Download:
pdf |
pdfPrivacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
PRIVACY THRESHOLD ANALYSIS (PTA)
This form serves as the official determination by the DHS Privacy Office to
identify the privacy compliance requirements for all Departmental uses of
personally identifiable information (PII).
A Privacy Threshold Analysis (PTA) serves as the document used to identify
information technology (IT) systems, information collections/forms, technologies,
rulemakings, programs, information sharing arrangements, or pilot projects that involve
PII and other activities that otherwise impact the privacy of individuals as determined by
the Chief Privacy Officer, pursuant to Section 222 of the Homeland Security Act, and to
assess whether there is a need for additional Privacy Compliance Documentation. A PTA
includes a general description of the IT system, information collection, form, technology,
rulemaking, program, pilot project, information sharing arrangement, or other Department
activity and describes what PII is collected (and from whom) and how that information is
used and managed.
Please complete the attached Privacy Threshold Analysis and submit it to your
component Privacy Office. After review by your component Privacy Officer the PTA is sent
to the Department’s Senior Director for Privacy Compliance for action. If you do not have a
component Privacy Office, please send the PTA to the DHS Privacy Office:
Senior Director, Privacy Compliance
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Tel: 202-343-1717
PIA@hq.dhs.gov
Upon receipt from your component Privacy Office, the DHS Privacy Office will review this
form and assess whether any privacy compliance documentation is required. If compliance
documentation is required – such as Privacy Impact Assessment (PIA), System of Records
Notice (SORN), Privacy Act Statement, or Computer Matching Agreement (CMA) – the DHS
Privacy Office or component Privacy Office will send you a copy of the relevant compliance
template to complete and return.
Privacy Threshold Analysis – IC/Form
Page 1 of 13
Version number: 06-2023
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
Privacy Threshold Analysis (PTA)
Specialized Template for
Information Collections (IC) and Forms
The Forms-PTA is a specialized template for Information Collections and Forms. This
specialized PTA must accompany all Information Collections submitted as part of the
Paperwork Reduction Act process (any instrument for collection (form, survey,
questionnaire, etc.) from ten or more members of the public). Components may use this PTA
to assess internal, component-specific forms as well.
Form Number:
N/A
Form Title:
Ask the Advocate Webform.
Component:
Federal Emergency
Management Agency
(FEMA)
Office:
Resilience/OFIA
IF COVERED BY THE PAPERWORK REDUCTION ACT:
Collection Title:
Click here to enter text.
OMB Control
Number:
Collection status:
Name:
Office:
Phone:
Name:
1660-0086
Revision
OMB Expiration
Date:
Date of last PTA (if
applicable):
September 30, 2025
June 1, 2021
PROJECT OR PROGRAM MANAGER
Rhonda Montgomery
FIMA/OFIA
Title:
Deputy Advocate
(202) 701-3645
Email:
Rhonda.Montgomery@fema.
dhs.gov
COMPONENT INFORMATION COLLECTION/FORMS CONTACT
Joe Cecil
Privacy Threshold Analysis – IC/Form
Page 2 of 13
Version number: 06-2023
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
Office:
Phone:
FIMA/OFIA
Title:
Advocate Team Lead
(202) 701-3475
Email:
Joseph.Cecil@fema.dhs.gov
SPECIFIC IC/Forms PTA QUESTIONS
1. Purpose of the Information Collection or Form
a. Describe the purpose of the information collection or form. Please provide a
general description of the project and its purpose, including how it supports the DHS
mission, in a way a non-technical person could understand (you may use
information from the Supporting Statement).
If this is an updated PTA, please specifically describe what changes or upgrades are
triggering the update to this PTA.
The Office of the Flood Insurance Advocate (OFIA) in the Federal Insurance and
Mitigation Administration (FIMA) submits this PTA as a renewal. There has been no
changes to the collection, use and dissemination of information since the last adjudicated
PTA.
This webform is part of the 1660-0086 Mortgage Portfolio Protection Program (MPPP)
collection. MPPP is a form of “force-placed” coverage purchased by a Federally backed or
regulated lender when a borrower is not in compliance with the mandatory purchase
provisions of the Flood Disaster Protection Act of 1973. As such, many policyholders
under the MPPP are in a dispute with the lender which they experience as unfair,
frustrating and confusing. OFIA was created by the Homeowners Flood Insurance
Affordability Act of 2014 to advocate for the fair treatment of policyholders under the
National Flood Insurance Program (NFIP). OFIA interprets this mandate as assisting
frustrated and confused policyholders. It is imperative that MPPP policyholders be
provided access to OFIA for assistance in understanding their rights and responsibilities
under the NFIP. The webform provides the best means for reaching OFIA with an inquiry.
The OFIA assists policyholders and property owners navigate the complexity of the NFIP
by providing assistance in rate verification, navigating the claims process, understanding
flood risk, floodplain management requirements, Hazard Mitigation Assistance
opportunities, the flood hazard mapping process, and coordinating NFIP with Individual
Assistance.
OFIA meets its legislative mandate of advocating for policyholders and property owners
by both providing individual case-by-case assistance to the policyholder and property
owner and conducting data analytics to advocate for programmatic changes to reduce
customer frustration and confusion.
Privacy Threshold Analysis – IC/Form
Page 3 of 13
Version number: 06-2023
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
The OFIA “Ask an Advocate” webform requests basic customer information from a
customer seeking assistance from OFIA. The form asks for name and email address,
state and zip code. Because inquiries sometimes come from parties representing a
policyholder or property owner, the form also asks the inquirer to identify their role by
choosing one of the drop-down options in the “Contact Role” field:
o
o
o
o
o
o
o
o
o
o
o
o
o
Policy Holder
Policy Holder Rep
Agent
Lender
NFIP Direct Rep
WYO Rep
Attorney
State/Community Official
Property Owner
Property Owner/Policy Holder
Federal Official/Congressional
FEMA Administrator
Other
The form also asks how the inquirer found out about the OFIA so that we can gather
metrics to improve our outreach efforts. A “Captcha” prevents automated solicitations
and the form has an open field for the inquirer to ask their question. A screenshot of the
webform is provided as “Attachment A” for reference.
b. List the DHS (or Component) authorities to collect, store, and use this
information. If this information will be stored and used by a specific DHS
component, list the component-specific authorities.
Under 42 U.S.C. 4033, the FEMA Administrator shall designate a Flood Insurance
Advocate to advocate for the fair treatment of policyholders under the National Flood
Insurance Program (NFIP) and property owners in the mapping of flood hazards, the
identification of risks from flood, and the implementation of measures to minimize the
risk of flood. The NFIP is authorized under 42 U.S.C. 4011 et seq.
2. Describe the IC/Form
Privacy Threshold Analysis – IC/Form
Page 4 of 13
Version number: 06-2023
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
a. Does this form collect any
Personally Identifiable
Information” (PII 1)?
b. From which type(s) of
individuals does this form
collect information?
(Check all that apply.)
c. Who will complete and
submit this form? (Check
all that apply.)
d. How do individuals
complete the form? Check
all that apply.
☒ Yes
☐ No
☒ Members of the public
☒ U.S. citizens or lawful permanent
residents
☐ Non-U.S. Persons
☐ DHS Employees/Contractors (list
Components)
☐ Other federal employees or contractors
☒ The record subject of the form (e.g., the
individual applicant).
☒ Legal Representative (preparer, attorney,
etc.).
☒ Business entity.
If a business entity, is the only
information collected business contact
information?
☒ Yes
☐ No
☐ Law enforcement.
☒ DHS employee/contractor.
☐ Other individual/entity/organization that is
NOT the record subject. Please describe.
Click here to enter text.
☐ Paper.
☐ Electronic. (ex: fillable PDF)
☒ Online web form. (available and submitted via
the internet)
Provide link: Ask the Advocate a Question
1
Personally identifiable information means any information that permits the identity of an individual to be directly or indirectly inferred, including
any other information which is linked or linkable to that individual regardless of whether the individual is a U.S. citizen, lawful permanent resident,
visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Page 5 of 13
Version number: 06-2023
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
e. What information will DHS collect on the form? List all individual PII data
elements on the form. If the form will collect information from more than one type of
individual, please break down list of data elements collected by type of individual.
Ask an Advocate Form PII:
• First Name
• Last Name
• Email Address
• The Contact Role field (drop down):
o Policy Holder
o Policy Holder Rep
o Agent
o Lender
o NFIP Direct Rep
o WYO Rep
o Attorney
o State/Community Official
o Property Owner
o Property Owner/Policy Holder
o Federal Official/Congressional
o FEMA Administrator
o Other
• State (use drop down)
• Zip Code
f. Does this form collect Social Security number (SSN) or other element that is
stand-alone Sensitive Personally Identifiable Information (SPII)? Check all that
apply.
☐ Social Security number
☐ DHS Electronic Data Interchange
Personal Identifier (EDIPI)
☐ Alien Number (A-Number)
☐ Social Media Handle/ID
☐ Tax Identification Number
☐ Known Traveler Number
☐ Visa Number
☐ Trusted Traveler Number (Global
☐ Passport Number
Entry, Pre-Check, etc.)
☐ Bank Account, Credit Card, or other
☐ Driver’s License Number
financial account number
☐ Biometrics
☐ Other. Please list:N/A
g. List the specific authority to collect SSN or these other SPII elements.
N/A
Privacy Threshold Analysis – IC/Form
Page 6 of 13
Version number: 06-2023
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
h. How will the SSN and SPII information be used? What is the purpose of the
collection?
N/A
i.
N/A
j.
Is SSN necessary to carry out the functions of this form and/or fulfill
requirements of the information collection? Note: even if you are properly
authorized to collect SSNs, you are required to use an alternative identifier. If
there are technological, legal, or regulatory limitations to eliminating the SSN,
privacy-enhancing alternatives should be taken, such as truncating the SSN.
Are individuals
provided notice at the
time of collection by
DHS (Does the records
subject have notice of
the collection or is
form filled out by
third party)?
☒ Yes. Please describe how notice is provided.
The individual wishing to ask an OFIA advocate
a question is the individual accessing the
webform and filling out the requested
information.
☐ No.
3. How will DHS store the IC/form responses?
a. How will DHS store
☐ Paper. Please describe.
the original,
Click here to enter text.
completed IC/forms?
☒ Electronic. Please describe the IT system that will
store the data from the form.
The information will be stored in the Customer
Relationship Management tool Salesforce
☐ Scanned forms (completed forms are scanned into
an electronic repository). Please describe the
electronic repository.
Click here to enter text.
Privacy Threshold Analysis – IC/Form
Page 7 of 13
Version number: 06-2023
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
b. If electronic, how
does DHS input the
responses into the IT
system?
c. How would a user
search the
information
submitted on the
forms, i.e., how is the
information
retrieved?
2
☒ Manually (data elements manually entered). Please
describe.
The customer seeking assistance from the
OFIA enters the data manually into the
webform.
☐ Automatically. Please describe.
Click here to enter text.
☒ By a unique identifier. 2 Please describe. If
information is retrieved by personal identifier, please
submit a Privacy Act Statement with this PTA.
A user can search the system by first name, last
name, and email address.
☐ By a non-personal identifier. Please describe.
Click here to enter text.
d. What is the records
Policy records are kept as long as the property
retention
owner is enrolled in the insurance program and
schedule(s)? Include
pays the policy premiums. Records are cutoff
the records schedule
when the file becomes inactive. Policy records are
number.
destroyed five years after the cutoff with FEMA
Records Schedule N1-311-86-1, Item 1A13a(2).
e. How do you ensure
The OFIA adheres to the disposition schedule,
that records are
which provides timeframes for cutoff, retention
disposed of or deleted
and destruction of program related records.
in accordance with
Additionally, FIMA records custodians work with
the retention
the FEMA Records Management Program to
schedule?
ensure awareness of Federal statutes, policies,
and procedures for records management.
f. Is any of this information shared outside of the original program/office? If yes,
describe where (other offices or DHS components or external entities) and why.
What are the authorities of the receiving party?
☐ Yes, information is shared with other DHS components or offices. Please describe.
Generally, a unique identifier is considered any type of “personally identifiable information,” meaning any information that permits the identity
of an individual to be directly or indirectly inferred, including any other information which is linked or linkable to that individual regardless of
whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department.
Privacy Threshold Analysis – IC/Form
Page 8 of 13
Version number: 06-2023
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
Click here to enter text.
☐ Yes, information is shared external to DHS with other federal agencies, state/local
partners, international partners, or non-governmental entities. Please describe.
Click here to enter text.
☒ No. Information on this form is not shared outside of the collecting office.
Please include a copy of the referenced form and Privacy Act Statement (if
applicable) with this PTA upon submission.
Privacy Threshold Analysis – IC/Form
Page 9 of 13
Version number: 06-2023
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
PRIVACY THRESHOLD REVIEW
(TO BE COMPLETED BY COMPONENT PRIVACY OFFICE)
Component Privacy Office Reviewer:
Date submitted to Component Privacy
Office:
Concurrence from other Components
involved (if applicable):
Date submitted to DHS Privacy Office:
Have you approved a Privacy Act
Statement for this form? (Only
applicable if you have received a
waiver from the DHS Chief Privacy
Officer to approve component Privacy
Act Statements.)
Mercy Asante- Ansong
June 17, 2024
Click here to enter text.
June 20, 2024
☒ Yes. Please include it with this PTA
submission.
☐ No. Please describe why not.
Click here to enter text.
Component Privacy Office Recommendation:
Please include recommendation below, including what existing privacy compliance
documentation is available or new privacy compliance documentation is needed.
FEMA recommends that the “Ask an Advocate Webform” be considered a privacy sensitive
collection as the webform requests basic customer information such as name, email address, state
and zip code from a customer seeking assistance from OFIA.
Privacy compliance coverage is provided as follows:
PIA:
•
DHS/ALL/PIA-006, General Contact Lists
SORN:
•
DHS/ALL-002, DHS Mailing and Other Lists and DHS/FEMA-003 National Flood
Insurance Program Files
Privacy Act Statement:
A Privacy Act Statement will be provided to individuals at the point of collection. The Privacy
Act Statement has been submitted with this PTA for review and approval.
Privacy Threshold Analysis – IC/Form
Page 10 of 13
Version number: 06-2023
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
Privacy Threshold Analysis – IC/Form
Page 11 of 13
Version number: 06-2023
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
PRIVACY THRESHOLD ADJUDICATION
(TO BE COMPLETED BY THE DHS PRIVACY OFFICE)
DHS Privacy Office Reviewer:
Erika Lewis
PCTS Workflow Number:
Date approved by DHS Privacy Office:
PTA Expiration Date
DHS Privacy Office Approver (if
applicable):
0017415
June 25, 2024
June 25, 2027
Schuntel Reddock
DESIGNATION
Privacy Sensitive IC or
Form:
Determination:
Privacy Act
Statement:
System PTA:
PIA:
SORN:
Yes If “no” PTA adjudication is complete.
☐ PTA sufficient at this time.
☐ Privacy compliance documentation determination in
progress.
☐ New information sharing arrangement is required.
☐ DHS Policy for Computer-Readable Extracts Containing SPII
applies.
☒ Privacy Act Statement required.
☒ Privacy Impact Assessment (PIA) required.
☒ System of Records Notice (SORN) required.
☐ Specialized training required.
☐ Other. Click here to enter text.
Choose an item.
Click here to enter text.
Choose an item.
Click here to enter text.
System covered by existing PIA
If covered by existing PIA, please list: DHS/ALL/PIA-006 DHS General
Contacts Lists
If a PIA update is required, please list: Click here to enter text.
System covered by existing SORN
Privacy Threshold Analysis – IC/Form
Page 12 of 13
Version number: 06-2023
�Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
202-343-1717, pia@hq.dhs.gov
www.dhs.gov/privacy
If covered by existing SORN, please list: DHS/ALL-002 Department of
Homeland Security (DHS) Mailing and Other Lists System, November 25,
2008, 73 FR 71659; DHS/FEMA-003 National Flood Insurance Program
Files, May 19, 2014, 79 FR 28747
If a SORN update is required, please list: Click here to enter text.
DHS Privacy Office Comments:
Please describe rationale for privacy compliance determination above.
FEMA submits a renewal PTA FOR THE 1660-0086 Mortgage Portfolio Protection Program
(MPPP), which is a form of “force-placed” coverage purchased by a Federally-backed or
regulated lender when a borrower is not in compliance with the mandatory purchase
provisions of the Flood Disaster Protection Act of 1973. The webform provides the best
means for reaching OFIA with an inquiry. There have been no changes to the collection, use
and dissemination of information since the last adjudication.
The OFIA “Ask an Advocate” webform requests basic customer information from a
customer seeking assistance from OFIA. The form asks for name and email address, state
and zip code. Because inquiries sometimes come from parties representing a policyholder
or property owner, the form also asks the inquirer to identify their role.
DHS PRIV concurs with FEMA that this is a privacy-sensitive information collection,
requiring both PIA and SORN coverage. PIA coverage is provided by DHS/ALL/PIA-006,
DHS General Contacts Lists, which covers the rudimentary PII collected by this form.
Information is retrieved by unique identifier (first/last name, email), and DHS PRIV
concurs that appropriate coverage is provided by DHS/ALL-002 Department of Homeland
Security (DHS) Mailing and Other Lists and DHS/FEMA-003 National Flood Insurance
Program Files, as the program relates to flood disaster response.
The Privacy Act Statement provided with the PTA submission is sufficient.
Privacy Threshold Analysis – IC/Form
Page 13 of 13
Version number: 06-2023
�
| File Type | application/pdf |
| File Title | DHS PRIVACY OFFICE |
| Author | marilyn.powell |
| File Modified | 2024-06-25 |
| File Created | 2024-06-25 |