Federal & State Lawfederalstatelaw.com
Home/Federal/Federal Register/2022-02950
Notice2022-02950

Privacy Act of 1974; System of Records

Primary source

Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.

Published
February 10, 2022
Effective
March 14, 2022

Issuing agencies

Homeland Security Department

Abstract

In accordance with the Privacy Act of 1974, the U.S. Department of Homeland Security (DHS) proposes to modify an existing system of records titled, "DHS/Federal Emergency Management Agency (FEMA)-008 Disaster Recovery Assistance Files." This system of records describes DHS/FEMA's collection and maintenance of records on applicants for its Disaster Assistance programs that provide financial and other tangible assistance to survivors of presidentially declared disasters or emergencies. DHS/FEMA is modifying this system of records notice (SORN) to include: (1) Updating the system location; (2) clarifying the purpose of the SORN; (3) updating the categories of records; (4) updating the routine uses; (5) changing the retention and disposal schedule of records; and (6) updating record source categories. Additionally, this notice includes non-substantive changes to simplify the formatting and text of the previously published notice. This updated system will be included in DHS's inventory of record systems.

Full Text

<html>
<head>
<title>Federal Register, Volume 87 Issue 28 (Thursday, February 10, 2022)</title>
</head>
<body><pre>
[Federal Register Volume 87, Number 28 (Thursday, February 10, 2022)]
[Notices]
[Pages 7852-7858]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2022-02950]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

[Docket No. FEMA-2022-0009]


Privacy Act of 1974; System of Records

AGENCY: Federal Emergency Management Agency, U.S. Department of 
Homeland Security.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the U.S. 
Department of Homeland Security (DHS) proposes to modify an existing 
system of records titled, ``DHS/Federal Emergency Management Agency 
(FEMA)-008 Disaster Recovery Assistance Files.'' This system of records 
describes DHS/FEMA's collection and maintenance of records on 
applicants for its Disaster Assistance programs that provide financial 
and other tangible assistance to survivors of presidentially declared 
disasters or emergencies. DHS/FEMA is modifying this system of records 
notice (SORN) to include: (1) Updating the system location; (2) 
clarifying the purpose of the SORN; (3) updating the categories of 
records; (4) updating the routine uses; (5) changing the retention and 
disposal schedule of records; and (6) updating record source 
categories. Additionally, this notice includes non-substantive changes 
to simplify the formatting and text of the previously published notice. 
This updated system will be included in DHS's inventory of record 
systems.

DATES: Submit comments on or before March 14, 2022. This modified 
system will be effective upon publication. New and modified routine 
uses will become effective March 14, 2022.

ADDRESSES: You may submit comments, identified by docket number FEMA-
2022-0009 by one of the following methods:
    <bullet> Federal e-Rulemaking Portal: <a href="https://www.regulations.gov">https://www.regulations.gov</a>. 
Follow the instructions for submitting comments.
    <bullet> Fax: 202-343-4010.
    <bullet> Mail: Lynn Parker Dupree, Chief Privacy Officer, Privacy 
Office, U.S. Department of Homeland Security, Washington, DC 20528-
0655.
    Instructions: All submissions received must include the agency name 
and docket number FEMA-2022-0009. All comments received will be posted 
without change to <a href="https://www.regulations.gov">https://www.regulations.gov</a>, including any personal 
information provided.
    Docket: For access to the docket to read background documents or 
comments received, go to <a href="https://www.regulations.gov">https://www.regulations.gov</a>.

FOR FURTHER INFORMATION CONTACT: For general questions, please contact: 
Tammi Hines, (202) 212-5100, <a href="/cdn-cgi/l/email-protection#5016151d117d002239263133291036353d317e3438237e373f26"><span class="__cf_email__" data-cfemail="6a2c2f272b473a18031c0b09132a0c0f070b440e0219440d051c">[email&#160;protected]</span></a>, Senior Director 
for Information Management, Federal Emergency Management Agency, U.S. 
Department of Homeland Security, Washington, DC 20528. For privacy 
questions, please contact: Lynn Parker Dupree, (202) 343-1717, 
<a href="/cdn-cgi/l/email-protection#10406279667173695078613e7478633e777f66"><span class="__cf_email__" data-cfemail="e1b1938897808298a18990cf858992cf868e97">[email&#160;protected]</span></a>, Chief Privacy Officer, Privacy Office, U.S. 
Department of Homeland Security, Washington, DC 20528-0655.

SUPPLEMENTARY INFORMATION:

I. Background

    In accordance with the Privacy Act, this modified system of records 
notice is being published because the Federal Emergency Management 
Agency (FEMA) collects, maintains, uses, retrieves, and disseminates 
personally identifiable information of individuals who apply for FEMA 
disaster assistance when a Presidential disaster declaration or 
emergency has occurred or may be imminent. FEMA's applicant records 
included in this system may contain income information, insurance 
information, housing inspection reports, and correspondence notations 
about various types of assistance, including information about appeals, 
recovery of disaster assistance funds, and other related information.
    The purpose of this system of records is to: Facilitate 
registration for FEMA's disaster assistance programs; correspond with 
applicants; verify Individuals and Households Program (IHP) Assistance 
applicant information; determine the eligibility of applicants; and 
focus, direct, and refer applicants to all sources of disaster 
assistance. Additional purposes include: Preventing a duplication of 
federal government efforts and benefits, identifying the misuse of 
disaster assistance, identifying disaster assistance provided in error, 
identifying and preventing possible fraudulent activity in anticipation 
of or after a presidentially declared major disaster or emergency, and 
assessing FEMA's disaster assistance programs for equality, equity, and 
customer satisfaction. The information contained in this system may 
also be used to identify and implement measures to reduce future 
disaster damage. To accomplish these purposes, FEMA may maintain 
investigative summary reports in this system of records to support the 
recoupment, appeals, and oral hearing processes.
    FEMA is updating the SORN to reflect the following changes. First, 
the system location has been updated to broadly reflect the location of 
the records at the FEMA Headquarters in Washington, DC, FEMA Regional 
Offices, Joint Field Offices, National Processing Service Centers, and 
Disaster Recovery Centers. In addition, electronic records stored in 
the system are maintained at the FEMA Data Center at Bluemont, 
Virginia, and at the DHS Data Center 2 in Clarksville, Virginia. 
Second, the categories of records have been updated and consolidated in 
favor of a more comprehensive list of data elements collected from 
Individual Assistance applicants. The categories of records also 
include investigative summary reports compiled through internal FEMA 
investigations or other DHS/FEMA programs, as well as records of 
assistance provided under the FEMA National Flood Insurance Program 
(NFIP). These reports were added to further support FEMA actions during 
the recoupment, appeals, and oral hearing processes in order to recover 
disaster assistance funds, as mandated by the Stafford Act, 42 U.S.C. 
5155, and 44 CFR secs. 206.116 and 206.191. The National Flood 
Insurance Program records were added to prevent a duplication of 
benefits between National Flood Insurance Program and the Group Flood 
Insurance Policy provided under Other Needs Assistance (ONA). Third, 
the purpose of the system is being updated to support FEMA efforts to 
prevent fraud, waste, and abuse by verifying applicant account and 
identity information and identifying assistance provided in error, 
funds spent inappropriately by the applicant, or misuse of disaster 
assistance. Fourth, FEMA is adding and modifying several routine uses. 
Routine Use E is being modified and Routine Use F is being added to 
conform to Office of Management and Budget Memorandum M-17-12 regarding 
breach notification and investigation. Routine Use I is revised to 
provide added clarity on how states and other entities involved in 
emergency response efforts request FEMA information. Routine Use K is 
added to permit verification of billing records as proof of disaster-
related expenses incurred. Routine Use M is modified to incorporate 
information sharing with the Department of Treasury's Bureau of Fiscal 
Services to verify applicant identity and account information as a 
fraud prevention measure and for the Treasury's Do Not Pay Working 
System, established

[[Page 7853]]

pursuant to Section 5 of the Improper Payments Elimination and Recovery 
Improvement Act (IPERIA) of 2012, which determines federal eligibility 
for disbursement of payments by checking death records, federal debt 
records, and lists of sanctioned individuals. Routine Use P is revised 
to include disclosure of information to the Oral Hearing Official. 
Routine Use T is added to allow investigation summary reports, which 
may contain third party personally identifiable information, to be 
shared with the individual survivor involved in the recoupment, 
appeals, and oral hearing processes. Routine Use U is added to reflect 
the FEMA Administrator's statutory authority under 6 U.S.C. 728 to 
disclose survivor data to a federal, state, local, territorial, or 
tribal law enforcement agency in order to identify illegal conduct or 
address public safety or security issues, including compliance with sex 
offender notification laws, in the event of circumstances requiring an 
evacuation, sheltering, or mass relocation. Routine Use V is added to 
reflect disclosure of information for the safety of individuals in FEMA 
temporary housing or sheltering during a declared public health 
emergency. Routine Use W is added to reflect information sharing with 
state, local, territorial, and tribal government and private entities 
to verify applicant identity and account information as a fraud 
prevention measure. Fifth, a National Archives and Records 
Administration (NARA) authority retention schedule is added for 
investigative summary reports. Finally, the record source categories 
are updated to include the sources for the investigation summary 
reports. Additionally, this notice includes non-substantive changes to 
simplify the formatting and text of the previously published notice.
    Consistent with DHS's information sharing mission, information 
stored in the DHS/FEMA-008 Disaster Recovery Assistance Files System of 
Records may be shared with other DHS components that have a need to 
know the information to carry out their national security, law 
enforcement, immigration, intelligence, or other homeland security 
functions. In addition, DHS/FEMA may share information with appropriate 
federal, state, local, tribal, territorial, foreign, or international 
government agencies consistent with the routine uses set forth in this 
system of records notice.
    This modified system will be included in DHS's inventory of record 
systems.

II. Privacy Act

    The fair information practice principles found in the Privacy Act 
underpin the statutory framework governing the means by which federal 
government agencies collect, maintain, use, and disseminate 
individuals' records. The Privacy Act applies to information that is 
maintained in a ``system of records.'' A ``system of records'' is a 
group of any records under the control of an agency from which 
information is retrieved by the name of an individual or by some 
identifying number, symbol, or other identifying particular assigned to 
the individual. In the Privacy Act, individuals are defined as U.S. 
citizens and lawful permanent residents. Additionally, the Judicial 
Redress Act (JRA) provides covered persons with a statutory right to 
make requests for access and amendment to covered records, as defined 
by the Judicial Redress Act, along with judicial review for denials of 
such requests. In addition, the Judicial Redress Act prohibits 
disclosures of covered records, except as otherwise permitted by the 
Privacy Act.
    Below is the description of the DHS/FEMA-008 Disaster Recovery 
Assistance Files System of Records.
    In accordance with 5 U.S.C. 552a(r), DHS has provided a report of 
this system of records to the Office of Management and Budget and to 
Congress.

SYSTEM NAME AND NUMBER:
    Department of Homeland Security (DHS)/Federal Emergency Management 
Agency (FEMA)-008 Disaster Recovery Assistance Files System of Records.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Records are maintained at the FEMA Headquarters in Washington, DC; 
FEMA Regional Offices; Joint Field Offices; National Processing Service 
Centers; Disaster Recovery Centers; and the DHS/FEMA data centers 
located in Bluemont, Virginia, and Clarksville, Virginia.

SYSTEM MANAGER(S):
    Division Director, Individual Assistance Division, (202) 646-3642, 
<a href="/cdn-cgi/l/email-protection#7610131b171e071f1710041918021910101f15133610131b1758121e0558111900"><span class="__cf_email__" data-cfemail="b8deddd5d9d0c9d1d9decad7d6ccd7deded1dbddf8deddd5d996dcd0cb96dfd7ce">[email&#160;protected]</span></a>, Federal Emergency Management Agency, 
500 C Street SW, Washington, DC 20472.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Robert T. Stafford Disaster Relief and Emergency Assistance Act 
(the Stafford Act), Public Law 93-288, as amended (42 U.S.C. secs. 
5121-5207); 6 U.S.C. secs. 728, 776, 777, and 795; the Debt Collection 
Improvement Act of 1996, 31 U.S.C. secs. 3325(d) and 7701(c)(1); the 
Government Performance and Results Act, Public Law 103-62, as amended; 
Executive Order 13411; and Executive Order 12862.

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system is to register applicants seeking 
disaster assistance from FEMA both after a Presidential disaster 
declaration or emergency and when a declaration may be imminent, but 
not yet declared; to verify Individuals and Households Program 
applicant information; determine eligibility of applicants; to 
correspond with, focus, direct, and refer applicants to available 
sources of disaster assistance; and to inspect damaged property. 
Additional purposes include: To identify and implement measures to 
reduce future disaster damage; to prevent or correct a duplication of 
federal government efforts and benefits; to identify possible 
fraudulent activity after a presidentially declared disaster or 
emergency; to identify assistance provided in error, funds spent 
inappropriately by the applicant, or misuse of disaster assistance; and 
to assess the customer satisfaction of FEMA disaster assistance 
applicants.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    All individuals and their household members who apply for or 
express interest in applying for FEMA disaster assistance following a 
presidentially declared major disaster or emergency (Note: FEMA will 
accept applications from any individual; however, an individual must 
self-certify as a U.S. citizen, non-citizen national, or qualified non-
citizen to meet the eligibility requirements for Individuals and 
Households Program Assistance). Individuals also include those who 
apply for or express interest in non-FEMA assistance programs in order 
to facilitate a duplication of benefits check or determination of unmet 
needs.

CATEGORIES OF RECORDS IN THE SYSTEM:
    (a) Registration and Assistance Records
    <bullet> Disaster number;
    <bullet> FEMA Registration ID/Occupant ID;
    <bullet> Applicant/co-applicant information:
    [cir] Full name;
    [cir] Social Security number or A-number;
    [cir] Citizenship status;
    [cir] Signature;
    [cir] Date of birth;

[[Page 7854]]

    [cir] Phone numbers;
    [cir] Email addresses;
    [cir] Mailing addresses;
    [cir] Position title and number of years;
    [cir] Employer name;
    [cir] Language(s) spoken;
    [cir] Number of dependents claimed;
    [cir] User ID;
    [cir] Password; and
    [cir] Personal Identification Number (PIN).
    <bullet> Witness name and signature;
    <bullet> Damaged dwelling:
    [cir] Addresses of the damaged dwelling and the applicant's current 
location (if other than the damaged dwelling);
    [cir] County;
    [cir] Geospatial location of dwelling;
    [cir] Phone numbers; and
    [cir] Information related to residence (accessibility, type, own/
rent, damage sustained).
    <bullet> Disaster-related expenses;
    <bullet> Emergency needs (e.g., food, clothing, shelter);
    <bullet> Disability-related needs and accommodations (e.g., sign 
language interpreter, Assistive Listening Device, braille, wheelchair 
access, mobility, mental, hearing, vision, other needs and 
accommodations);
    <bullet> Occupant and household information (for all occupants at 
the time of disaster):
    [cir] Name (first name, middle initial, last name);
    [cir] Age;
    [cir] Relationship to applicant;
    [cir] Dependent? (Yes/No);
    [cir] Sex;
    [cir] Pre- and post-disaster income information of occupants 18 
years of age or older; and
    [cir] Tribal Membership Status (if applicable).
    <bullet> Business damage:
    [cir] Self-employment is primary income? (Yes/No); and
    [cir] Business or rental property affected? (Yes/No).
    <bullet> Authorization for electronic funds transfer of benefits:
    [cir] Institution name;
    [cir] Account type; and
    [cir] Account number and routing number.
    <bullet> Comments and correspondence from the applicant;
    <bullet> Supporting documents that show proof of occupancy or 
ownership of a dwelling and/or verify identity. This includes but is 
not limited to:
    [cir] Driver's license;
    [cir] State/Federal issued photo identification;
    [cir] Mortgage payment receipts;
    [cir] Real property insurance;
    [cir] Tax receipts or property tax bill;
    [cir] Property title;
    [cir] Contract for deed;
    [cir] Voter registration card;
    [cir] Death certificate and will; and/or
    [cir] Maintenance receipts.
    <bullet> Public records information for identity verification;
    <bullet> Pre-registration questionnaire information;
    <bullet> Disaster loan status (i.e., rejected, approved, declined, 
verified, cancelled);
    <bullet> Travel and accommodations related information (e.g., 
flight information, travel assistance needs, companion information);
    <bullet> Information related to determining eligibility for 
assistance, including date of the disaster, application status, 
insurance information, types and amount of damage to the dwelling, 
supporting documentation (e.g., death certificates, invoices, receipts, 
and documentation to support accommodations or access and functional 
need requests and repairs) and results of the home inspection 
(including inspector's notes and determination);
    <bullet> Landowner's or landlord's information (in cases where FEMA 
is placing a manufactured housing unit on the individual's land or for 
other temporary housing assistance):
    [cir] Name;
    [cir] Address;
    [cir] Phone number; and
    [cir] Signature.
    <bullet> Correspondence and documentation related to determining 
eligibility and appropriate housing unit size, type, and location for 
temporary housing assistance, including general correspondence; 
complaints; requests for disbursement of payments; inquiries from 
tenants and landlords; information related to household access and 
functional needs; general administrative and fiscal information; 
payment schedules and forms; termination notices; information shared 
with the temporary housing program staff from other agencies to prevent 
the duplication of benefits; leases; contracts; specifications for 
repair of disaster damaged residences; reasons for revocation or denial 
of aid; sales information related to occupant purchase of housing 
units; and the status or disposition of housing applications;
    <bullet> Recoupment, appeals and/or arbitration (oral hearings) of 
such determinations;
    <bullet> Notice of Potential Debt Letter;
    <bullet> Notations and reports of decisions for disaster or similar 
financial awards and assistance from other FEMA Programs, federal and 
state agencies, insurance companies, employers, banks, financial, 
power/utility companies, health care providers, safety/rescue services, 
and public or private entities as they relate to determinations of 
applicants' eligibility for Individuals and Households Program disaster 
assistance; and
    <bullet> Unsolicited information concerning an individual's 
suspected or actual exposure to illness during a public health 
emergency, including, but not limited to quarantine or isolation 
orders.
    (b) Inspection Reports:
    <bullet> Inspection reports contain applicants' personally 
identifiable information (as outlined above) and results of assessments 
of damaged real property; personal property; and goods, which may 
include: descriptions and photographic images of an applicant's home 
and personal items; video and/or audio of the inspection conducted on 
the home; and notations of cleaning, sanitizing, and debris removal by 
contractors and partnering agencies. Inspection reports may also 
include Inspector ID.
    (d) Assistance from Other Sources:
    <bullet> Other files independently kept by the state, territory, 
tribe, local government, voluntary agency, or other source of 
assistance that contain records of persons who request disaster aid, 
including for the ``Other Needs'' assistance provision of the 
Individuals and Households Program administrative files and reports 
required by FEMA. The states, territories, tribes, local governments, 
voluntary agencies, and other sources of assistance keep the same type 
of information about individuals as described above under registration, 
inspection, and temporary housing assistance records.
    <bullet> Records of assistance from the FEMA National Flood 
Insurance Program to avoid duplication of benefits (name, address, 
disaster assistance coverage required code, policy number, policy 
number, policy effective date, policy coverage building, policy 
coverage contents, new policy date, and expiration date).
    (f) Customer service survey responses
    <bullet> Demographic information (race, ethnicity, religion, 
gender, sex, nationality, age, disability, English proficiency, 
economic status, income level, marital status); and
    <bullet> Responses to customer service and customer satisfaction 
survey questions.
    (g) Investigation results that may contain the name and address of 
the applicants to support recoupment, appeals, oral hearings, or other 
legal proceedings in order to recover disaster assistance.

[[Page 7855]]

RECORD SOURCE CATEGORIES:
    FEMA receives information from individuals who apply for disaster 
assistance through three different media: (1) Electronically via the 
internet at <a href="https://www.disasterassistance.gov">https://www.disasterassistance.gov</a> (FEMA Form 009-0-1 and 
FEMA Form 009-0-2); (2) by calling FEMA's toll-free number 1-800-621-
3362 (FEMA Form 009-0-1t and FEMA Form 009-0-2t); and (3) through 
submission of a paper copy of pre-registration intake, FEMA Form 009-0-
1 and its Spanish-language equivalent, FEMA Form 009-0-2. In addition, 
information in this system of records derives from Temporary Housing 
Assistance Eligibility Determinations (FEMA Forms 009-0-5 and 009-0-6), 
Application for Continued Temporary Housing Assistance (FEMA Form 010-
0-12), and Housing Inspections (FEMA Forms 009-0-143, 009-0-144, and 
009-0-145). Information may also come from FEMA inspectors; financial 
institutions; insurance companies; other federal, state, territorial, 
local, tribal, and voluntary agencies; and commercial databases (for 
verification purposes). The final investigative summary report is 
stored in this system of records in the event that an applicant's file 
is investigated for fraud.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DHS/FEMA 
as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To the Department of Justice (DOJ), including the U.S. Attorneys 
Offices, or other federal agencies conducting litigation or proceedings 
before any court, adjudicative, or administrative body, when it is 
relevant or necessary to the litigation and one of the following is a 
party to the litigation or has an interest in such litigation:
    1. DHS or any component thereof;
    2. Any employee or former employee of DHS in his/her official 
capacity;
    3. Any employee or former employee of DHS in his/her individual 
capacity, only when DOJ or DHS has agreed to represent the employee; or
    4. The United States or any agency thereof.
    B. To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of the individual to whom the record pertains.
    C. To the National Archives and Records Administration or General 
Services Administration pursuant to records management inspections 
being conducted under the authority of 44 U.S.C. secs. 2904 and 2906.
    D. To an agency or organization for the purpose of performing audit 
or oversight operations as authorized by law, but only such information 
as is necessary and relevant to such audit or oversight function.
    E. To appropriate agencies, entities, and persons when (1) DHS 
suspects or has confirmed that there has been a breach of the system of 
records; (2) DHS has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, DHS (including 
its information systems, programs, and operations), the federal 
government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with DHS's efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm.
    F. To another federal agency or federal entity when DHS determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the federal 
government, or national security, resulting from a suspected or 
confirmed breach.
    G. To an appropriate federal, state, tribal, local, international, 
or foreign law enforcement agency or other appropriate authority 
charged with investigating or prosecuting a violation or enforcing or 
implementing a law, rule, regulation, or order, when a record, either 
on its face or in conjunction with other information, indicates a 
violation or potential violation of law, which includes criminal, 
civil, or regulatory violations and such disclosure is proper and 
consistent with the official duties of the person making the 
disclosure.
    H. To contractors and their agents, grantees, experts, consultants, 
and others performing or working on a contract, service, grant, 
cooperative agreement, or other assignment for DHS/FEMA, when necessary 
to accomplish an agency function related to this system of records. 
Individuals provided information under this routine use are subject to 
the same requirements and limitations on disclosure as are applicable 
to DHS/FEMA officers and employees.
    I. To certain government, private sector, voluntary entities, 
hospitals, and utility companies when disclosure of applicant 
information is necessary to prevent a duplication of efforts or a 
duplication of benefits in determining eligibility for disaster 
assistance, and/or to address unmet needs of eligible, ineligible, or 
partially-eligible FEMA applicants. The above-mentioned entities must 
have a disaster assistance program to address the unmet disaster-
related needs of disaster survivors or be actively involved in the 
recovery efforts of the disaster, or a related assistance program 
involving FEMA applicants. The receiving entity is not permitted to 
alter or to further disclose the information to other disaster 
organizations or third parties, without express, prior written approval 
from FEMA, or as required by law.
    FEMA may make Routine Use I disclosures under the following 
circumstances:
    1. To federal entities with programs that make available disaster 
assistance to individuals and households, administer a disaster-related 
program, and/or give preference of priority to disaster applicants, 
including those that evacuate from a declared state to another state 
and to prevent a duplication of efforts or benefits. FEMA-authorized 
agreements address the federal entity sharing of information from FEMA 
with its contractors/grantees, and/or agents that are administering a 
disaster related program on behalf of the federal entity (e.g., other 
state, tribal, and local agencies working under the guise of the 
requesting federal entity). FEMA may also share with other federal 
entities for the purpose of contacting FEMA Individuals and Households 
Program applicants to seek their voluntary participation in surveys or 
studies concerning effects of disasters, program effectiveness, and to 
identify possible ways to improve community preparedness and resiliency 
for future disasters.
    2. To state, tribal, and territorial agency (STT) programs that 
make available any disaster assistance to individuals and households 
and/or give preference of priority to disaster applicants, including 
those that evacuate from a declared state to another state, and/or to 
prevent a duplication of efforts or benefits. State, tribal, and 
territorial agencies may request and receive information using the 
protocols established in an appropriate FEMA-authorized agreement. 
FEMA-authorized agreements address the state, tribal, and

[[Page 7856]]

territorial agency sharing of information from FEMA with its 
contractors/grantees, and/or agents that are administering a disaster 
related program on behalf of the Agency (e.g., other state, tribal, and 
territorial agencies working under the guise of the requesting state 
agency). FEMA may also share with state, tribal, and territorial 
entities for the purpose of contacting FEMA Individuals and Households 
Program applicants to seek their voluntary participation in surveys or 
studies concerning effects of disasters, program effectiveness, and to 
identify possible ways to improve community preparedness and resiliency 
for future disasters.
    3. To local government entities, including towns, counties/
parishes, cities, townships, and locally governed subdivisions 
(Localities) with disaster assistance programs to address the unmet 
disaster-related needs of disaster survivors for a declared county 
charged through legislation or chartered with administering disaster 
relief/assistance programs. The Locality must be actively involved in 
the recovery efforts of the disaster. Localities may request data by 
submitting a written request to FEMA. The written request from the 
entity shall explain the type of tangible assistance being offered, the 
type of verification required, and, if applicable, the individuals for 
whom verification is required before the assistance can be provided. 
FEMA may also share with Localities for the purpose of contacting FEMA 
Individuals and Households Program applicants to seek their voluntary 
participation in surveys or studies concerning effects of disasters, 
program effectiveness, and community preparedness and resiliency for 
future disasters. Localities may share information they receive from 
FEMA with their contractors/grantees, and/or agents that are 
administering a disaster related program on behalf of the Locality 
according to a FEMA-authorized agreement.
    4. Voluntary Organizations Active in Disaster (VOAD) (as defined in 
44 CFR 206.2(a)(27)), and FEMA- and/or State-recognized Long Term 
Recovery Committees (LTRC) and their members with disaster assistance 
programs to address the unmet disaster-related needs of disaster 
survivors for a declared county charged through legislation or 
chartered with administering disaster relief/assistance programs. The 
voluntary organization must either have a national membership in good 
standing with the National Voluntary Organizations Active in Disaster 
association, be a Long Term Recovery Committee, or member of such 
committee for that disaster. The entity shall make a written request to 
either FEMA or a State agency for FEMA disaster applicant information. 
The written request from the entity shall explain the type of tangible 
assistance being offered, the type of verification required, and, if 
applicable, the individuals for whom verification is required before 
the assistance can be provided. The Voluntary Organization Active in 
Disaster must also have a disaster assistance program to address the 
unmet disaster-related needs of disaster survivors and be actively 
involved in the recovery efforts of the disaster. Voluntary 
Organizations Active in Disaster and Long Term Recovery Committees may 
share information they receive from FEMA with their contractors/
grantees, and/or agents that are administering a disaster related 
program on their behalf according to a FEMA-authorized agreement.
    5. To utility companies and hospitals (UC/H) that have a disaster 
assistance program to address the unmet disaster-related needs of 
disaster survivors and are actively involved in the recovery efforts of 
the disaster. FEMA may disclose lists of applicant names, contact 
information, their FEMA verified loss amount, amounts received, award 
category, and Small Business Administration loan status for the purpose 
of providing additional disaster assistance and/or addressing unmet 
needs. FEMA may disclose the aforementioned data elements according to 
different sub-categories of disaster applicants (e.g., those that 
received maximum amounts, those that have flood insurance coverage, 
those with emergency needs, or those over a certain age). FEMA shall 
release this information only during the disaster period of assistance 
as defined in 44 CFR 206.110(e), plus 90 days to address any appeals 
(44 CFR 206.115(f)).
    6. FEMA may immediately disclose, on a case-by-case basis, to an 
entity qualified under Routine Use (I)(4) or (I)(5) or to other 
organizations that loan or donate new or used durable medical equipment 
and assistive technology, information about applicants in need of such 
equipment or technology. The applicant in question must have an 
immediate need for durable medical equipment or assistive technology as 
a result of a declared disaster, and the qualifying entity is able to 
provide the requested assistance in question. An immediate need is a 
need that is of such urgency or severity that one could reasonably 
expect the absence of the durable medical equipment or assistive 
technology to place the health of the applicant in serious jeopardy, to 
compromise the safety of the applicant, or to prevent the applicant 
from relocating from a shelter facility to the next stage of recovery. 
Specifically, FEMA may release the applicant's name and limited contact 
information (telephone number, email address, and if being delivered to 
a location other than a shelter, the applicant's temporary or current 
residence).
    J. To federal, state, tribal, territorial, or local government 
agencies; voluntary organizations; insurance companies; employers; any 
public or private entities; banks and financial institutions when an 
applicant's eligibility, in whole or in part, for FEMA's Individuals 
and Households Program depends upon financial benefits already received 
or available from that source for similar purposes as necessary to 
determine benefits; and to prevent duplication of disaster assistance 
benefits (as described in 42 U.S.C. 5155). FEMA initiates the 
transaction by only disclosing the name, address, and date of birth of 
an applicant in order to properly identify the same and obtain desired 
relevant information from entities listed above.
    K. To contractors, medical providers, dental providers, landlords, 
mechanics, child care providers, or other private entities, when cited 
by applicants as proof of an expense, to verify the accuracy of an 
expense for FEMA's Individuals and Households Program. FEMA may 
disclose the applicant's name and limited contact information 
(telephone number, current address, and/or damaged dwelling address) 
and a record identifier (e.g., account, invoice or estimate numbers) to 
the third-party service provider.
    L. To federal, state, tribal, territorial, or local government 
agencies charged with the implementation of hazard mitigation measures 
and the enforcement of hazard-specific provisions of building codes, 
standards, and ordinances. FEMA will only disclose information for the 
following purposes:
    1. For hazard mitigation planning purposes, to assist federal, 
state, territorial, tribal, or local government agencies in identifying 
high-risk areas and preparing mitigation plans that target those areas 
for hazard mitigation projects implemented under Federal, State, 
tribal, territorial, or local hazard mitigation programs.
    2. For enforcement purposes, to enable federal, state, tribal, 
territorial, or local government agencies ensure that owners repair or 
rebuild structures in conformity with applicable hazard-specific 
building codes, standards, and ordinances.

[[Page 7857]]

    M. To the Department of the Treasury, to verify identity and 
account information of an applicant as well as to determine eligibility 
for final payment from federal programs (e.g., Do Not Pay program). An 
applicant's Social Security number will be released in connection with 
a request that the Department of the Treasury provide a disaster 
assistance payment to an applicant under the Individuals and Households 
Program.
    N. To a state, local, territorial, or tribal government agency in 
connection with billing that state, local, territorial, or tribal 
government for the applicable non-federal cost share under the 
Individuals and Households Program. Information shared shall only 
include applicants' names, contact information, and amounts of 
assistance received.
    O. To state, tribal, territorial, or local government emergency 
managers, when an applicant is occupying a FEMA temporary housing unit, 
for the purposes of preparing, administering, coordinating, and/or 
monitoring emergency response, public safety, and evacuation plans. 
FEMA shall only release the applicants' phone numbers, address, and 
number of household occupants of the housing unit.
    P. To the Department of the Treasury, Department of Justice, the 
U.S. Attorney's Office, an Oral Hearing Official, or other third party 
for further collection action on any delinquent debt when circumstances 
warrant.
    Q. To federal, state, territorial, tribal, or local law enforcement 
authorities, or agencies, or other entities authorized to investigate 
and/or coordinate locating missing children and/or reuniting families.
    R. To state, tribal, territorial, or local government election 
agencies/authorities that oversee the voting process within their 
respective municipalities, for the purpose of ensuring voting rights of 
individuals who have applied for FEMA assistance, limited to their own 
respective citizens who are displaced from their voting jurisdiction by 
a presidentially declared major disaster or emergency out of their 
voting jurisdiction.
    S. To other federal, state, or local government agencies under 
approved computer-matching programs for the purposes articulated in 
subsection (a)(8)(A) of the Privacy Act.
    T. To the individual applicants, of whom the record contains third 
party personally identifiable information, to defend themselves during 
appeals and Oral Hearings on the recoupment of disaster assistance 
funds.
    U. To any law enforcement agency of the federal government or a 
state, local, territorial, or tribal government in order to identify 
illegal conduct or address public safety or security issues, including 
compliance with sex offender notification laws, in the event of 
circumstances requiring an evacuation, sheltering, or mass relocation.
    V. To entities providing temporary housing or sheltering to 
disaster survivors during a declared public health emergency to provide 
indication that a survivor with an infectious disease is inhabiting or 
has inhabited a specific location, when necessary for the safety of 
individuals located in the facility and to comply with additional 
necessary infectious disease protocols.
    W. To state, local, territorial, and tribal government and private 
entities to verify applicant identity and account information as a 
fraud prevention measure.
    X. To the news media and the public, with the approval of the Chief 
Privacy Officer in consultation with counsel, when there exists a 
legitimate public interest in the disclosure of the information, when 
disclosure is necessary to preserve confidence in the integrity of DHS, 
or when disclosure is necessary to demonstrate the accountability of 
DHS's officers, employees, or individuals covered by the system, except 
to the extent the Chief Privacy Officer determines that release of the 
specific information in the context of a particular case would 
constitute a clearly unwarranted invasion of personal privacy.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    DHS/FEMA stores records in this system electronically or on paper 
in secure facilities in a locked drawer behind a locked door. The 
records may be stored on magnetic disc, tape, and digital/electronic 
media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    DHS/FEMA may retrieve records by an individual's name, address, 
Social Security number, or case file number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records pertaining to disaster assistance will be placed in 
inactive storage two years after FEMA receives the application and will 
be destroyed when they are six years and three months old, in 
accordance with National Archives and Records Administration Authority 
N1-311-86-1, DAP 8-1, item 4C10a. Records pertaining to temporary 
housing will be destroyed three years after close of the operation in 
accordance with National Archives and Records Administration Authority 
N1-311-86-1, DAP 8-2, item 4C10b. Closeout of a disaster operation 
occurs when the disaster contract is terminated. Records pertaining to 
the Individuals and Households Program program will retire to the 
Federal Records Center (FRC) one year after closeout and be destroyed 
three years after closeout in accordance with National Archives and 
Records Administration Authority N1-311-86-1, item 4C6c. Records 
pertaining to individual assistance customer satisfaction assessments 
are stored in accordance with National Archives and Records 
Administration Authority N1-311-00-01. Records pertaining to 
investigations are retired to inactive storage when two years old, and 
destroyed when six years, three months old in accordance with National 
Archives and Records Administration Authority N1-311-86-001, item 
4C10a. Customer service assessment forms that have been filled out and 
returned by disaster assistance applicants are temporary records that 
are destroyed upon transmission of the final report, per National 
Archives and Records Administration Authority N1-311-00-01, DAP-14-1. 
The statistical and analytical reports resulting from these assessments 
are temporary records that are retired three years after the final 
report cutoff and destroyed 20 years after the report cutoff, per 
National Archives and Records Administration Authority N1-311-00-01, 
DAP-14-2. The assessment results database are temporary records that 
are destroyed when no longer needed for analysis purposes, per National 
Archives and Records Administration Authority N1-311-00-01, DAP-14-3. 
Per current National Archives and Records Administration guidance, 
records pertaining to COVID-19 will be maintained permanently until 
further guidance regarding the retention of COVID-19 records is 
provided.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    DHS/FEMA safeguards the records in this system in accordance with 
applicable rules and policies, including all applicable DHS automated 
systems security and access policies. FEMA has imposed strict controls 
to minimize the risk of compromising the information that is being 
stored. Access to the computer system containing the records in this 
system is limited to those individuals who have a need to know the 
information for the performance of their official duties and who have 
the appropriate clearances or permissions.

[[Page 7858]]

RECORD ACCESS PROCEDURES:
    Individuals applying for Individuals and Households Program 
assistance may access their information online via the Disaster 
Assistance Center using the user ID, password, system generated PIN, 
and authentication that was established during the application process. 
Applicants may also call a FEMA National Processing Service Center 
(NPSC) representative to access their information by providing their 
registration ID, full name, damaged dwelling address, current mailing 
address (if different), current phone number, and the last four digits 
of their Social Security number.
    In addition, individuals seeking access to and notification of any 
record contained in this system of records, or seeking to contest its 
content, may submit a request in writing to the Chief Privacy Officer 
and the FEMA Freedom of Information Act (FOIA) Officer, whose contact 
information can be found at <a href="https://www.dhs.gov/foia">https://www.dhs.gov/foia</a> under ``Contact 
Information.'' If an individual believes more than one component 
maintains Privacy Act records concerning him or her, the individual may 
submit the request to the Chief Privacy Officer and Chief Freedom of 
Information Act Officer, Department of Homeland Security, Washington, 
DC 20528-0655. Even if neither the Privacy Act nor the Judicial Redress 
Act provide a right of access, certain records may be available under 
the Freedom of Information Act.
    When an individual is seeking records about himself or herself from 
this system of records or any other FEMA system of records, the 
individual's request must conform with the Privacy Act regulations set 
forth in 6 CFR part 5. The individual must first verify his or her 
identity, meaning that the individual must provide his or her full 
name, current address, and date and place of birth. The individual must 
sign the request, and the individual's signature must either be 
notarized or submitted under 28 U.S.C. 1746, a law that permits 
statements to be made under penalty of perjury as a substitute for 
notarization. In addition, the individual should:
    <bullet> Explain why he or she believes the Department would have 
the information being requested;
    <bullet> Identify which component(s) of the Department he or she 
believes may have the information;
    <bullet> Specify when he or she believes the records would have 
been created; and
    <bullet> Provide any other information that will help the DHS staff 
determine which DHS component agency may have responsive records;
    If the request is seeking records pertaining to another living 
individual, the request must include an authorization from the 
individual whose record is being requested, authorizing the release to 
the requester.
    Without the above information, the Component(s) may not be able to 
conduct an effective search, and your request may be denied due to lack 
of specificity or lack of compliance with applicable regulations.

CONTESTING RECORD PROCEDURES:
    For records covered by the Privacy Act or covered Judicial Redress 
Act records, individuals may make a request for amendment or correction 
of a record of the Department about the individual by writing directly 
to the Department component that maintains the record, unless the 
record is not subject to amendment or correction. The request should 
identify each particular record in question, state the amendment or 
correction desired, and state why the individual believes that the 
record is not accurate, relevant, timely, or complete. The individual 
may submit any documentation that would be helpful. If the individual 
believes that the same record is in more than one system of records, 
the request should state that and be addressed to each component that 
maintains a system of records containing the record.

NOTIFICATION PROCEDURES:
    See ``Record Access Procedures.''

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    78 FR 25282 (April 30, 2013); 74 FR 48763 (September 24, 2009); 71 
FR 38408 (July 6, 2006); 69 FR 65615 (November 15, 2004); 66 FR 51436 
(October 9, 2001); 64 FR 40596 (July 27, 1999); 61 FR 49777 (September 
23, 1996).
* * * * *

Lynn P. Dupree,
Chief Privacy Officer, U.S. Department of Homeland Security.
[FR Doc. 2022-02950 Filed 2-9-22; 8:45 am]
BILLING CODE 9110-17-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>
View on FederalRegister.gov →Plain-text source
Indexed from Federal Register on February 10, 2022.

This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.