necessary to discharge the
requirements of a statue or Executive Order.
(1) If this system has a Privacy Act SORN, the authorities in this PIA and the existing Privacy Act SORN should be similar.
(2) If a SORN does not apply, cite the authority for this DoD information system or electronic collection to collect, use, maintain and/or disseminate PII.
(If multiple authorities are cited, provide all that apply).
(a) Cite the specific provisions of the statute and/or EO that authorizes the operation of the system and the collection of PII.
(b) If direct statutory authority or an Executive Order does not exist, indirect statutory authority may be cited if the authority requires the
operation or administration of a program, the execution of which will require the collection and maintenance of a system of records.
(c) If direct or indirect authority does not exist, DoD Components can use their general statutory grants of authority (“internal housekeeping”) as
the primary authority. The requirement, directive, or instruction implementing the statute within the DoD Component must be identified.

SORN NM11101-1 authorities:
10 U.S.C 5013, Secretary of the Navy
10 U.S.C. 5041, Headquarters, Marine Corps
10 U.S.C. 3013, Secretary of the Army
10 U.S.C. 8013, Secretary of the Air Force
14 U.S.C. Chapter 18--Coast Guard Housing Authorities
DD FORM 2930, JUN 2017

PREVIOUS EDITION IS OBSOLETE.

AEM Designer

Page 3 of 9

10 U.S.C. 2381, Military Family Housing Management Account
DoD 4165.63-M, DoD Housing Management
n. Does this DoD information system or electronic collection have an active and approved Office of Management and Budget (OMB) Control
Number?
Contact the Component Information Management Control Officer or DoD Clearance Officer for this information. This number indicates OMB approval to
collect data from 10 or more members of the public in a 12-month period regardless of form or format.
Yes

No

Pending

(1) If "Yes," list all applicable OMB Control Numbers, collection titles, and expiration dates.
(2) If "No," explain why OMB approval is not required in accordance with DoD Manual 8910.01, Volume 2, " DoD Information Collections Manual:
Procedures for DoD Public Information Collections.”
(3) If "Pending," provide the date for the 60 and/or 30 day notice and the Federal Register citation.

OMB Control Number - 0703-0066
Expiration Date - 03/31/2020

DD FORM 2930, JUN 2017

PREVIOUS EDITION IS OBSOLETE.

AEM Designer

Page 4 of 9

SECTION 2: PII RISK REVIEW
a. What PII will be collected (a data element alone or in combination that can uniquely identify an individual)? (Check all that apply)
Biometrics

Birth Date

Child Information

Citizenship

Disability Information

DoD ID Number

Driver's License

Education Information

Emergency Contact

Employment Information

Financial Information

Gender/Gender Identification

Home/Cell Phone

Law Enforcement Information

Legal Status

Mailing/Home Address

Marital Status

Medical Information

Military Records

Mother's Middle/Maiden Name

Name(s)

Official Duty Address

Official Duty Telephone Phone

Other ID Number

Passport Information

Personal E-mail Address

Photo

Place of Birth

Position/Title

Race/Ethnicity

Rank/Grade

Protected Health Information (PHI)1
Religious Preference

Records

Security Information

Work E-mail Address

If Other, enter the information in the box below

Social Security Number (SSN) (Full or in any
form)

In addition to verify eligibility and provide Services Housing collects:
Current home address, rank/rate, pay grade, civilian pay grade equivalent, branch of service, geographic bachelor, voluntarily or
involuntarily separated, time involuntarily separated, last unit, location of last assignment, agency or type of civilian, length of service, time
remaining on active duty, service start date, date of rank, projected rotation date, projected rotation location, current unit, reporting date,
estimated family arrival date, housing allowance begin and stop dates, entitlement condition type, entitlement condition end date,
entitlement condition start date, personnel type, handicap and accessible housing requirements, criminal conviction, cigarette smoking
habits, and type, breed and size of pet.
Spouse and child and unrelated applicant information:
Total number in family, relation to primary applicant, dependent start date with primary applicant, dependent end date with primary
applicant, entitlement condition type, entitlement condition end date, entitlement condition start date, current mailing address, rank/rate,
branch of service, civilian pay grade equivalent, service start date, date of rank, time remaining on active duty, projected rotation date,
criminal conviction, cigarette smoking habits, handicap and accessible housing requirements.
Other pertinent housing information is collected for primary applicants and dependents to include:
Particular housing preferences; special health problems; copies of permanent change of station orders; temporary orders; emergency contact,
relation; detaching endorsement from prior duty station; and pet health records
If the SSN is collected, complete the following questions.
(DoD Instruction 1000.30 states that all DoD personnel shall reduce or eliminate the use of SSNs wherever possible. SSNs shall not be used in spreadsheets,
hard copy lists, electronic reports, or collected in surveys unless they meet one or more of the acceptable use criteria.)
(1) Is there a current (dated within two (2) years) DPCLTD approved SSN Justification on Memo in place?
Yes

No

If "Yes," provide the signatory and date approval. If “No,” explain why there is no SSN Justification Memo.

Hakim Anbiya, CNIC Privacy Act Compliance Officer , 2019-07-17

(2) Describe the approved acceptable use in accordance with DoD Instruction 1000.30 “Reduction of Social Security Number (SSN) Use within DoD”.

Record matching. DoD security offices use SSN base resident data from eMH to conduct security investigations. DoD entitlement offices use
SSN based data from eMH to track and validate billions of dollars in housing entitlements issued to service members annually.
(3) Describe the mitigation efforts to reduce the use including visibility and printing of SSN in accordance with DoD Instructoin 1000.30, “Reduction of
Social Security Number (SSN) Use within DoD”.

SSNs are masked on all end user screens. Access to reports with SSN is limited and restricted to specifically approved users. Reports print
with required Privacy Notice cover page. Hard copy reports and forms with SSN are securely stored.
(4) Has a plan to eliminate the use of the SSN or mitigate its use and or visibility been identified in the approved SSN Justification request?
If "Yes," provide the unique identifier and when can it be eliminated?
If "No," explain.

DD FORM 2930, JUN 2017

PREVIOUS EDITION IS OBSOLETE.

AEM Designer

Page 5 of 9

Yes

No

SSN will be replaced by DoD ID Number for Family Housing when a revised DD1746 is released by OSD. SSN's are not collected for
unaccompanied housing.
b. What is the PII confidentiality impact level2?

1

Low

Moderate

High

The definition of PHI involves evaluating conditions listed in the HIPAA. Consult with General Counsel to make this determination.

2

Guidance on determining the PII confidentiality impact level, see Section 2.5 “Categorization of PII Using NIST SP 800-122.” Use the identified PII confidentiality impact level to apply the appropriate Privacy Overlay
low, moderate, or high. This activity may be conducted as part of the categorization exercise that occurs under the Risk Management Framework (RMF). Note that categorization under the RMF is typically
conducted using the information types described in NIST Special Publication (SP) 800-60, which are not as granular as the PII data elements listed in the PIA table. Determining the PII confidentiality impact level is
most effective when done in collaboration with the Information Owner, Information System Owner, Information System Security Manager, and representatives from the security and privacy organizations, such as the
Information System Security Officer (ISSO) and Senior Component Official for Privacy (SCOP) or designees.

c. How will the PII be secured?
(1) Physical Controls. (Check all that apply)
Cipher Locks

Closed Circuit TV (CCTV)

Combination Locks

Identification Badges

Key Cards

Safes

Security Guards

If Other, enter the information in the box below

(2) Administrative Controls. (Check all that apply)
Backups Secured Off-site
Encryption of Backups
Methods to Ensure Only Authorized Personnel Access to PII
Periodic Security Audits
Regular Monitoring of Users' Security Practices
If Other, enter the information in the box below

(3) Technical Controls. (Check all that apply)
Biometrics

Common Access Card (CAC)

DoD Public Key Infrastructure Certificates

Encryption of Data at Rest

Encryption of Data in Transit

External Certificate Authority Certificates

Firewall

Intrusion Detection System (IDS)

Least Privilege Access

Role-Based Access Controls

Used Only for Privileged (Elevated Roles)

User Identification and Password

Virtual Private Network (VPN)

If Other, enter the information in the box below

Passwords are also used for technical controls.

d. What additional measures/safeguards have been put in place to address privacy risks for this information system or electronic collection?

DD FORM 2930, JUN 2017

PREVIOUS EDITION IS OBSOLETE.

AEM Designer

Page 6 of 9