87 FR 28 pgs. 7852-7858 - Privacy Act of 1974; System of Records
Type: NOTICEVolume: 87Number: 28Pages: 7852 - 7858
Pages: 7852, 7853, 7854, 7855, 7856, 7857, 7858Docket number: [Docket No. FEMA-2022-0009]
FR document: [FR Doc. 2022-02950 Filed 2-9-22; 8:45 am]
Agency: Homeland Security Department
Official PDF Version: PDF Version
[top]
DEPARTMENT OF HOMELAND SECURITY
[Docket No. FEMA-2022-0009]
Privacy Act of 1974; System of Records
AGENCY:
Federal Emergency Management Agency, U.S. Department of Homeland Security.
ACTION:
Notice of a modified system of records.
SUMMARY:
In accordance with the Privacy Act of 1974, the U.S. Department of Homeland Security (DHS) proposes to modify an existing system of records titled, "DHS/Federal Emergency Management Agency (FEMA)-008 Disaster Recovery Assistance Files." This system of records describes DHS/FEMA's collection and maintenance of records on applicants for its Disaster Assistance programs that provide financial and other tangible assistance to survivors of presidentially declared disasters or emergencies. DHS/FEMA is modifying this system of records notice (SORN) to include: (1) Updating the system location; (2) clarifying the purpose of the SORN; (3) updating the categories of records; (4) updating the routine uses; (5) changing the retention and disposal schedule of records; and (6) updating record source categories. Additionally, this notice includes non-substantive changes to simplify the formatting and text of the previously published notice. This updated system will be included in DHS's inventory of record systems.
DATES:
Submit comments on or before March 14, 2022. This modified system will be effective upon publication. New and modified routine uses will become effective March 14, 2022.
ADDRESSES:
You may submit comments, identified by docket number FEMA-2022-0009 by one of the following methods:
• Federal e-Rulemaking Portal: https://www.regulations.gov. Follow the instructions for submitting comments.
• Fax: 202-343-4010.
• Mail: Lynn Parker Dupree, Chief Privacy Officer, Privacy Office, U.S. Department of Homeland Security, Washington, DC 20528-0655.
Instructions: All submissions received must include the agency name and docket number FEMA-2022-0009. All comments received will be posted without change to https://www.regulations.gov , including any personal information provided.
Docket: For access to the docket to read background documents or comments received, go to https://www.regulations.gov .
FOR FURTHER INFORMATION CONTACT:
For general questions, please contact: Tammi Hines, (202) 212-5100, FEMA-Privacy@fema.dhs.gov , Senior Director for Information Management, Federal Emergency Management Agency, U.S. Department of Homeland Security, Washington, DC 20528. For privacy questions, please contact: Lynn Parker Dupree, (202) 343-1717, Privacy@hq.dhs.gov , Chief Privacy Officer, Privacy Office, U.S. Department of Homeland Security, Washington, DC 20528-0655.
SUPPLEMENTARY INFORMATION:
I. Background
In accordance with the Privacy Act, this modified system of records notice is being published because the Federal Emergency Management Agency (FEMA) collects, maintains, uses, retrieves, and disseminates personally identifiable information of individuals who apply for FEMA disaster assistance when a Presidential disaster declaration or emergency has occurred or may be imminent. FEMA's applicant records included in this system may contain income information, insurance information, housing inspection reports, and correspondence notations about various types of assistance, including information about appeals, recovery of disaster assistance funds, and other related information.
The purpose of this system of records is to: Facilitate registration for FEMA's disaster assistance programs; correspond with applicants; verify Individuals and Households Program (IHP) Assistance applicant information; determine the eligibility of applicants; and focus, direct, and refer applicants to all sources of disaster assistance. Additional purposes include: Preventing a duplication of federal government efforts and benefits, identifying the misuse of disaster assistance, identifying disaster assistance provided in error, identifying and preventing possible fraudulent activity in anticipation of or after a presidentially declared major disaster or emergency, and assessing FEMA's disaster assistance programs for equality, equity, and customer satisfaction. The information contained in this system may also be used to identify and implement measures to reduce future disaster damage. To accomplish these purposes, FEMA may maintain investigative summary reports in this system of records to support the recoupment, appeals, and oral hearing processes.
[top] FEMA is updating the SORN to reflect the following changes. First, the system location has been updated to broadly reflect the location of the records at the FEMA Headquarters in Washington, DC, FEMA Regional Offices, Joint Field Offices, National Processing Service Centers, and Disaster Recovery Centers. In addition, electronic records stored in the system are maintained at the FEMA Data Center at Bluemont, Virginia, and at the DHS Data Center 2 in Clarksville, Virginia. Second, the categories of records have been updated and consolidated in favor of a more comprehensive list of data elements collected from Individual Assistance applicants. The categories of records also include investigative summary reports compiled through internal FEMA investigations or other DHS/FEMA programs, as well as records of assistance provided under the FEMA National Flood Insurance Program (NFIP). These reports were added to further support FEMA actions during the recoupment, appeals, and oral hearing processes in order to recover disaster assistance funds, as mandated by the Stafford Act, 42 U.S.C. 5155, and 44 CFR secs. 206.116 and 206.191. The National Flood Insurance Program records were added to prevent a duplication of benefits between National Flood Insurance Program and the Group Flood Insurance Policy provided under Other Needs Assistance (ONA). Third, the purpose of the system is being updated to support FEMA efforts to prevent fraud, waste, and abuse by verifying applicant account and identity information and identifying assistance provided in error, funds spent inappropriately by the applicant, or misuse of disaster assistance. Fourth, FEMA is adding and modifying several routine uses. Routine Use E is being modified and Routine Use F is being added to conform to Office of Management and Budget Memorandum M-17-12 regarding breach notification and investigation. Routine Use I is revised to provide added clarity on how states and other entities involved in emergency response efforts request FEMA information. Routine Use K is added to permit verification of billing records as proof of disaster-related expenses incurred. Routine Use M is modified to incorporate information sharing with the Department of Treasury's Bureau of Fiscal Services to verify applicant identity and account information as a fraud prevention measure and for the Treasury's Do Not Pay Working System, established
Consistent with DHS's information sharing mission, information stored in the DHS/FEMA-008 Disaster Recovery Assistance Files System of Records may be shared with other DHS components that have a need to know the information to carry out their national security, law enforcement, immigration, intelligence, or other homeland security functions. In addition, DHS/FEMA may share information with appropriate federal, state, local, tribal, territorial, foreign, or international government agencies consistent with the routine uses set forth in this system of records notice.
This modified system will be included in DHS's inventory of record systems.
II. Privacy Act
The fair information practice principles found in the Privacy Act underpin the statutory framework governing the means by which federal government agencies collect, maintain, use, and disseminate individuals' records. The Privacy Act applies to information that is maintained in a "system of records." A "system of records" is a group of any records under the control of an agency from which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to the individual. In the Privacy Act, individuals are defined as U.S. citizens and lawful permanent residents. Additionally, the Judicial Redress Act (JRA) provides covered persons with a statutory right to make requests for access and amendment to covered records, as defined by the Judicial Redress Act, along with judicial review for denials of such requests. In addition, the Judicial Redress Act prohibits disclosures of covered records, except as otherwise permitted by the Privacy Act.
Below is the description of the DHS/FEMA-008 Disaster Recovery Assistance Files System of Records.
In accordance with 5 U.S.C. 552a(r), DHS has provided a report of this system of records to the Office of Management and Budget and to Congress.
SYSTEM NAME AND NUMBER:
Department of Homeland Security (DHS)/Federal Emergency Management Agency (FEMA)-008 Disaster Recovery Assistance Files System of Records.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Records are maintained at the FEMA Headquarters in Washington, DC; FEMA Regional Offices; Joint Field Offices; National Processing Service Centers; Disaster Recovery Centers; and the DHS/FEMA data centers located in Bluemont, Virginia, and Clarksville, Virginia.
SYSTEM MANAGER(S):
Division Director, Individual Assistance Division, (202) 646-3642, femahqiafrontoffice@fema.dhs.gov , Federal Emergency Management Agency, 500 C Street SW, Washington, DC 20472.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Robert T. Stafford Disaster Relief and Emergency Assistance Act (the Stafford Act), Public Law 93-288, as amended (42 U.S.C. secs. 5121-5207); 6 U.S.C. secs. 728, 776, 777, and 795; the Debt Collection Improvement Act of 1996, 31 U.S.C. secs. 3325(d) and 7701(c)(1); the Government Performance and Results Act, Public Law 103-62, as amended; Executive Order 13411; and Executive Order 12862.
PURPOSE(S) OF THE SYSTEM:
The purpose of this system is to register applicants seeking disaster assistance from FEMA both after a Presidential disaster declaration or emergency and when a declaration may be imminent, but not yet declared; to verify Individuals and Households Program applicant information; determine eligibility of applicants; to correspond with, focus, direct, and refer applicants to available sources of disaster assistance; and to inspect damaged property. Additional purposes include: To identify and implement measures to reduce future disaster damage; to prevent or correct a duplication of federal government efforts and benefits; to identify possible fraudulent activity after a presidentially declared disaster or emergency; to identify assistance provided in error, funds spent inappropriately by the applicant, or misuse of disaster assistance; and to assess the customer satisfaction of FEMA disaster assistance applicants.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
All individuals and their household members who apply for or express interest in applying for FEMA disaster assistance following a presidentially declared major disaster or emergency (Note: FEMA will accept applications from any individual; however, an individual must self-certify as a U.S. citizen, non-citizen national, or qualified non-citizen to meet the eligibility requirements for Individuals and Households Program Assistance). Individuals also include those who apply for or express interest in non-FEMA assistance programs in order to facilitate a duplication of benefits check or determination of unmet needs.
CATEGORIES OF RECORDS IN THE SYSTEM:
(a) Registration and Assistance Records
• Disaster number;
• FEMA Registration ID/Occupant ID;
• Applicant/co-applicant information:
? Full name;
? Social Security number or A-number;
? Citizenship status;
? Signature;
[top] ? Date of birth;
? Phone numbers;
? Email addresses;
? Mailing addresses;
? Position title and number of years;
? Employer name;
? Language(s) spoken;
? Number of dependents claimed;
? User ID;
? Password; and
? Personal Identification Number (PIN).
• Witness name and signature;
• Damaged dwelling:
? Addresses of the damaged dwelling and the applicant's current location (if other than the damaged dwelling);
? County;
? Geospatial location of dwelling;
? Phone numbers; and
? Information related to residence (accessibility, type, own/rent, damage sustained).
• Disaster-related expenses;
• Emergency needs ( e.g., food, clothing, shelter);
• Disability-related needs and accommodations ( e.g., sign language interpreter, Assistive Listening Device, braille, wheelchair access, mobility, mental, hearing, vision, other needs and accommodations);
• Occupant and household information (for all occupants at the time of disaster):
? Name (first name, middle initial, last name);
? Age;
? Relationship to applicant;
? Dependent? (Yes/No);
? Sex;
? Pre- and post-disaster income information of occupants 18 years of age or older; and
? Tribal Membership Status (if applicable).
• Business damage:
? Self-employment is primary income? (Yes/No); and
? Business or rental property affected? (Yes/No).
• Authorization for electronic funds transfer of benefits:
? Institution name;
? Account type; and
? Account number and routing number.
• Comments and correspondence from the applicant;
• Supporting documents that show proof of occupancy or ownership of a dwelling and/or verify identity. This includes but is not limited to:
? Driver's license;
? State/Federal issued photo identification;
? Mortgage payment receipts;
? Real property insurance;
? Tax receipts or property tax bill;
? Property title;
? Contract for deed;
? Voter registration card;
? Death certificate and will; and/or
? Maintenance receipts.
• Public records information for identity verification;
• Pre-registration questionnaire information;
• Disaster loan status ( i.e., rejected, approved, declined, verified, cancelled);
• Travel and accommodations related information ( e.g., flight information, travel assistance needs, companion information);
• Information related to determining eligibility for assistance, including date of the disaster, application status, insurance information, types and amount of damage to the dwelling, supporting documentation ( e.g., death certificates, invoices, receipts, and documentation to support accommodations or access and functional need requests and repairs) and results of the home inspection (including inspector's notes and determination);
• Landowner's or landlord's information (in cases where FEMA is placing a manufactured housing unit on the individual's land or for other temporary housing assistance):
? Name;
? Address;
? Phone number; and
? Signature.
• Correspondence and documentation related to determining eligibility and appropriate housing unit size, type, and location for temporary housing assistance, including general correspondence; complaints; requests for disbursement of payments; inquiries from tenants and landlords; information related to household access and functional needs; general administrative and fiscal information; payment schedules and forms; termination notices; information shared with the temporary housing program staff from other agencies to prevent the duplication of benefits; leases; contracts; specifications for repair of disaster damaged residences; reasons for revocation or denial of aid; sales information related to occupant purchase of housing units; and the status or disposition of housing applications;
• Recoupment, appeals and/or arbitration (oral hearings) of such determinations;
• Notice of Potential Debt Letter;
• Notations and reports of decisions for disaster or similar financial awards and assistance from other FEMA Programs, federal and state agencies, insurance companies, employers, banks, financial, power/utility companies, health care providers, safety/rescue services, and public or private entities as they relate to determinations of applicants' eligibility for Individuals and Households Program disaster assistance; and
• Unsolicited information concerning an individual's suspected or actual exposure to illness during a public health emergency, including, but not limited to quarantine or isolation orders.
(b) Inspection Reports:
• Inspection reports contain applicants' personally identifiable information (as outlined above) and results of assessments of damaged real property; personal property; and goods, which may include: descriptions and photographic images of an applicant's home and personal items; video and/or audio of the inspection conducted on the home; and notations of cleaning, sanitizing, and debris removal by contractors and partnering agencies. Inspection reports may also include Inspector ID.
(d) Assistance from Other Sources:
• Other files independently kept by the state, territory, tribe, local government, voluntary agency, or other source of assistance that contain records of persons who request disaster aid, including for the "Other Needs" assistance provision of the Individuals and Households Program administrative files and reports required by FEMA. The states, territories, tribes, local governments, voluntary agencies, and other sources of assistance keep the same type of information about individuals as described above under registration, inspection, and temporary housing assistance records.
• Records of assistance from the FEMA National Flood Insurance Program to avoid duplication of benefits (name, address, disaster assistance coverage required code, policy number, policy number, policy effective date, policy coverage building, policy coverage contents, new policy date, and expiration date).
(f) Customer service survey responses
• Demographic information (race, ethnicity, religion, gender, sex, nationality, age, disability, English proficiency, economic status, income level, marital status); and
• Responses to customer service and customer satisfaction survey questions.
[top] (g) Investigation results that may contain the name and address of the applicants to support recoupment, appeals, oral hearings, or other legal proceedings in order to recover disaster assistance.
RECORD SOURCE CATEGORIES:
FEMA receives information from individuals who apply for disaster assistance through three different media: (1) Electronically via the internet at https://www.disasterassistance.gov (FEMA Form 009-0-1 and FEMA Form 009-0-2); (2) by calling FEMA's toll-free number 1-800-621-3362 (FEMA Form 009-0-1t and FEMA Form 009-0-2t); and (3) through submission of a paper copy of pre-registration intake, FEMA Form 009-0-1 and its Spanish-language equivalent, FEMA Form 009-0-2. In addition, information in this system of records derives from Temporary Housing Assistance Eligibility Determinations (FEMA Forms 009-0-5 and 009-0-6), Application for Continued Temporary Housing Assistance (FEMA Form 010-0-12), and Housing Inspections (FEMA Forms 009-0-143, 009-0-144, and 009-0-145). Information may also come from FEMA inspectors; financial institutions; insurance companies; other federal, state, territorial, local, tribal, and voluntary agencies; and commercial databases (for verification purposes). The final investigative summary report is stored in this system of records in the event that an applicant's file is investigated for fraud.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DHS/FEMA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To the Department of Justice (DOJ), including the U.S. Attorneys Offices, or other federal agencies conducting litigation or proceedings before any court, adjudicative, or administrative body, when it is relevant or necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation:
1. DHS or any component thereof;
2. Any employee or former employee of DHS in his/her official capacity;
3. Any employee or former employee of DHS in his/her individual capacity, only when DOJ or DHS has agreed to represent the employee; or
4. The United States or any agency thereof.
B. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains.
C. To the National Archives and Records Administration or General Services Administration pursuant to records management inspections being conducted under the authority of 44 U.S.C. secs. 2904 and 2906.
D. To an agency or organization for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.
E. To appropriate agencies, entities, and persons when (1) DHS suspects or has confirmed that there has been a breach of the system of records; (2) DHS has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, DHS (including its information systems, programs, and operations), the federal government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DHS's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
F. To another federal agency or federal entity when DHS determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the federal government, or national security, resulting from a suspected or confirmed breach.
G. To an appropriate federal, state, tribal, local, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, when a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations and such disclosure is proper and consistent with the official duties of the person making the disclosure.
H. To contractors and their agents, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for DHS/FEMA, when necessary to accomplish an agency function related to this system of records. Individuals provided information under this routine use are subject to the same requirements and limitations on disclosure as are applicable to DHS/FEMA officers and employees.
I. To certain government, private sector, voluntary entities, hospitals, and utility companies when disclosure of applicant information is necessary to prevent a duplication of efforts or a duplication of benefits in determining eligibility for disaster assistance, and/or to address unmet needs of eligible, ineligible, or partially-eligible FEMA applicants. The above-mentioned entities must have a disaster assistance program to address the unmet disaster-related needs of disaster survivors or be actively involved in the recovery efforts of the disaster, or a related assistance program involving FEMA applicants. The receiving entity is not permitted to alter or to further disclose the information to other disaster organizations or third parties, without express, prior written approval from FEMA, or as required by law.
FEMA may make Routine Use I disclosures under the following circumstances:
1. To federal entities with programs that make available disaster assistance to individuals and households, administer a disaster-related program, and/or give preference of priority to disaster applicants, including those that evacuate from a declared state to another state and to prevent a duplication of efforts or benefits. FEMA-authorized agreements address the federal entity sharing of information from FEMA with its contractors/grantees, and/or agents that are administering a disaster related program on behalf of the federal entity ( e.g., other state, tribal, and local agencies working under the guise of the requesting federal entity). FEMA may also share with other federal entities for the purpose of contacting FEMA Individuals and Households Program applicants to seek their voluntary participation in surveys or studies concerning effects of disasters, program effectiveness, and to identify possible ways to improve community preparedness and resiliency for future disasters.
[top] 2. To state, tribal, and territorial agency (STT) programs that make available any disaster assistance to individuals and households and/or give preference of priority to disaster applicants, including those that evacuate from a declared state to another state, and/or to prevent a duplication of efforts or benefits. State, tribal, and territorial agencies may request and receive information using the protocols established in an appropriate FEMA-authorized agreement. FEMA-authorized agreements address the state, tribal, and
3. To local government entities, including towns, counties/parishes, cities, townships, and locally governed subdivisions (Localities) with disaster assistance programs to address the unmet disaster-related needs of disaster survivors for a declared county charged through legislation or chartered with administering disaster relief/assistance programs. The Locality must be actively involved in the recovery efforts of the disaster. Localities may request data by submitting a written request to FEMA. The written request from the entity shall explain the type of tangible assistance being offered, the type of verification required, and, if applicable, the individuals for whom verification is required before the assistance can be provided. FEMA may also share with Localities for the purpose of contacting FEMA Individuals and Households Program applicants to seek their voluntary participation in surveys or studies concerning effects of disasters, program effectiveness, and community preparedness and resiliency for future disasters. Localities may share information they receive from FEMA with their contractors/grantees, and/or agents that are administering a disaster related program on behalf of the Locality according to a FEMA-authorized agreement.
4. Voluntary Organizations Active in Disaster (VOAD) (as defined in 44 CFR 206.2(a)(27)), and FEMA- and/or State-recognized Long Term Recovery Committees (LTRC) and their members with disaster assistance programs to address the unmet disaster-related needs of disaster survivors for a declared county charged through legislation or chartered with administering disaster relief/assistance programs. The voluntary organization must either have a national membership in good standing with the National Voluntary Organizations Active in Disaster association, be a Long Term Recovery Committee, or member of such committee for that disaster. The entity shall make a written request to either FEMA or a State agency for FEMA disaster applicant information. The written request from the entity shall explain the type of tangible assistance being offered, the type of verification required, and, if applicable, the individuals for whom verification is required before the assistance can be provided. The Voluntary Organization Active in Disaster must also have a disaster assistance program to address the unmet disaster-related needs of disaster survivors and be actively involved in the recovery efforts of the disaster. Voluntary Organizations Active in Disaster and Long Term Recovery Committees may share information they receive from FEMA with their contractors/grantees, and/or agents that are administering a disaster related program on their behalf according to a FEMA-authorized agreement.
5. To utility companies and hospitals (UC/H) that have a disaster assistance program to address the unmet disaster-related needs of disaster survivors and are actively involved in the recovery efforts of the disaster. FEMA may disclose lists of applicant names, contact information, their FEMA verified loss amount, amounts received, award category, and Small Business Administration loan status for the purpose of providing additional disaster assistance and/or addressing unmet needs. FEMA may disclose the aforementioned data elements according to different sub-categories of disaster applicants ( e.g., those that received maximum amounts, those that have flood insurance coverage, those with emergency needs, or those over a certain age). FEMA shall release this information only during the disaster period of assistance as defined in 44 CFR 206.110(e), plus 90 days to address any appeals (44 CFR 206.115(f)).
6. FEMA may immediately disclose, on a case-by-case basis, to an entity qualified under Routine Use (I)(4) or (I)(5) or to other organizations that loan or donate new or used durable medical equipment and assistive technology, information about applicants in need of such equipment or technology. The applicant in question must have an immediate need for durable medical equipment or assistive technology as a result of a declared disaster, and the qualifying entity is able to provide the requested assistance in question. An immediate need is a need that is of such urgency or severity that one could reasonably expect the absence of the durable medical equipment or assistive technology to place the health of the applicant in serious jeopardy, to compromise the safety of the applicant, or to prevent the applicant from relocating from a shelter facility to the next stage of recovery. Specifically, FEMA may release the applicant's name and limited contact information (telephone number, email address, and if being delivered to a location other than a shelter, the applicant's temporary or current residence).
J. To federal, state, tribal, territorial, or local government agencies; voluntary organizations; insurance companies; employers; any public or private entities; banks and financial institutions when an applicant's eligibility, in whole or in part, for FEMA's Individuals and Households Program depends upon financial benefits already received or available from that source for similar purposes as necessary to determine benefits; and to prevent duplication of disaster assistance benefits (as described in 42 U.S.C. 5155). FEMA initiates the transaction by only disclosing the name, address, and date of birth of an applicant in order to properly identify the same and obtain desired relevant information from entities listed above.
K. To contractors, medical providers, dental providers, landlords, mechanics, child care providers, or other private entities, when cited by applicants as proof of an expense, to verify the accuracy of an expense for FEMA's Individuals and Households Program. FEMA may disclose the applicant's name and limited contact information (telephone number, current address, and/or damaged dwelling address) and a record identifier ( e.g., account, invoice or estimate numbers) to the third-party service provider.
L. To federal, state, tribal, territorial, or local government agencies charged with the implementation of hazard mitigation measures and the enforcement of hazard-specific provisions of building codes, standards, and ordinances. FEMA will only disclose information for the following purposes:
1. For hazard mitigation planning purposes, to assist federal, state, territorial, tribal, or local government agencies in identifying high-risk areas and preparing mitigation plans that target those areas for hazard mitigation projects implemented under Federal, State, tribal, territorial, or local hazard mitigation programs.
[top] 2. For enforcement purposes, to enable federal, state, tribal, territorial, or local government agencies ensure that owners repair or rebuild structures in conformity with applicable hazard-specific building codes, standards, and ordinances.
M. To the Department of the Treasury, to verify identity and account information of an applicant as well as to determine eligibility for final payment from federal programs ( e.g., Do Not Pay program). An applicant's Social Security number will be released in connection with a request that the Department of the Treasury provide a disaster assistance payment to an applicant under the Individuals and Households Program.
N. To a state, local, territorial, or tribal government agency in connection with billing that state, local, territorial, or tribal government for the applicable non-federal cost share under the Individuals and Households Program. Information shared shall only include applicants' names, contact information, and amounts of assistance received.
O. To state, tribal, territorial, or local government emergency managers, when an applicant is occupying a FEMA temporary housing unit, for the purposes of preparing, administering, coordinating, and/or monitoring emergency response, public safety, and evacuation plans. FEMA shall only release the applicants' phone numbers, address, and number of household occupants of the housing unit.
P. To the Department of the Treasury, Department of Justice, the U.S. Attorney's Office, an Oral Hearing Official, or other third party for further collection action on any delinquent debt when circumstances warrant.
Q. To federal, state, territorial, tribal, or local law enforcement authorities, or agencies, or other entities authorized to investigate and/or coordinate locating missing children and/or reuniting families.
R. To state, tribal, territorial, or local government election agencies/authorities that oversee the voting process within their respective municipalities, for the purpose of ensuring voting rights of individuals who have applied for FEMA assistance, limited to their own respective citizens who are displaced from their voting jurisdiction by a presidentially declared major disaster or emergency out of their voting jurisdiction.
S. To other federal, state, or local government agencies under approved computer-matching programs for the purposes articulated in subsection (a)(8)(A) of the Privacy Act.
T. To the individual applicants, of whom the record contains third party personally identifiable information, to defend themselves during appeals and Oral Hearings on the recoupment of disaster assistance funds.
U. To any law enforcement agency of the federal government or a state, local, territorial, or tribal government in order to identify illegal conduct or address public safety or security issues, including compliance with sex offender notification laws, in the event of circumstances requiring an evacuation, sheltering, or mass relocation.
V. To entities providing temporary housing or sheltering to disaster survivors during a declared public health emergency to provide indication that a survivor with an infectious disease is inhabiting or has inhabited a specific location, when necessary for the safety of individuals located in the facility and to comply with additional necessary infectious disease protocols.
W. To state, local, territorial, and tribal government and private entities to verify applicant identity and account information as a fraud prevention measure.
X. To the news media and the public, with the approval of the Chief Privacy Officer in consultation with counsel, when there exists a legitimate public interest in the disclosure of the information, when disclosure is necessary to preserve confidence in the integrity of DHS, or when disclosure is necessary to demonstrate the accountability of DHS's officers, employees, or individuals covered by the system, except to the extent the Chief Privacy Officer determines that release of the specific information in the context of a particular case would constitute a clearly unwarranted invasion of personal privacy.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
DHS/FEMA stores records in this system electronically or on paper in secure facilities in a locked drawer behind a locked door. The records may be stored on magnetic disc, tape, and digital/electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
DHS/FEMA may retrieve records by an individual's name, address, Social Security number, or case file number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records pertaining to disaster assistance will be placed in inactive storage two years after FEMA receives the application and will be destroyed when they are six years and three months old, in accordance with National Archives and Records Administration Authority N1-311-86-1, DAP 8-1, item 4C10a. Records pertaining to temporary housing will be destroyed three years after close of the operation in accordance with National Archives and Records Administration Authority N1-311-86-1, DAP 8-2, item 4C10b. Closeout of a disaster operation occurs when the disaster contract is terminated. Records pertaining to the Individuals and Households Program program will retire to the Federal Records Center (FRC) one year after closeout and be destroyed three years after closeout in accordance with National Archives and Records Administration Authority N1-311-86-1, item 4C6c. Records pertaining to individual assistance customer satisfaction assessments are stored in accordance with National Archives and Records Administration Authority N1-311-00-01. Records pertaining to investigations are retired to inactive storage when two years old, and destroyed when six years, three months old in accordance with National Archives and Records Administration Authority N1-311-86-001, item 4C10a. Customer service assessment forms that have been filled out and returned by disaster assistance applicants are temporary records that are destroyed upon transmission of the final report, per National Archives and Records Administration Authority N1-311-00-01, DAP-14-1. The statistical and analytical reports resulting from these assessments are temporary records that are retired three years after the final report cutoff and destroyed 20 years after the report cutoff, per National Archives and Records Administration Authority N1-311-00-01, DAP-14-2. The assessment results database are temporary records that are destroyed when no longer needed for analysis purposes, per National Archives and Records Administration Authority N1-311-00-01, DAP-14-3. Per current National Archives and Records Administration guidance, records pertaining to COVID-19 will be maintained permanently until further guidance regarding the retention of COVID-19 records is provided.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
[top] DHS/FEMA safeguards the records in this system in accordance with applicable rules and policies, including all applicable DHS automated systems security and access policies. FEMA has imposed strict controls to minimize the risk of compromising the information that is being stored. Access to the computer system containing the records in this system is limited to those individuals who have a need to know the information for the performance of their official duties and who have the appropriate clearances or permissions.
RECORD ACCESS PROCEDURES:
Individuals applying for Individuals and Households Program assistance may access their information online via the Disaster Assistance Center using the user ID, password, system generated PIN, and authentication that was established during the application process. Applicants may also call a FEMA National Processing Service Center (NPSC) representative to access their information by providing their registration ID, full name, damaged dwelling address, current mailing address (if different), current phone number, and the last four digits of their Social Security number.
In addition, individuals seeking access to and notification of any record contained in this system of records, or seeking to contest its content, may submit a request in writing to the Chief Privacy Officer and the FEMA Freedom of Information Act (FOIA) Officer, whose contact information can be found at https://www.dhs.gov/foia under "Contact Information." If an individual believes more than one component maintains Privacy Act records concerning him or her, the individual may submit the request to the Chief Privacy Officer and Chief Freedom of Information Act Officer, Department of Homeland Security, Washington, DC 20528-0655. Even if neither the Privacy Act nor the Judicial Redress Act provide a right of access, certain records may be available under the Freedom of Information Act.
When an individual is seeking records about himself or herself from this system of records or any other FEMA system of records, the individual's request must conform with the Privacy Act regulations set forth in 6 CFR part 5. The individual must first verify his or her identity, meaning that the individual must provide his or her full name, current address, and date and place of birth. The individual must sign the request, and the individual's signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. In addition, the individual should:
• Explain why he or she believes the Department would have the information being requested;
• Identify which component(s) of the Department he or she believes may have the information;
• Specify when he or she believes the records would have been created; and
• Provide any other information that will help the DHS staff determine which DHS component agency may have responsive records;
If the request is seeking records pertaining to another living individual, the request must include an authorization from the individual whose record is being requested, authorizing the release to the requester.
Without the above information, the Component(s) may not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations.
CONTESTING RECORD PROCEDURES:
For records covered by the Privacy Act or covered Judicial Redress Act records, individuals may make a request for amendment or correction of a record of the Department about the individual by writing directly to the Department component that maintains the record, unless the record is not subject to amendment or correction. The request should identify each particular record in question, state the amendment or correction desired, and state why the individual believes that the record is not accurate, relevant, timely, or complete. The individual may submit any documentation that would be helpful. If the individual believes that the same record is in more than one system of records, the request should state that and be addressed to each component that maintains a system of records containing the record.
NOTIFICATION PROCEDURES:
See "Record Access Procedures."
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
78 FR 25282 (April 30, 2013); 74 FR 48763 (September 24, 2009); 71 FR 38408 (July 6, 2006); 69 FR 65615 (November 15, 2004); 66 FR 51436 (October 9, 2001); 64 FR 40596 (July 27, 1999); 61 FR 49777 (September 23, 1996).
Lynn P. Dupree,
Chief Privacy Officer, U.S. Department of Homeland Security.
[FR Doc. 2022-02950 Filed 2-9-22; 8:45 am]
BILLING CODE 9110-17-P