Federal & State Lawfederalstatelaw.com
Home/Federal/Federal Register/2022-22450
Notice2022-22450

Privacy Act of 1974; System of Records

Primary source

Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.

Published
October 17, 2022
Effective
November 16, 2022

Issuing agencies

Homeland Security Department

Abstract

In accordance with the Privacy Act of 1974, the Department of Homeland Security (DHS) proposes to modify and reissue a current DHS system of records titled, "Department of Homeland Security/Federal Emergency Management Agency-011 Training and Exercise Program Records System of Records." This system of records allows DHS/Federal Emergency Management Agency (FEMA) to collect from and maintain records on current and former FEMA employees and contractors, current and former members of the first responder and emergency management communities, and other individuals who have applied or registered to participate in training and exercise programs or who have assisted with FEMA's training and exercise programs. DHS/FEMA is updating this system of records notice (SORN) to include: (1) Modifying system location; (2) supplementing legal authorities; (3) clarifying the purpose of the SORN; (4) expanding the categories of records; (5) clarifying the sources of records; (6) revising the routine uses; and (7) adjusting the retention and disposal schedule of records. Additionally, this notice includes non-substantive changes to simplify the formatting and text of the previously published notice. This updated system will be included in DHS's inventory of record systems.

Full Text

<html>
<head>
<title>Federal Register, Volume 87 Issue 199 (Monday, October 17, 2022)</title>
</head>
<body><pre>
[Federal Register Volume 87, Number 199 (Monday, October 17, 2022)]
[Notices]
[Pages 62872-62877]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2022-22450]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

[Docket No. FEMA-2022-0028]


Privacy Act of 1974; System of Records

AGENCY: Federal Emergency Management Agency, Department of Homeland 
Security.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of 
Homeland Security (DHS) proposes to modify and reissue a current DHS 
system of records titled, ``Department of Homeland Security/Federal 
Emergency Management Agency-011 Training and Exercise Program Records 
System of Records.'' This system of records allows DHS/Federal 
Emergency Management Agency (FEMA) to collect from and maintain records 
on current and former FEMA employees and contractors, current and 
former members of the first responder and emergency management 
communities, and other individuals who have applied or registered to 
participate in training and exercise programs or who have assisted with 
FEMA's training and exercise programs. DHS/FEMA is updating this system 
of records notice (SORN) to include: (1) Modifying system location; (2) 
supplementing legal authorities; (3) clarifying the purpose of the 
SORN; (4) expanding the categories of records; (5) clarifying the 
sources of records; (6) revising the routine uses; and (7) adjusting 
the retention and disposal schedule of records. Additionally, this 
notice includes non-substantive changes to simplify the formatting and 
text of the previously published notice. This updated system will be 
included in DHS's inventory of record systems.

DATES: Submit comments on or before November 16, 2022. This modified 
system will be effective upon publication. New or modified routine uses 
will be effective November 16, 2022.

ADDRESSES: You may submit comments, identified by docket number FEMA-
2022-0028 by one of the following methods: Federal e-Rulemaking Portal: 
<a href="https://www.regulations.gov">https://www.regulations.gov</a>. Follow the instructions for submitting 
comments. Fax: 202-343-4010. Mail: Lynn Parker Dupree, Chief Privacy 
Officer, Privacy Office, U.S. Department of Homeland Security, 
Washington, DC 20528-0655.
    Instructions: All submissions received must include the agency name 
and docket number FEMA-2022-0028. All comments received will be posted 
without change to <a href="https://www.regulations.gov">https://www.regulations.gov</a>, including any personal 
information provided.
    Docket: For access to the docket to read background documents or 
comments received, go to <a href="https://www.regulations.gov">https://www.regulations.gov</a>.

FOR FURTHER INFORMATION CONTACT: For general questions, please contact: 
Tammi Hines, (202) 212-5100, Senior Director for Information 
Management, Federal Emergency Management Agency, Department of Homeland 
Security, Washington, DC 20472. For privacy questions, please contact: 
Lynn Parker Dupree, (202) 343-1717, <a href="/cdn-cgi/l/email-protection#afffddc6d9ceccd6efc7de81cbc7dc81c8c0d9"><span class="__cf_email__" data-cfemail="21715348574042586149500f4549520f464e57">[email&#160;protected]</span></a>, Chief Privacy 
Officer, Privacy Office, U.S. Department of Homeland Security, 
Washington, DC 20528-0655.

SUPPLEMENTARY INFORMATION:

I. Background

    In accordance with the Privacy Act, this modified system of records 
notice is being published because the Federal Emergency Management 
Agency (FEMA) collects, maintains, uses, retrieves, and disseminates 
personally identifiable information of individuals who participate in a 
wide range of training and exercise programs for its employees and 
contractors as well as its partners in the first responder, emergency 
management, and flood insurance communities, including personnel from 
federal, state, local, tribal, territorial, foreign, or international 
government agencies.

[[Page 62873]]

Partners and participants in FEMA trainings often include fire, 
medical, emergency management, and law enforcement professionals; 
nongovernmental and volunteer disaster relief organizations; and 
private sector professionals such as flood insurance representatives. 
FEMA programs that sponsor and provide this type of training include 
the National Training and Education Division, including the Emergency 
Management Institute (EMI) and the Center for Domestic Preparedness 
(CDP), the National Processing Service Centers, the United States Fire 
Administration (USFA), the Federal Insurance Mitigation Administration 
(FIMA) and Mission Support (MS). These programs train participants on 
situational awareness and emergency management skills necessary to 
effectively prevent, respond to, recover from, and mitigate all 
hazards.
    FEMA established this system of records in order to collect and 
maintain personally identifiable information (PII) on individuals who 
apply, register for, or participate in FEMA training and exercise 
programs and information on individuals who are points of contact or 
representatives for the organizations employing or sponsoring these 
individuals applying or registering for or attending FEMA trainings. 
FEMA uses this information to facilitate an individual's participation 
and determine eligibility for training, housing, and stipend 
reimbursement programs. FEMA also uses this information to compile 
statistical information and to administer and measure effectiveness of 
FEMA training and exercise programs. FEMA uses sensitive information to 
ensure accuracy of academic records, reimburse funds to registered 
students, and to distinguish the identity of individuals with identical 
names and birth dates. The type and amount of PII FEMA collects varies 
depending on the programs. FEMA collects this information through paper 
forms and electronically through information technology (IT) systems.
    FEMA updates the following categories within this system of 
records:
    First, the system location is being modified to include records 
maintained at CDP Headquarters in Anniston, Alabama and housed within 
the Center for Domestic Preparedness Training Infrastructure (CDP-TI) 
system and records housed within the United States Fire Administration 
Learning Management System (USFA-LMS).
    Second, the legal authorities are being supplemented to include the 
Post-Katrina Emergency Management Reform Act (PKEMRA) and Occupational 
Safety and Health Administration [OSHA] Personal Protective Equipment 
(No. 1910.134).
    Third, the purpose of the system is being clarified to include 
assessment of the health and fitness of individuals participating in 
training exercises. FEMA needs to collect medical capability and 
physical fitness information for respiratory safety and Occupation 
Safety and Health Administration (OSHA) compliance.
    Fourth, new categories of records are being expanded to include 
FEMA student identifier (FEMASID), formal education level, military 
experience, past medical history, body composition, experience with 
respirators, cardiac and respiratory assessment, hearing and vision 
assessment, musculoskeletal assessment, pregnancy history, and 
medication list. FEMA collects formal education level from individuals 
when they request training or complete course evaluations. FEMA 
collects military experience (yes/no) to enable CDP to assess any 
underlying conditions that may not be apparent to the applicant. For 
instance, military personnel may have been exposed to toxic agent/harsh 
environments that may impact their respiratory system. This is a 
required question under OSHA App C. The remaining new categories are 
additionally required for respiratory safety and Occupation Safety and 
Health Administration (OSHA) compliance.
    Fifth, sources of records are being clarified to include first 
responders such as current and former fire, medical, emergency 
management, and law enforcement professionals; nongovernmental and 
volunteer disaster relief organizations; and private sector 
professionals such as flood insurance representatives.
    Sixth, routine uses E is being revised and routine use F is being 
added to comply with OMB Memorandum M-17-12 requiring disclosure of 
information necessary to respond to a breach either of the agency's PII 
or, as appropriate, to assist another agency in its response to a 
breach. The incident-related routine uses will help identify what 
information was potentially compromised, the population of individuals 
potentially affected, the purpose for which the information had 
originally been collected, the permitted uses and disclosures of the 
information, and other information that may be useful when developing 
the agency's incident response. Existing routine uses I, J, M, and O 
are being updated to include non-profit/non-governmental entities. 
Additionally, former Routine Use M is being revised to align with the 
DHS SORN template. Former Routine Use H has been removed from the 
System of Records Notice.
    Finally, the retention and disposal schedule of records are being 
adjusted to supersede the original schedules as a result of the 
National Archives and Records Administration's (NARA) update to the 
General Records Schedule (GRS) and to comply with Occupational Safety 
and Health Administration (OSHA) retention requirements for medical 
records.
    The purpose of this system is to facilitate registration, 
participation, completion, documentation of FEMA's training and 
exercise programs, including assessment of the health and fitness of 
individuals participating in training exercises; determine eligibility 
for training, housing, travel, and stipend reimbursement programs; and 
compile statistical information to administer and measure effectiveness 
of FEMA training and exercise programs.
    FEMA collects, uses, maintains, retrieves, and disseminates the 
records within this system under the authority of the Robert T. 
Stafford Disaster Relief and Emergency Assistance Act, as amended, 42 
U.S.C. 5121 et seq.; the Federal Fire Prevention and Control Act of 
1974 as amended, 15 U.S.C. 2201 et seq.; 44 U.S.C. 3101; 6 U.S.C. 748; 
the Post-Katrina Emergency Management Reform Act (PKEMRA) of 2006; 
Occupational Safety and Health Administration [OSHA] Personal 
Protective Equipment (No. 1910.134); Homeland Security Presidential 
Directives, and several Executive Orders, as described in the 
authorities section of this notice. This updated system of records 
strengthens privacy protections and provides greater transparency 
regarding FEMA's training and exercise records by encompassing the full 
range of the Agency's training and exercise programs into a single 
system of records. FEMA limits access to the information in this system 
by verifying the status and ``need to know'' of individuals registering 
for and participating in the Agency's training and exercise programs to 
further safeguard individuals' privacy.
    The updated routine uses are compatible with the purpose for 
original collection of the information; FEMA shares exercise 
information with other federal agencies when FEMA needs to use the 
recipient agency's IT system for registration and participation in 
FEMA's training and exercise programs.
    FEMA conducts and hosts training and exercise programs to foster 
the development of mission critical skills among communities through 
participation in their programs. FEMA

[[Page 62874]]

shares exercise and training information with federal, state, local, 
tribal, territorial, foreign, or international government agencies, 
nongovernmental/volunteer organizations, and private sector 
organizations when necessary to facilitate the development of training 
and exercise programs, coordinate, facilitate, and track participation 
in training and exercise programs, and for statistical purposes. FEMA 
also shares academic records such as transcripts with educational 
institutions; however, FEMA's information sharing with education 
institutions for transcript purposes only takes place if it is 
requested by the student.
    Consistent with DHS's information-sharing mission, information 
stored in the DHS/FEMA-011 Training and Exercise Program Records may be 
shared with other DHS components that have a need to know the 
information to carry out their national security, law enforcement, 
immigration, intelligence, or other homeland security functions. In 
addition, DHS/FEMA may share information with appropriate federal, 
state, local, tribal, territorial, foreign, international government 
agencies, and non-profit/non-governmental entities consistent with the 
routine uses set forth in this system of records notice.
    Additionally, the Final Rule to exempt this system of records from 
certain provisions of the Privacy Act remains unchanged and in effect. 
This updated system will be included in DHS's inventory of record 
systems.

II. Privacy Act

    The fair information practice principle found in the Privacy Act 
underpin statutory framework governing the means by which Federal 
Government agencies collect, maintain, use, and disseminate 
individuals' records. The Privacy Act applies to information that is 
maintained in a ``system of records.'' A ``system of records'' is a 
group of any records under the control of an agency from which 
information is retrieved by the name of an individual or by some 
identifying number, symbol, or other identifying particular assigned to 
the individual. In the Privacy Act, an individual is defined to 
encompass U.S. citizens and lawful permanent residents. Additionally, 
the Judicial Redress Act (JRA) provides covered persons with a 
statutory right to make requests for access and amendment to covered 
records, as defined by the Judicial Redress Act, along with judicial 
review for denials of such requests. In addition, the Judicial Redress 
Act prohibits disclosures of covered records, except as otherwise 
permitted by the Privacy Act.
    Below is the description of the DHS/FEMA-011 Training and Exercise 
Program Records System of Records.
    In accordance with 5 U.S.C. 552a(r), DHS has provided a report of 
this system of records to the Office of Management and Budget and to 
Congress.

SYSTEM NAME AND NUMBER:
    DHS/FEMA-011 Training and Exercise Program Records.

SECURITY CLASSIFICATION:
    Classified and Unclassified.

SYSTEM LOCATION:
    Records are maintained at the FEMA Headquarters in Washington, DC, 
and field offices. Additionally, records are maintained in various FEMA 
training and exercise information technology (IT) systems, such as the 
National Emergency Training Center (NETC) Admissions System, United 
States Fire Administration Learning Management System (USFA-LMS), the 
Center for Domestic Preparedness Training Infrastructure (CDP-TI), the 
Independent Study Database System, the FEMA Employee Knowledge Center, 
and the Radiological Emergency Preparedness Program Online Operation 
Center.

SYSTEM MANAGER(S):
    Director, National Training and Education Division, Federal 
Emergency Management Agency, Department of Homeland Security, 
Washington, DC 20472

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 5196; Federal Fire Prevention and Control Act of 1974, as 
amended, 15 U.S.C. 2201 et seq.; 44 U.S.C. 3101-3106; 6 U.S.C. 748; 
Homeland Security Presidential Directive 8; Homeland Security 
Presidential Directive 5; the Reorganization Plan No. 3 of 1978, 5 
U.S.C. 301; 31 U.S.C. 3716; 31 U.S.C. 321, Executive Order No. 13111; 
Executive Order No. 12148; Executive Order No. 12127; 15 U.S.C. 2206; 
Chief Financial Officer Bulletin, Financial and Acquisition Management 
Division, Number 117, June 23, 2003, Subject: Invitational Travel; 
Executive Order No. 9397 amended by Executive Order No. 13478; and 31 
U.S.C. 7701 (1996) Authorize the Collection of the Social Security 
number; Post-Katrina Emergency Management Reform Act (PKEMRA) of 2006, 
Public Law 109-295, 120 Stat. 1355, October 4, 2006; and Occupational 
Safety and Health Administration (OSHA) Personal Protective Equipment 
(No. 1910.134).

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system is to facilitate registration, 
participation, completion, documentation of FEMA's training and 
exercise programs, including assessment of the health and fitness of 
individuals participating in training exercises; determine eligibility 
for training, housing, travel, and stipend reimbursement programs; and 
compile statistical information to administer and measure effectiveness 
of FEMA training and exercise programs.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Any individual who has applied for, participated in, been named as 
a reference for, or assisted with a training or exercise program 
recommended, sponsored, or operated by FEMA. This includes current and 
former employees of DHS, any other federal government employee or 
contractor, volunteers, other federal, state, local, tribal, 
territorial, foreign, or international government agencies, and non-
profit/non-governmental personnel. The categories of individuals also 
include individuals from the private sector and other participants in 
FEMA training and exercise programs such as instructors, developers, 
observers, and interpreters.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Individual's name (First, Middle, Last, Suffix);
    Date of birth;
    Social Security number (SSN);
    Alternate unique number assigned in lieu of an SSN (if the 
individual does not have a SSN or doesn't know his or her SSN);
    Gender/Sex;
    Race and ethnicity (for statistical purposes only);
    U.S. Citizenship;
    City and country of birth (collected for non-U.S. citizens);
    Information related to disabilities requiring special assistance;
    Phone numbers;
    Email addresses;
    Mailing addresses;
    Military Rank/Prefix;
    Unique user ID (for IT system registration);
    Individual's password (for IT system access; only accessible by the 
individual; disclosed as part of the authentication process);
    Individual's security questions and answers (for IT system access);
    Individual's employer or organization being represented;
    Individual's employment status;
    Individual's position title;
    Individual's professional certifications;

[[Page 62875]]

    Category of position;
    Years of experience;
    Type of experience;
    Primary responsibility;
    Reason for applying/registering for training/exercise;
    Reference point of contact name;
    Reference point of contact phone number;
    Reference point of contact addresses;
    Relationship of individual to the reference point of contact;
    Organization type/Jurisdiction (e.g., federal, state, local, 
tribal, territorial, foreign, or international government agencies);
    Organization identification number (non-proprietary);
    Number of staff in the organization;
    Size of population served by the organization;
    Nomination forms;
    Registration/Application forms;
    Training/Exercise rosters and sign-in sheets;
    Training instructor and exercise role lists;
    Training/exercise schedules, including location and venue, type, 
target capabilities, and mission;
    Financial information, such as bank routing and account number;
    Payment records, including financial, travel, and related 
expenditures;
    Examination and testing materials;
    Grades and student evaluations;
    Course and instructor critiques;
    Reports pertaining to and resulting from training and exercises;
    Formal education level
    Military experience
    Medical capability/Physical Fitness Information
    Past medical history
    Body composition
    Experience with respirators
    Cardiac and Respiratory assessment
    Hearing and vision assessment
    Musculoskeletal assessment
    Pregnancy history
    Medication list

RECORD SOURCE CATEGORIES:
    Records are obtained on paper and through IT systems directly from 
all individuals who register for, apply for, participate in, or assist 
with FEMA's training or exercise programs including FEMA employees and 
contractors, volunteers, other federal employees and other participants 
such as current and former fire, medical, emergency management, and law 
enforcement professionals; nongovernmental and volunteer disaster 
relief organizations; and private sector professionals such as flood 
insurance representatives, instructors, course developers, observers, 
and interpreters.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DHS as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To the Department of Justice (DOJ), including the U.S. Attorneys 
Offices, or other federal agencies conducting litigation or proceedings 
before any court, adjudicative, or administrative body, when it is 
relevant and necessary to the litigation and one of the following is a 
party to the litigation or has an interest in such litigation:
    1. DHS or any component thereof;
    2. Any employee or former employee of DHS in his or her official 
capacity;
    3. Any employee or former employee of DHS in his or her individual 
capacity, only when DOJ or DHS has agreed to represent the employee; or
    4. The United States or any agency thereof.
    B. To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of the individual to whom the record pertains.
    C. To the National Archives and Records Administration (NARA) or 
General Services Administration pursuant to records management 
inspections being conducted under the authority of 44 U.S.C. 2904 and 
2906.
    D. To an agency or organization for the purpose of performing audit 
or oversight operations as authorized by law, but only such information 
as is necessary and relevant to such audit or oversight function.
    E. To appropriate agencies, entities, and persons when (1) DHS 
suspects or has confirmed that there has been a breach of the system of 
records; (2) DHS has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, DHS (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with DHS's efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm.
    F. To another federal agency or federal entity, when DHS determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach.
    G. To an appropriate federal, state, local, tribal, territorial, 
foreign, or international government agency, law enforcement agency, or 
other appropriate authority charged with investigating or prosecuting a 
violation or enforcing or implementing a law, rule, regulation, or 
order, when a record, either on its face or in conjunction with other 
information, indicates a violation or potential violation of law, which 
includes criminal, civil, or regulatory violations and such disclosure 
is proper and consistent with the official duties of the person making 
the disclosure.
    H. To contractors and their agents, grantees, experts, consultants, 
and others performing or working on a contract, service, grant, 
cooperative agreement, or other assignment for DHS, when necessary to 
accomplish an agency function related to this system of records. 
Individuals provided information under this routine use are subject to 
the same Privacy Act requirements and limitations on disclosure as are 
applicable to DHS officers and employees.
    I. To federal, state, local, tribal, territorial, foreign, 
international government agency, or non-profit/non-governmental entity 
if necessary to obtain information relevant to a DHS decision 
concerning the hiring or retention of an employee, the issuance of a 
security clearance, the reporting of an investigation of an employee, 
the letting of a contract, or the issuance of a license, grant, or 
other benefit.
    J. To federal, state, local, tribal, territorial, foreign, 
international government agency, or non-profit/non-governmental entity 
in response to its request, in connection with the hiring of a 
prospective employee or retention of an employee, the issuance of a 
security clearance, the reporting of an investigation of an employee, 
the letting of a contract, the issuance of a license, grant, or other 
benefit by the requesting agency, or for general inquiries by a state 
agency or state entity in connection with monitoring status and 
activities of its employees, to the extent that the information is 
relevant and necessary to the requesting agency's role and authority on 
such decisions and matters.
    K. To physician(s) in order to provide information about a student 
or participant in need of medical care and

[[Page 62876]]

who is unable to provide the information him- or herself.
    L. To members of the National Fire Academy (NFA) and Emergency 
Management Institute (EMI) Boards of Visitors federal advisory 
committees for the purpose of evaluating NFA's and EMI's programmatic 
statistics.
    M. To a federal, state, local, tribal, territorial, foreign, 
international government agencies or non-profit/non-governmental entity 
for a statistical or research purpose, including the development of 
methods or resources to support statistical or research activities, 
provided that the records support DHS programs and activities that 
relate to the purpose(s) stated in this SORN, and will not be used in 
whole or in part in making any determination regarding an individual's 
rights, benefits, or privileges under federal programs, or published in 
any manner that identifies an individual.
    N. To Department of Treasury for the processing and issuance of 
stipend payments to reimburse training, exercise, housing, or 
conference related expenses.
    O. To federal, state, local, tribal, territorial, foreign, 
international government agencies, non-profit/non-governmental entity, 
or educational institutions for the maintenance/updating of student 
academic records (such as transcripts).
    P. To other federal agencies that support FEMA's training and 
exercise efforts through use of IT system(s).
    Q. To the news media and the public, with the approval of the Chief 
Privacy Officer in consultation with counsel, when there exists a 
legitimate public interest in the disclosure of the information or when 
disclosure is necessary to preserve confidence in the integrity of DHS 
or is necessary to demonstrate the accountability of DHS's officers, 
employees, or individuals covered by the system, except to the extent 
it is determined that release of the specific information in the 
context of a particular case would constitute an unwarranted invasion 
of personal privacy.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    DHS/FEMA stores records in this system electronically or on paper 
in secure facilities in a locked drawer behind a locked door. The 
records may be stored on magnetic disc, tape, and digital media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by an individual's name, SSN, or unique 
user ID.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    FEMA's training and exercise records retention is generally covered 
under General Records Schedule (GRS) 2.6 item 10 and NARA Authority N1-
311-08-2 1A. Under GRS 2.6 item 10, records are temporary, destroyed 
when 3 years old, or 3 years after superseded or obsolete, whichever is 
appropriate. Under NARA Authority N1-311-08-2 1A, records are retired 
to the Federal Records Center (FRC) five years after the cutoff and 
destroyed forty years after the cutoff. Finally, in accordance with 
OSHA 29 CFR 1910.1020(d)(1)(i), medical records are retained for at 
least thirty years and then destroyed.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    FEMA safeguards records in this system in accordance with 
applicable rules and policies, including all applicable DHS automated 
systems security and access policies. FEMA imposes strict controls to 
minimize the risk of compromising the information it stores. Access to 
the computer system containing the records in this system is limited to 
those individuals who have a need to know the information for the 
performance of their official duties and who have appropriate 
clearances or permissions.

RECORD ACCESS PROCEDURES:
    The Secretary of Homeland Security has exempted this system from 
the notification, access, and amendment procedures of the Privacy Act 
because it is a testing and evaluation system. However, DHS/FEMA will 
consider individual requests to determine whether or not information 
may be released. Individuals seeking notification of or access to any 
record contained in this system of records, or seeking to contest its 
content, may submit a request in writing to the Chief Privacy Officer 
and FEMA's Freedom of Information Act (FOIA) Officer whose contact 
information can be found at <a href="https://www.dhs.gov/foia">https://www.dhs.gov/foia</a>-contact-
information. If an individual believes more than one component 
maintains Privacy Act records concerning him or her, the individual may 
submit the request to the Chief Privacy Officer and Chief Freedom of 
Information Act Officer, Department of Homeland Security, Washington, 
DC 20528-0655, or electronically by <a href="https://www.dhs.gov/dhs-foia-privacy-act-request-submission-form">https://www.dhs.gov/dhs-foia-privacy-act-request-submission-form</a>.
    Even if neither the Privacy Act nor the Judicial Redress Act 
provide a right of access, certain records about you may be available 
under the Freedom of Information Act.
    When seeking records about yourself from this system of records or 
any other Departmental system of records, your request must conform 
with the Privacy Act regulations set forth in 6 CFR part 5. You must 
first verify your identity, meaning that you must provide your full 
name, current address, and date and place of birth. You must sign your 
request, and your signature must either be notarized or submitted under 
28 U.S.C. 1746, a law that permits statements to be made under penalty 
of perjury as a substitute for notarization. An individual may obtain 
more information about this process at <a href="https://www.dhs.gov/foia">https://www.dhs.gov/foia</a>. In 
addition, you should:
    Explain why you believe the Department would have information on 
you; Identify which component(s) of the Department you believe may have 
the information about you; Specify when you believe the records would 
have been created; Provide any other information that will help the 
FOIA staff determine which DHS component agency may have responsive 
records.
    If your request is seeking records pertaining to another living 
individual, you must include a statement from that individual 
certifying his/her agreement for you to access his/her records.
    Without the above information, the component(s) may not be able to 
conduct an effective search, and your request may be denied due to lack 
of specificity or lack of compliance with applicable regulations.

CONTESTING RECORD PROCEDURES:
    For records covered by the Privacy Act or covered JRA records, 
individuals may make a request for amendment or correction of a record 
of the Department about the individual by writing directly to the 
Department component that maintains the record, unless the record is 
not subject to amendment or correction. The request should identify 
each particular record in question, state the amendment or correction 
desired, and state why the individual believes that the record is not 
accurate, relevant, timely, or complete. The individual may submit any 
documentation that would be helpful. If the individual believes that 
the same record is in more than one system of records, the request 
should state that and be addressed to each component that maintains a 
system of records containing the record.

NOTIFICATION PROCEDURES:
    See ``Record Access Procedure'' above.

[[Page 62877]]

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    The Secretary of Homeland Security, pursuant to 5 U.S.C. 552a(k)(6) 
has exempted this system from the following provisions of the Privacy 
Act: 5 U.S.C. 552a(c)(3); (d); (e)(1), (e)(4)(G), (e)(4)(H), (e)(4)(I); 
and (f).

HISTORY:
    January 22, 2015, 80 FR 3241.

Lynn Parker Dupree,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2022-22450 Filed 10-14-22; 8:45 am]
BILLING CODE 9110-17-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>
View on FederalRegister.gov →Plain-text source
Indexed from Federal Register on October 17, 2022.

This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.