Download:
pdf |
pdfPrivacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
PRIVACY THRESHOLD ANALYSIS (PTA)
This form serves as the official determination by the DHS Privacy Office to
identify the privacy compliance requirements for all Departmental uses of
personally identifiable information (PII).
A Privacy Threshold Analysis (PTA) serves as the document used to identify
information technology (IT) systems, information collections/forms, technologies,
rulemakings, programs, information sharing arrangements, or pilot projects that involve
PII and other activities that otherwise impact the privacy of individuals as determined by
the Chief Privacy Officer, pursuant to Section 222 of the Homeland Security Act, and to
assess whether there is a need for additional Privacy Compliance Documentation. A PTA
includes a general description of the IT system, information collection, form, technology,
rulemaking, program, pilot project, information sharing arrangement, or other Department
activity and describes what PII is collected (and from whom) and how that information is
used and managed.
Please complete the attached Privacy Threshold Analysis and submit it to your
component Privacy Office. After review by your component Privacy Officer the PTA is sent
to the Department’s Senior Director for Privacy Compliance for action. If you do not have a
component Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
PIA@hq.dhs.gov
Upon receipt from your component Privacy Office, the DHS Privacy Office will review this
form and assess whether any privacy compliance documentation is required. If compliance
documentation is required – such as Privacy Impact Assessment (PIA), System of Records
Notice (SORN), Privacy Act Statement, or Computer Matching Agreement (CMA) – the DHS
Privacy Office or component Privacy Office will send you a copy of the relevant compliance
template to complete and return.
Privacy Threshold Analysis – IC/Form
Page 1 of 11
Version number: 06-2023
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
Privacy Threshold Analysis (PTA)
Specialized Template for
Information Collections (IC) and Forms
The Forms-PTA is a specialized template for Information Collections and Forms. This
specialized PTA must accompany all Information Collections submitted as part of the
Paperwork Reduction Act process (any instrument for collection (form, survey,
questionnaire, etc.) from ten or more members of the public). Components may use this PTA
to assess internal, component-specific forms as well.
Form Number:
Form Title:
Component:
Not Applicable
Not Applicable
Federal Emergency
Management Agency
(FEMA)
Office:
Federal Insurance and
Mitigation
Administration (FIMA),
National Mitigation
Planning Program
IF COVERED BY THE PAPERWORK REDUCTION ACT:
Collection Title:
State/Local/Tribal Hazard Mitigation Plans
OMB Control Number 1660-0062
OMB Expiration
October 31, 2025
Date:
Collection status:
Revision
Date of last PTA (if
April 16, 2021
applicable):
Name:
Office:
Phone:
PROJECT OR PROGRAM MANAGER
Jenny Burmester
DHHS FEMA
Title:
Program Manager
RSL-IM-RM-PB-PS
National Mitigation
Planning Program
202-646-4325
Email:
Jennifer.burmester@fema.d
hs.gov
COMPONENT INFORMATION COLLECTION/FORMS CONTACT
Privacy Threshold Analysis – IC/Form
Page 2 of 11
Version number: 06-2023
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
Name:
Office:
Phone:
Krista Westinson
Information Mgmt. Division Title:
(202) 394-6377
Email:
Sr. PRA Clearance Officer
krista.westinson@fema.dhs.
gov
SPECIFIC IC/Forms PTA QUESTIONS
1. Purpose of the Information Collection or Form
a. Describe the purpose of the information collection or form. Please provide a
general description of the project and its purpose, including how it supports the DHS
mission, in a way a non-technical person could understand (you may use
information from the Supporting Statement).
If this is an updated PTA, please specifically describe what changes or upgrades are
triggering the update to this PTA.
The Federal Emergency Management Agency (FEMA) Resilience submits this renewal Privacy
Threshold Analysis (PTA) as part of the Office of Management and Budget (OMB) Information
Collection Resource (ICR) renewal process. This PTA covers OMB ICR 1660-0062. Since the
PTA was last approved in 2021, the type of information collected and the ways in which
that information is collected, used, maintained, or shared has not changed.
Background
Section 322 of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (Stafford Act), 42
U.S.C. § 5165, as amended by the Disaster Mitigation Act of 2000 (DMA 2000), Pub. L. No. 106-390,
provides the framework for mitigation planning by state, tribal, and local governments. The purpose
of mitigation planning is to identify the natural hazards that might impact the planning area, identify
actions and activities to reduce any losses from the hazards, and establish a coordinated process to
implement the plan, taking advantage of a wide range of resources. Over the years, Congress has
passed additional legislation providing authority for mitigation planning and connections to new
assistance programs with FEMA and other agencies, such as the U.S. Army Corp of Engineers.
To be eligible for certain types of FEMA non-emergency assistance, such as Public Assistance
Categories (PA) Categories C-G, Fire Management Assistance Grants (FMAG), various Hazard
Mitigation Assistance (HMA) programs, and High Hazard Potential Dam Rehabilitation grants,
states, tribal, and local governments are required to have an approved mitigation plan that meets
the criteria established in the federal regulations at Title 44 Code of Federal Regulations (CFR)
Part 201 Mitigation Planning (44 CFR Part 201). FEMA provides a guide or template for
Mitigation plans; however, Mitigation plans are submitted in the format of the State, Local, or
Tribal organization’s preference. Mitigation plans must be updated and submitted to the State
and FEMA for review and approval every 5 years to maintain eligibility.
As part of the review and approval process, FEMA corresponds with the state, tribal, and/or local
government official / point of contact, including providing the approval letter and the mitigation
Privacy Threshold Analysis – IC/Form
Page 3 of 11
Version number: 06-2023
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
plan review document. The name and contact information of the points of contact are collected
within the required mitigation plan documentation. FEMA collects information, including
mitigation plans and related documentation by U.S. mail (less submissions by this method since
inception of pandemic in March 2020), electronic mail (email), CD, SharePoint upload and
electronic file transfer protocols.
b. List the DHS (or Component) authorities to collect, store, and use this
information. If this information will be stored and used by a specific DHS
component, list the component-specific authorities.
Section 322 of the Stafford Act, as amended by the DMA 2000, and implementing
regulations (44 CFR Part 201), FEMA requires a mitigation plan to be approved by FEMA
in order for the state, tribal, and local government to be eligible for certain types of FEMA
assistance, such as PA, Fire Management Assistance Grants (FMAG), HMA, and High
Hazard Potential Dam (HHPD).
2. Describe the IC/Form
a. Does this form collect any
Personally Identifiable
Information” (PII 1)?
b. From which type(s) of
individuals does this form
collect information?
(Check all that apply.)
c. Who will complete and
submit this form? (Check
all that apply.)
☒ Yes
☐ No
☒ Members of the public
☐ U.S. citizens or lawful permanent
residents
☐ Non-U.S. Persons
☐ DHS Employees/Contractors (list
Components)
☐ Other federal employees or contractors
☐ The record subject of the form (e.g., the
individual applicant).
☐ Legal Representative (preparer, attorney,
etc.).
☒ Business entity.
If a business entity, is the only
information collected business contact
information?
1
Personally identifiable information means any information that permits the identity of an individual to be directly or indirectly inferred, including
any other information which is linked or linkable to that individual regardless of whether the individual is a U.S. citizen, lawful permanent resident,
visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Page 4 of 11
Version number: 06-2023
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
d. How do individuals
complete the form? Check
all that apply.
☒ Yes
☐ No
☐ Law enforcement.
☐ DHS employee/contractor.
☒ Other individual/entity/organization that is
NOT the record subject. Please describe.
Point of contact/designated official for state, local,
Territorial or Tribal government.
☒ Paper.
Plans may be submitted via U.S. mail (less
submissions by this method since inception of
pandemic in March 2020).
☒ Electronic. (ex: fillable PDF)
State, Territorial or Tribal governments may
submit the plan to by electronic mail (email), CD,
SharePoint upload and electronic file transfer
protocols.
☐ Online web form. (available and submitted via
the internet)
Provide link:
e. What information will DHS collect on the form? List all individual PII data
elements on the form. If the form will collect information from more than one type of
individual, please break down list of data elements collected by type of individual.
Specific requirements for State/Local/Tribal Mitigation Plans are described in 44 CFR
Part 201 as well as in guidance / policies issued by FEMA (see FEMA’s Mitigation
Planning Regulations and Guidance website at https://www.fema.gov/emergencymanagers/risk-management/hazard-mitigation-planning/regulations-guidance).
The information collection includes business points of contact from state, local, and tribal
governments, such as name, business address, business phone number, and business e-
Privacy Threshold Analysis – IC/Form
Page 5 of 11
Version number: 06-2023
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
mail, to allow for correspondence between FEMA and the state, tribal, and/or local
governments submitting the mitigation plan.
f. Does this form collect Social Security number (SSN) or other element that is
stand-alone Sensitive Personally Identifiable Information (SPII)? Check all that
apply.
☐ Social Security number
☐ DHS Electronic Data Interchange
Personal Identifier (EDIPI)
☐ Alien Number (A-Number)
☐ Social Media Handle/ID
☐ Tax Identification Number
☐ Known Traveler Number
☐ Visa Number
☐ Trusted Traveler Number (Global
☐ Passport Number
Entry, Pre-Check, etc.)
☐ Bank Account, Credit Card, or other
☐ Driver’s License Number
financial account number
☐ Biometrics
☐ Other. Please list:
Not applicable (N/A) – SSN / SPII not
collected.
g. List the specific authority to collect SSN or these other SPII elements.
N/A
h. How will the SSN and SPII information be used? What is the purpose of the
collection?
N/A
i. Is SSN necessary to carry out the functions of this form and/or fulfill
requirements of the information collection? Note: even if you are properly
authorized to collect SSNs, you are required to use an alternative identifier. If
there are technological, legal, or regulatory limitations to eliminating the SSN,
privacy-enhancing alternatives should be taken, such as truncating the SSN.
N/A
j. Are individuals
☒ Yes. Please describe how notice is provided.
provided notice at the
time of collection by
FEMA provides notice of system collection of
DHS (Does the records
information via a link on the online grant application
subject have notice of
website as well as through the following PIA and
the collection or is
SORN: DHS/FEMA/PIA-025 Hazard Mitigation Grant
form filled out by
Program (HMGP) System and DHS/FEMA – 009
third party)?
Hazard Mitigation Disaster Public Assistance and
Disaster Loan Programs System of Records Notice.
Privacy Threshold Analysis – IC/Form
Page 6 of 11
Version number: 06-2023
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
☐ No.
3. How will DHS store the IC/form responses?
a. How will DHS store
☒ Paper. Please describe.
the original,
completed IC/forms?
Regions accepting paper submissions are responsible
for storage.
☒ Electronic. Please describe the IT system that will
store the data from the form.
Electronic submissions are received via CD, e-mail,
SharePoint upload, and/or file transfer protocol and
are saved to FEMA shared drives, and/or SharePoint.
b. If electronic, how
does DHS input the
responses into the IT
system?
2
c. How would a user
search the
information
submitted on the
forms, i.e., how is the
☒ Scanned forms (completed forms are scanned into
an electronic repository). Please describe the
electronic repository.
Scanned forms are saved to FEMA shared drives,
and/or SharePoint.
☒ Manually (data elements manually entered). Please
describe.
FEMA regional staff manually save documents on
FEMA shared drives and/or SharePoint.
☐ Automatically. Please describe.
☐ By a unique identifier. 2 Please describe. If
information is retrieved by personal identifier, please
submit a Privacy Act Statement with this PTA.
☒ By a non-personal identifier. Please describe.
• Plan title
Generally, a unique identifier is considered any type of “personally identifiable information,” meaning any information that permits the identity
of an individual to be directly or indirectly inferred, including any other information which is linked or linkable to that individual regardless of
whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Page 7 of 11
Version number: 06-2023
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
information
retrieved?
• MPP Plan ID,
• FEMA Community Identifier (CID)
• Community MPP GeoID
MIT-1-1: Retire to FRC 3 years after project cut off
(end of approval period).
d. What is the records
retention
schedule(s)? Include
the records schedule
number.
e. How do you ensure
Each FEMA program office has a Records Custodian or
that records are
Records Liaison Officer that provides guidance,
disposed of or deleted
awareness, and training on proper records
in accordance with
management.
the retention
schedule?
f. Is any of this information shared outside of the original program/office? If yes,
describe where (other offices or DHS components or external entities) and why.
What are the authorities of the receiving party?
☐ Yes, information is shared with other DHS components or offices. Please describe.
Click here to enter text.
☐ Yes, information is shared external to DHS with other federal agencies, state/local
partners, international partners, or non-governmental entities. Please describe.
Click here to enter text.
☒ No. Information on this form is not shared outside of the collecting office.
FEMA does not share PII or mitigation plans outside of the agency. However, FEMA
may share mitigation plan status with other FEMA components to determine
eligibility for PA, FMAG, HMA, and HHPD.
Please include a copy of the referenced form and Privacy Act Statement (if
applicable) with this PTA upon submission.
Privacy Threshold Analysis – IC/Form
Page 8 of 11
Version number: 06-2023
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:
Date submitted to Component Privacy
Office:
Concurrence from other Components
involved (if applicable):
Date submitted to DHS Privacy Office:
Have you approved a Privacy Act
Statement for this form? (Only
applicable if you have received a
waiver from the DHS Chief Privacy
Officer to approve component Privacy
Act Statements.)
Stephen Kankam
January 23, 2024
Click here to enter text.
March 11, 2024
☐ Yes. Please include it with this PTA
submission.
☒ No. Please describe why not.
The information is not collected on a form and is
not a part of a system of records (i.e. not retrieved
by identifier). However, notice is generally
provided via the published PIA (DHS/FEMA /PIA025 Hazard Mitigation Grant Program (HMGP)
System).
Component Privacy Office Recommendation:
Please include recommendation below, including what existing privacy compliance
documentation is available or new privacy compliance documentation is needed.
FEMA Privacy considers the State/Local/Tribal Mitigation Plan (ICR 1660-0062) to be a
privacy-sensitive collection as it collects business information from state, local and tribal
government including name, business address, business phone number and business email.
FEMA recommends the following privacy compliance coverage:
PIA:
DHS/FEMA/PIA-025 Hazard Mitigation Grant Program (HMGP) System
DHS/ALL/PIA-006 General Contacts List
Privacy Threshold Analysis – IC/Form
Page 9 of 11
Version number: 06-2023
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
SORN coverage is not required as information is not retrieved by a unique identifier but
rather, information is retrieved by State, Tribal, and/or local government, and /or
mitigation plan.
PRIVACY THRESHOLD ADJUDICATION
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:
Erika Lewis
PCTS Workflow Number:
Date approved by DHS Privacy Office:
PTA Expiration Date
DHS Privacy Office Approver (if
applicable):
0016667
March 13, 2024
March 13, 2027
Schuntel Reddock
DESIGNATION
Privacy Sensitive IC or
Form:
Determination:
Privacy Act
Statement:
System PTA:
PIA:
Yes If “no” PTA adjudication is complete.
☐ PTA sufficient at this time.
☐ Privacy compliance documentation determination in
progress.
☐ New information sharing arrangement is required.
☐ DHS Policy for Computer-Readable Extracts Containing SPII
applies.
☐ Privacy Act Statement required.
☒ Privacy Impact Assessment (PIA) required.
☐ System of Records Notice (SORN) required.
☐ Specialized training required.
☐ Other. Click here to enter text.
Choose an item.
Click here to enter text.
Choose an item.
Click here to enter text.
System covered by existing PIA
Privacy Threshold Analysis – IC/Form
Page 10 of 11
Version number: 06-2023
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
If covered by existing PIA, please list: DHS/ALL/PIA -006 DHS General
Contacts List; DHS/FEMA/PIA-025 Hazard Mitigation Grant Program
(HMGP) System
If a PIA update is required, please list: Click here to enter text.
SORN:
Choose an item.
If covered by existing SORN, please list: Click here to enter text.
If a SORN update is required, please list: Click here to enter text.
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
FEMA submits a renewal PTA concern FEMA collects information, including mitigation
plans and related documentation through a variety of methods. Although the method for
collection of information has changed since the last PTA, the type of information collected
and the ways in which that information is used, maintained, or shared has not changed.
The purpose of mitigation planning is to identify the natural hazards that might impact the
planning area, identify actions and activities to reduce any losses from the hazards, and
establish a coordinated process to implement the plan.
As part of the review and approval process, FEMA corresponds with the state, tribal, or
local point of contact, including providing the approval letter and the mitigation plan
review document. The name and contact information of the points of contact are collected
within the required mitigation plan documentation.
DHS PRIV concurs with FEMA that this constitutes a privacy-sensitive system, and requires
PIA coverage, as information including name, business address, business phone number,
and business email is collected. Coverage is provided by DHS/ALL/PIA -006 DHS General
Contacts List. Additional PIA coverage is provided by DHS/FEMA/PIA-025 Hazard
Mitigation Grant Program (HMGP) System, which covers PII of grantees or subgrantees as
well as PII on individual property owners associated with grants or sub-grants. SORN
coverage is not required as information is not retrieved by a unique identifier.
Privacy Threshold Analysis – IC/Form
Page 11 of 11
Version number: 06-2023
�
| File Type | application/pdf |
| File Title | DHS PRIVACY OFFICE |
| Author | marilyn.powell |
| File Modified | 2024-03-19 |
| File Created | 2024-03-19 |