87 FR 6 pgs. 1171-1175 - Privacy Act of 1974; System of Records
Type: NOTICEVolume: 87Number: 6Pages: 1171 - 1175
Pages: 1171, 1172, 1173, 1174, 1175Docket number: [Docket No. FEMA-2021-0031]
FR document: [FR Doc. 2022-00182 Filed 1-7-22; 8:45 am]
Agency: Homeland Security Department
Official PDF Version: PDF Version
[top]
DEPARTMENT OF HOMELAND SECURITY
[Docket No. FEMA-2021-0031]
Privacy Act of 1974; System of Records
AGENCY:
Federal Emergency Management Agency, Department of Homeland Security.
ACTION:
Notice of a new system of records.
SUMMARY:
In accordance with the Privacy Act of 1974, the Department of Homeland Security (DHS) proposes to establish a new Department of Homeland Security system of records titled, "Department of Homeland Security/Federal Emergency Management Agency (FEMA)-016 Disaster Case Management Files System of Records." This system of records allows the Department of Homeland Security/Federal Emergency Management Agency to collect and maintain records on survivors of a Presidentially-declared major disaster with Individual Assistance (IA) authorized (as documented in the declaration published in the Federal Register ) who participate in Federal Emergency Management Agency-administered Disaster Case Management (DCM) Programs. This newly established system will be included in the Department of Homeland Security's inventory of record systems.
DATES:
Submit comments on or before February 9, 2022. This new system will be effective upon publication. Routine uses will be effective February 9, 2022.
ADDRESSES:
You may submit comments, identified by docket number FEMA-2021-0031 by one of the following methods:
• Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
• Fax: 202-343-4010.
• Mail: Lynn Parker Dupree, Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528-0655.
Instructions: All submissions received must include the agency name and docket number FEMA-2021-0031. All comments received will be posted without change to http://www.regulations.gov, including any personal information provided.
Docket: For access to the docket to read background documents or comments received, go to http://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT:
For general questions, please contact: Tammi Hines, (202) 212-5100, FEMA-Privacy@fema.dhs.gov, Senior Director for Information Management, Federal Emergency Management Agency, Department of Homeland Security, Washington, DC 20528. For privacy questions, please contact: Lynn Parker Dupree, (202) 343-1717, Privacy@hq.dhs.gov, Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528-0655.
SUPPLEMENTARY INFORMATION:
I. Background
Pursuant to Executive Order 12148, as amended by Executive Orders 12673 and 13286, the President of the United States has delegated to the Department of Homeland Security, including the Federal Emergency Management Agency, the authority to provide case management services, pursuant to the Robert T. Stafford Disaster Relief and Emergency Assistance Act (Stafford Act), 42 U.S.C. 5189d. Under the Stafford Act, the Federal Emergency Management Agency (or another federal agency, non-profit organization, or qualified private organization when operating on behalf of the Federal Emergency Management Agency) may provide Disaster Case Management services directly to survivors or through financial assistance (funding through a federal award) to state (which includes the fifty states, the territories, and the District of Columbia) or local government agencies, Indian tribes, or qualified private organizations.
Disaster Case Management services include identifying and addressing disaster-caused unmet needs of survivors through identification of, and referral to, available resources. A disaster-caused unmet need is an un-resourced item, support, or assistance that has been assessed and verified as necessary for a survivor to recover from a disaster. This may include food, clothing, shelter, first aid, emotional and spiritual care, household items, home repair, or rebuilding.
In order to provide immediate to long-term Disaster Case Management during a Presidentially-declared major disaster declaration when Individual Assistance has been authorized, the Federal Emergency Management Agency may: (1) Directly provide Disaster Case Management services; (2) contract with a non-profit organization or qualified private organization who implements Disaster Case Management on behalf of the Federal Emergency Management Agency; (3) enter into an interagency agreement or mission assignment with another federal agency who implements Disaster Case Management on behalf of the Federal Emergency Management Agency; or (4) award federal funding through a grant or cooperative agreement to a state or local government, a tribe, or a qualified private organization who implements their own Disaster Case Management program.
[top] This System of Records Notice only applies to Disaster Case Management services administered directly by the Federal Emergency Management Agency or by a non-profit organization, qualified private organization, or federal
In addition, the Federal Emergency Management Agency and the entities providing Federal Emergency Management Agency-administered Disaster Case Management may share information with federal, state, tribal, local, and voluntary entities, as well as Federal Emergency Management Agency-recognized and/or state-recognized long term recovery committees (LTRC) and their members (long term recovery groups (LTRG)) for a declared county charged through legislation or chartered with administering disaster relief or assistance programs consistent with the routine uses set forth in this system of records notice. Note that a state, local, or tribal entity providing case management services is not acting on behalf of the Federal Emergency Management Agency. However, this System of Records Notice does support sharing with state, local, and tribal entities when the Federal Emergency Management Agency is sharing information after a Federal Emergency Management Agency-administered Disaster Case Management implementation.
The records that the Federal Emergency Management Agency or another federal agency, a non-profit organization, or a qualified private organization will collect and maintain on behalf of the Federal Emergency Management Agency in order to provide Federal Emergency Management Agency-administered Disaster Case Management services may be first collected in the field from disaster survivors or may be provided by the Federal Emergency Management Agency to these entities. The implementing non-profit organization, qualified private organization, or other federal agency will enter into agreements with the Federal Emergency Management Agency to maintain the records in accordance with the National Archives and Records Administration (NARA) and Federal Emergency Management Agency-approved records polices. The Federal Emergency Management Agency is currently working with the National Archives and Records Administration to establish the appropriate records retention schedule for the records collected and covered by this System of Records.
Consistent with the Department of Homeland Security' information sharing mission, information stored in the DHS/FEMA-016 Disaster Case Management Files System of Records may be shared with other Department of Homeland Security components that have a need to know the information to carry out their national security, law enforcement, immigration, intelligence, or other homeland security functions. In addition, the Federal Emergency Management Agency may share information with appropriate federal, state, tribal, local, foreign, or international government agencies consistent with the routine uses set forth in this system of records notice.
This newly established system will be included in the Department of Homeland Security's inventory of record systems.
II. Privacy Act
The Privacy Act embodies fair information practice principles in a statutory framework governing the means by which Federal Government agencies collect, maintain, use, and disseminate individuals' records. The Privacy Act applies to information that is maintained in a "system of records." A "system of records" is a group of any records under the control of an agency from which information is retrieved by the name of an individual or by some identifying number, symbol, or other information assigned to the individual. In the Privacy Act, an individual is defined to encompass U.S. citizens and lawful permanent residents. Additionally, the Judicial Redress Act (JRA) provides covered persons with a statutory right to make requests for access and amendment to covered records, as defined by the Judicial Redress Act, along with judicial review for denials of such requests. In addition, the Judicial Redress Act prohibits disclosures of covered records, except as otherwise permitted by the Privacy Act.
Below is the description of the DHS/FEMA-016 Disaster Case Management Files System of Records.
In accordance with 5 U.S.C. 552a(r), the Department of Homeland Security has provided a report of this system of records to the Office of Management and Budget and to Congress.
SYSTEM NAME AND NUMBER:
Department of Homeland Security (DHS)/Federal Emergency Management Agency (FEMA)-016 Disaster Case Management (DCM) Files System of Records.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Records are maintained at the Federal Emergency Management Agency Headquarters in Washington, DC; Federal Emergency Management Agency Regional Offices; Joint Field Offices; Disaster Field Offices; National Processing Service Centers; Disaster Recovery Centers; and the Federal Emergency Management Agency data centers located in Bluemont, Virginia, and Clarksville, Virginia. Subject to agreement with an organization chosen by the Federal Emergency Management Agency to implement Disaster Case Management on its behalf, records may be maintained at the facilities of federal agencies with interagency agreements or mission assignments or with non-profit organizations or qualified private organizations under contract.
SYSTEM MANAGER(S):
Division Director, Individual Assistance Division, (202) 646-3642, femahqiafrontoffice@fema.dhs.gov, Federal Emergency Management Agency, 500 C Street SW, Washington, DC 20472.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Section 426 of the Robert T. Stafford Disaster Relief and Emergency Assistance Act, as amended (42 U.S.C. 5189d); Executive Order 12148, as amended by Executive Order 12673 and Executive Order 13286.
PURPOSE(S) OF THE SYSTEM:
[top] The purpose of this system is to enable the Federal Emergency Management Agency, and its chosen providers (which can be non-profit organizations, qualified private organizations, or federal agencies working on behalf of the Federal Emergency Management Agency), to provide services in an efficient and expeditious manner that support the overall Federal Emergency Management Agency-administered Disaster Case Management programs. Records will primarily be used to connect disaster survivors who have disaster-related
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Following a Presidentially-declared major disaster when Individual Assistance is authorized, all individuals and their family and household members who register for Federal Emergency Management Agency-administered Disaster Case Management, who express interest in registering for Federal Emergency Management Agency-administered Disaster Case Management, or who may benefit from Federal Emergency Management Agency-administered Disaster Case Management, as well as employees, contractors, or other personnel providing Disaster Case Management assistance.
CATEGORIES OF RECORDS IN THE SYSTEM:
Disaster-related case management records, consisting of:
• Disaster number;
• Case ID numbers ( e.g., FEMA Registration ID, client numbers);
• Written consents;
• Disaster Case Management Applicant/Co-Applicant and Household Information:
? Full name;
? Languages spoken, written, or signed;
? Address;
? Location types;
? Dates of occupation;
? Location at time of registration;
? Phone numbers;
? Email addresses;
? Disaster Case Management-related healthcare records ( e.g., health insurance type, status, service provider, type of appointment referral);
? Household size;
? Demographic information ( e.g., age, gender, relationship to head of household, marital status);
? Referral assessment and tracking information/Disaster Recovery Plan:
Referral source;
Appointment times and attendance/no show to appointment;
Reported symptoms and feelings of distress;
Behavioral health advocacy assessment;
Children and youth, clothing assessment;
Employment assessment;
Food assessment;
Furniture and appliances assessment;
Healthcare needs assessment;
Housing assessment;
Transportation assessment;
Senior services assessment;
Legal services assessment;
Assistance animals and household pets; and
Funeral assistance.
• Federal Emergency Management Agency Disaster Assistance Registration Assistance Records:
? Homeowners insurance coverage details (including flood coverage and compliance);
? Details on damage to real and personal property (Federal Emergency Management Agency verified);
? Degree of total damage incurred (Federal Emergency Management Agency verified);
? Residence type;
? Self-reported income;
? Housing Assistance (HA) eligibility, types, and amounts;
? Other Needs Assistance (ONA) eligibility, types, and amounts;
? Approved direct assistance received, including Direct Housing Assistance eligibility, types, received status;
? Total Individuals and Households Program (IHP) amount approved, assistance sought, assistance received, source of assistance;
? Small Business Administration (SBA) referral details, and status of access and functional needs and/or emergency needs; and
? Self-reported disability or access and functional need, such as Personal Assistance Services.
• Business contact information collected from employees, contractors, and other personnel providing Disaster Case Management assistance ( e.g., name, title, email address, phone number).
RECORD SOURCE CATEGORIES:
Records may be obtained from disaster survivors ( i.e., applicant) or a member of the applicant's family or household, or may be provided by other governmental entities ( e.g., federal, state, tribal, or local governments) through the Federal Emergency Management Agency-Administered Disaster Case Management Intake Form and the Federal Emergency Management Agency-Administered Disaster Case Management Consent Form, as well as the Federal Emergency Management Agency's Disaster Assistance Registration Form (FEMA Forms 009-0-1 and 009-0-2).
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside the Department of Homeland Security as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To the Department of Justice (DOJ), including the U.S. Attorneys Offices, or other federal agencies conducting litigation or proceedings before any court, adjudicative, or administrative body, when it is relevant or necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation:
1. Department of Homeland Security or any component thereof;
2. Any employee or former employee of the Department of Homeland Security in his/her official capacity;
3. Any employee or former employee of the Department of Homeland Security in his/her individual capacity, only when the Department of Justice or the Department of Homeland Security has agreed to represent the employee; or
4. The United States or any agency thereof.
B. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains.
C. To the National Archives and Records Administration or General Services Administration pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.
D. To an agency or organization for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.
[top] E. To appropriate agencies, entities, and persons when (1) the Department of Homeland Security suspects or has confirmed that there has been a breach of the system of records; (2) the Department of Homeland Security has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Department of Homeland Security (including its information systems, programs, and operations), the federal government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Department of Homeland Security's efforts to respond
F. To another federal agency or federal entity, when the Department of Homeland Security determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
G. To an appropriate federal, state, tribal, local, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, when a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations and such disclosure is proper and consistent with the official duties of the person making the disclosure.
H. To contractors and their agents, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment or agreement for the Department of Homeland Security, when necessary to accomplish an agency function related to this system of records. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to Department of Homeland Security officers and employees.
I. To a voluntary organization, as defined in 44 CFR 206.2(a)(27), or to a Federal Emergency Management Agency-recognized or state-recognized long term recovery committee and its members (long term recovery groups) for a declared county charged through legislation or chartered with administering disaster relief or assistance programs, that is actively involved in the recovery efforts of the disaster and that has an assistance program to address one or more unmet disaster-related needs of disaster survivors. The Federal Emergency Management Agency may disclose to such voluntary organizations lists of applicant names and contact information, as well as information necessary to provide the identified additional disaster assistance and/or address a specified unmet need.
J. To a state, tribal, or local agency for a statistical or research purpose, including the development of methods or resources to support statistical or research activities, provided that the records support Department of Homeland Security programs and activities that relate to the purpose(s) stated in this System of Records Notice, and will not be used in whole or in part in making any determination regarding an individual's rights, benefits, or privileges under federal programs, or published in any manner that identifies an individual.
K. To recipients of a long-term Disaster Case Management federal award, such as a state, tribal, or local government entity or a non-profit entity, to ensure continuity of services for each disaster survivor, if the disaster survivor still has unmet needs at the conclusion of the Federal Emergency Management Agency-administered Disaster Case Management program.
L. To the subject of a Disaster Case Management case file, the name, title, and business contact information of the employee or contractor providing Disaster Case Management assistance.
M. To the news media and the public, with the approval of the Chief Privacy Officer in consultation with counsel, when there exists a legitimate public interest in the disclosure of the information, when disclosure is necessary to preserve confidence in the integrity of the Department of Homeland Security, or when disclosure is necessary to demonstrate the accountability of the Department of Homeland Security's officers, employees, or individuals covered by the system, except to the extent the Chief Privacy Officer determines that release of the specific information in the context of a particular case would constitute a clearly unwarranted invasion of personal privacy.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
The Federal Emergency Management Agency and non-profit organizations, qualified private organizations, or federal agencies supporting Federal Emergency Management Agency-administered Disaster Case Management programs store records in this system in a secure computer system electronically or on paper in secure facilities in a locked drawer behind a locked door. The records may be stored on magnetic disc, tape, and digital media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
The Federal Emergency Management Agency and non-profit organizations, qualified private organizations, or federal agencies supporting the Federal Emergency Management Agency-administered Disaster Case Management program may retrieve records by a case identification number, name, or address.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
In accordance with National Archives and Records Administration Authority N1-311-86-1, Item 4C10a, records pertaining to disaster assistance will be placed in inactive storage when two years old and will be destroyed when they are six years and three months old. In accordance with National Archives and Records Administration Authority N1-311-86-1, Item 4C6a, Disaster Case Management files covering the administrative management, program, and information functions (such as mission assignments and correspondence with state and local officials) will be consolidated at appropriate regional offices upon close of the Disaster Field Office (DFO). These files will be retired to off-site storage one year after closeout and destroyed three years after closeout.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
The Federal Emergency Management Agency safeguards records in this system according to applicable rules and policies, including all applicable federal and national standard automated systems security and access policies. The Federal Emergency Management Agency has imposed strict controls to minimize the risk of compromising the information that is being stored. Access to computer systems containing the records in this system is limited to those individuals who have a need to know the information for the performance of their official duties and who have appropriate clearances or permissions.
RECORD ACCESS PROCEDURES:
[top] Individuals seeking access to and notification of any record contained in this system of records, or seeking to contest its content, may submit a request in writing to the Chief Privacy Officer and the Federal Emergency Management Agency Freedom of Information Act (FOIA) Officer, whose contact information can be found at http://www.dhs.gov/foia under "Contact Information." If an individual believes more than one component maintains Privacy Act records concerning him or her, the individual may submit the request to the Chief Privacy Officer and Chief Freedom of Information Act Officer, Department of Homeland Security, Washington, DC 20528-0655.
When an individual is seeking records about himself or herself from this system of records or any other Departmental system of records, the individual's request must conform with the Privacy Act regulations set forth in 6 CFR part 5. The individual must first verify his/her identity, meaning that the individual must provide his/her full name, current address, and date and place of birth. The individual must sign the request, and the individual's signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. In addition, the individual should:
• Explain why he or she believes the Department would have information being requested;
• Identify which component(s) of the Department he or she believes may have the information;
• Specify when the individual believes the records would have been created; and
• Provide any other information that will help the Freedom of Information Act staff determine which the Department of Homeland Security component agency may have responsive records.
If the request is seeking records pertaining to another living individual, the request must include an authorization from the individual whose record is being requested, authorizing the release to the requester.
Without the above information, the component(s) may not be able to conduct an effective search, and the individual's request may be denied due to lack of specificity or lack of compliance with applicable regulations.
CONTESTING RECORD PROCEDURES:
For records covered by the Privacy Act or covered Judicial Redress Act records, individuals may make a request for amendment or correction of a record of the Department about the individual by writing directly to the Department component that maintains the record, unless the record is not subject to amendment or correction. The request should identify each particular record in question, state the amendment or correction desired, and state why the individual believes that the record is not accurate, relevant, timely, or complete. The individual may submit any documentation that would be helpful. If the individual believes that the same record is in more than one system of records, the request should state that and be addressed to each component that maintains a system of records containing the record.
NOTIFICATION PROCEDURES:
See "Record Access Procedures" above.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
Lynn P Dupree,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2022-00182 Filed 1-7-22; 8:45 am]
BILLING CODE 9111-19-P