Privacy Act Issuances: 2009

[BACK TO LIST OF AGENCIES]

Federal Emergency Management Agency, Department of Homeland Security

Table of Contents

Systems of Records Published in the Federal Register Between January 2, 2008 and December 31, 2009

Routine Uses

Designated Offices

DHS/FEMA/GOVT–1, National Defense Executive Reserve System.

Claims Appeals

FEMA/Mitigation–1, NFIP Claims Appeals Process.

National Emergency Management Information System

FEMA/NEMIS–MT, National Emergency Management Information System—Mitigation Electronic Grants Management System (NEMIS–MT eGrants).

National Emergency Training Center

FEMA/NETC–017, Student Application and Registration Records.

National Flood Insurance Program

FEMA/NFIP/LOMA–1, Letter of Map Amendment System (LOMA).

DHS/FEMA–001 Federal Emergency Management Agency National Emergency Family Registry and Locator System.

DHS/FEMA–003 National Flood Insurance Program Files.

DHS/FEMA–007 National Flood Insurance Program Marketing Files.

DHS/FEMA–008 Federal Emergency Management Agency Disaster Recovery Assistance Files.

Office of Security

FEMA/SEC–1, Security Support System.

State and Local Programs and Support Directorate

DHS/FEMA–005 Temporary and Permanent Relocation and Personal and Real Property Acquisitions and Relocation Files.

U.S. Fire Administration

DHS/FEMA/USFA–1, 9/11 Heroes Stamp Act of 2001 File System.

Grant Management Information Files and Citizen Corps Database

DHS/FEMA–004, Grant Management Information Files.

DHS/FEMA–006, Citizen Corps Database.

Appendices

Appendix A (1), Addresses for FEMA Regional Offices.

Appendix A, Routine Uses.

Appendix AA, Addresses for FEMA Regional Offices.

Privacy Act Regulations

[TOP]

Systems of Records Published Between January 2, 2008 and December 31, 2009

2008

Deletion of Record Systems—FEMA/PER–2, Equal Employment Opportunity Complaints of Discrimination Files; FEMA/PER–3, Payroll and Leave Accounting; FEMA/FIA–1, Federal Crime Insurance Program; FEMA/REG–1, State and Local Civil Preparedness Instruction Program; FEMA/SLPS–1, Application for Enrollment in Architectural Engineering Professional Development Program; FEMA/SLPS–2, Military Reserve Program; FEMA/SLPS–3, Radioactive Material Inventory; FEMA/SLPS–4, Maintenance and Calibration; FEMA/SLPS–5, Radiation Exposure and Radioactive materials, Radiation Committee Records; and FEMA/CGC–1, Cerro Grande Fire Assistance Claim Files: November 19

DHS/FEMA–003, National Flood Insurance Program Files: December 19

DHS/FEMA–005, Temporary and Permanent Relocation and Personal and Real Property Acquisitions and Relocation Files: December 19

DHS/FEMA–006, Citizen Corps Database.: December 19

DHS/FEMA–007, National Flood Insurance Program Marketing Files: December 19

2009

DHS/FEMA/GOVT–001, Federal Emergency Management Agency National Defense Executive Reserve System: January 7

FEMA/CGC–1, Cerro Grande Fire Assistance Claim Files: January 13

DHS/FEMA–004, Grant Management Information Files: August 7

DHS/FEMA–008, Federal Emergency Management Agency Disaster Recovery Assistance Files: September 24

DHS/FEMA—001, Federal Emergency Management Agency National Emergency Family Registry and Locator System: September 24

[TOP]

Routine Uses

Introduction to Routine Uses: We have identified certain routine uses that apply to many of the FEMA systems of notice records. We will list the specific routine uses applicable to an individual system of record under the "Routine Use" section of the notice itself and they will correspond to the numbering of the routine uses published below. These uses are published only once in the interest of simplicity, economy and to avoid redundancy, rather than repeating them in every individual system notice.

(1) Routine Use—Law Enforcement: A record from any FEMA system of records, which indicates either by itself or in combination with other information within FEMA's possession, a violation or potential violation of law, whether civil, criminal or regulatory in nature, and whether arising by general statute, or by regulation, rule or order issued pursuant thereto, and which we may disclose, as a routine use, to the appropriate agency whether Federal, State, territorial, local or foreign, or foreign agency or professional organization, charged with the responsibility of enforcing, implementing, investigating or prosecuting such violation or charged with implementing the statute, rule, regulation or order issued under it.

(2) Routine Use—Disclosure When Requesting Information: We may disclose as a routine use a record from a FEMA system of records to a Federal, State or local agency, maintaining civil, criminal, regulatory, licensing or other enforcement information or other pertinent information, such as current licenses, if necessary, to obtain information, relevant to an agency decision concerning the hiring or retention of an employee, the issuance of a security clearance, the letting of a contract, or the issuance of a license, grant or other benefit.

(3) Routine Use—Disclosure of Requested Information: We may disclose as a routine use a record from a FEMA system of records to a Federal agency, in response to a written request in connection with the hiring or retention of an employee, the issuance of an investigation of an employee, the letting of a contract, or the issuance of a license, grant, or other benefit by the requesting agency, to the extent that the information is relevant and necessary to the requesting agency's decision on the matter.

(4) Routine Use—Grievance, Complaint, Appeal: We may disclose as a routine use a record from a FEMA system of records to an authorized appeal or grievance examiner, formal complaints examiner, equal opportunity investigator, arbitrator, mediator, or other duly authorized official engaged in investigation or settlement of a grievance, complaint, or appeal by an employee. We may disclose a record from this system of records to the Office of Personnel Management as government-wide records; we will consider those records as part of the government-wide system. We may transfer as a routine use other official personnel records covered by notices published by FEMA and considered to be separate systems of records to the Office of Personnel management in accordance with official personnel programs and activities.

(5) Routine Use—Congressional Inquiries: We may disclose as a routine use a record from a FEMA system of records to a Member of Congress or to a Congressional staff member in response to an inquiry of the Congressional office made at the request of the individual about whom the record is maintained.

(6) Routine Use—Private Relief Legislation: We may disclose as a routine use the information contained in a FEMA system of records to the Office of Management and Budget in connection with the review of private relief legislation as set forth in OMB Circular No. A–19 at any stage of the legislative coordination and clearance process as set forth in that circular.

(7) Routine Use—Disclosure to the Office of Personnel Management: We may disclose as a routine use a record from a FEMA system of records to the Office of Personnel Management concerning information on pay and leave benefits, retirement deductions, and any other information concerning personnel actions.

(8) Routine Use—Disclosure to National Archives and Records Administration: We may disclose as a routine use a record from a FEMA system of records management inspections conducted under authority of 44 U.S.C. 2904 and 2906.

(9) Routine Use—Grand Jury: We may disclose as a routine use a record from any system of records to a grand jury agent pursuant to a federal or State grand jury subpoena or to a prosecution request that such record be released for the purpose of its introduction to a grand jury.

[TOP]

Designated Offices

DHS/FEMA/GOVT–1

System name:

Federal Emergency Management Agency National Defense Executive Reserve System.

Security classification:

Unclassified.

System location:

Records may be maintained in the personnel office, emergency preparedness unit, or other designated offices located at the local installation of the department or agency which currently employs the individual.

Categories of individuals covered by the system:

Categories of individuals include applicants for and members of the National Defense Executive Reserve assignments.

Categories of records in the system:

Categories of records in this system include:

• FEMA Form 85–3, National Defense Executive Reserve Personal Qualifications Statement. This Form includes:

• Individual's name;

• Social security number;

• Home mailing address;

• Home telephone number;

• Home e-mail address;

• Date of birth;

• Birthplace;

• Employment experience; and

• Professional memberships.

• Other personnel and administrative records, skills inventory, training data, and other related records necessary to coordinate and administer the program.

Authority for maintenance of the system:

Defense Production Act of 1950, E.O. 11179 dated September 22, 1964, as amended by E.O. 12148 dated July 20, 1979, 5 U.S.C. 301; the Federal Records Act, 44 U.S.C. 3101; Executive Order 9397.

Purpose(s):

The purpose of this system is to collect and preserve records regarding applicants for and members of the National Defense Executive Reserve. The collection and maintenance of this information will assist the Federal Government in coordinating and administering the National Defense Executive Reserve

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records of information contained in this system may be disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

A. To the Department of Justice or other Federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body, when it is necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation:

1. DHS or any component thereof;

2. Any employee of DHS in his/her official capacity;

3. Any employee of DHS in his/her individual capacity where DOJ or DHS has agreed to represent the employee; or

4. The United States or any agency thereof, is a party to the litigation or has an interest in such litigation, and DHS determines that the records are both relevant and necessary to the litigation and the use of such records is compatible with the purpose for which DHS collected the records.

B. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual about whom the record pertains.

C. To the National Archives and Records Administration or other Federal government agencies pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.

D. To an agency, organization, or individual for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.

E. To appropriate agencies, entities, and persons when:

1. DHS suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised;

2. The Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by DHS or another agency or entity) or harm to the individual who relies upon the compromised information; and

3. The disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DHS's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

F. To contractors and their agents, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for DHS, when necessary to accomplish an agency function related to this system of records. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to DHS officers and employees.

G. To an appropriate Federal, State, tribal, local, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations and such disclosure is proper and consistent with the official duties of the person making the disclosure.

H. To the Association of the National Defense Executive Reserve and the National Defense Executive Reserve Conference Association to facilitate training and relevant information dissemination efforts for reservists in the National Defense Executive Reserve.

I. To an appropriate Federal, State, local, tribal, foreign, or international agency, if the information is relevant and necessary to a requesting agency's decision concerning the hiring or retention of an individual, or issuance of a security clearance, license, contract, grant, or other benefit, or if the information is relevant and necessary to a DHS decision concerning the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant or other benefit and when disclosure is appropriate to the proper performance of the official duties of the person making the request.

J. To a court, magistrate, or administrative tribunal in the course of presenting evidence, including disclosure to opposing counsel or witnesses in the course of civil discovery, litigation, or settlement negotiations or in connection with criminal law proceedings or in response to a subpoena from a court of competent jurisdiction.

K. To the news media and the public, with the approval of the Chief Privacy Officer in consultation with counsel, when there exists a legitimate public interest in the disclosure of the information or when disclosure is necessary to preserve confidence in the integrity of DHS or is necessary to demonstrate the accountability of DHS's officers, employees, or individuals covered by the system, except to the extent it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.

Disclosure to consumer reporting agencies:

None.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

Records in this system are stored electronically or on paper in secure facilities in a locked drawer behind a locked door. The records are stored on magnetic disc, tape, digital media, and CD-ROM.

Retrievability:

Records may be retrieved by individual's name, social security number, specific skill area of the applicant, or agency.

Safeguards:

Records in this system are safeguarded in accordance with applicable rules and policies, including all applicable DHS automated systems security and access policies. Strict controls have been imposed to minimize the risk of compromising the information that is being stored. Access to the computer system containing the records in this system is limited to those individuals who have a need to know the information for the performance of their official duties and who have appropriate clearances or permissions.

Retention and disposal:

Case files on reservists are maintained in accordance with Item 29a, GRS 18, Security and Protective Services Records, and destroyed five years after termination from the NDER program. Case files on individuals whose applications were rejected or withdrawn are destroyed when five years old in accordance with Item 29b, GRS 18. FEMA will review this retention schedule and work with NARA to determine whether it remains appropriate.

System Manager and address:

Associate Director, National Preparedness Directorate, Federal Emergency Management Agency, Washington, DC 20472, will maintain a computerized record of all applications and assignments of National Defense Executive Reserve reservists for the Federal Government as well as the personnel files for all individuals assigned to the Federal Emergency Management Agency. The departments and agencies will maintain their own personnel records on those individuals assigned to their respective department or agency.

Notification procedure:

Individuals wishing to inquire whether this system of records contains information about themselves should submit their inquiries to:

(a) NDER applicants/assignees to DHS/FEMA—Federal Emergency Management Agency, Associate Director, National Preparedness Directorate, Washington, DC 20472;

(b) NDER applicants/assignees to Federal departments and/or agencies other than DHS—contact the agency personnel, emergency preparedness unit, or Privacy Act Officer to determine location of records within the department/agency. Individuals must include their full name, date of birth, social security number, current address, and type of assignment/agency they applied with to be an NDER reservist.

Record access procedures:

Individuals/applicants/assignees to DHS/FEMA wishing to access records containing information about themselves should follow the record access procedures that are outlined in FEMA's and DHS' Privacy Act regulations, 44 CFR Part 6 and 6 CFR Part 5. Requests for Privacy Act protected information must be made in writing and clearly marked as a “Privacy Act Request.” The name of the requester, the nature of the record sought, and the required verification of identity must be clearly indicated. Requests should be sent to: FOIA Officer, Records Management, Federal Emergency Management Agency, Department of Homeland Security, 500 C Street, SW., Washington, DC 20472.

Individuals/applicants/assignees to Federal departments and/or agencies other than DHS should follow “Notification procedure (b)” above.

Contesting record procedures:

See “Record access procedures” above.

Record source categories:

The individuals to whom the record pertains. Prior to being designated as a National Defense Executive Reserve reservist, the applicant must successfully complete a background investigation conducted by the Office of Personnel Management which may include reference checks of prior employers, educational institutions attended, police records, neighborhoods, and present and past friends and acquaintances.

Exemptions claimed for the system:

None.

[TOP]

Claims Appeals

DHS/FEMA/Mitigation/Mitigation–1

System name:

NFIP Claims Appeals Process.

Security classification:

Unclassified.

System location:

The database will be maintained at FEMA Headquarters at 500 C Street, SW., Washington, DC 20472.

Categories of individuals covered by the system:

The system covers the individual NFIP policyholders who are appealing decisions on their flood insurance claim.

Categories of records in the system:

Information is collected from individual NFIP policyholders, who have voluntarily opted to appeal the disposition of their flood insurance claim. In addition, FEMA collects individual policyholder information from the WYO Companies that service the policies which are the subject of appeals in order to make a determination on these appeals. The "individually identifying information" collected includes the policyholders name, address where the loss occurred, telephone number, a list of personal property that is claimed to be damaged and is the subject of the appeal, the policyholder's statement of facts about the claim, the policyholder's statement why the claim's disposition is being disputed and supporting proof or records to document the policyholder's position, correspondence pertaining to the appeal which may include the foregoing individually identifying information, and FEMA's appeal decision.

Authority for maintenance of the system:

Section 205 of the Bunning-Bereuter-Blumenauer Flood Insurance Reform Act (FIRA) of 2004, 42 U.S.C. 4011.

Purpose(s):

These records are collected for the purpose of FEMA's review and determination on NFIP flood insurance individual policyholder's claim appeals, so that FEMA may determine whether additional payment to the individual policyholder is warranted.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

A. To the Government Accountability Office (GAO), DHS Office of the Inspector General (OIG), or other organization for the purposes of performing authorized audits or oversight of the NFIP program.

B. To a Congressional office from the record of an individual in response to an inquiry from that Congressional office made at the request of the individual to whom the record pertains.

C. To FEMA contractors as necessary to provide an appeal resolution.

D. To the Department of Justice (DOJ), the United States Attorney's Office, or a consumer-reporting agency for further collection action on any debt in relation to the appeals process, when circumstances warrant.

E. Where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law—criminal, civil or regulatory—the relevant records may be referred to an appropriate Federal, State, territorial, tribal, local, international, or foreign agency law enforcement authority or other appropriate agency charged with investigating or prosecuting such a violation or enforcing or implementing such law.

F. To DOJ or other Federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body, when: (1) FEMA, or (2) any employee of FEMA in his/her official capacity, or (3) any employee of FEMA in his/her individual capacity where DOJ or FEMA have agreed to represent the employee, or (4) the United States or any agency thereof, is a party to the litigation or has an interest in such litigation and when the records are determined by FEMA to be arguably relevant to the proceeding.

Disclosure to consumer reporting agencies:

Privacy Act information may be reported to consumer reporting agencies pursuant to 5 U.S.C. 552a(b)(12).

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

The hard copy files and the electronically scanned document files will be maintained at FEMA Headquarters at 500 C Street, SW., Washington, DC 20472.

Retrievability:

Hard copy files and the electronically scanned document files are retrieved by the individual flood insurance policyholder's name or property address.

Safeguards:

Information in this system is safeguarded in accordance with applicable laws, rules and policies, including the DHS Information Technology Security Program Handbook. All records are protected from unauthorized access through appropriate administrative, physical, and technical safeguards. These safeguards include restricting access to authorized personnel who have a need-to-know, using locks, and password protection identification features. DHS file areas are locked after normal duty hours and the facilities are protected from the outside by security personnel.

Each authorized individual working on the NFIP appeals procedure will have access only to information necessary to perform his or her official duties. Activity logs (audit trails) are maintained for all operating systems, applications, and middleware. A periodic review is conducted to monitor all user access. Incident response procedures are established to address reported security incidents as quickly as possible. Use of the access database will be carefully monitored and reviewed on a periodic basis by the system administrator.

Retention and disposal:

The paper copy of the appeal letter and supporting documentation that are sent to FEMA by the individual with the appeal letter, and FEMA's response letter reflecting its appeal decision constitute the official copy of the records. Electronically scanned copies will be kept as back up. FEMA will retain both the paper and electronic copies for six years and three months. This retention schedule has been approved by the National Archives and Records Administration (NARA). The NARA authority is N1–311–86–1 2A12 (a)(2) FIA File 12–2.

System Manager and address:

Director of Claims, Mitigation Division, Federal Emergency Management Agency, 500 C Street, SW., Washington, DC 20472.

Notification procedure:

A request for access to records in this system may be made in writing to the System Manager identified above, or to the Privacy Act Officer, DHS/FEMA, Office of General Counsel (GL), Room 406, 500 C Street, SW., Washington, DC 20472, in conformance with 6 CFR part 5, subpart B and 44 CFR part 6, which provide the rules for requesting access to Privacy Act records.

Record access procedures:

See Notification procedure above. Request for access must comply with DHS and FEMA regulations for Privacy Act requests.

Contesting record procedures:

Policyholders typically contest their records with their service provider (WYO or NFIP Servicing Agent). Virtually all of theses disputes are successfully handled through that mechanism. However, policyholders may also contest their records using the process outlined in the Notification procedures section above. State clearly and concisely the information being contested, the reasons for contesting it and the proposed amendment to the information sought.

Record source categories:

The "individually identifying" information may come from the individual NFIP policyholder and/or the entity servicing the policy.

Exemptions claimed for the system:

None.

[TOP]

National Emergency Management Information System

FEMA/NEMIS–MT

System name:

National Emergency Management Information System—Mitigation Electronic Grants Management System (NEMIS–MT eGrants).

System location:

All servers are operated at FEMA, Mount Weather Emergency Operations Center (MWEOC), 19844 Blue Ridge Mountain Road, Bluemont, VA 20135.

Categories of individuals covered by the system:

This system of records notice applies only to individuals identified by name or other individual identifier, such as home address, in the NEMIS–MT eGrants, and includes individuals who are private property owners. These individuals voluntarily request that their State, Territory or local community submit an application for FEMA mitigation grant funds for the purpose of mitigating their property and/or structure (e.g., house or commercial building).

Categories of records in the system:

The categories of records in the system are grant applications. The personally identifying information collected includes an individual's name, home phone number, office phone number, cell phone number, damaged property address, and mailing address of the individual property owner(s), and the individual's status regarding flood insurance, National Flood Insurance Program (NFIP) Policy Number and Insurance Policy Provider for the property proposed to be mitigated with FEMA funds.

Authority for maintenance of the system:

The Robert T. Stafford Disaster Relief and Emergency Assistance Act, 42 U.S.C. 5133, and the National Flood Insurance Act, 42 U.S.C. 4104c.

Purpose(s):

The purpose of this system of records is to collect and maintain individually identifiable information in applications for FEMA mitigation grants that are submitted electronically, via the Internet, through the NEMIS–MT eGrants from eligible Applicants/States and Sub-applicants/local communities. The personally identifiable information will be collected and maintained in order for FEMA to ascertain eligibility of the property or structure for FEMA's mitigation grant programs, to verify eligibility of activities for mitigation grants, to identify repetitive loss properties, and to implement measures to reduce future disaster damage.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b), all or a portion of the records or information contained in this system may be disclosed outside FEMA/EP&R/DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

(1) To another Federal agency, State, United States Territory or Tribal government agency charged with administering Federal mitigation or disaster relief programs to prevent a duplication of efforts or a duplication of benefits between FEMA and the other agency. FEMA may disclose information to a State, U.S. Territory, Indian Tribal, or local community agency eligible to apply for mitigation grant programs administered by FEMA.

(2) To contractors, grantees, experts, consultants, students and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the Federal government, when necessary to accomplish an agency function related to this system of records.

(3) To an agency, organization, or individual for the purposes of performing authorized audit or oversight operations.

(4) To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains.

(5) Where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law—criminal, civil, or regulatory—the relevant records may be referred to an appropriate Federal, state, territorial, tribal, local, international, or foreign agency law enforcement authority or other appropriate agency charged with investigating or prosecuting such a violation or enforcing or implementing such law.

(6) To the Department of Justice (DOJ) or other federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body, when: (a) DHS, or (b) any employee of DHS in his/her official capacity, or (c) any employee of DHS in his/her individual capacity where DOJ or DHS has agreed to represent the employee, or

(d) the United States or any agency thereof, is a party to the litigation or has an interest in such litigation.

(7) To the NARA or other Federal Government agencies pursuant to records management inspections being conducted under the authority of 44 U.S.C. sections 2904 and 2906.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

All information is stored on secure-access servers operated at a single site at the FEMA, MWEOC, 19844 Blue Ridge Mountain Road, Bluemont, VA 20135. Backup is provided on a separate server at the same secure facility. MWEOC is only accessible by authorized persons, including FEMA employees and contractors, and entry to the facility is permitted only with a badge issued by the MWEOC.

Safeguards:

Safeguards exist in the NEMIS–MT eGrants to prevent the unauthorized access or misuse of data. First, FEMA maintains security safeguards that prevent unauthorized access to the system by assigning each authorized user a unique user profile, username and password based upon his/her official use of the NEMIS–MT eGrants. Each unique profile includes different levels of access rights. For Applicants/States and Sub-applicants/local communities, roles in the system via the Internet are assigned as Read-Only, Create/Edit, or Sign/Submit, and levels of access are assigned by mitigation grant program (i.e., FMA and/or PDM). For FEMA employees and contractors, levels of access via the FEMA Intranet are assigned by mitigation grant program (i.e., FMA and/or PDM) and by Region(s), and roles for FEMA users do not allow FEMA users View information submitted in applications. Passwords expire after a limited time, and users only have access to the system during the period of time that both the assigned username and password are active. Access to NEMIS–MT eGrants via the Intranet is assigned to the FEMA employees and contractors for official purposes only through the NEMIS Access Control System (NACS), which controls access to all software available on the FEMA Intranet, and manages roles for FEMA officials accessing the system. Access to NEMIS–MT eGrants via the Internet is assigned to the Applicants/States and Sub-applicants/local communities for official purposes only through the FEMA Access Management System, which performs a similar function to NACS, but for eligible mitigation grant program Applicants/States and Sub-applicants/local communities, and managed roles for these non-FEMA users. The functions of these two databases will be combined into the Integrated Security and Access Control System. While the system is accessed, if an active NEMIS–MT eGrants browser window is left open with no actions taken within the system, the displayed page will expire after 30 minutes. The user can then re-login using the username and password to access the system. In addition, the system will not allow a user to bookmark the URL of the MT eGrants with the intent of returning to that page at another time without first entering the authorized username and password. Finally, FEMA Enterprise Operations and the Office of Cyber Security are able to monitor system use and determine whether information integrity has been compromised by unauthorized access or use, and whether corrective action by the Office of the Chief Information Officer is necessary. Procedures are compliant with Title III of the E–Government Act of 2000 (Federal Information Security Management Act).

Retention and disposal:

In accordance with U.S. National Archives & Records Administration records retention regulations (GRS 3, 13), records are retained for 6 years and 3 months. Unsuccessful grant application files will be stored in NEMIS–MT eGrants for 3 years from the date of denial, and then deleted. Successful grant application files will be stored in the NEMIS–MT eGrants for 6 years and 3 months from the date of closeout (where closeout is the date FEMA closes the grant in its financial system) and then deleted. Computerized records are stored in a database server in a secured file server room. Hard copy records are maintained for 6 years and 3 months years, at which time they are retired to the Federal Records Center. The same retention schedule that applies to paper records will be followed. This is consistent with the records retention schedule that has been developed for this system.

System manager(s) and address:

Patricia Bowman, Program Manager, IT–SE–CS, 500 C Street SW., Washington DC 20472, Pat.Bowman@dhs.gov, (202) 646–2661.

Notification Procedures:

Address inquiries to the System Manager named above.

Record access procedures:

A request for access to records in this system may be made by writing to the System Manager, identified above, in conformance with 6 CFR part 5, subpart B, which provides the rules for requesting access to Privacy Act records maintained by DHS and FEMA's Privacy Act regulations at 44 CFR part 6.

Contesting record procedures:

Same as Notification procedures above. A request for access to records in this system may be made by writing to the System Manager, identified above, in conformance with 6 CFR part 5, subpart B, which provides the rules for requesting access to Privacy Act records maintained by DHS and FEMA's Privacy Act regulations at 44 CFR part 6.

Records Source Categories:

Information in this system of records is obtained from State/Territory, local government, or Indian Tribal governmentvia the Internet to FEMA. While individuals are not eligible Applicants/States or Sub-applicants/local communities, and cannot apply directly to FEMA for assistance, some (but not all) applications for FEMA mitigation grants propose activities that impact properties that are privately owned by individuals (e.g., acquisition of a home that has been repeatedly flooded) and these applications include personal information about the property owners. These individuals voluntarily request that their State, Territory, or local community submit an application for FEMA mitigation grant funds for the purpose of mitigating their property and/or structure (e.g., house or commercial building).

Exemptions Claimed for the System:

None.

[TOP]

National Emergency Training Center

FEMA/NETC–017

System name:

Student Application and Registration Records.

Security classification:

Unclassified.

System location:

NETC, 16825 South Seton Avenue, Emmitsburg, Maryland 21727–8998.

Categories of individuals covered by the system:

The system covers those individuals who apply for or take courses offered by FEMA's NFA or EMI. Courses are offered on-campus and off-campus, by State and local training agencies, through selected colleges and universities, and through independent self-study. Information can be obtained by individuals completing a general admissions application or by applying for a course electronically. Information may also be provided by a State or local training agency when the course has been taken through that agency.

Categories of records in the system:

Files include application forms and other information submitted either in hard copy or electronically by the applicant. Information collected includes, but is not limited to, U.S. citizenship (city and country of birth is also included for non-U.S. citizens), social security number or an alternate number that has been assigned in lieu of the social security number, name, mailing address, work phone number, alternate phone number, fax number, email address, course code and title, course location, dates requested, course pre-requisite as described in the course catalog, an indication if they require special assistance, name and address of the organization being represented, fire department identification number, current position and years in that position, category of the position, jurisdiction type, type of work for the organization, organization type, employment status, number of staff in the organization, size of population served by the organization, brief description of the activities or responsibilities as they relate to the course for which they are applying, primary responsibility and type of experience, number of years of experience, date of birth, sex, ethnicity and race. Information such as age, sex, and ancestral heritage are used for statistical purposes only. Personal information is provided on a voluntary basis. Failure to provide certain information being requested, however, may result in a delay in processing an application because the information provided may be insufficient to determine eligibility for the course. The social security number is necessary because of the large number of individuals who may have identical names and birth dates and whose identities can only be distinguished by their social security number. The social security number is used for record-keeping purposes, i.e., to ensure that academic records are maintained accurately. Disclosure of an individual's social security number is voluntary. However, if an applicant does not provide a social security number, a unique identification number will be substituted, which will affect the ability to retrieve complete training information on an applicant.

Authority for maintenance of the system:

Pub. L. 93–498, Federal Fire Prevention and Control Act of 1974, as amended; Pub. L. 93–288, Robert T. Stafford Disaster Relief and Emergency Assistance Act; Pub. L. 93–579, 44 U.S.C. 3101; Privacy Act of 1974; E.O. 12127; E.O. 12148; and Reorganization Plan No. 3 of 1978; 5 U.S.C. 301; Presidential Memorandum, "Electronic Government's Role in Implementing the President's Management Agenda," July 10, 2002; 15 U.S.C. 2206, 44 U.S.C. 3101; 50 U.S.C. App. 2253 and 2281; E.O. 12127, 12148 and 9397; Title VI of the Civil Rights Act of 1964; and Section 504 of the Rehabilitation Act of 1973. Executive Order 9397 authorizes the collection of the social security number.

Purpose(s):

For the purpose of determining eligibility and effectiveness of NFA and EMI courses; to reimburse students under the Student Stipend Program, and to provide housing to students and other official guests of the NETC. Information such as age, sex, and ancestral heritage are used for statistical purposes only.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

Information in this system may be disclosed as a routine use as follows:

1. Audits and Oversight: To an agency, organization, or individual for the purposes of performing authorized audit or oversight operations.

2. Congressional Inquiries: To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains.

3. Contractors, et al: To contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the Federal government, when necessary to accomplish an agency function related to this system of records.

4. Investigations: Where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law—criminal, civil or regulatory—the relevant records may be referred to an appropriate Federal, State, territorial, tribal, local, international, or foreign agency law enforcement authority or other appropriate agency charged with investigating or prosecuting such a violation or enforcing or implementing such law.

5. Litigation: To the Department of Justice (DOJ) or other Federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body, when: (a) DHS, or (b) any employee of DHS in his/her official capacity, or (c) any employee of DHS in his/her individual capacity where DOJ or DHS has agreed to represent the employee, or (d) the United States or any agency thereof, is a party to the litigation or has an interest in such litigation and when the records are determined by the DHS to be arguably relevant to the proceeding

6. Privacy Act Verification and Amendment: To a federal, State, territorial, tribal, local, international, or foreign agency or entity for the purpose of consulting with that agency or entity (a) to assist in making a determination regarding access to or amendment of information, or (b) for the purpose of verifying the identity of an individual or the accuracy of information submitted by an individual who has requested access to or amendment of information.

7. Privacy/Act FOIA Access and Amendment: To the submitter or subject of a record or information to assist DHS in making a determination as to access or amendment.

8. Records Management: To the National Archives and Records Administration or other Federal government agencies pursuant to records management inspections being conducted under the authority of 44 U.S.C. sections 2904 and 2906.

9. Requesting Information: To a Federal, State, local, tribal, territorial, foreign, or international agency, if necessary to obtain information relevant to a DHS decision concerning the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant or other benefit.

10. Requested Information: To a Federal, State, local, tribal, territorial, foreign, or international agency, in response to its request, in connection with the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant, or other benefit by the requesting agency, to the extent that the information is relevant and necessary to the requesting agency's decision on the matter.

11. Medical Assistance: To a physician(s) in order to provide information from the application for students who become ill or are injured during courses and are unable to provide the information.

12. Boards of Visitors: To members of the NFA and EMI Boards of Visitors Federal advisory committees for the purpose of evaluating NFA's and EMI's programmatic statistics.

13. Sponsors: To sponsoring States, local officials, or state agencies to update/evaluate statistics on NFA and EMI educational program participation.

Disclosure to consumer reporting agencies:

Records in this system do not qualify for the purpose of disclosure to consumer reporting agencies.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

Copies of paper applications as well as information maintained electronically are stored in a work area that is locked when it is not staffed. The doors to the work area are kept closed and signs stating that access is limited to authorized personnel are posted on the doors. There is limited access given to persons who have a need to have access to the information to perform their official duties. Computerized records are stored in a database server in a secured file server room. Electronic records are stored on a file server in another building and backed up nightly. The backup tapes are stored in a separate area from the file server for seven days. After that they are placed in a safe in another building and retained for one year.

Retrievability:

Records can be retrieved by an individual's last name or social security number.

Safeguards:

The admissions contractor controls access to hardcopy records by keeping them in file cabinets when not being used and in a work area that is locked when it is not occupied by authorized personnel. The System Administrator controls access to the electronic files by use of passwords and the Admissions Specialist assigns rights to modules of the system based on work responsibility. The files are stored in a secure server room at FEMA's Emmitsburg facility. Records are maintained in accordance with Federal computer security standards.

Retention and disposal:

Hard copy records are maintained for one year and nine months, at which time they are retired to the Federal Records Center. Records are retained for a total of 40 years. Computerized records are stored in a database server in a secured file server room. The same retention schedule that applies to paper records will be followed. This is consistent with the records retention schedule that has been developed for this system.

System manager(s) and address:

Senior Admissions Specialist, National Emergency Training Center, 16825 South Seton Avenue, Emmitsburg, Maryland, 21727–8998.

Notification procedure:

Individuals seeking notification and access to any records contained in the system of records, or seeking to contest its content, may inquire in accordance with instructions appearing at 6 CFR Part 5, subpart B, with specific reference to the verification of identity requirements of 6 CFR 5.21.

Requests for Privacy Act protected information must be made in writing, and clearly marked as a "Privacy Act Request." The name of the requester, the nature of the record sought, and the required verification of identity must be clearly indicated. Requests should be sent to: Privacy Act Officer, DHS/FEMA Office of General Counsel (GL), room 840, 500 C Street, SW., Washington, DC 20472.

Certain public information such as name, organizational address, organizational telephone number, email address, position title, course code and title, and the dates the course was taken are made available. All reports are based on organizational information.

Record access procedures:

Same as Notification Procedure above.

Contesting record procedures:

Same as Notification Procedure above. State clearly and concisely the information being contested, the reasons for contesting it, and the proposed amendment to the information sought.

Record source categories:

The sources are the individuals themselves, applicants to NFA or EMI courses, Federal employees, and FEMA employees and contractor support processing NFA or EMI course applications as part of their official duties.

Exemption claimed for the system:

None.

[TOP]

National Flood Insurance Program

FEMA/NFIP/LOMA–1

System Name:

Letter of Map Amendment System (LOMA), DHS/FEMA/NFIP/LOMA–1.

Security Classification:

Unclassified.

System Location:

Electronic: Solutions Delivery Center (SDC), 3039 Cornwallis Road, Building 301, Dock 85/86, Research Triangle Park, North Carolina 27709. Paper: FEMA's Map Modernization Library, 847 South Pickett Street, Alexandria VA 22034.

Categories of individuals covered by the system:

The system covers only applicants (individuals and/or certifiers) who are seeking a letter of map amendment (LOMA).

Categories of records in the system:

There are three ways to apply for a LOMA. They include the paper only MT–1 form, online MT–EZ, and electronic LOMA (eLOMA). The associated categories of records include:

• Individual's name

• Individual's mailing address

• Individual's signature

• Individual's signature date

• Certifier's (registered professional engineer or licensed land surveyor) name

• Certifier's professional license number

• Certifier's professional license expiration date

• Certifier's company name

• Individual's property address

• Individual's legal property description

• Certifier's business telephone number

Authority for maintenance of the system:

The National Flood Insurance Act of 1968, Public Law 90–448, as amended by the Flood Disaster Protection Act of 1973, Public Law 93–234.

Purpose:

This system is maintained for the purpose of determining an applicant's eligibility for LOMAs. An applicant can be a private individual or a certified professional.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

A. To an agency, organization, or individual for the purposes of performing authorized audit or oversight operations.

B. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains.

C. To contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the Federal government, when necessary to accomplish an agency function related to this.

D. Where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law—criminal, civil or regulatory—the relevant records may be referred to an appropriate Federal, State, territorial, tribal, local, international, or foreign agency law enforcement authority or other appropriate agency charged with investigating or prosecuting such a violation or enforcing or implementing such law.

E. To the Department of Justice (DOJ) or other Federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body, when: (a) DHS, or (b) any employee of DHS in his/her official capacity, or (c) any employee of DHS in his/her individual capacity where DOJ or DHS has agreed to represent the employee, or (d) the United States or any agency thereof, is a party to the litigation or has an interest in such litigation.

F. To the National Archives and Records Administration (NARA) or other Federal government agencies pursuant to records management inspections being conducted under the authority of 44 U.S.C. Sections 2904 and 2906.

Disclosure to consumer reporting agencies:

Privacy Act information may be reported to consumer reporting agencies pursuant to 5 U.S.C. 552a(b)(12).

Policies and Practices for storing, retrieving, accessing, retaining, and disposing of records in the system.

Storage:

Official records in this system are stored on paper at the FEMA Map Modernization Library, located at 847 South Pickett Street, Alexandria VA 22034. Electronic records will be stored at the FEMA's limited access facility—Service Delivery Center, located at 3039 East Cornwallis Road, Raleigh NC 27709. Computerized records are stored in a database server in a secured file server room. Personally identifying information is appropriately stored in accordance with the DHS Information Technology Security Program Handbook.

Retrievability:

Records are retrieved by the individual's property address or, if there is no address, by the legal description of the property. Records are also retrieved by the individual's uniquely identifying case number.

Safeguards:

Safeguards include restricting access to authorized personnel who have a need to know, using locks, and password protection identification features. File areas are locked after normal duty hours, and the facilities are protected by security personnel or technology such as security cameras.

Use of the database and physical records will be carefully monitored by the system administrators and the library administrators at:

• Paper: FEMA Map Modernization Library, 847 South Pickett Street, Alexandria VA 22034

• Electronic: Service Delivery Center, 3039 East Cornwallis Road, Raleigh NC 27709

The system has an audit trail of changes made to the application and the user identification of who made the changes. Electronic records are also safeguarded by software programs that monitor traffic to identify unauthorized attempts to upload or change information or otherwise cause damage. Unauthorized attempts to upload or change information are prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act.

Retention and Disposal:

The retention schedule has been approved by NARA. The NARA authority is N1–311–86–1 2A2c; the retention period is 20-years. Electronic copies of MT–EZs and eLOMAs will be printed and retained in the same manner as hard copies.

System Manager(s) and Address:

Paper: FEMA Map Modernization Library, 847 South Pickett Street, Alexandria VA 22034. Electronic: Service Delivery Center, 3039 East Cornwallis Road, Raleigh NC 27709.

Notification Procedure:

A request for access to records in this system may be made by writing to the System Manager, identified above, or to the Privacy Act Officer, in conformance with 6 CFR part 5, subpart B and 44 CFR part 6, which provides the rules for requesting access to Privacy Act records.

Record Access Procedure:

The procedures for individuals to gain access to their own information are listed both in FEMA's and the DHS's Privacy Act regulations, 44 CFR part 6 and 6 CFR part 5, subpart B. Requests for Privacy Act protected information must be made in writing, and clearly marked as a "Privacy Act Request." The name of the requester, the nature of the record sought, and the required verification of identity must be clearly indicated. Requests should be sent to: Privacy Act Officer, DHS/FEMA, Office of General Counsel, Room 406, 500 C Street, SW., Washington DC 20472.

Contesting Record Procedures:

Same as Record Access Procedure (above). State clearly and concisely the information being contested, the reasons for contesting it, and the proposed change to the record.

Record Source Categories:

The information will come from individuals and certifiers.

Exemption Claimed for the System:

None.

[TOP]

DHS/FEMA—001

System name:

Federal Emergency Management Agency National Emergency Family Registry and Locator System.

Security classification:

Unclassified.

System location:

Records are maintained at the Federal Emergency Management Agency Headquarters in Washington, DC and field offices.

Categories of individuals covered by the system:

Categories of individuals covered by this system include: Registrants (adult individual(s)) who have been displaced by a Presidentially-declared disaster or emergency and who voluntarily register in the National Emergency Family Registry and Locator System system; Family or Household Members who are travelling with the registrant, or who lived in the pre-disaster residence immediately preceding the disaster; and Searchers who are searching for missing family or household members.

Searchers are permitted to view personal information and/or messages of certain registrant(s) upon designation by the registrant(s).

Categories of records in the system:

Categories of records in this system include:

Information about the individual registering in the National Emergency Family Registry and Locator System (“registrant”) consists of:

• Authenticated Individual's Full Name;

• Date of Birth;

• Gender;

• Current Phone;

• Alternate Phone;

• Current Address;

• Pre-Disaster Address;

• Name and Type of Current Location; (i.e. shelter, hotel, or family/friend's home);

• Traveling with Pets (Yes or No);

• Identity Authentication Approval or Nonapproval, the fact of the authentication is maintained, but the answers to the questions provided to the third party organization are not maintained by DHS/FEMA;

• System specific username and password; and

• Personal Message (may consist of up to 300 characters intended for designated family or household members to read).

Information about the family/household members traveling with the registrant in the National Emergency Family Registry and Locator System consists of:

• Family/Household Members Full Name;

• Gender;

• Current Phone;

• Alternate Phone;

• Current Address;

• Pre-Disaster Address;

• Name and Type of Current Location; (i.e. shelter, hotel, or family/friend's home);

• Traveling with Pets (Yes or No);

• Personal Message: (may consist of up to 300 characters for listed, designated family, or household members to read.)

Information about the individual searching the National Emergency Family Registry and Locator System for a registrant or family/household member (searcher) consists of:

• Searching Individual's Full Name;

• Permanent Address;

• Phone;

• Alternate Phone;

• E-mail;

• Date of Birth;

• Identity Authentication Approval or Nonapproval, the fact of the authentication is maintained, but the answers to the questions provided to the third party organization are not maintained by DHS/FEMA; and

• System specific username and password.

Authority for maintenance of the system:

The National Emergency Family Registry and Locator System, section 689c of the Post-Katrina Emergency Management Reform Act of 2006, Public Law 109–295 and the Robert T. Stafford Disaster Relief and Emergency Assistance Act, as amended, 42 U.S.C. 5121–5207.

Purpose(s):

The purpose of this system is to reunify families and household members following a Presidentially-declared disaster or emergency. To families using the National Emergency Family Registry and Locator System system of records, the registrant and searcher must acknowledge that the information in National Emergency Family Registry and Locator System may be disclosed to searchers upon request, to Federal agencies, State and local governments as well as law enforcement or voluntary agencies.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

A. To the Department of Justice (DOJ) (including United States Attorney Offices) or other Federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body, when it is necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation:

1. DHS or any component thereof;

2. Any employee of DHS in his/her official capacity;

3. Any employee of DHS in his/her individual capacity where DOJ or DHS has agreed to represent the employee; or

4. The United States or any agency thereof, is a party to the litigation or has an interest in such litigation, and DHS determines that the records are both relevant and necessary to the litigation and the use of such records is compatible with the purpose for which DHS collected the records.

B. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains.

C. To the National Archives and Records Administration (NARA) or other Federal Government agencies pursuant to records management inspections being conducted under the authority of 44 U.S.C. sections 2904 and 2906.

D. To an agency, organization, or individual for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.

E. To appropriate agencies, entities, and persons when:

1. DHS suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised;

2. The Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by DHS or another agency or entity) or harm to the individual that rely upon the compromised information; and

3. The disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DHS's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

F. To contractors and their agents, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for DHS, when necessary to accomplish an agency function related to this system of records. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to DHS officers and employees.

G. To an appropriate Federal, State, tribal, local, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations and such disclosure is proper and consistent with the official duties of the person making the disclosure.

H. To Federal agencies; State, tribal and local governments; Federal, State, and local law enforcement agencies; the National Center for Missing and Exploited Children and voluntary organizations as defined in 44 CFR 206.2(a)(27) that have an established disaster assistance program to address the disaster-related unmet needs of disaster victims, are actively involved in the recovery efforts of the disaster, and either have a national membership, in good standing, with the National Voluntary Organizations Active in Disaster, or are participating in the disaster's Long-Term Recovery Committee for the express purpose of reunifying families. Other agencies may include other Federal agencies and non-governmental agencies with which FEMA coordinates under the National Response Framework, which is an integrated “plan” explaining how the Federal Government will interact with and support State, local, tribal, and non-governmental entities during a Presidentially-declared disaster or emergency. This may include: The Office of Juvenile Justice and Delinquency Prevention, Department of Health and Human Services, U.S. Department of Justice, U.S. Federal Bureau of Investigation's Crimes Against Children's Unit, Department of Justice U.S. Marshals Service, the American Red Cross, and the National Emergency Child Locator Center.

Disclosure to consumer reporting agencies:

None.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

Records in this system are stored electronically or on paper in secure facilities in a locked drawer behind a locked door. The records are stored on magnetic disc, tape, digital media, and CD–ROM.

Retrievability:

Records may be retrieved by name, address (current and alternate), and phone number of the individual registering or searching in the National Emergency Family Registry and Locator System.

Safeguards:

Records in this system are safeguarded in accordance with applicable rules and policies, including all applicable DHS automated systems security and access policies. Strict controls have been imposed to minimize the risk of compromising the information that is being stored. Administrative access to the computer system containing the records in this system is limited to those individuals who have a need to know the information for the performance of their official duties and who have appropriate clearances or permissions. The system maintains a real-time auditing function of individuals who access the system.

Retention and disposal:

In accordance with the FEMA Records Schedule (FRS), the National Archives, and Records Administration (NARA) Disposition Authority number N1–311–09–1, records and reports related to and regarding registrations and searchers in NEFRLS performed by a displaced person, Call Center Operator on behalf of a displaced person, or family and friends will be cut off 60 days after the last edit to the record and destroyed/deleted 3 years after the cutoff. Additionally, in compliance with FRS, NARA Disposition Authority number N1–311–04–5, Item 3, records in this system associated with a domestic catastrophic event will have permanent value. A catastrophic event may be any natural or manmade incident, including terrorism, which results in extraordinary levels of mass casualties, damage, or disruption severely affecting the population, infrastructure, environment, economy, national morale, and/or government functions. A catastrophic event could result in sustained national impacts over a prolonged period of time; almost immediately exceeds resources normally available to State, local, tribal, and private-sector authorities in the impacted area; and significantly interrupts governmental operations and emergency services to such an extent that national security could be threatened.

System Manager and address:

Deputy Director, Individual Assistance, Disaster Assistance Directorate, Federal Emergency Management Agency, 500 C Street, SW., Washington, DC 20472.

Notification procedure:

Individuals seeking notification of and access to any record contained in this system of records, or seeking to contest its content, may submit a request in writing to FEMA's FOIA Officer, 500 C Street, SW., Attn: FOIA Coordinator, Washington, DC 20472.

When seeking records about yourself from this system of records or any other FEMA system of records your request must conform with the Privacy Act regulations set forth in 6 CFR part 5. You must first verify your identity, meaning that you must provide your full name, current address and date and place of birth. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits Statements to be made under penalty of perjury as a substitute for notarization. While no specific form is required, you may obtain forms for this purpose from the Director, Disclosure and FOIA, http://www.dhs.gov or 1–866–431–0486. In addition you should provide the following:

• An explanation of why you believe the Department would have information on you,

• Specify when you believe the records would have been created,

• If your request is seeking records pertaining to another living individual, you must include a Statement from that individual certifying his/her agreement for you to access his/her records.

Without this bulleted information the FEMA may not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations.

Record access procedures:

See “Notification procedure” above.

Contesting record procedures:

See “Notification procedure” above.

Record source categories:

Records are obtained by registrants for the National Emergency Family Registry and Locator System, individuals searching the National Emergency Family Registry and Locator System; and third party authentication services indicating an individual has been approved or not approved.

Exemptions claimed for the system:

None.

[TOP]

DHS/FEMA–003

System name:

Federal Emergency Management Agency—003 National Flood Insurance Program Files.

Security classification:

Unclassified.

System location:

Records are maintained at the Federal Emergency Management Agency Headquarters in Washington, DC and in field offices.

Categories of individuals covered by the system:

Categories of individuals covered by this system include applicants and policyholders of flood insurance; Severe Repetitive Loss (SRL) property owners (previously known as “Repetitive Loss Target Group” (RLTG)); insurance companies and agents; WYO Companies and lenders; communities that submit Community Rating Survey (CRS) applications; and certified flood adjusters.

Categories of records in the system:

Categories of records in this system include:

• Individual's name;

• Social security number;

• Addresses;

• Telephone numbers;

• E-mail address;

• Tax ID numbers;

• Insurance policy numbers and information;

• Group Flood Insurance Program (GFIP) Certificate Holders

• Property information:

○ Bank/lender

○ Date of mortgage

○ Address of bank/lender

○ Loan information, such as: loan number, names and addresses of first and possible second mortgagees, and file or identification number of loan;

○ Taxpayer's identification number

• Administration records, such as: transaction errors and rejects per WYO Company, documents and photographs necessary to substantiate a claim for losses due to burglary or robbery, reports of adjusters, and adjusters' bills paid by the program;

• Names and contact information of insurance agents;

• Write Your Own Companies (WYO's);

• Severe Repetitive Loss (SRL) property owners;

• Community Rating System (CRS) applications to adjust NFIP insurance premiums based on the mitigation of activities implemented by a community;

• Names and contact information of individuals seeking NFIP data; and

• Data elements required for reporting purposes under the FEMA Mitigation Directorate Bureau and Statistical Agent contract for private insurance companies. Data elements include, but are not limited to:

○ Data elements regarding policy reinstatement with/without policy changes,

○ Data elements regarding insurance claims, and

○ Data elements regarding payment of claims.

Authority for maintenance of the system:

The Federal Records Act, 44 U.S.C. 3101; National Flood Insurance Act of 1968, as amended and Flood Disaster Protection Act of 1973, 42 U.S.C. 4001, et seq.

Purpose(s):

The purpose of this system is to manage the National Flood Insurance Program, to assess National Flood Insurance Program user satisfaction, and to provide information on the National Flood Insurance Program to those who inquire.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records of information contained in this system may be disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

A. To the Department of Justice (DOJ) (including United States Attorney Offices) or other Federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body when it is necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation:

1. DHS or any component thereof;

2. Any employee of DHS in his/her official capacity;

3. Any employee of DHS in his/her individual capacity where DOJ or DHS has agreed to represent the employee; or

4. The United States or any agency thereof, is a party to the litigation or has an interest in such litigation, and DHS determines that the records are both relevant and necessary to the litigation and the use of such records is compatible with the purpose for which DHS collected the records.

B. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains.

C. To the National Archives and Records Administration or other Federal Government agencies pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.

D. To an agency, organization, or individual for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.

E. To appropriate agencies, entities, and persons when:

1. DHS suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised;

2. The Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by DHS or another agency or entity) or harm to the individual who relies upon the compromised information; and

3. The disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DHS's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

F. To contractors and their agents, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for DHS, when necessary to accomplish an agency function related to this system of records. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to DHS officers and employees.

G. To an appropriate Federal, State, tribal, local, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations and such disclosure is proper and consistent with the official duties of the person making the disclosure.

H. To insurance agents, brokers, adjusters, lending institutions, WYO Companies as authorized under 44 CFR 62.23, the Army Corps of Engineers, Small Business Association, the American Red Cross, the United States Department of Agriculture Farm Service Agency, State and local governments, including State and local individual and family grant and assistance agencies, National Flood Insurance Program policy and claims records for carrying out the purposes of the National Flood Insurance Program, to determine eligibility for benefits, and to verify non-duplication of benefits following a flooding event.

I. To States to provide Group Flood Insurance Program (GFIP) certificates for carrying out the purposes of the National Flood Insurance Program.

J. To property loss reporting bureaus, State insurance departments, and insurance companies to investigate fraud or potential fraud in connection with claims, subject to the approval of the Office of Inspector General, DHS.

K. To State and local government individual and family grant agencies to ascertain the degree of financial burden that State and local governments expect to assume in the event of a flooding disaster.

L. To State and local government agencies to further the National Flood Insurance Program marketing activities.

M. To State and local government agencies that provide the names and addresses of policyholders and a brief general description of their plan for acquiring and relocating their flood prone properties to ensure that they are engaged in flood plain management, improved real property acquisitions, relocation projects that are consistent with the National Flood Insurance Program and, upon the approval of the Administrator, Federal Insurance Mitigation Administration, that the use furthers the flood plain management and hazard mitigation goals of the agency.

N. To the Army Corps of Engineers, State and local government agencies and municipalities to review National Flood Insurance Program policy and claims files to assist in hazard mitigation and flood plain management activities and in monitoring compliance with the flood plain management measures duly adopted by the community.

O. To lending institutions, mortgage servicing companies, and others servicing mortgage loan portfolios, as well as private companies engaged in or planning to engage in activities to market or assist lenders and mortgage servicing companies to comply with the requirements of the Flood Disaster Protection Act of 1973, including lender compliance, and to market the sale of flood insurance policies under the National Flood Insurance Program.

P. To current owners of properties designated under the National Flood Insurance Program as SRL Target Group properties, the dates and dollar amounts of loss payments made to prior owners so current owners may evaluate whether that designation is appropriate and may, if they believe the designation is not appropriate, use the information to appeal that designation.

Q. To the Special Direct Facility National Flood Insurance Program Repetitive Loss records for the processing of SRL Target Group policyholder underwriting and claims records.

R. To Preferred Risk Property (PRP) owners who are contesting the denial of the PRP applications, the properties' prior loss history.

S. To Federal, State, and local government agencies to conduct research, analysis, and feasibility studies.

T. To communities to provide repetitive loss records that pertain to that community.

U. To OMB in connection with the review of private relief legislation in accordance with OMB Circular No. A–19.

Disclosure to consumer reporting agencies:

Disclosure under 5 U.S.C. 552a(b)(12). DHS/FEMA may make disclosures from this system to “consumer reporting agencies” as defined in the Fair Credit Reporting Act 15 U.S.C. 1681a(f), as amended; or the Federal Claims Collection Act of 1966 31 U.S.C. 3701(a)(3), as amended.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

Records in this system are stored electronically or on paper in secure facilities in a locked drawer behind a locked door. The records are stored on magnetic disc, tape, digital media, and CD–ROM.

Retrievability:

Records will be retrieved by individual's name; insurance policy number; Repetitive Loss Target Group number; property address; zip code; telephone number; insurance agents; company name, including lenders and WYO Companies; community name; and Community Rating System application number.

Safeguards:

Records in this system are safeguarded in accordance with applicable rules and policies, including all applicable DHS automated system security access policies. Strict controls have been imposed to minimize the risk of compromising the information that is being stored. Access to the computer system containing the records in this system is limited to those individuals who have a need to know the information for the performance of their official duties and who have appropriate clearances or permissions.

Retention and disposal:

Policy records are kept as long as the property owner is enrolled in the insurance program and pays the policy premiums, and cutoff when the file becomes inactive. Policy records are destroyed 5 years after the cutoff with FEMA Records Schedule N1–311–86–1, Item 1A13a(2). Claim records are maintained for 6 years and 3 months after final action, unless litigation exists. Records are disposed of FEMA Records Schedule N1–311–86–1, Item 2A12(2)(b). Claim records with pending litigation are destroyed after review by General Counsel with FEMA Records Schedule N1–311–86–1, Item 2A13a(1). Consumer records, including Community Rating System records, are retired to the Federal Record Center 2 years after cutoff, and destroyed 10 years after cutoff, IAW FEMA Records Schedule N1–311–02–01, Item 4.

System Manager and address:

Administrator, Federal Insurance and Mitigation Administration, Federal Emergency Management Agency Headquarters, 500 C Street, SW., Washington, DC 20472.

Notification procedure:

Individuals seeking notification of and access to any record contained in this system of records, or seeking to contest its content, may submit a request in writing to FEMA's FOIA Officer, 500 C Street, SW., Attn: FOIA Coordinator, Washington, DC 20472.

When seeking records about yourself from this system of records or any other FEMA system of records your request must conform with the Privacy Act regulations set forth in 6 CFR part 5. You must first verify your identity, meaning that you must provide your full name, current address and date and place of birth. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. While no specific form is required, you may obtain forms for this purpose from the Director, Disclosure and FOIA, http://www.dhs.gov or 1–866–431–0486. In addition you should provide the following:

• An explanation of why you believe the Department would have information on you,

• Specify when you believe the records would have been created,

• If your request is seeking records pertaining to another living individual, you must include a statement from that individual certifying his/her agreement for you to access his/her records.

Without this bulleted information the FEMA may not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations.

Record access procedures:

See “Notification procedure” above.

Contesting record procedures:

See “Notification procedure” above.

Record source categories:

Individual's who apply for and individuals who are insured under the National Flood Insurance Program, WYO Companies, flood insurance agents and lenders, individuals who request information on the National Flood Insurance Program, appraisal records, title reports, and homeowner reports.

Exemptions claimed for the system:

None.

[TOP]

DHS/FEMA–007

System name:

National Flood Insurance Program Marketing Files.

Security classification:

Unclassified.

System location:

Records are maintained at the Federal Emergency Management Agency Headquarters in Washington, DC and in field offices.

Categories of individuals covered by the system:

Categories of individuals covered by this system include individuals who apply for and individuals who are insured under the National Flood Insurance Program, Write-Your-Own companies, flood insurance agents and lenders, and individuals who request information on the National Flood Insurance Program.

Categories of records in the system:

Categories of records in this system include:

• Individual's name;

• Business's name;

• Addresses;

• Phone numbers;

• Account numbers or order numbers;

• Market research data regarding the NFIP, including information regarding awareness, attitudes, and satisfaction as it relates to the NFIP, which is obtained through qualitative surveys approved by the Office of Management and Budget (OMB);

• Telephone Response Center (TRC) records regarding research conducted with customers, insurance agents, Write-Your-Own (WYO) companies and individual respondents.

Authority for maintenance of the system:

Federal Records Act, 44 U.S.C. 3101; National Flood Insurance Act of 1968, as amended, and Flood Disaster Protection Act of 1973, as amended, 42 U.S.C 4001 et seq.

Purpose(s):

The purpose of this system is to market the National Flood Insurance Program.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records of information contained in this system may be disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

A. To the Department of Justice (including United States Attorney Offices) or other Federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body when it is necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation:

1. DHS or any component thereof;

2. Any employee of DHS in his/her official capacity;

3. Any employee of DHS in his/her individual capacity where DOJ or DHS has agreed to represent the employee; or

4. The United States or any agency thereof, is a party to the litigation or has an interest in such litigation, and DHS determines that the records are both relevant and necessary to the litigation and the use of such records is compatible with the purpose for which DHS collected the records.

B. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains.

C. To the National Archives and Records Administration or other Federal government agencies pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.

D. To an agency, organization, or individual for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.

E. To appropriate agencies, entities, and persons when:

1. DHS suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised;

2. The Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by DHS or another agency or entity) or harm to the individual who relies upon the compromised information; and

3. The disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DHS's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

F. To contractors and their agents, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for DHS, when necessary to accomplish an agency function related to this system of records. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to DHS officers and employees.

G. To an appropriate Federal, State, tribal, local, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations and such disclosure is proper and consistent with the official duties of the person making the disclosure.

H. To the news media and the public, with the approval of the Chief Privacy Officer in consultation with counsel, when there exists a legitimate public interest in the disclosure of the information or when disclosure is necessary to preserve confidence in the integrity of DHS or is necessary to demonstrate the accountability of DHS's officers, employees, or individuals covered by the system, except to the extent it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.

Disclosure to consumer reporting agencies:

None.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

Records in this system are stored electronically or on paper in secure facilities in a locked drawer behind a locked door. The records are stored on magnetic disc, tape, digital media, and CD-ROM.

Retrievability:

Records are retrieved by individual's name, business' name, addresses, telephone number, account number, or order number.

Safeguards:

Records in this system are safeguarded in accordance with applicable rules and policies, including all applicable DHS automated system security access policies. Strict controls have been imposed to minimize the risk of compromising the information that is being stored. Access to the computer system containing the records in this system is limited to those individuals who have a need to know the information for the performance of their official duties and who have appropriate clearances or permissions.

Retention and disposal:

Flood plain Management Files end at the close of each fiscal year, retired to the Federal Record Center, and destroyed ten years after cutoff, in accordance with FEMA Records Schedule N1–311–02–01, Item 4. Files generated in processing flood insurance policies under the continuing National Flood Insurance Program end when file becomes inactive and destroyed five years after cutoff, in accordance with FEMA Records Schedule N1–311–86–1, Item 1A13a(2).

System Manager and address:

Administrator, Federal Insurance and Mitigation Administration, Federal Emergency Management Agency Headquarters, 500 C Street, SW., Washington, DC 20472.

Notification procedure:

Individuals seeking notification of and access to any record contained in this system of records, or seeking to contest its content, may submit a request in writing to FEMA's FOIA Officer, 500 C Street, SW., Attn: FOIA Coordinator, Washington, DC 20472.

When seeking records about yourself from this system of records or any other FEMA system of records your request must conform with the Privacy Act regulations set forth in 6 CFR part 5. You must first verify your identity, meaning that you must provide your full name, current address and date and place of birth. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. While no specific form is required, you may obtain forms for this purpose from the Director, Disclosure and FOIA, http://www.dhs.gov or 1–866–431–0486. In addition you should provide the following:

• An explanation of why you believe the Department would have information on you,

• Specify when you believe the records would have been created,

• If your request is seeking records pertaining to another living individual, you must include a statement from that individual certifying his/her agreement for you to access his/her records.

Without this bulleted information the FEMA may not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations.

Record access procedures:

See “Notification procedure” above.

Contesting record procedures:

See “Notification procedure” above.

Record source categories:

Individual's who apply for and individuals who are insured under the National Flood Insurance Program, Write-Your-Own companies, flood insurance agents and lenders, and individuals who request information on the National Flood Insurance Program.

Exemptions claimed for the system:

None.

[TOP]

DHS/FEMA–008

System name:

Federal Emergency Management Agency Disaster Recovery Assistance Files.

Security classification:

Unclassified.

System location:

National Processing Service Centers (NPSC) located at FEMA MD–NPSC, 6511 America Boulevard, Hyattsville, MD 20782; FEMA VA–NPSC, 430 Market St. Winchester, VA 22603; and FEMA TX–NPSC, 3900 Karina Lane, Denton, TX 76208.

Categories of individuals covered by the system:

Eligible United States citizens and lawful permanent residents applying for disaster recovery assistance following a Presidentially-declared major disaster or emergency.

Categories of records in the system:

Categories of records in this system include:

(a) Registration Records (Form 90–69 and 90–69b, Disaster Assistance Registration/Application)

• Individual's full name;

• Social security number, alien number, co-application social security number;

• Date of birth;

• Phone numbers;

• E-mail addresses;

• Addresses;

• Language(s) spoken;

• Date of disaster and/or property loss including cause of damage and estimates of repair;

• Type of disaster location;

• Name for each disaster;

• Income information;

• Acceptable forms of identification (e.g., drivers license, state/federal issued photo identification);

• Emergency needs of the individual (e.g. food, clothing, shelter etc.);

• Other needs (e.g., medical, dental, moving, funeral etc.)

• Type of residence;

• Insurance coverage information including names, addresses, phone numbers, e-mail addresses;

• Household size and composition including number and type of individual's dependents;

• Bank name and account information including electronic funds transfer information;

(b) Inspection Reports (Form 90–56, Inspection Report)

• Inspection reports containing individuals' identifying information and results of surveys of damaged real and personal property and goods, which may include individuals' homes and personal items;

(c) Temporary Housing Assistance Eligibility Determinations (Forms 90–11, through 90–13, 90–16, 90–22, 90–24 through 90–28, 90–31, 90–33, 90–41, 90–48, 90–57, 90–68 through 90–70, 90–71, 90–75 through 90–78, 90–82, 90–86, 90–87, 90–94 through 90–97, 90–99, and 90–101.

• Correspondence and documentation related to the approval and disapproval of temporary housing assistance including: general correspondence, complaints, appeals and resolutions, requests for disbursement of payments, inquiries from tenants and landlords, general administrative and fiscal information, payment schedules and forms, termination notices, information shared with the temporary housing program staff from other agencies to prevent the duplication of benefits, leases, contracts, specifications for repair of disaster damaged residences, reasons for eviction or denial of aid, sales information after tenant purchase of housing units, and the status of disposition of applications for housing;

(d) Eligibility Decisions for Disaster Aid from other Federal and State Agencies (forms 76–27 through 70–28, 76–30, 76–32, 76–34 through 76–35 and 76–38)

• Notations of decisions for disaster aid from other Federal and State agencies as they relate to determinations of individuals' eligibility for disaster assistance programs.

• Other files independently kept by the State, which contain records of persons who request disaster aid, specifically for the “Other Needs” assistance provision of the Individuals and Households Program (IHP), and its predecessor program, the Individuals and Family Grant (IFG), administrative files and reports required by FEMA. As to individuals, the State keeps the same type of information as described above under registration, inspection, and temporary housing assistance records. As to administrative files and reporting requirements.

Authority for maintenance of the system:

Robert T. Stafford Disaster Relief and Emergency Assistance Act as amended (the Stafford Act), 42 U.S.C. 5121–5206 and Reorganization Plan No. 3 of 1978, 5 U.S.C. 552a(b) of the Privacy Act, Executive Order 13411, the Homeland Security Act of 2002, Public Law 107–296, Section 1512, 116 Stat. 2310 (November 25, 2002), 5 U.S.C. 552a(b) of the Privacy Act, 44 U.S.C. sections 2904 and 2906, Debt Collection Improvement Act of 1996, 31 U.S.C. 3325(d) and 7701(c)(1), Fair Credit Reporting Act, 15 U.S.C. 1681a(f), as amended; Federal Claims Collection Act of 1966, 31 U.S.C. 3701(a)(3), as amended; 44 CFR 206.2(a)(27).

Purpose(s):

To register applicants needing disaster assistance, to inspect damaged homes, to verify information provided by each applicant, to determine eligibility regarding an applicant's request for assistance, and to identify and implement measures to reduce future disaster damage, prevent duplication of federal government efforts and benefits, identify possible fraudulent activity once there has been a Presidentially-declared major disaster or emergency.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, DHS/FEMA may disclose all or a portion of the records of information contained in this system as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

A. To the Department of Justice (DOJ) (including United States Attorney Offices) or other Federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body when it is necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation:

1. DHS or any component thereof;

2. Any employee of DHS in his/her official capacity;

3. Any employee of DHS in his/her individual capacity where DOJ or DHS has agreed to represent the employee; or

4. The United States or any agency thereof, is a party to the litigation or has an interest in such litigation, and DHS determines that the records are both relevant and necessary to the litigation.

B. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request and with the consent of the individual to whom the record pertains.

C. To the National Archives and Records Administration or other Federal Government agencies pursuant to records management inspections being conducted under the authority of 44 U.S.C. sections 2904 and 2906.

D. To a Federal agency, organization, or individual for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.

E. To appropriate agencies, entities, and persons when:

1. DHS suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised;

2. The Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by DHS or another agency or entity) or harm to the individual who relies upon the compromised information; and

3. The disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DHS's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

F. To contractors and their agents, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for DHS, when necessary to accomplish an agency function related to this system of records. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to DHS officers and employees.

G. Where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law—criminal, civil, or regulatory—the relevant records may be referred to an appropriate Federal, State, tribal, local, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting such a violation or enforcing or implementing a law, rule, regulation, or order, so long as such disclosure is proper and consistent with the official duties of the person receiving the information.

H. To certain agencies where FEMA may disclose applicant information necessary to prevent a duplication of efforts or a duplication of benefits in determining eligibility for disaster assistance, or to certain entities that will provide unmet needs to eligible, ineligible or partially eligible FEMA applicants. Only the least amount of necessary information shall be released to enable the recipient agency to determine eligibility for that agency's particular assistance program(s). The receiving agency is not permitted to alter or to further disclose the disclosed records to other disaster organizations. FEMA may make such disclosures under the following circumstances:

1. To another Federal agency or State government agency charged by statute or regulation in administering disaster relief programs. This includes programs that make available any additional Federal and State disaster assistance to individuals and households and authorities that give preference of priority to disaster victims to the extent the information is relevant and necessary and is compatible as to purpose.

2. When an applicant seeks assistance from a local government agency or a voluntary organization (as defined at 44 CFR 206.2(a)(27), as amended or superseded) charged under legislation or charter with administering disaster relief programs, and FEMA receives a written request from that local government or voluntary agency that includes the applicant's name, date of birth, FEMA registration/application number, and damaged dwelling address. The written request must explain the type of tangible assistance being offered and the type of verification required before the assistance can be provided.

3. To voluntary organizations (as defined at 44 CFR 206.2(a)(27), as amended or superseded) that have an established disaster assistance program to address the disaster-related unmet needs of disaster victims, are actively involved in the recovery efforts of the disaster, and either have a national membership in good standing with the National Voluntary Organizations Active in Disaster (NVOAD), or are participating in the FEMA or State recognized disaster's Long-Term Recovery Committee. When a voluntary agency satisfies all of the criteria listed in this sub-paragraph, FEMA may release lists of individuals' names, contact information, and their FEMA inspected loss amount to the voluntary agency for the sole purpose of providing additional disaster assistance. FEMA shall release this information only from the time that disaster period is first open until 90 days after the disaster period is closed.

4. FEMA may immediately disclose, on a case-by-case basis, applicant information to an entity qualifying under routine use (H)(3) above or to an entity approved by the FEMA Disability Coordinator, if the applicant in question has a special need for durable medical equipment or device, and the qualifying entity is able to provide the assistance to the applicant in question. Specifically, FEMA may release the applicants name and telephone number. A written request is not necessary in this situation, however FEMA shall provide a written letter along with the information to receiving entity, and in turn the receiving entity shall send FEMA an acknowledgement letter that it has received the information and has contacted the applicant. In addition, the entity will confirm that it has taken the steps to protect the information provided. Only the FEMA Disability Coordinator or designee is authorized to approve a release under this routine use.

I. To relevant agencies, organizations, and institutions when an individual's eligibility, in whole or in part, for a disaster assistance program depends upon benefits already received or available from another source for the same purpose as necessary to determine what benefits are available from another source and to prevent the duplication of disaster assistance benefits (as described in section 312 of the Stafford Act).

J. To Federal, State, or local agencies in response to a written request, FEMA may disclose information charged with the implementation of hazard mitigation measures and the enforcement of hazard-specific provisions of building codes, standards, and ordinances. FEMA may only disclose information for the following purposes:

1. For hazard mitigation planning purposes to assist States and local communities in identifying high-risk areas and preparing mitigation plans that target those areas for hazard mitigation projects implemented under Federal, State or local hazard mitigation programs.

2. For enforcement purposes, to enable State and local communities to ensure that owners repair or rebuild structures in conformance with applicable hazard-specific building codes, standards, and ordinances.

K. To the Department of the Treasury, pursuant to the Debt Collection Improvement Act of 1996, 31 U.S.C. 3325(d) and 7701(c)(1), on the release of a social security number of the person doing business with FEMA, including an applicant for a grant. An applicant's social security number will be released in connection with a request for payment to the Department of the Treasury to provide a disaster assistance payment to an applicant under the Individual Assistance program.

L. To a State in connection with billing that State for the applicable non-Federal cost share under the Individuals and Households Program. Information shall only include list of applicants' names, contact information, and amounts of assistance received.

M. To local emergency managers, when an applicant is occupying a FEMA Temporary Housing unit, for the purposes of preparing, administering, coordinating and/or monitoring emergency response, public safety, and evacuation plans. FEMA shall only release the address and location of the housing unit.

N. To the Department of the Treasury, Justice, the United States Attorney's Office, or a consumer reporting agency for further collection action on any delinquent debt when circumstances warrant.

O. To Federal or State law enforcement authority, or agency, or other entity authorized to investigate and/or coordinate locating missing children and/or reuniting families.

P. To State and local government election authorities to oversee the voting process within their respective State/county/parish, for the limited purpose of ensuring voting rights of individuals who have applied to FEMA for Disaster Assistance, limited to their own respective State's/county's/parish's citizens who are displaced by a Presidentially-declared major disaster or emergency out of their State/county/parish voting jurisdiction.

Q. To certain Federal, State, local, and tribal agencies where FEMA may disclose an applicant's disaster related information to update the applicant's current records (i.e. change of address, effective date of change of address, etc.) within that agency to reduce additional efforts following a Presidentially-declared disaster (i.e. Social Security Administration, a state Department of Motor Vehicles, or state health agency that needs updated contact information).

R. To other Federal agencies or non-Federal entities under approved computer matching efforts, if use of such information is compatible with the purpose for which DHS collected the information. Sharing is limited to only those data elements considered relevant and necessary to determine eligibility under particular benefit programs administered by those agencies or entities or by DHS or any component thereof to improve program integrity, and to collect debts and other monies owed under those programs.

S. To the news media and the public, with the approval of the Chief Privacy Officer in consultation with Counsel, when there exists a legitimate public interest in the disclosure of the information or when disclosure is necessary to preserve confidence in the integrity of the Department or is necessary to demonstrate the accountability of the Department's officers, employees, or individuals covered by the system, except to the extent it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.

Disclosure to consumer reporting agencies:

Disclosure under 5 U.S.C. 552a(b)(12). DHS/FEMA may make disclosures from this system to “consumer reporting agencies” as defined in the Fair Credit Reporting Act 15 U.S.C. 1681a(f), as amended; or the Federal Claims Collection Act of 1966 31 U.S.C. 3701(a)(3), as amended.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

Records in this system are stored in an interactive database, computer discs, and paper records in file folders.

Retrievability:

Records may be retrieved by an individual's name, address, social security number, and case file number.

Safeguards:

Only authorized FEMA employees and contractors have access to this information. Hardware and software computer security measures are used to control access to the data. Access to the data is based upon an individual's position in FEMA and/or their designated duties. Individuals are assigned specific “rights” or specific access (e.g., read only, modify, delete, etc.). The access granted is based upon an individual's position responsibilities for “official use” only. FEMA employees are allowed access to the data as a function of their specific job assignments within their respective organizations. Each FEMA employee's access to the data is restricted to that needed to carry out their duties.

No individual applying for disaster assistance will have access to the entire database via the Internet. Applicants will have limited access to only their own information that they submitted via the Internet, and to the status of their own information regarding the processing of their own application (e.g. the status of required documentation, inspection status, or SBA status). Applicants are provided a Logon id, password, and Personal Identification Number (PIN) that connect only to the applicant's data. The password and PIN ensures that the login id belongs to the applicant. Computer security software ensures that the login id is mapped only to the applicant's data. Applicants will have access to only their own application information after FEMA assigns them a properly authenticated user id, password, and PIN. Applicants will be registered and authenticated in accordance with National Institute of Standards and Technology Level 2 Assurance guidelines.

Retention and disposal:

Records pertaining to individual assistance EXCEPT those relating to temporary housing and Individuals and Households Program programs will retire to inactive storage when two years old and destroyed when six years three months old in accordance with FEMA Records Schedule No. N1–311–86–1, item 4C10a. Records pertaining to temporary housing will be destroyed three years after close of the operation in accordance with FRS No. N1–311–86–1, item 4C10b. Closeout occurs when the disaster contract is terminated. Records pertaining to the IHP program will retire to the Federal Records Center (FRC) one year after closeout and destroyed three years after closeout.

System Manager and address:

Division Director, Individual Assistance Division, Federal Emergency Management Agency, 500 C Street SW., Washington, DC 20472.

Notification procedure:

Individuals seeking notification of and access to any record contained in this system of records, or seeking to contest its content, may submit a request in writing to the Headquarters or component's FOIA Officer, whose contact information can be found at http://www.dhs.gov/foia under “contacts.” If an individual believes more than one component maintains Privacy Act records concerning him or her the individual may submit the request to the Chief Privacy Officer, Department of Homeland Security, 245 Murray Drive, SW., Building 410, STOP–0550, Washington, DC 20528.

When seeking records about yourself from this system of records or any other Departmental system of records your request must conform with the Privacy Act regulations set forth in 6 CFR part 5. You must first verify your identity, meaning that you must provide your full name, current address and date and place of birth. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. While no specific form is required, you may obtain forms for this purpose from the Director, Disclosure and FOIA, http://www.dhs.gov or 1–866–431–0486. In addition you should provide the following:

• An explanation of why you believe the Department would have information on you,

• Identify which component(s) of the Department you believe may have the information about you,

• Specify when you believe the records would have been created,

• Provide any other information that will help the FOIA staff determine which DHS component agency may have responsive records,

• If your request is seeking records pertaining to another living individual, you must include a statement from that individual certifying his/her agreement for you to access his/her records.

Without this bulleted information the component(s) may not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations.

Record access procedures:

See “Notification procedure” above.

Contesting record procedures:

See “Notification procedure” above.

Record source categories:

FEMA receives information from individuals who apply for disaster recovery assistance through three different media: (1) Electronically via the Internet at http://www.disasterassistance.gov; (2) by calling FEMA's toll-free number 1–800–621–3362, and (3) through submission of a paper copy of FEMA Form 90–69. In addition information in this records system may come from credit rating bureaus, financial institutions, insurance companies, State, local and voluntary agencies providing disaster relief, and commercial databases (for verification purposes).

Exemptions claimed for the system:

None.

Dated: September 14, 2009.

Mary Ellen Callahan,

Chief Privacy Officer, Department of Homeland Security.

[TOP]

Office of Security

FEMA/SEC–1

System name:

Security Support System.

Security classification:

Limited Access. Certain records in this system are provided security safeguards equivalent to the protection of Top Secret and/or Special Access Program (SAP) information.

System location:

Office of Security, Federal Emergency Management Agency, Washington, DC 20472; FEMA Regional offices and Field Activities, and other facilities designated and approved by the Systems Manager. Name, Social Security number, FEMA point of contact, and time and length of visit, is also available to General Services Administration guards who are hired under a GSA contract for FEMA to confirm proper identification of individuals requiring access to FEMA Headquarters facility.

Categories of individuals covered by the system:

FEMA employees, other Federal agency employees, State employees, and consultant/contract employees and visitors to the FEMA Headquarters Building and Field Activities, and all other individuals requiring access to official FEMA premises.

Categories of records in the system:

This system contains security records on FEMA employees, applicants for employment, nominees. Security records include: Statement of personal history, personal data (e.g., name, address, telephone number and social security number) contained on Standard Forms 85, 85A, 86, and 87, security clearance forms; rosters; lists; Standard Form 312, non-disclosure statements; FEMA Form 12–17, security termination statement, and Optional Forms 62 and 63, forms for record container combinations and other related records. This system also includes copies of background investigations conducted by the Office of Personnel Management (OPM), FEMA, or other government investigative agencies. (The OPM background investigations are not FEMA records but rather are OPM records covered by OPM's system of records entitled, OPM/Central–9, Personnel Investigations Records, and requests for these records must be submitted directly to OPM–FIPC, Boyers, PA 16018. Requests for investigations conducted by other government investigative agencies must be submitted directly to the agency which conducted the investigation. The background investigations conducted by a FEMA contractor are FEMA records and are covered by this system notice. This system also contains records concerning Personnel Security Program for positions associated with computer systems (Chapter 732 of the Federal Personnel Manual). This system also includes FEMA Form 12–36, requests for access to FEMA Special Access Program; FEMA Form 12–35, notification of disapproval for access to FEMA Special Access Program; FEMA Form 12–37, inadvertent disclosure statements; FEMA Form 12–38, non-disclosure agreements; and FEMA Form 12–30, termination of access to certain classified information.

This system also includes entrant/exit records for access to FEMA premises. For visitors, this system includes name; temporary badge number; host's number, office symbol, and room number. For all others, this system includes name, social security number, specific areas and times of authorized accessibility, escort authority, status and level of security clearance.

Authority for maintenance of the system:

E.O. 12127; E.O. 12148; Reorganization Plan No. 3 of 1978; Section 4–2a, Executive Order 10450; Executive Order 12356; and Paragraph 1a, National Security Decision Directive 84, Safeguarding National Security Information.

Purpose(s):

For routine administrative, managerial, and security purposes by officials on a need-to-know basis in order to better track, manage and control access to information, buildings and restricted areas under the jurisdiction of FEMA, to determine the status of individuals entering FEMA premises; and to provide data requisite to investigations and security reports.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

An employee's level of security clearance and type of Special Access Program may be reported to another agency for the purpose of interagency security administration; information may be provided to other federal departments and agencies charged with responsibility in the assignment and coordination of federal emergency response teams; to any Federal, State or local law enforcement agency for law enforcement purposes; to any Federal agency pursuant to statutory intelligence responsibilities. The entrant and exit records may also include employees from other agencies which share building space in FEMA facilities and those records may be released to the individuals' respective employing agency. The name, Social Security number, FEMA point of contact, and time and length of visit, is also available to General Services Administration guards who are hired under a GSA contract for FEMA to confirm proper identification of individuals requiring access to FEMA Headquarters facility.

Additional routine uses may include Nos.1, 2, 3, 4, 5, and 8 of Appendix A.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

Mag-tape, disk, paper and index cards.

Retrievability:

By name, social security number, organization, security clearance level, type of Special Access Program, and badge number (except for visitors).

Safeguards:

All employees of the Office of Security have undergone a Special Background Investigation (SBI). All records containing personal information are maintained in secured storage areas contained within restricted areas, access to which is limited to authorized personnel. All records containing personal information on a computerized data base are accessible only through computer media under FEMA jurisdiction and placed in restricted areas, access to which is limited to authorized personnel. Access to computerized files is password protected and under the direct responsibility of the system manager. The system manager has the capability of printing audit trails of access from the computer media, thereby permitting regular ad hoc monitoring of computer usage. Certain records in this system are provided security safeguards equivalent to the protection of Top Secret and/or Special Access Program (SAP) information. All records are maintained in areas that are secured by building guards and/or alarm systems during non-business hours. Records are retained in areas accessible only to authorized personnel who are properly screened, cleared, trained and have a verified need-to-know.

Retention and disposal:

Records are covered by General Records Schedule 18. Requests and authorizations for individuals to have access to classified files are destroyed 2 years after authorization expires. Forms or lists used to record safe combinations, names of individuals knowing combinations, and comparable data used to control access into classified containers are destroyed when superseded by a new form or list, or upon turning in of containers. Lists or rosters showing the current security clearance status of individuals are destroyed when superseded or obsolete. Personnel security case files are destroyed upon notification of death or not later than 5 years after separation or transfer of employee or no later than 5 years after contract relation expires, whichever is applicable. Records relating to alleged security violations are destroyed 2 years after completion of final action or when no longer needed, whichever is sooner; records relating to alleged violations of a sufficient serious nature that are referred for prosecutive determinations are destroyed 5 years after the close of the case. Copies of non-disclosure agreements are destroyed when 50 years old.

System manager(s) and address:

Director of Security, Office of Security, Federal Emergency Management Agency, Washington, DC 20472.

Notification procedure:

Individuals wishing to inquire whether this system contains information about them should contact the appropriate system manager in writing. Individuals must furnish their full name, social security number, some type of appropriate personal identification, current mailing address and zip code, and any other available information regarding the type of record involved.

Record access procedures:

Specific materials in this system have been exempted from the access and contesting requirements under 5 U.S.C. 552a(k)(1) and 5 U.S.C. 552a(k)(5). To the extent that this system of records is not subject to exemption, it is subject to the access and contesting procedures. A determination as to the applicability of an exemption as to a specific record shall be made at the time a request for access or contest is received. Inquiries should be addressed to the appropriate system manager. Written requests should be clearly marked, "Privacy Act Request" on the envelope and letter. Individuals must furnish their full name, social security number, some type of appropriate personal identification, and current address, any other available information regarding the type of record for which access or amendment is being requested.

Contesting record procedures:

Same as access procedure above. The letter should state clearly and concisely what information is being contested, the reasons for contesting it, and the proposed amendment to the information sought.

FEMA Privacy Act Regulations are promulgated in 44 CFR part 6.

Record source categories:

Directly from the individual to whom the record pertains. The FEMA background investigation for access to classified information includes information from an application submitted by or an interview with the individual to whom the record pertains; employers; coworkers; neighbors; friends; acquaintances; physicians; other government agencies; educational institutions; credit references; and police departments. The entrant and exit records come directly from paper log completed by the individuals and/or from the individuals using FEMA issued badges to enter through turnstiles.

Systems exempted from certain provisions of the act:

The Director, Federal Emergency Management Agency, has determined that specific materials in this system should be exempted from subsections (c)(3), and (d) of the Privacy Act, 5 U.S.C. 552a, pursuant to 5 U.S.C. 552a(k)(1) and 5 U.S.C. 552a(k)(5). Rules have been promulgated in accordance with the requirements of 5 U.S.C. 553 (b), (c) and (e) and have been published in 44 CFR 6.87.

[TOP]

State and Local Programs and Support Directorate

DHS/FEMA–005

System name:

Temporary and Permanent Relocation and Personal and Real Property Acquisitions and Relocation Files.

Security classification:

Unclassified.

System location:

Records are maintained at the Federal Emergency Management Agency Headquarters in Washington, DC and field offices.

Categories of individuals covered by the system:

Categories of individuals covered by this system include individuals whose real property has been, or is being, acquired by DHS/FEMA. Also included are individuals who have been, or are being, relocated by DHS/FEMA.

Categories of records in the system:

Categories of records in this system include:

• Individual's name;

• Taxpayer identification number/social security number;

• Amounts paid for purchase of property including records of negotiations and offers;

• Title search documentation including property titles, title company correspondence, closing papers, tax records, and contracts;

• Loan interest payment information including mortgage payment papers, loan documentation claims, and DHS/FEMA approvals;

• Information for determining benefit amounts for real property acquisition including tax records, mortgage information, and divorce decrees;

• Information concerning replacement housing determinations including tax information, affidavits, and determinations;

• Relocation claims payment information including documents which verify that funds have been spent, deeds, contracts, building estimates, construction bills, loan papers, leases, cancelled checks, claim forms, and Decent, Safe and Sanitary Inspection Forms;

• Deeds, contractual sale documents, notations of follow-up actions, appraiser qualifications, rent supplement information, insurance verifications, moving cost information, permanent relocation questionnaires including background information on displaced persons, and information supplied by displaced persons to support claims for real property acquisition and relocation assistance. The temporary relocation file may contain the following:

○ Applicant contact sheets;

○ Application for assistance;

○ Leases and/or reimbursement agreements and corresponding housing inspection reports;

○ Requests for payment with supporting bills, receipts, etc., for relocation expenses and payment records to individuals and businesses; and

○ Move-out records.

Authority for maintenance of the system:

Federal Records Act, 44 U.S.C. 3101; Comprehensive Environmental Response Compensation Liability Act (CERCLA) of 1980, 42 U.S.C. 9601 et seq.; Executive Order 12580; Uniform Relocation Assistance and Real Property Acquisition Policies Act, 42 U.S.C. 4601 et seq.; National Flood Insurance Act of 1968 and Flood Disaster Protection Act of 1973, 42 U.S.C. 4001, et seq. and Executive Order 9397.

Purpose(s):

The purpose of this system is to track individual properties that qualify for acquisition and/or relocation under the Comprehensive Environmental Response Compensation Liability Act of 1980, as amended, and the National Flood Insurance Act, 42 U.S.C. 4001, as amended.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records of information contained in this system may be disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

A. To the Department of Justice or other Federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body, when it is necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation:

1. DHS or any component thereof;

2. Any employee of DHS in his/her official capacity;

3. Any employee of DHS in his/her individual capacity where DOJ or DHS has agreed to represent the employee; or

4. The United States or any agency thereof, is a party to the litigation or has an interest in such litigation, and DHS determines that the records are both relevant and necessary to the litigation and the use of such records is compatible with the purpose for which DHS collected the records.

B. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains.

C. To the National Archives and Records Administration or other Federal government agencies pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.

D. To an agency, organization, or individual for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.

E. To appropriate agencies, entities, and persons when:

1. DHS suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised;

2. The Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by DHS or another agency or entity) or harm to the individual who relies upon the compromised information; and

3. The disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DHS's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

F. To contractors and their agents, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for DHS, when necessary to accomplish an agency function related to this system of records. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to DHS officers and employees.

G. To an appropriate Federal, State, tribal, local, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations and such disclosure is proper and consistent with the official duties of the person making the disclosure.

H. To the affected State or political subdivision thereof for the purpose of determining the State's or subdivision's eligibility for tracking title to the acquired property for recreational and open space resources.

I. To the Environmental Protection Agency for the purpose of verifying the proper eligibility and use of Superfund monies to acquire properties found to be uninhabitable for the population and in connection with legal cases brought under the Superfund.

J. To the Small Business Administration for the purpose of determining the individual/business eligibility for loans and no duplication of funds.

K. To the Department of Justice, or a United States Attorney for legal representation in duplication of benefits provided to the individual or legal cases brought by or against FEMA, or in the case of Superfund monies, those brought by or against the Environmental Protection Agency.

L. To the Department of Justice for the purpose of obtaining official title opinions prior to acquisition as outlined under Section 1362 acquisitions.

M. To the news media and the public, with the approval of the Chief Privacy Officer in consultation with counsel, when there exists a legitimate public interest in the disclosure of the information or when disclosure is necessary to preserve confidence in the integrity of DHS or is necessary to demonstrate the accountability of DHS's officers, employees, or individuals covered by the system, except to the extent it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.

Disclosure to consumer reporting agencies:

Disclosure pursuant to 5 U.S.C. 552a(b)(12): Disclosures may be made from this system to “consumer reporting agencies” as defined in the Fair Credit Reporting Act (15 U.S.C. 1681a(f) or the Federal Claims Collection Act of 1966 (31 U.S.C. 3701(a)(3)).

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

Records in this system are stored electronically or on paper in secure facilities in a locked drawer behind a locked door. The records are stored on magnetic disc, tape, digital media, and CD–ROM.

Retrievability:

Records may be retrieved by individual's name, property addresses, mobile home sales documents, leases, and contracts.

Safeguards:

Records in this system are safeguarded in accordance with applicable rules and policies, including all applicable DHS automated systems security and access policies. Strict controls have been imposed to minimize the risk of compromising the information that is being stored. Access to the computer system containing the records in this system is limited to those individuals who have a need to know the information for the performance of their official duties and who have appropriate clearances or permissions.

Retention and disposal:

Permanent Personal and Real Property Acquisition and Relocation records are covered by General Record Schedules 3 and 4. Original files regarding occupant-related documents (e.g., site requests, mobile home sales documents, leases, and contracts) will be consolidated at regional offices at the end of Phase II (e.g., when shelterees are moved to permanent housing) and destroyed 6 years and 3 months after files are consolidated in accordance with FEMA Record Schedule N1–311–86–1, Item 4C8b(1). Files relating to permanent relocations under Superfund and purchases of properties under Section 1362 are permanent and will be maintained in accordance with FEMA Records Schedule N1–311–86–1, Item 4C10d.

System Manager and address:

For Superfund acquisitions—Associate Director, State and Local Programs and Support Directorate, Federal Emergency Management Agency, Washington, DC 20472.

Notification procedure:

Individuals seeking notification of and access to any record contained in this system of records, or seeking to contest its content, may submit a request in writing to FEMA's FOIA Officer, 500 C Street, SW., Attn: FOIA Coordinator, Washington, DC 20472.

When seeking records about yourself from this system of records or any other FEMA system of records your request must conform with the Privacy Act regulations set forth in 6 CFR part 5. You must first verify your identity, meaning that you must provide your full name, current address and date and place of birth. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. While no specific form is required, you may obtain forms for this purpose from the Director, Disclosure and FOIA, http://www.dhs.gov or 1–866–431–0486. In addition you should provide the following:

• An explanation of why you believe the Department would have information on you,

• Specify when you believe the records would have been created,

• If your request is seeking records pertaining to another living individual, you must include a statement from that individual certifying his/her agreement for you to access his/her records.

Without this bulleted information the FEMA may not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations.

Record access procedures:

See “Notification procedure” above.

Contesting record procedures:

See “Notification procedure” above.

Record source categories:

Individuals, appraisal records, title reports, or homeowner reports.

Exemptions claimed for the system:

None.

[TOP]

U.S. Fire Administration

DHS/FEMA/USFA–1

System name:

9/11 Heroes Stamp Act of 2001 File System.

Security classification:

Unclassified.

System location:

The Access database will be operated at FEMA's facility located at the U.S. Fire Administration, National Emergency Training Center (NETC), 16825 South Seton Avenue, Emmitsburg, MD 21727. It will also be operational from FEMA Headquarters at 500 C Street, SW., Room 832, Washington, DC.

Categories of individuals covered by the system:

The system covers those individuals who claim benefits under the 9/11 Heroes Stamp Act of 2001 (i.e., emergency relief personnel claiming to be permanently disabled or the personal representative of emergency relief personnel who were killed as a result of the terrorist related aircraft crashes of September 11, 2001.)

Categories of records in the system:

Records include application forms and other information submitted in hard copy by the individual seeking benefits under the 9/11 Heroes Stamp Act of 2001, or by the individual's personal representative if the individual is deceased, and documents submitted in support of the claims. This information may include an individual's medical, personal, employment, financial and other records obtained or generated to adjudicate the Heroes applications as well as September 11th Victim Compensation Fund claim numbers where applicable.

Authority for maintenance of the system:

9/11 Heroes Stamp Act of 2001, Public Law 107–67, section 652, 115 Stat. 514 (Nov. 12, 2001).

Purpose(s):

These records are collected or generated for the purpose of determining an individual applicant's qualification for and/or compensation to benefits under the 9/11 Heroes Stamp Act of 2001.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

The information the applicant submits on his or her claim is for official use only by FEMA for purposes of determining their eligibility for benefits under the 9/11 Heroes Stamp Act. The Privacy Act itself permits certain disclosures under 5 U.S.C. 552a(b), such as to individuals within an agency who have a need for the information in order to perform their duties. In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

A. To an agency, organization, or individual for the purposes of performing authorized audit or oversight operations.

B. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains or to a Congressional Committee providing oversight or conducting an investigation of this program.

C. To contractors, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the Federal Government, when necessary to accomplish an agency function related to this system of records.

D. To the Department of Justice (DOJ), the United States Attorney's Office, or a consumer-reporting agency for further collection action on any debt in relation to the 9/11 Heroes Stamp Act of 2001 when circumstances warrant.

E. Where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law—criminal, civil or regulatory—the relevant records may be referred to an appropriate Federal, State, territorial, tribal, local, international, or foreign agency law enforcement authority or other appropriate agency charged with investigating or prosecuting such a violation or enforcing or implementing such law.

F. To the Department of Justice or other Federal agency for purposes of conducting litigation or proceedings before any court, adjudicative or administrative body, when: (a) FEMA, or (b) any employee of FEMA in his/her official capacity, or (c) any employee of FEMA in his/her individual capacity where DOJ or FEMA has agreed to represent the employee, or (d) the United States or any agency thereof, is a party to the litigation or has an interest in such litigation and when the records are determined by FEMA to be arguably relevant to the proceeding.

G. To the National Archives and Records Administration (NARA) or other Federal Government agencies pursuant to records management inspections being conducted under the authority of 44 U.S.C. sections 2904 and 2906.

H. To the Department of Justice for purposes of verifying the consistency of information on Heroes Fund applications with information submitted to the Department of Justice under the September 11th Victim Compensation Fund of 2001.

I. To other Federal, State, local or private agencies or entities as necessary to determine eligibility of applicants for benefits under the Heroes Fund.

Disclosure to consumer reporting agencies:

Privacy Act information may be reported to consumer reporting agencies pursuant to 5 U.S.C. 552a(b)(12).

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

The database will be operated at FEMA's facility located at the U.S. Fire Administration, NETC, 16825 South Seton Avenue, Emmitsburg, MD 21727, and it will be operational from FEMA Headquarters at 500 C Street, SW., Room 832, Washington, DC 20472. FEMA Headquarters manages data use at all locations. Data consistency is maintained by regular replication of data among the sites and the consolidated master database via automated procedures. FEMA has a configuration management process that is used to deploy the application in a consistent manner throughout the enterprise.

Copies of paper applications as well as information maintained electronically are stored in a work area that is locked when it is not staffed. The doors to the work area are kept closed. There is limited access given to persons who have a need to have access to the information to perform their official duties. Computerized records are stored in a database server in a secured file server room. Electronic records are stored on a file server in another building and backed up nightly.

Retrievability:

Files and automated data are retrieved by name and/or Social Security Number of an individual applicant/claimant or personal representative of a claimant, and the name of the deceased, case file number, and/or Social Security Number.

Safeguards:

Use of the Access database will be carefully monitored and reviewed on a periodic basis by the system administrator.

FEMA employs software programs that monitor host and network traffic to identify unauthorized attempts to upload or change information or otherwise cause damage by individuals or group of individuals. Unauthorized attempts to upload information or change information are prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act.

The system has an audit trail of the changes made to the application and the user information associated with that change. Hence, the ability to monitor unauthorized access is provided.

Information in this system is safeguarded in accordance with applicable laws, rules and policies, including the DHS Information Technology Security Program Handbook. All records are protected from unauthorized access through appropriate administrative, physical, and technical safeguards. These safeguards include restricting access to authorized personnel who have a need-to-know, using locks, and password protection identification features. DHS file areas are locked after normal duty hours and the facilities are protected from the outside by security personnel.

Retention and disposal:

The paper copy of the application and supporting documentation, which are completed by the individual, constitute the official copy of the records. The database is kept in support of the paper copy. FEMA will treat the disposition of these records—hard copies of the application and supporting documentation and any data that is input and stored in any electronic databases—the same way. The data in the system are considered permanent Federal Government records, as, 9/11 records are permanent records. This means that NARA will not destroy them once FEMA retires the records to NARA. FEMA's disposition schedule, which is pending NARA approval under job number N1–311–04–05, would retire records to NARA 1 year and 6 months after the closure of the file.

System manager and address:

Office of the Administrator, USFA, NETC, 16825 South Seton Avenue, Emmitsburg, MD 21727.

Notification procedure:

A request for access to records in this system may be made by writing to the System Manager, identified above, in conformance with 6 CFR part 5, subpart B and 44 CFR part 6, which provides the rules for requesting access to Privacy Act records.

Record access procedures:

Same as Notification Procedure above.

Contesting record procedures:

Same as Notification Procedure above. State clearly and concisely the information being contested, the reasons for contesting it, and the proposed amendment to the information sought.

Record source categories:

The information will come from the individual applicants and/or their personal representative, if applicable, and their employer or volunteer organization, and financial institution. Information may also be obtained from Federal, State or local administrative bodies or private insurers that have made relevant determinations regarding the disability of individual applicants or their death.

Exemption claimed for the system:

None.

[TOP]

Grant Management Information Files and Citizen Corps Database

DHS/FEMA–004

System Name:

DHS/FEMA–004 Grant Management Information Files.

Security Classification:

Unclassified and sensitive.

System Location:

Records are maintained at Federal Emergency Management Agency Headquarters in Washington, DC and field offices.

Categories of Individuals Covered by the System:

Categories of entities covered by this system include: Recipients (grantees) of grant funds. These include state, territorial, tribal officials, port authorities, transit authorities, non-profit organizations, and, in rare instances, private companies.

Categories of Records in the System:

Categories of records in this system include:

• Organizational Name;

• Employer Identification Number (EIN);

• Name of Organization's Designated Point of Contact (POC);

• POC work address;

• POC work phone number;

• POC cellphone number;

• POC fax number;

• POC work e-mail address;

• Organization's Bank Routing Number;

• Organization's Bank Account Number; and

• Grant related information.

Authority for Maintenance of the System:

Legal authority includes, but is not limited to:

• The Robert T. Stafford Disaster Relief and Emergency Assistance Act, 42 U.S.C. 5133

• The National Flood Insurance Act, 42 U.S.C. 4104c

• Section 2003(a) of the Homeland Security Act of 2002 (6 U.S.C. 101 et seq.), as amended by Section 101, Title I of the Implementing Recommendations of the 9/11 Commission Act of 2007, (Pub. L. 110–053)

• Section 2004(a) of the Homeland Security Act of 2002 (6 U.S.C. 101 et seq.), as amended by Section 101, Title I of the Implementing Recommendations of the 9/11 Commission Act of 2007, (Pub. L. 110–053)

• Section 1809 of the Homeland Security Act of 2002 (6 U.S.C. 571 et seq.), as amended by Section 301(a), Title III of the Implementing Recommendations of the 9/11 Commission Act of 2007 (Pub. L. 110–053)

• The Post-Katrina Emergency Management Reform Act of 2006 (6 U.S.C. 723)

• Title III of Division D of the Consolidated Security, Disaster Assistance, and Continuing Appropriations Act, 2009 (Pub. L. 110–329)

• Section 614 of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5196c), as amended by Section 202, Title II of the Implementing Recommendations of the 9/11 Commission Act of 2007 (Pub. L. 110–053)

• Title III of Division E of the Consolidated Appropriations Act, 2008 (Pub. L. 110–161)

• Section 1406, Title XIV of the Implementing Recommendations of the 9/11 Commission Act of 2007 (Pub. L. 110–053)

• Section 1513, Title XV of the Implementing Recommendations of the 9/11 Commission Act of 2007 (Pub. L. 110–053)

• Section 1532(a), Title XV of the Implementing Recommendations of the 9/11 Commission Act of 2007 (Pub. L. 110–053)

• 46 U.S.C. 70107

• Federal Financial Assistance Management Improvement Act of 1999 (Pub. L. 106–107)

Purpose(s):

The purpose of this system is to assist in determining awards for both disaster and non-disaster grants and for the issuance of awarded funds and allow DHS to contact individuals to ensure completeness and accuracy of grants and applications.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

A. To the Department of Justice or other Federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body, when:

1. DHS or any component thereof;

2. Any employee of DHS in his/her official capacity;

3. Any employee of DHS in his/her individual capacity where DOJ or DHS has agreed to represent the employee; or

4. The United States or any agency thereof, is a party to the litigation or has an interest in such litigation, and DHS determines that the records are both relevant and necessary to the litigation and the use of such records is compatible with the purpose for which DHS collected the records.

B. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains.

C. To the National Archives and Records Administration or other Federal government agencies pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.

D. To an agency, organization, or individual for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.

E. To appropriate agencies, entities, and persons when:

1. DHS suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised;

2. The Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by DHS or another agency or entity) that rely upon the compromised information; and

3. The disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DHS's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

F. To contractors and their agents, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for DHS, when necessary to accomplish an agency function related to this system of records. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to DHS officers and employees.

G. To an appropriate Federal, State, tribal, local, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations and such disclosure is proper and consistent with the official duties of the person making the disclosure.

H. To an individual's employer or affiliated organization to the extent necessary to verify employment or membership status.

I. To the news media and the public, with the approval of the Chief Privacy Officer in consultation with counsel, when there exists a legitimate public interest in the disclosure of the information or when disclosure is necessary to preserve confidence in the integrity of DHS or is necessary to demonstrate the accountability of DHS's officers, employees, or individuals covered by the system, except to the extent it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.

Disclosure to Consumer Reporting Agencies:

None.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System:

Storage:

Records in this system are stored electronically or on paper in secure facilities in a locked drawer behind a locked door. The records are stored on magnetic disc, tape, digital media, and CD–ROM.

Retrievability:

Records may be retrieved by name of organization or contact person covered by this system.

Safeguards:

Records in this system are safeguarded in accordance with applicable rules and policies, including all applicable DHS automated systems security and access policies. Strict controls have been imposed to minimize the risk of compromising the information that is being stored. Access to the computer system containing the records in this system is limited to those individuals who have a need to know the information for the performance of their official duties and who have appropriate clearances or permissions. The system maintains a real-time auditing function of individuals who access the system. Additional safeguards may vary by component and program.

Retention and Disposal:

In accordance with the Federal records retention requirements, Grant administrative records and hard copies of unsuccessful grant applications files are destroyed when two years old (Government Records Schedule (GRS) No. 3, Procurement, Supply, and Grant Records, Item 14). Electronically received and processed copies of unsuccessful grant application files are destroyed three years after rejection or withdrawal (GRS No. 3, Procurement, Supply, and Grant Records, Item 13). Grant Project Records are maintained for three years after the end of the fiscal year that the grant or agreement is finalized or when no longer needed, whichever is sooner. These records are disposed of IAW FEMA Records Schedule N1–311–95–1, Item 1. Grant Final Reports are retired to the Federal Records Center three years after cutoff, and then transferred to National Archives 20 years after cutoff. These records are maintained IAW FEMA Records Schedule N1–311–95–1, Item 3. All other grant (both disaster and non disaster) records are maintained for six years and three months after the end of the fiscal year when grant or agreement is completed or closed. These records are disposed of according to IAW FEMA Records Schedule N1–311–95–1, Item 2; N1–311–01–8, Item 1; and N1–311–04–1, Item 1.

System Manager and Address:

Deputy Assistant Administrator, Grant Program Directorate, FEMA, 500 C Street, SW., Washington, DC 20472.

Notification Procedure:

Individuals or entities seeking notification of and access to any record contained in this system of records, or seeking to contest its content, may submit a request in writing to the component's FOIA Officer, whose contact information can be found at http://www.dhs.gov/foia under “contacts.” If an individual believes more than one component maintains Privacy Act records concerning him or her, the individual may submit the request to the Chief Privacy Officer, Department of Homeland Security, 245 Murray Drive, SW., STOP–0655, Washington, DC 20528.

When seeking records about yourself from this system of records or any other Departmental system of records, your request must conform with the Privacy Act regulations set forth in 6 CFR Part 5. You must first verify your identity, meaning that you must provide your full name, current address and date and place of birth. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. While no specific form is required, you may obtain forms for this purpose from the Director, Disclosure and FOIA, http://www.dhs.gov or 1–866–431–0486. In addition you should provide the following:

• An explanation of why you believe the Department would have information on you,

• Identify which component(s) of the Department you believe may have the information about you,

• Specify when you believe the records would have been created,

• Provide any other information that will help the FOIA staff determine which DHS component agency may have responsive records,

• If your request is seeking records pertaining to another living individual, you must include a statement from that individual certifying his/her agreement for you to access his/her records.

Without this bulleted information the component(s) will not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations.

Record Access Procedures:

See “Notification procedure” above.

Contesting Record Procedures:

See “Notification procedure” above.

Record Source Categories:

Records are obtained by grantees, applicants for award, and grant program monitors.

Exemptions Claimed for the System:

None.

[TOP]

DHS/FEMA–006

System name:

Citizen Corps Database.

Security classification:

Unclassified.

System location:

Records are maintained at the Federal Emergency Management Agency Headquarters in Washington, DC and field offices.

Categories of individuals covered by the system:

Categories of individuals covered by this system include individuals who express an interest in Citizen Corps programs or activities supporting State and Local governments which include the Community Emergency Response Teams (CERT), the Fire Corps, the Office of the Civilian Volunteer Medical Reserve Corps (MRC), the National Neighborhood Watch Program, the Volunteers in Police Service (VIPS), the Operation Terrorism Information and Prevention System (TIPS), the Corporation for National and Community Service (CNCS), and the Citizen Corps Council. Additionally, various State and Local Government Officials are covered by this system.

Categories of records in the system:

Categories of records in this system include:

• Individual's name;

• Mailing address;

• E-mail address;

• Phone number;

• Volunteer program area and type of interest;

• Date of expression of interest; and

• Emergency preparedness training information, such as; courses taken and dates of courses.

Authority for maintenance of the system:

Federal Records Act, 44 U.S.C. 3101; Section 2, Executive Order 13254, January, 29, 2002; 1998 Appropriations Act (Pub, L, 105–119); and the Homeland Security Act of 2002 (Pub. L. 107–296, Section 224.). Fiscal Year 2008 Consolidated Appropriations Act (Pub. L. 110–161).

Purpose(s):

The Citizen Corps, through its internet site at http://www.citizencorps.gov, allows individuals to indicate their interest in specific voluntary programs. Information concerning those desired activities is then disseminated by DHS/FEMA to the appropriate organization for further processing or response. The Citizen Corps coordinates efforts among several organizations, including the Community Emergency Response Teams (CERT), the Fire Corps, the Office of the Civilian Volunteer Medical Reserve Corps (MRC), the National Neighborhood Watch Program, the Volunteers in Police Service (VIPS), the Operation Terrorism Information and Prevention System (TIPS), the Corporation for National and Community Service (CNCS), and the Citizen Corps Council. In addition, these entities may express an interest in sharing their respective contact and similar information with other participants in these programs.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records of information contained in this system may be disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

A. To the Department of Justice or other Federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body, when it is necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation:

1. DHS or any component thereof;

2. Any employee of DHS in his/her official capacity;

3. Any employee of DHS in his/her individual capacity where DOJ or DHS has agreed to represent the employee; or

4. The United States or any agency thereof, is a party to the litigation or has an interest in such litigation, and DHS determines that the records are both relevant and necessary to the litigation and the use of such records is compatible with the purpose for which DHS collected the records.

B. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains.

C. To the National Archives and Records Administration or other Federal government agencies pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.

D. To an agency, organization, or individual for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.

E. To appropriate agencies, entities, and persons when:

1. DHS suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised;

2. The Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by DHS or another agency or entity) or harm to the individual who relies upon the compromised information; and

3. The disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DHS's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

F. To contractors and their agents, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for DHS, when necessary to accomplish an agency function related to this system of records. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to DHS officers and employees.

G. To an appropriate Federal, State, tribal, local, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations and such disclosure is proper and consistent with the official duties of the person making the disclosure.

H. To the USA Freedom Corps, Executive Office of the President.

I. To organizations or activities participating in the Citizen Corps Program if an individual has volunteered to assist this specific type of organization or activity.

Disclosure to consumer reporting agencies:

None.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

Records in this system are stored electronically or on paper in secure facilities in a locked drawer behind a locked door. The records are stored on magnetic disc, tape, digital media, and CD–ROM.

Retrievability:

Records may be retrieved by individual's name, mailing address, e-mail address, or volunteer program(s) in which the respondent indicates an interest.

Safeguards:

Records in this system are safeguarded in accordance with applicable rules and policies, including all applicable DHS automated systems security and access policies. Strict controls have been imposed to minimize the risk of compromising the information that is being stored. Access to the computer system containing the records in this system is limited to those individuals who have a need to know the information for the performance of their official duties and who have appropriate clearances or permissions.

Retention and disposal:

Routine correspondence with governors, mayors, and other State and local officials, as well as private citizens relating to FEMA programs will be destroyed when no longer needed in accordance with FEMA Records Schedule N1–311–86–1, Item 1B4. Records relating to establishment, organization, membership, and policy of external committees that are sponsored by FEMA, but have a membership including representatives from other Federal agencies, States, local governments, and/or public citizens are permanent and will be maintained in accordance with FEMA Records Schedule N1–311–97–2, Item 1.

System Manager and address:

Director, Office of Grants and Training, Federal Emergency Management Agency, 810 Seventh Street, NW., Washington, DC 20531.

Notification procedure:

Individuals seeking notification of and access to any record contained in this system of records, or seeking to contest its content, may submit a request in writing to FEMA's FOIA Officer, 500 C Street, SW., Attn: FOIA Coordinator, Washington, DC 20472.

When seeking records about yourself from this system of records or any other FEMA system of records your request must conform with the Privacy Act regulations set forth in 6 CFR part 5. You must first verify your identity, meaning that you must provide your full name, current address and date and place of birth. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. While no specific form is required, you may obtain forms for this purpose from the Director, Disclosure and FOIA, http://www.dhs.gov or 1–866–431–0486. In addition you should provide the following:

• An explanation of why you believe the Department would have information on you,

• Specify when you believe the records would have been created,

• If your request is seeking records pertaining to another living individual, you must include a statement from that individual certifying his/her agreement for you to access his/her records.

Without this bulleted information the FEMA may not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations.

Record access procedures:

See “Notification procedure” above.

Contesting record procedures:

See “Notification procedure” above.

Record source categories:

Records are generated by the individual and by DHS/FEMA based on individual's responses submitted via the Citizen Corps Web site.

Exemptions claimed for the system:

None.

[TOP]

Appendix A (1)—Addresses for FEMA Regional Offices

Region I—Regional Director, FEMA, 99 High Street, 6th Floor, Boston, MA 02110;

Region II—Regional Director, FEMA, 26 Federal Plaza, New York, NY 10278–0002;

Region III—Regional Director, FEMA, One Independence Mall, 615 Chestnut Street, Philadelphia, PA 19106–4404;

Region IV—Regional Director, FEMA, 3003 Chamblee-Tucker Road, Atlanta, GA 30341;

Region V—Regional Director, FEMA, 536 S. Clark Street, Chicago, IL 60605;

Region VI—Regional Director, FEMA, Federal Center, 800 North Loop 288 Denton, TX 76209;

Region VII—Regional Director, FEMA, 2323 Grand Boulevard, Kansas City, MO 64108–2670;

Region VIII—Regional Director, FEMA, Denver Federal Center, Building 710, Box 25267, Denver, CO 80225–0267;

Region IX—Regional Director, FEMA, 1112 Broadway St. Oakland, CA 94607;

Region X—Regional Director, FEMA, Federal Regional Center, 130 228th Street, SW., Bothell, WA 98021–9796.

[TOP]

Appendix A

Introduction to Routine Uses: Certain routine uses have been identified as being applicable to many of the FEMA systems of record notices. The specific routine uses applicable to an individual system of record notice will be listed under the "Routine Use" section of the notice itself and will correspond to the numbering of the routine uses published below. These uses are published only once in the interest of simplicity, economy and to avoid redundancy, rather than repeating them in every individual system notice.

1. Routine Use—Law Enforcement: A record from any FEMA system of records, which indicates either by itself or in combination with other information within FEMA's possession, a violation or potential violation of law, whether civil, criminal or regulatory in nature, and whether arising by general statute, or by regulation, rule or order issued pursuant thereto, may be disclosed, as a routine use, to the appropriate agency whether Federal, State, territorial, local or foreign, or foreign agency or professional organization charged with the responsibility of enforcing, or implementing, or investigating, or prosecuting such violation or charged with implementing the statute, rule, regulation or order issued pursuant thereto.

2. Routine Use—Disclosure When Requesting Information: A record from a FEMA system of records may be disclosed as a routine use to a Federal, State, or local agency maintaining civil, criminal, regulatory, licensing or other enforcement information or other pertinent information, such as current licenses, if necessary, to obtain information relevant to an agency decision concerning hiring or retention of an employee, issuance of a security clearance, letting of a contract, or issuance of a license, grant, or other benefit.

3. Routine Use—Disclosure of Requested Information: A record from a FEMA system of records may be disclosed to a Federal agency, in response to a written request in connection with hiring or retention of an employee, issuance of an investigation of an employee, letting of a contract, or issuance of a license, grant, or other benefit by the requesting agency, to the extent that the information is relevant and necessary to the requesting agency's decision on the matter.

4. Routine Use—Grievance, Complaint, Appeal: A record from a FEMA system of records may be disclosed to an authorized appeal or grievance examiner, formal complaints examiner, equal employment opportunity investigator, arbitrator, or other duly authorized official engaged in investigation or settlement of a grievance, complaint, or appeal filed by an employee. A record from this system of records may be disclosed to the Office of Personnel Management in accordance with that agency's responsibility for evaluation of Federal personnel management.

To the extent that official personnel records in the custody of FEMA are covered within systems of records published by the Office of Personnel Management as governmentwide records, those records will be considered as a part of that governmentwide system. Other official personnel records covered by notices published by FEMA and considered to be separate systems of records may be transferred to the Office of Personnel Management in accordance with official personnel programs and activities as a routine use.

5. Routine Use—Congressional Inquiries: A record from a FEMA system of records may be disclosed as a routine use to a Member of Congress or to a Congressional staff member in response to an inquiry of the Congressional office made at the direct, written request of the individual about whom the record is maintained.

6. Routine Use—Private Relief Legislation: The information contained in a FEMA system of records may be disclosed as a routine use to the Office of Management and Budget in connection with the review of private relief legislation as set forth in OMB Circular No. A-19 at any stage of the legislative coordination and clearance process as set forth in that circular.

7. Routine Use—Disclosure to the Office of Personnel Management: A record from a FEMA system of records may be disclosed to the Office of Personnel Management concerning information on pay and leave benefits, retirement deductions, and any other information concerning personnel actions.

8. Routine Use—Disclosure to National Archives and Records Administration: A record from a FEMA system of records may be disclosed as a routine use to the National Archives and Records Administration in records management inspections conducted under authority of 44 U.S.C. 2904 and 2906.

9. Routine Use—Grand Jury: A record from any system of records may be disclosed, as a routine use, to a grand jury agent pursuant to a Federal or State grand jury subpoena or to a prosecution request that such record be released for the purpose of its introduction to a grand jury.

[TOP]

Appendix AA

Addresses for FEMA Regional Offices:

Region I—Regional Director, Federal Emergency Management Agency, room 442, J.W. McCormack Post Office and Courthouse Building, Boston, MA 02109–4595;

Region II—Regional Director, Federal Emergency Management Agency, 26 Federal Plaza, room 1338, New York, NY 10278–0002;

Region III—Regional Director, Federal Emergency Management Agency, Liberty Square Building (Second Floor), 105 South Seventh Street, Philadelphia, PA 19106–3316;

Region IV—Regional Director, Federal Emergency Management Agency, 1371 Peachtree Street, NE., suite 700, Atlanta, GA 30309–3108;

Region V—Regional Director, Federal Emergency Management Agency, 175 West Jackson Blvd., 4th Floor, Chicago, IL 60604–2698;

Region VI—Regional Director, Federal Emergency Management Agency, Federal Regional Center, 800 North Loop 288, Denton, TX 76201-3698;

Region VII—Regional Director, Federal Emergency Management Agency, 2323 Grand Boulevard, room 900, Kansas City, MO 64108–2670;

Region VIII—Regional Director, Federal Emergency Management Agency, Denver Federal Center, Building 710, Box 25267, Denver, CO 80225–0267;

Region IX—Regional Director, Federal Emergency Management Agency, Building 105, Presidio of San Francisco, CA 94129–1250;

Region X—Regional Director, Federal Emergency Management Agency, Federal Regional Center, 130 228th Street SW., Bothell, WA 98021–9796.

[TOP]

Title 44—Emergency Management and Assistance

Chapter I—Federal Emergency Management Agency, Department of Homeland Security

PART 6—IMPLEMENTATION OF THE PRIVACY ACT OF 1974

Subpart A—General

Sec.

6.1 Purpose and scope of part.

6.2 Definitions.

6.3 Collection and use of information (Privacy Act statements).

6.4 Standards of accuracy.

6.5 Rules of conduct.

6.6 Safeguarding systems of records.

6.7 Records of other agencies.

6.8 Subpoena and other legal demands.

6.9 Inconsistent issuances of FEMA and/or its predecessor agencies superseded.

6.10 Assistance and referrals.

Subpart B—Disclosure of Records

6.20 Conditions of disclosure.

6.21 Procedures for disclosure.

6.22 Accounting of disclosures.

Subpart C—Individual Access to Records

6.30 Form of requests.

6.31 Special requirements for medical records.

6.32 Granting access.

6.33 Denials of access.

6.34 Appeal of denial of access within FEMA.

Subpart D—Requests To Amend Records

6.50 Submission of requests to amend records.

6.51 Review of requests to amend records.

6.52 Approval of requests to amend records.

6.53 Denial of requests to amend records.

6.54 Agreement to alternative amendments.

6.55 Appeal of denial of request to amend a record.

6.56 Statement of disagreement.

6.57 Judicial review.

Subpart E—Report on New Systems and Alterations of Existing Systems

6.70 Reporting requirement.

6.71 Federal Register notice of establishment of new system or alteration of existing system.

6.72 Effective date of new system of records or alteration of an existing system of records.

Subpart F—Fees

6.80 Records available at fee.

6.81 Additional copies.

6.82 Waiver of fee.

6.83 Prepayment of fees.

6.84 Form of payment.

6.85 Reproduction fees.

Subpart G—Exempt Systems of Records

6.86 General exemptions.

6.87 Specific exemptions.

Authority: 5 U.S.C. 552a; Reorganization Plan No. 3 of 1978; and E.O. 12127.

Source: 44 FR 50293, Aug. 27, 1979, unless otherwise noted.

Subpart A—General

Subpart A—General

§ 6.1 Purpose and scope of part.

This part sets forth policies and procedures concerning the collection, use and dissemination of records maintained by the Federal Emergency Management Agency (FEMA) which are subject to the provision of 5 U.S.C. 552a, popularly known as the “Privacy Act of 1974” (hereinafter referred to as the Act). These policies and procedures govern only those records as defined in § 6.2. Policies and procedures governing the disclosure and availability of records in general are in part 5 of this chapter. This part also covers: (a) Procedures for notification to individuals of a FEMA system of records pertaining to them; (b) guidance to individuals in obtaining information, including inspections of, and disagreement with, the content of records; (c) accounting of disclosure; (d) special requirements for medical records; and (e) fees.

§ 6.2 Definitions.

For the purpose of this part:

(a) Agency includes any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the Government (including the Executive Office of the President), or any independent regulatory agency (see 5 U.S.C. 552(e)).

(b) Individual means a citizen of the United States or an alien lawfully admitted for permanent residence.

(c) Maintain includes maintain, collect, use, and disseminate.

(d) Record means any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to those concerning education, financial transactions, medical history, and criminal or employment history, and that contains the name or other identifying particular assigned to the individual, such as a fingerprint, voiceprint, or photograph.

(e) System of records means a group of any records under the control of an agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identification assigned to that individual.

(f) Statistical record means a record in a system of records maintained for statistical research or reporting purposes only and not used in whole or in part in making any determination about an identifiable individual, except as provided by 13 U.S.C. 8.

(g) Routine use means, with respect to the disclosure of a record, the use of that record for a purpose which is compatible with the purpose for which it was collected.

(h) System manager means the employee of FEMA who is responsible for the maintenance of a system of records and for the collection, use, and dissemination of information therein.

(i) Subject individual means the individual named or discussed in a record of the individual to whom a record otherwise pertains.

(j) Disclosure means a transfer of a record, a copy of a record, or any or all of the information contained in a record to a recipient other than the subject individual, or the review of a record by someone other than the subject individual.

(k) Access means a transfer of a record, a copy of a record, or the information in a record to the subject individual, or the review of a record by the subject individual.

(l) Solicitation means a request by an officer or employee of FEMA that an individual provide information about himself or herself.

(m) Administrator means the Administrator, FEMA.

(n) Deputy Administrator means the Deputy Administrator, FEMA, or, in the case of the absence of the Deputy Administrator, or a vacancy in that office, a person designated by the Administrator to perform the functions under this regulation of the Deputy Administrator.

(o) Privacy Appeals Officer means the FOIA/Privacy Act Specialist or his/her designee.

[44 FR 50293, Aug. 27, 1979, as amended at 45 FR 17152, Mar. 18, 1980; 51 FR 34604, Sept. 30, 1986]

§ 6.3 Collection and use of information (Privacy Act statements).

(a) General. Any information used in whole or in part in making a determination about an individual's rights, benefits, or privileges under FEMA programs will be collected directly from the subject individual to the extent practicable. The system manager also shall ensure that information collected is used only in conformance with the provisions of the Act and these regulations.

(b) Solicitation of information. System managers shall ensure that at the time information is solicited the solicited individual is informed of the authority for collecting that information, whether providing the information is mandatory or voluntary, the purpose for which the information will be used, the routine uses to be made of the information, and the effects on the individual, if any, of not providing the information. The Director, Records Management Division, Office of Management and Regional Administrators shall ensure that forms used to solicit information are in compliance with the Act and these regulations.

(c) Solicitation of Social Security numbers. Before an employee of FEMA can deny to any individual a right, benefit, or privilege provided by law because such individual refuses to disclose his/her social security account number, the employee of FEMA shall ensure that either:

(1) The disclosure is required by Federal statute; or

(2) The disclosure of a social security number was required under a statute or regulation adopted before January 1, 1975, to verify the identity of an individual, and the social security number will become a part of a system of records in existence and operating before January 1, 1975.

If solicitation of the social security number is authorized under paragraph (c) (1) or (2) of this section, the FEMA employee who requests an individual to disclose the social security account number shall first inform that individual whether that disclosure is mandatory or voluntary, by what statutory or other authority the number is solicited, and the use that will be made of it.

(d) Soliciting information from third parties. An employee of FEMA shall inform third parties who are requested to provide information about another individual of the purposes for which the information will be used.

[44 FR 50293, Aug. 27, 1979, as amended at 47 FR 13149, Mar. 29, 1982; 48 FR 12091, Mar. 23, 1983; 50 FR 40006, Oct. 1, 1985]

§ 6.4 Standards of accuracy.

The system manager shall ensure that all records which are used by FEMA to make determinations about any individual are maintained with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to ensure fairness to the individual.

§ 6.5 Rules of conduct.

Employees of FEMA involved in the design, development, operation, or maintenance of any system of records or in maintaining any record, shall conduct themselves in accordance with the rules of conduct concerning the protection of personal information in § 3.25 of this chapter.

§ 6.6 Safeguarding systems of records.

(a) Systems managers shall ensure that appropriate administrative, technical, and physical safeguards are established to ensure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained.

(b) Personnel information contained in both manual and automated systems of records shall be protected by implementing the following safeguards:

(1) Official personnel folders, authorized personnel operating or work folders and other records of personnel actions effected during an employee's Federal service or affecting the employee's status and service, including information on experience, education, training, special qualification, and skills, performance appraisals, and conduct, shall be stored in a lockable metal filing cabinet when not in use by an authorized person. A system manager may employ an alternative storage system providing that it furnished an equivalent degree of physical security as storage in a lockable metal filing cabinet.

(2) System managers, at their discretion, may designate additional records of unusual sensitivity which require safeguards similar to those described in paragraph (a) of this section.

(3) A system manager shall permit access to and use of automated or manual personnel records only to persons whose official duties require such access, or to a subject individual or his or her representative as provided by this part.

§ 6.7 Records of other agencies.

If FEMA receives a request for access to records which are the primary responsibility of another agency, but which are maintained by or in the temporary possession of FEMA on behalf of that agency, FEMA will advise the requestor that the request has been forwarded to the responsible agency. Records in the custody of FEMA which are the primary responsibility of the Office of Personnel Management are governed by the rules promulgated by it pursuant to the Privacy Act.

§ 6.8 Subpoena and other legal demands.

Access to records in systems of records by subpoena or other legal process shall be in accordance with the provisions of part 5 of this chapter.

§ 6.9 Inconsistent issuances of FEMA and/or its predecessor agencies superseded.

Any policies and procedures in any issuances of FEMA or any of its predecessor agencies which are inconsistent with the policies and procedures in this part are superseded to the extent of that inconsistency.

§ 6.10 Assistance and referrals.

Requests for assistance and referral to the responsible system manager or other FEMA employee charged with implementing these regulations should be made to the Privacy Appeals Officer, Federal Emergency Management Agency, Washington, DC 20472.

[45 FR 17152, Mar. 18, 1980]

Subpart B—Disclosure of Records

§ 6.20 Conditions of disclosure.

No employee of FEMA shall disclose any record to any person or to another agency without the express written consent of the subject individual unless the disclosure is:

(a) To officers or employees of FEMA who have a need for the information in the official performance of their duties;

(b) Required by the provisions of the Freedom of Information Act, 5 U.S.C. 552.

(c) For a routine use as published in the notices in the Federal Register;

(d) To the Bureau of the Census for use pursuant to title 13, United States Code;

(e) To a recipient who has provided FEMA with advance adequate written assurance that the record will be used solely as a statistical research or reporting record subject to the following: The record shall be transferred in a form that is not individually identifiable. The written statement should include as a minimum (1) a statement of the purpose for requesting the records; and (2) certification that the records will be used only for statistical purposes. These written statements should be maintained as accounting records. In addition to deleting personal identifying information from records released for statistical purposes, the system manager shall ensure that the identity of the individual cannot reasonably be deduced by combining various statistical records;

(f) To the National Archives of the United States as a record which has sufficient historical or other value to warrant its continued preservation by the United States Government, or for evaluation by the Administrator of The National Archives and Records Administration or his designee to determine whether the record has such value;

(g) To another agency or instrumentality of any governmental jurisdiction within or under the control of the United States for civil or criminal law enforcement activity, if the activity is authorized by law, and if the head of the agency or instrumentality or his designated representative has made a written request to the Administrator specifying the particular portion desired and the law enforcement activity for which the record is sought;

(h) To a person showing compelling circumstances affecting the health and safety of an individual to whom the record pertains. (Upon such disclosure, a notification must be sent to the last known address of the subject individual.)

(i) To either House of Congress or to a subcommittee or committee (joint or of either House, to the extent that the subject matter falls within their jurisdiction;

(j) To the Comptroller General or any duly authorized representatives of the Comptroller General in the course of the performance of the duties of the Government Accountability Office; or

(k) Pursuant to the order of a court of competent jurisdiction.

(l) To consumer reporting agencies as defined in the Fair Credit Reporting Act (35 U.S.C. 1681a(f) or the Debt Collection Act of 1982 (31 U.S.C. 3711(d)(4)).

[44 FR 50293, Aug. 27, 1979, as amended at 48 FR 44543, Sept. 29, 1983; 50 FR 40006, Oct. 1, 1985]

§ 6.21 Procedures for disclosure.

(a) Upon receipt of a request for disclosure, the system manager shall verify the right of the requestor to obtain disclosure pursuant to § 6.20. Upon that verification and subject to other requirements of this part, the system manager shall make the requested records available.

(b) If the system manager determines that the disclosure is not permitted under the provisions of § 6.20 or other provisions of this part, the system manager shall deny the request in writing and shall inform the requestor of the right to submit a request for review and final determination to the Administrator or designee.

§ 6.22 Accounting of disclosures.

(a) Except for disclosures made pursuant to § 6.20 (a) and (b), an accurate accounting of each disclosure shall be made and retained for 5 years after the disclosure or for the life of the record, whichever is longer. The accounting shall include the date, nature, and purpose of each disclosure, and the name and address of the person or agency to whom the disclosure is made;

(b) The system manager also shall maintain in conjunction with the accounting of disclosures;

(1) A full statement of the justification for the disclosure.

(2) All documentation surrounding disclosure of a record for statistical or law enforcement purposes; and

(3) Evidence of written consent to a disclosure given by the subject individual.

(c) Except for the accounting of disclosures made to agencies or instrumentalities in law enforcement activities in accordance with § 6.20 (g) or of disclosures made from exempt systems the accounting of disclosures shall be made available to the individual upon request. Procedures for requesting access to the accounting are in subpart C of this part.

Subpart C—Individual Access to Records

§ 6.30 Form of requests.

(a) An individual who seeks access to his or her record or to any information pertaining to the individual which is contained in a system of records should notify the system manager at the address indicated in the Federal Register notice describing the pertinent system. The notice should bear the legend “Privacy Act Request” both on the request letter and on the envelope. It will help in the processing of a request if the request letter contains the complete name and identifying number of the system as published in the Federal Register; the full name and address of the subject individual; a brief description of the nature, time, place, and circumstances of the individual's association with FEMA; and any other information which the individual believes would help the system manager to determine whether the information about the individual is included in the system of records. The system manager shall answer or acknowledge the request within 10 workdays of its receipt by FEMA.

(b) The system manager, at his discretion, may accept oral requests for access subject to verification of identity.

§ 6.31 Special requirements for medical records.

(a) A system manager who receives a request from an individual for access to those official medical records which belong to the U.S. Office of Personnel Management and are described in Chapter 339, Federal Personnel Manual (medical records about entrance qualifications or fitness for duty, or medical records which are otherwise filed in the Official Personnel Folder), shall refer the pertinent system of records to a Federal Medical Officer for review and determination in accordance with this section. If no Federal Medical Officer is available to make the determination required by this section, the system manager shall refer the request and the medical reports concerned to the Office of Personnel Management for determination.

(b) If, in the opinion of a Federal Medical Officer, medical records requested by the subject individual indicate a condition about which a prudent physician would hesitate to inform a person suffering from such a condition of its exact nature and probable outcome, the system manager shall not release the medical information to the subject individual nor to any person other than a physician designated in writing by the subject individual, or the guardian or conservator of the individual.

(c) If, in the opinion of a Federal Medical Officer, the medical information does not indicate the presence of any condition which would cause a prudent physician to hesitate to inform a person suffering from such a condition of its exact nature and probable outcome, the system manager shall release it to the subject individual or to any person, firm, or organization which the individual authorizes in writing to receive it.

§ 6.32 Granting access.

(a) Upon receipt of a request for access to non-exempt records, the system manager shall make these records available to the subject individual or shall acknowledge the request within 10 workdays of its receipt by FEMA. The acknowledgment shall indicate when the system manager will make the records available.

(b) If the system manager anticipates more than a 10 day delay in making a record available, he or she also shall include in the acknowledgment specific reasons for the delay.

(c) If a subject individual's request for access does not contain sufficient information to permit the system manager to locate the records, the system manager shall request additional information from the individual and shall have 10 workdays following receipt of the additional information in which to make the records available or to acknowledge receipt of the request and indicate when the records will be available.

(d) Records will be available for authorized access during normal business hours at the offices where the records are located. A requestor should be prepared to identify himself or herself by signature; i.e., to note by signature the date of access and/or produce other identification verifying the signature.

(e) Upon request, a system manager shall permit an individual to examine the original of a non-exempt record, shall provide the individual with a copy of the record, or both. Fees shall be charged in accordance with subpart F.

(f) An individual may request to pick up a record in person or to receive it by mail, directed to the name and address provided by the individual in the request. A system manager shall not make a record available to a third party for delivery to the subject individual except for medical records as outlined in § 6.31.

(g) An individual who selects another person to review, or to accompany the individual in reviewing or obtaining a copy of the record must, prior to the disclosure, sign a statement authorizing the disclosure of the record. The system manager shall maintain this statement with the record.

(h) The procedure for access to an accounting of disclosure is identical to the procedure for access to a record as set forth in this section.

§ 6.33 Denials of access.

(a) A system manager may deny an individual access to that individual's record only upon the grounds that FEMA has published the rules in the Federal Register exempting the pertinent system of records from the access requirement. These exempt systems of records are described in subpart G of this part.

(b) Upon receipt of a request for access to a record which the system manager believes is contained within an exempt system of records he or she shall forward the request to the appropriate official listed below or to his or her delegate through normal supervisory channels.

(1) Deputy Administrators.

(2) [Reserved]

(3) Federal Insurance Administrator.

(4) Assistant Administrators.

(5) United States Fire Administrator.

(6) Chief of Staff.

(7) Office Directors.

(8) Chief Counsel.

(9) [Reserved]

(10) Chief Financial Officer.

(11) Regional Administrators.

(c) In the event that the system manager serves in one of the positions listed in paragraph (b) of this section, he or she shall retain the responsibility for denying or granting the request.

(d) The appropriate official listed in paragraph (b) of this section shall, in consultation with the Office of Chief Counsel and such other officials as deemed appropriate, determine if the request record is contained within an exempt system of records and:

(1) If the record is not contained within an exempt system of records, the above official shall notify the system manager to grant the request in accordance with § 6.32, or

(2) If the record is contained within an exempt system said official shall;

(i) Notify the requestor that the request is denied, including a statement justifying the denial and advising the requestor of a right to judicial review of that decision as provided in § 6.57, or

(ii) Notify the system manager to make record available to the requestor in accordance with § 6.31, notwithstanding the record's inclusion within an exempt system.

(e) The appropriate official listed in paragraph (b) of this section shall provide the Privacy Appeals Office with a copy of any denial of a requested access.

[44 FR 50293, Aug. 27, 1979, as amended at 48 FR 44543, Sept. 29, 1983; 50 FR 40006, Oct. 1, 1985; 51 FR 34604, Sept. 30, 1986; 74 FR 15334, Apr. 3, 2009]

§ 6.34 Appeal of denial of access within FEMA.

A requestor denied access in whole or in part, to records pertaining to that individual, exclusive of those records for which the system manager is the Administrator, may file an administrative appeal of that denial. Appeals of denied access will be processed in the same manner as processing for appeals from a denial of a request to amend a record set out in § 6.55, regardless whether the denial being appealed is made at headquarters or by a regional official.

Subpart D—Requests To Amend Records

§ 6.50 Submission of requests to amend records.

An individual who desires to amend any record containing personal information about the individual should direct a written request to the system manager specified in the pertinent Federal Register notice concerning FEMA's systems of records. A current FEMA employee who desires to amend personnel records should submit a written request to the Director, Human Capital Division, Washington, DC 20472. Each request should include evidence of and justification for the need to amend the pertinent record. Each request should bear the legend “Privacy Act—Request to Amend Record” prominently marked on both the face of the request letter and the envelope.

§ 6.51 Review of requests to amend records.

(a) The system manager shall acknowledge the receipt of a request to amend a record within 10 workdays. If possible, the acknowledgment shall include the system manager's determination either to amend the record or to deny the request to amend as provided in § 6.53.

(b) When reviewing a record in response to a request to amend, the system manager shall assess the accuracy, relevance, timeliness, and completeness of the existing record in light of the proposed amendment and shall determine whether the request for the amendment is justified. With respect to a request to delete information, the system manager also shall review the request and the existing record to determine whether the information is relevant and necessary to accomplish an agency purpose required to be accomplished by statute or Executive Order.

§ 6.52 Approval of requests to amend records.

If the system manager determines that amendment of a record is proper in accordance with the request to amend, he or she promptly shall make the necessary corrections to the record and shall send a copy of the corrected record to the individual. Where an accounting of disclosure has been maintained, the system manager shall advise all previous recipients of the record of the fact that a correction has been made and the substance of the correction. Where practicable, the system manager shall advise the Privacy Appeals Officer that a request to amend has been approved.

§ 6.53 Denial of requests to amend records.

(a) If the system manager determines that an amendment of a record is improper or that the record should be amended in a manner other than that requested by an individual, he shall refer the request to amend and his determinations and recommendations to the appropriate official listed in § 6.33(b) through normal supervisory channels.

(b) If the official listed in § 6.33, after reviewing the request to amend a record, determines to amend the record in accordance with the request, said official promptly shall return the request to the system manager with instructions to make the requested amendments in accordance with § 6.52.

(c) If the appropriate official listed in § 6.33, after reviewing the request to amend a record, determines not to amend the record in accordance with the request, the requestor shall be promptly advised in writing of the determination. The refusal letter (1) shall state the reasons for the denial of the request to amend; (2) shall include proposed alternative amendments, if appropriate; (3) shall state the requestor's right to appeal the denial of the request to amend; and (4) shall state the procedures for appealing and the name and title of the official to whom the appeal is to be addressed.

(d) The appropriate official listed in § 6.33 shall furnish the Privacy Appeals Officer a copy of each initial denial of a request to amend a record.

[44 FR 50293, Aug. 27, 1979, as amended at 45 FR 17152, Mar. 18, 1980]

§ 6.54 Agreement to alternative amendments.

If the denial of a request to amend a record includes proposed alternative amendments, and if the requestor agrees to accept them, he or she must notify the official who signed the denial. That official immediately shall instruct the system manager to make the necessary amendments in accordance with § 6.52.

§ 6.55 Appeal of denial of request to amend a record.

(a) A requestor who disagrees with a denial of a request to amend a record may file an administrative appeal of that denial. The requestor should address the appeal to the FEMA Privacy Appeals Officer, Washington, DC 20472. If the requestor is an employee of FEMA and the denial to amend involves a record maintained in the employee's Official Personnel Folder covered by an Office of Personnel Management Government-wide system notice, the appeal should be addressed to the Assistant Director, Information Systems, Agency Compliance and Evaluation Group, Office of Personnel Management, Washington, DC 20415.

(b) Each appeal to the Privacy Act Appeals Officer shall be in writing and must be received by FEMA no later than 30 calendar days from the requestor's receipt of a denial of a request to amend a record. The appeal should bear the legend “Privacy Act—Appeal,” both on the face of the letter and the envelope.

(c) Upon receipt of an appeal, the Privacy Act Appeals Officer shall consult with the system manager, the official who made the denial, the Chief Counsel or a member of that office, and such other officials as may be appropriate. If the Privacy Act Appeals Officer in consultation with these officials, determines that the record should be amended, as requested, the system manager shall be instructed immediately to amend the record in accordance with § 6.52 and shall notify the requestor of that action.

(d) If the Privacy Act Appeals Officer, in consultation with the officials specified in paragraph (c) of this section, determines that the appeal should be rejected, the Privacy Act Appeals Officer shall submit the file on the request and appeal, including findings and recommendations, to the Deputy Administrator for a final administrative determination.

(e) If the Deputy Administrator determines that the record should be amended as requested, he or she immediately shall instruct the system manager in writing to amend the record in accordance with § 6.52. The Deputy Administrator shall send a copy of those instructions to the Privacy Act Appeals Officer, who shall notify the requester of that action.

(f) If the Deputy Administrator determines to reject the appeal, the requestor shall immediately be notified in writing of that determination. This action shall constitute the final administrative determination on the request to amend the record and shall include:

(1) The reasons for the rejection of the appeal.

(2) Proposed alternative amendments, if appropriate, which the requestor subsequently may accept in accordance with § 6.54.

(3) Notice of the requestor's right to file a Statement of Disagreement for distribution in accordance with § 6.56.

(4) Notice of the requestor's right to seek judicial review of the final administrative determination, as provided in § 6.57.

(g) The final agency determination must be made no later than 30 workdays from the date on which the appeal is received by the Privacy Act Appeals Officer.

(h) In extraordinary circumstances, the Administrator may extend this time limit by notifying the requestor in writing before the expiration of the 30 workdays. The Administrator's notification will include a justification for the extension.

[44 FR 50293, Aug. 27, 1979, as amended at 45 FR 17152, Mar. 18, 1980]

§ 6.56 Statement of disagreement.

Upon receipt of a final administrative determination denying a request to amend a record, the requestor may file a Statement of Disagreement with the appropriate system manager. The Statement of Disagreement should include an explanation of why the requestor believes the record to be inaccurate, irrelevant, untimely, or incomplete. The system manager shall maintain the Statement of Disagreement in conjunction with the pertinent record, and shall include a copy of the Statement of Disagreement in any disclosure of the pertinent record. The system manager shall provide a copy of the Statement of Disagreement to any person or agency to whom the record has been disclosed only if the disclosure was subject to the accounting requirements of § 6.22.

§ 6.57 Judicial review.

Within 2 years of receipt of a final administrative determination as provided in § 6.34 or § 6.55, a requestor may seek judicial review of that determination. A civil action must be filed in the Federal District Court in which the requestor resides or has his or her principal place of business or in which the agency records are situated, or in the District of Columbia.

Subpart E—Report on New Systems and Alterations of Existing Systems

§ 6.70 Reporting requirement.

(a) No later than 90 calendar days prior to the establishment of a new system of records, the prospective system manager shall notify the Privacy Appeals Officer of the proposed new system. The prospective system manager shall include with the notification a completed FEMA Form 11–2, System of Records Covered by the Privacy Act of 1974, and a justification for each system of records proposed to be established. If the Privacy Appeals Officer determines that the establishment of the proposed system is in the best interest of the Government, then no later than 60 calendar days prior to the establishment of that system of records, a report of the proposal shall be submitted by the Administrator or a designee thereof, to the President of the Senate, the Speaker of the House of Representatives, and the Administrator, Office of Information and Regulatory Affairs, Office of Management and Budget for their evaluation of the probable or potential effect of that proposal on the privacy and other personal or property rights of individuals.

(b) No later than 90 calendar days prior to the alteration of a system of records, the system manager responsible for the maintenance of that system of records shall notify the Privacy Appeals Officer of the proposed alteration. The system manager shall include with the notification a completed FEMA Form 11–2. System of Records Covered by the Privacy Act of 1974, and a justification for each system of records he proposes to alter. If it is determined that the proposed alteration is in the best interest of the Government, then, the Administrator, or a designee thereof, shall submit, no later than 60 calendar days prior to the establishment of that alteration, a report of the proposal to the President of the Senate, the Speaker of the House of Representatives, and the Administrator, Office of Information and Regulatory Affairs, Office of Management and Budget for their evaluation of the probable or potential effect of that proposal on the privacy and other personal or property rights of individuals.

(c) The reports required by this regulation are exempt from reports control.

(d) The Administrator, Office of Information and Regulatory Affairs, Office of Management and Budget may waive the time requirements set out in this section upon a finding that a delay in the establishing or amending the system would not be in the public interest and showing how the public interest would be adversely affected if the waiver were not granted and otherwise complying with OMB Circular A–130.

[44 FR 50293, Aug. 27, 1979, as amended at 45 FR 17152, Mar. 18, 1980; 51 FR 34604, Sept. 30, 1986]

§ 6.71 Federal Register notice of establishment of new system or alteration of existing system.

Notice of the proposed establishment or alteration of a system of records shall be published in the Federal Register, in accordance with FEMA procedures when:

(a) Notice is received that the Senate, the House of Representatives, and the Office of Management and Budget do not object to the establishment of a new system or records or to the alteration of an existing system of records, or

(b) No fewer than 30 calendar days elapse from the date of submission of the proposal to the Senate, the House of Representatives, and the Office of Management and Budget without receipt of an objection to the proposal. The notice shall include all of the information required to be provided in FEMA Form 11–2, System of Records Covered by the Privacy Act of 1974, and such other information as the Administrator deems necessary.

§ 6.72 Effective date of new system of records or alteration of an existing system of records.

Systems of records proposed to be established or altered in accordance with the provisions of this subpart shall be effective no sooner than 30 calendar days from the publication of the notice required by § 6.71.

Subpart F—Fees

§ 6.80 Records available at fee.

The system manager shall provide a copy of a record to a requestor at a fee prescribed in § 6.85 unless the fee is waived under § 6.82.

[44 FR 50293, Aug. 27, 1979, as amended at 45 FR 17152, Mar. 18, 1980]

§ 6.81 Additional copies.

A reasonable number of additional copies shall be provided for the applicable fee to a requestor who indicates that he has no access to commercial reproduction services.

§ 6.82 Waiver of fee.

The system manager shall make one copy of a record, up to 300 pages, available without charge to a requestor who is an employee of FEMA. The system manager may waive the fee requirement for any other requestor if the cost of collecting the fee is an unduly large part of, or greater than, the fee, or when furnishing the record without charge conforms to generally established business custom or is in the public interest.

[44 FR 50287, Aug. 27, 1979, as amended at 52 FR 13679, Apr. 24, 1987]

§ 6.83 Prepayment of fees.

(a) When FEMA estimates or determines that allowable charges that a requester may be required to pay are likely to exceed $250.00, FEMA may require a requester to make an advance payment of the entire fee before continuing to process the request.

(b) When a requester has previously failed to pay a fee charged in a timely fashion (i.e., within 30 days of the date of the billing), FEMA may require the requester to pay the full amount owed plus any applicable interest as provided in § 6.85(d), and to make an advance payment of the full amount of the estimated fee before the agency begins to process a new request or a pending request from that requester.

(c) When FEMA acts under § 5.44 (a) or (b), the administrative time limits prescribed in subsection (a)(6) of the FOIA (i.e., 10 working days from the receipt of initial requests and 20 working days from receipt of appeals from initial denial, plus permissible extensions of these time limits) will begin only after FEMA has received fee payments described under § 5.44 (a) or (b).

[52 FR 13679, Apr. 24, 1987]

§ 6.84 Form of payment.

Payment shall be by check or money order payable to The Federal Emergency Management Agency and shall be addressed to the system manager.

§ 6.85 Reproduction fees.

(a) Duplication costs. (1) For copies of documents reproduced on a standard office copying machine in sizes up to 8½ x 14 inches, the charge will be $.15 per page.

(2) The fee for reproducing copies of records over 8½ x 14 inches or whose physical characteristics do not permit reproduction by routine electrostatic copying shall be the direct cost of reproducing the records through Government or commercial sources. If FEMA estimates that the allowable duplication charges are likely to exceed $25, it shall notify the requester of the estimated amount of fees, unless the requester has indicated in advance his/her willingness to pay fees as high as those anticipated. Such a notice shall offer a requester the opportunity to confer with agency personnel with the objective of reformulating the request to meet his/her needs at a lower cost.

(3) For other methods of reproduction or duplication, FEMA shall charge the actual direct costs of producing the document(s). If FEMA estimates that the allowable duplication charges are likely to exceed $25, it shall notify the requester of the estimated amount of fees, unless the requester has indicated in advance his/her willingness to pay fees as high as those anticipated. Such a notice shall offer a requester the opportunity to confer with agency personnel with the objective of reformulating the request to meet his/her needs at a lower cost.

(b) Interest may be charge to those requesters who fail to pay fees charged. FEMA may begin assessing interest charges on the amount billed starting on the 31st day following the day on which the billing was sent. Interest will be at the rate prescribed in section 3717 of title 31 U.S.C.

[52 FR 13679, Apr. 24, 1987]

Subpart G—Exempt Systems of Records

§ 6.86 General exemptions.

(a) Whenever the Administrator, Federal Emergency Management Agency, determines it to be necessary and proper, with respect to any system of records maintained by the Federal Emergency Management Agency, to exercise the right to promulgate rules to exempt such systems in accordance with the provisions of 5 U.S.C. 552a (j) and (k), each specific exemption, including the parts of each system to be exempted, the provisions of the Act from which they are exempted, and the justification for each exemption shall be published in the Federal Register as part of FEMA's Notice of Systems of Records.

(b) Exempt under 5 U.S.C. 552a(j)(2) from the requirements of 5 U.S.C. 552a(c) (3) and (4), (d), (e) (1), (2), (3), (e)(4) (G), (H), and (I), (e) (5) and (8) (f) and (g) of the Privacy Act.

(1) Exempt systems. The following systems of records, which contain information of the type described in 5 U.S.C. 552(j)(2), shall be exempt from the provisions of 5 U.S.C. 552a listed in paragraph (b) of this section.

General Investigative Files (FEMA/IG–2)—Limited Access

(2) Reasons for exemptions. (i) 5 U.S.C. 552a (e)(4)(G) and (f)(1) enable individuals to be notified whether a system of records contains records pertaining to them. The Federal Emergency Management Agency believes that application of these provisions to the above-listed system of records would give individuals an opportunity to learn whether they are of record either as suspects or as subjects of a criminal investigation; this would compromise the ability of the Federal Emergency Management Agency to complete investigations and identify or detect violators of laws administered by the Federal Emergency Management Agency or other Federal agencies. Individuals would be able (A) to take steps to avoid detection, (B) to inform co-conspirators of the fact that an investigation is being conducted, (C) to learn the nature of the investigation to which they are being subjected, (D) to learn the type of surveillance being utilized, (E) to learn whether they are only suspects or identified law violators, (F) to continue to resume their illegal conduct without fear of detection upon learning that they are not in a particular system of records, and (G) to destroy evidence needed to prove the violation.

(ii) 5 U.S.C. 552a (d)(1), (e)(4)(H) and (f)(2), (3) and (5) enable individuals to gain access to records pertaining to them. The Federal Emergency Management Agency believes that application of these provisions to the above-listed system of records would compromise its ability to complete or continue criminal investigations and to detect or identify violators of laws administered by the Federal Emergency Management Agency or other Federal agencies. Permitting access to records contained in the above-listed system of records would provide individuals with significant information concerning the nature of the investigation, and this could enable them to avoid detection or apprehension in the following ways:

(A) By discovering the collection of facts which would form the basis for their arrest, (B) by enabling them to destroy evidence of criminal conduct which would form the basis for their arrest, and (C) by learning that the criminal investigators had reason to believe that a crime was about to be committed, they could delay the commission of the crime or change the scene of the crime to a location which might not be under surveillance. Granting access to ongoing or closed investigative files would also reveal investigative techniques and procedures, the knowledge of which could enable individuals planning criminal activity to structure their future operations in such a way as to avoid detection or apprehension, thereby neutralizing law enforcement officers' established investigative tools and procedures. Further, granting access to investigative files and records could disclose the identity of confidential sources and other informers and the nature of the information which they supplied, thereby endangering the life or physical safety of those sources of information by exposing them to possible reprisals for having provided information relating to the criminal activities of those individuals who are the subjects of the investigative files and records; confidential sources and other informers might refuse to provide criminal investigators with valuable information if they could not be secure in the knowledge that their identities would not be revealed through disclosure of either their names or the nature of the information they supplied, and this would seriously impair the ability of the Federal Emergency Management Agency to carry out its mandate to enforce criminal and related laws. Additionally, providing access to records contained in the above-listed system of records could reveal the identities of undercover law enforcement personnel who compiled information regarding individual's criminal activities, thereby endangering the life or physical safety of those undercover personnel or their families by exposing them to possible reprisals.

(iii) 5 U.S.C. 552a(d) (2), (3) and (4), (e)(4)(H) and (f)(4), which are dependent upon access having been granted to records pursuant to the provisions cited in paragraph (b)(2)(ii) of this section, enable individuals to contest (seek amendment to) the content of records contained in a system of records and require an agency to note an amended record and to provide a copy of an individual's statement (of disagreement with the agency's refusal to amend a record) to persons or other agencies to whom the record has been disclosed. The Federal Emergency Management Agency believes that the reasons set forth in paragraph (b)(2)(ii) of this section are equally applicable to this paragraph and, accordingly, those reasons are hereby incorporated herein by reference.

(iv) 5 U.S.C. 552a(c)(3) requires that an agency make accountings of disclosures of records available to individuals named in the records at their request; such accountings must state the date, nature and purpose of each disclosure of a record and the name and address of the recipient. The Federal Emergency Management Agency believes that application of this provision to the above-listed system of records would impair the ability of other law enforcement agencies to make effective use of information provided by the Federal Emergency Management Agency in connection with the investigation, detection and apprehension of violators of the criminal laws enforced by those other law enforcement agencies. Making accountings of disclosure available to violators or possible violators would alert those individuals to the fact that another agency is conducting an investigation into their criminal activities, and this could reveal the geographic location of the other agency's investigation, the nature and purpose of that investigation, and the dates on which that investigation was active. Violators possessing such knowledge would thereby be able to take appropriate measures to avoid detection or apprehension by altering their operations, by transferring their criminal activities to other geographic areas or by destroying or concealing evidence which would form the basis for their arrest. In addition, providing violators with accountings of disclosure would alert those individuals to the fact that the Federal Emergency Management Agency has information regarding their criminal activities and could inform those individuals of the general nature of that information; this, in turn, would afford those individuals a better opportunity to take appropriate steps to avoid detection or apprehension for violations of criminal and related laws.

(v) 5 U.S.C. 552a(c)(4) requires that an agency inform any person or other agency about any correction or notation of dispute made by the agency in accordance with 5 U.S.C. 552a(d) of any record that has been disclosed to the person or agency if an accounting of the disclosure was made. Since this provision is dependent on an individual's having been provided an opportunity to contest (seek amendment to) records pertaining to him/her, and since the above-listed system of records is proposed to be exempt from those provisions of 5 U.S.C. 552a relating to amendments of records as indicated in paragraph (b)(2)(iii) of this section, the Federal Emergency Management Agency believes that this provision should not be applicable to the above system of records.

(vi) 5 U.S.C. 552a(e)(4)(I) requires that an agency publish a public notice listing the categories of sources for information contained in a system of records. The categories of sources of this system of records have been published in the Federal Register in broad generic terms in the belief that this is all that subsection (e)(4)(I) of the Act requires. In the event, however, that this subsection should be interpreted to require more detail as to the identity of sources of the records in this system, exemption from this provision is necessary in order to protect the confidentiality of the sources of criminal and other law enforcement information. Such exemption is further necessary to protect the privacy and physical safety of witnesses and informants.

(vii) 5 U.S.C. 552a(e)(1) requires that an agency maintain in its records only such information about an individual as is relevant and necessary to accomplish a purpose of the agency required to be accomplished by statute or executive order. The term maintain as defined in 5 U.S.C. 552a(a)(3) includes “collect” and “disseminate.” At the time that information is collected by the Federal Emergency Management Agency, there is often insufficient time to determine whether the information is relevant and necessary to accomplish a purpose of the Federal Emergency Management Agency; in many cases information collected may not be immediately susceptible to a determination of whether the information is relevant and necessary, particularly in the early stages of an investigation, and in many cases, information which initially appears to be irrelevant or unnecessary may, upon further evaluation or upon continuation of the investigation, prove to have particular relevance to an enforcement program of the Federal Emergency Management Agency. Further, not all violations of law discovered during a criminal investigation fall within the investigative jurisdiction of the Federal Emergency Management Agency; in order to promote effective law enforcement, it often becomes necessary and desirable to disseminate information pertaining to such violations to other law enforcement agencies which have jurisdiction over the offense to which the information relates. The Federal Emergency Management Agency should not be placed in a position of having to ignore information relating to violations of law not within its jurisdiction when that information comes to the attention of the Federal Emergency Management Agency through the conduct of a lawful FEMA investigation. The Federal Emergency Management Agency, therefore, believes that it is appropriate to exempt the above-listed system of records from the provisions of 5 U.S.C. 552a(e)(1).

(viii) 5 U.S.C. 552a(e)(2) requires that an agency collect information to the greatest extent practicable directly from the subject individual when the information may result in adverse determinations about an individual's rights, benefits, and privileges under Federal programs. The Federal Emergency Management Agency believes that application of this provision to the above-listed system of records would impair the ability of the Federal Emergency Management Agency to conduct investigations and to identify or detect violators of criminal or related laws for the following reasons:

(A) Most information collected about an individual under criminal investigations is obtained from third parties such as witnesses and informers, and it is usually not feasible to rely upon the subject of the investigation as a source for information regarding his/her criminal activities, (B) an attempt to obtain information from the subject of a criminal investigation will often alert that individual to the existence of an investigation, thereby affording the individual an opportunity to attempt to conceal his/her criminal activities so as to avoid apprehension, (C) in certain instances, the subject of a criminal investigation is not required to supply information to criminal investigators as a matter of legal duty, and (D) during criminal investigations it is often a matter of sound investigative procedures to obtain information from a variety of sources in order to verify information already obtained.

(ix) 5 U.S.C. 552a(e)(3) requires that an agency inform each individual whom it asks to supply information, either on the form which the agency uses to collect the information or on a separate form which can be retained by the individual, with the following information: The authority which authorizes the solicitation of the information and whether disclosure of such information is mandatory or voluntary; the principal purposes for which the information is intended to be used; the routine uses which may be made of the information; and the effects on the individual of not providing all or part of the requested information. The Federal Emergency Management Agency believes that the above-listed system of records should be exempted from this provision in order to avoid adverse effects on its ability to identify or detect violators of criminal or related laws. In many cases, information is obtained by confidential sources, other informers or undercover law enforcement officers under circumstances where it is necessary that the true purpose of their actions be kept secret so as to avoid alerting the subject of the investigation or his/her associates that a criminal investigation is in process. Further, if it became known that the undercover officer was assisting in a criminal investigation, that officer's life or physical safety could be endangered through reprisal, and, under such circumstances it may not be possible to continue to utilize that officer in the investigation. In many cases, individuals, for personal reasons, would feel inhibited in talking to a person representing a criminal law enforcement agency but would be willing to talk to a confidential source or undercover officer who they believe is not involved in law enforcement activities. In addition, providing a source of information with written evidence that he was a source, as required by this provision, could increase the likelihood that the source of information would be the subject of retaliatory action by the subject of the investigation. Further, application of this provision could result in an unwarranted invasion of the personal privacy of the subject of the criminal investigation, particularly where further investigation would result in a finding that the subject was not involved in any criminal activity.

(x) 5 U.S.C. 552a(e)(5) requires that an agency maintain all records used by the agency in making any determination about any individual with such accuracy, relevance, timeliness and completeness as is reasonably necessary to assure fairness to the individual in the determination. Since 5 U.S.C. 552a(a)(3) defines “maintain” to include “collect” and “disseminate,” application of this provision to the above-listed system of records would hinder the initial collection of any information which could not, at the moment of collection, be determined to be accurate, relevant, timely and complete. Similarly, application of this provision would seriously restrict the necessary flow of information from the Federal Emergency Management Agency to other law enforcement agencies when a FEMA investigation revealed information pertaining to a violation of law which was under investigative jurisdiction of another agency. In collecting information during the course of a criminal investigation, it is not possible or feasible to determine accuracy, relevance, timeliness or completeness prior to collection of the information; in disseminating information to other law enforcement agencies it is often not possible to determine accuracy, relevance, timeliness or completeness prior to dissemination because the disseminating agency may not have the expertise with which to make such determinations. Further, information which may initially appear to be inaccurate, irrelevant, untimely or incomplete may, when gathered, grouped, and evaluated with other available information, become more pertinent as an investigation progresses. In addition, application of this provision could seriously impede criminal investigators and intelligence analysts in the exercise of their judgment in reporting on results obtained during criminal investigations. The Federal Emergency Management Agency believes that it is appropriate to exempt the above-listed system of records from the provisions of 5 U.S.C. 552a(e)(5).

(xi) 5 U.S.C. 552a(e)(8) requires that an agency make reasonable effort to serve notice on an individual when any record on the individual is made available to any person under compulsory legal process when such process becomes a matter of public record. The Federal Emergency Management Agency believes that the above-listed system of records should be exempt from this provision in order to avoid revealing investigative techniques and procedures outlined in those records and in order to prevent revelation of the existence on an on-going investigation where there is a need to keep the existence of the investigation secret.

(xii) 5 U.S.C. 552a(g) provides civil remedies to an individual for an agency's refusal to amend a record or to make a review of a request for amendment; for an agency's refusal to grant access to a record; for an agency's failure to maintain accurate, relevant, timely and complete records which are used to make a determination which is adverse to the individual; and for an agency's failure to comply with any other provision of 5 U.S.C. 552a in such a way as to have an adverse effect on an individual. The Federal Emergency Management Agency believes that the above-listed system of records should be exempted from this provision to the extent that the civil remedies provided therein may relate to provisions of 5 U.S.C. 552a from which the above-listed system of records is proposed to be exempt. Since the provisions of 5 U.S.C. 552a enumerated in paragraphs (b)(2)(i) through (xi) of this section are proposed to be inapplicable to the above-listed systems of records for the reasons stated therein, there should be no corresponding civil remedies for failure to comply with the requirements of those provisions to which the exemption is proposed to apply. Further, the Federal Emergency Management Agency believes that application of this provision to the above-listed system of records would adversely affect its ability to conduct criminal investigations by exposing to civil court action every stage of the criminal investigative process in which information is compiled or used in order to identify, detect, or otherwise investigate persons suspected or known to be engaged in criminal conduct.

(xiii) Individuals may not have access to another agency's records, which are contained in files maintained by the Federal Emergency Management Agency, when that other agency's regulations provide that such records are subject to general exemption under 5 U.S.C. 552a(j). If such exempt records are within a request for access, FEMA will advise the individual of their existence and of the name and address of the source agency. For any further information concerning the record and the exemption, the individual must contact that source agency.

[45 FR 64580, Sept. 30, 1980]

§ 6.87 Specific exemptions.

(a) Exempt under 5 U.S.C. 552a(k)(1). The Administrator, Federal Emergency Management Agency has determined that certain systems of records may be exempt from the requirements of (c)(3) and (d) pursuant to 5 U.S.C. 552a(k)(1) to the extent that the system contains any information properly classified under Executive Order 12356 or any subsequent Executive order and which are required to be kept secret in the interest of national defense or foreign policy. To the extent that this occurs, such records in the following systems would be exempt:

Claims (litigation) (FEMA/GC–1)—Limited Access

FEMA Enforcement (Compliance) (FEMA/GC–2)—Limited Access

General Investigative Files (FEMA/IG–1)—Limited Access

Security Management Information System (FEMA/SEC–1)—Limited Access

(b) Exempt under 5 U.S.C. 552a(k)(2) from the requirements of 5 U.S.C. 552a (c)(3), (d), (e)(1), (e)(4) (G), (H), and (I), and (f). The Federal Emergency Management Agency will not deny individuals access to information which has been used to deny them a right, privilege, or benefit to which they would otherwise be entitled.

(1) Exempt systems. The following systems of records, which contain information of the type described in 5 U.S.C. 552a(k)(2), shall be exempt from the provisions of 5 U.S.C. 552a(k)(2) listed in paragraph (b) of this section.

Claims (litigation) (FEMA/GC–1)—Limited Access

FEMA Enforcement (Compliance) (FEMA/GC–2)—Limited Access

General Investigative Files (FEMA/IG–1)—Limited Access

Equal Employment Opportunity Complaints of Discrimination Files (FEMA/PER–2)—Limited Access

(2) Reasons for exemptions. (i) 5 U.S.C. 552a (e)(4)(G) and (f)(1) enable individuals to be notified whether a system of records contains records pertaining to them. The Federal Emergency Management Agency believes that application of these provisions to the above-listed systems of records would impair the ability of FEMA to successfully complete investigations and inquiries of suspected violators of civil and criminal laws and regulations under its jurisdiction. In many cases investigations and inquiries into violations of civil and criminal laws and regulations involve complex and continuing patterns of behavior. Individuals, if informed, that they have been identified as suspected violators of civil or criminal laws and regulations, would have an opportunity to take measures to prevent detection of illegal action so as to avoid prosecution or the imposition of civil sanctions. They would also be able to learn the nature and location of the investigation or inquiry, the type of surveillance being utilized, and they would be able to transmit this knowledge to co-conspirators. Finally, violators might be given the opportunity to destroy evidence needed to prove the violation under investigation or inquiry.

(ii) 5 U.S.C. 552a (d)(1), (e)(4)(H) and (f)(2), (3) and (5) enable individuals to gain access to records pertaining to them. The Federal Emergency Management Agency believes that application of these provisions to the above-listed systems of records would impair its ability to complete or continue civil or criminal investigations and inquiries and to detect violators of civil or criminal laws. Permitting access to records contained in the above-listed systems of records would provide violators with significant information concerning the nature of the civil or criminal investigation or inquiry. Knowledge of the facts developed during an investigation or inquiry would enable violators of criminal and civil laws and regulations to learn the extent to which the investigation or inquiry has progressed, and this could provide them with an opportunity to destroy evidence that would form the basis for prosecution or the imposition of civil sanctions. In addition, knowledge gained through access to investigatory material could alert a violator to the need to temporarily postpone commission of the violation or to change the intended point where the violation is to be committed so as to avoid detection or apprehension. Further, access to investigatory material would disclose investigative techniques and procedures which, if known, could enable violators to structure their future operations in such a way as to avoid detection or apprehension, thereby neutralizing investigators' established and effective investigative tools and procedures. In addition, investigatory material may contain the identity of a confidential source of information or other informer who would not want his/her identity to be disclosed for reasons of personal privacy or for fear of reprisal at the hands of the individual about whom he/she supplied information. In some cases mere disclosure of the information provided by an informer would reveal the identity of the informer either through the process of elimination or by virtue of the nature of the information supplied. If informers cannot be assured that their identities (as sources for information) will remain confidential, they would be very reluctant in the future to provide information pertaining to violations of criminal and civil laws and regulations, and this would seriously compromise the ability of the Federal Emergency Management Agency to carry out its mission. Further, application of 5 U.S.C. 552a (d)(1), (e)(4)(H) and (f)(2), (3) and (5) to the above-listed systems of records would make available attorney's work product and other documents which contain evaluations, recommendations, and discussions of on-going civil and criminal legal proceedings; the availability of such documents could have a chilling effect on the free flow of information and ideas within the Federal Emergency Management Agency which is vital to the agency's predecisional deliberative process, could seriously prejudice the agency's or the Government's position in a civil or criminal litigation, and could result in the disclosure of investigatory material which should not be disclosed for the reasons stated above. It is the belief of the Federal Emergency Management Agency that, in both civil actions and criminal prosecutions, due process will assure that individuals have a reasonable opportunity to learn of the existence of, and to challenge, investigatory records and related materials which are to be used in legal proceedings.

(iii) 5 U.S.C. 552a (d)(2), (3) and (4), (e)(4)(H) and (f)(4) which are dependent upon access having been granted to records pursuant to the provisions cited in paragraph (b)(2)(ii) of this section, enable individuals to contest (seek amendment to) the content of records contained in a system of records and require an agency to note an amended record and to provide a copy of an individual's statement (of disagreement with the agency's refusal to amend a record) to persons or other agencies to whom the record has been disclosed. The Federal Emergency Management Agency believes that the reasons set forth in paragraphs (b)(2)(i) of this section are equally applicable to this paragraph, and, accordingly, those reasons are hereby incorporated herein by reference.

(iv) 5 U.S.C. 552a(c)(3) requires that an agency make accountings of disclosures of records available to individuals named in the records at their request; such accountings must state the date, nature, and purpose of each disclosure of a record and the name and address of the recipient. The Federal Emergency Management Agency believes that application of this provision to the above-listed systems of records would impair the ability of the Federal Emergency Management Agency and other law enforcement agencies to conduct investigations and inquiries into civil and criminal violations under their respective jurisdictions. Making accountings available to violators would alert those individuals to the fact that the Federal Emergency Management Agency or another law enforcement authority is conducting an investigation or inquiry into their activities, and such accountings could reveal the geographic location of the investigation or inquiry, the nature and purpose of the investigation or inquiry and the nature of the information disclosed, and the date on which that investigation or inquiry was active. Violators possessing such knowledge would thereby be able to take appropriate measures to avoid detection or apprehension by altering their operations, transferring their activities to other locations or destroying or concealing evidence which would form the basis for prosecution or the imposition of civil sanctions.

(v) 5 U.S.C. 552a(e)(1) requires that an agency maintain in its records only such information about an individual as is relevant and necessary to accomplish a purpose of the agency required to be accomplished by statute or executive order. The term maintain as defined in 5 U.S.C. 552a(a)(3) includes “collect” and “disseminate.” At the time that information is collected by the Federal Emergency Management Agency there is often insufficient time to determine whether the information is relevant and necessary to accomplish a purpose of the Federal Emergency Management Agency; in many cases information collected may not be immediately susceptible to a determination of whether the information is relevant and necessary, particularly in the early stages of investigation or inquiry, and in many cases information which initially appears to be irrelevant or unnecessary may, upon further evaluation or upon continuation of the investigation or inquiry, prove to have particular relevance to an enforcement program of the Federal Emergency Management Agency. Further, not all violations of law uncovered during a Federal Emergency Management Agency inquiry fall within the civil or criminal jurisdiction of the Federal Emergency Management Agency; in order to promote effective law enforcement, it often becomes necessary and desirable to disseminate information pertaining to such violations to other law enforcement agencies which have jurisdiction over the offense to which the information relates. The Federal Emergency Management Agency should not be placed in a position of having to ignore information relating to violations of law not within its jurisdiction when that information comes to the attention of the Federal Emergency Management Agency through the conduct of a lawful FEMAs civil or criminal investigation or inquiry. The Federal Emergency Management Agency therefore believes that it is appropriate to exempt the above-listed systems of records from the provisions of 5 U.S.C. 552a(e)(1).

(c) Exempt under 5 U.S.C. 552a(k)(5). The Administrator, Federal Emergency Management Agency has determined that certain systems of records are exempt from the requirements of (c)(3) and (d) of 5 U.S.C. 552a.

(1) Exempt systems. The following systems of records, which contain information of the type described in 5 U.S.C. 552a(k)(5), shall be exempted from the provisions of 5 U.S.C. 552a listed in paragraph (c) of this section.

Claims (litigation) (FEMA/GC–1)—Limited Access

FEMA Enforcement (Compliance) (FEMA/GC–2)—Limited Access

General Investigative Files (FEMA/IG–2)—Limited Access

Security Management Information Systems (FEMA/SEC–1)—Limited Access

(2) Reasons for exemptions. All information about individuals in these records that meet the criteria stated in 5 U.S.C. 552a(k)(5) is exempt from the requirements of 5 U.S.C. 552a (c)(3) and (d). These provisions of the Privacy Act relate to making accountings of disclosure available to the subject and access to and amendment of records. These exemptions are claimed because the system of records entitled, FEMA/SEC–1, Security Management Information System, contains investigatory material compiled solely for the purpose of determining suitability, eligibility, or qualifications for access to classified information or classified Federal contracts, but only to the extent that the disclosure would reveal the identity of a source who furnished information to the Government under an express promise or, prior to September 27, 1975, under an implied promise that the identity of the source would be held in confidence. During the litigation process and investigations, it is possible that certain records from the system of records entitled, FEMA/SEC–1, Security Management System may be necessary and relevant to the litigation or investigation and included in these systems of records. To the extent that this occurs, the Administrator, FEMA, has determined that the records would also be exempted from subsections (c)(3) and (d) pursuant to 5 U.S.C. 552a(k)(5) to protect such records. A determination will be made at the time of the request for a record concerning whether specific information would reveal the identity of a source. This exemption is required in order to protect the confidentiality of the sources of information compiled for the purpose of determining access to classified information. This confidentiality helps maintain the Government's continued access to information from persons who would otherwise refuse to give it.

[45 FR 64580, Sept. 30, 1980, as amended at 47 FR 54816, Dec. 6, 1982; 52 FR 5114, Feb. 19, 1987]

[TOP]