[Federal Register Volume 69, Number 240 (Wednesday, December 15, 2004)]
[Notices]
[Pages 75079-75081]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 04-27462]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Federal Emergency Management Agency

[DHS-2004-0019]
RIN 1660-ZA07


National Emergency Management Information System--Mitigation 
Electronic Grants Management System; Privacy Act System of Record

AGENCY: Federal Emergency Management Agency, Emergency Preparedness and 
Response Directorate, Department of Homeland Security.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the requirements of the Privacy Act of 1974, as 
amended, the Department of Homeland Security, Emergency Preparedness 
and Response Directorate, Federal Emergency Management Agency is 
establishing a new system of records entitled National Emergency 
Management Information System--Mitigation Electronic Grants Management 
System. Some (but not all) applications for mitigation grants propose 
activities that impact properties that are privately owned by 
individuals (e.g., acquisition of a home that has been repeatedly 
flooded) and these applications include personally identifiable 
information about the property owners. Potentially, this personally 
identifying information may be part of a State's application, and also 
part of a local community's application as a sub-applicant. Personal 
information collected in these applications includes the minimum amount 
necessary to ascertain the eligibility of that property and/or 
structure (e.g., house or commercial building) under mitigation grant 
program regulations. See https://portal.fema.gov/famsVu/dynamic/mitigation.html.

EFFECTIVE DATE: The addition of a new system of records and routine 
uses will become effective on January 24, 2005, unless comments are 
received that result in a contrary determination.

ADDRESSES: You may submit comments, identified by EPA Docket Number: 
DHS-2004-0019 and/or 1660-ZA07 by one of the following methods:
     EPA Federal Partner EDOCKET Web Site: http://www.epa.gov/feddocket. Follow instructions for submitting comments on the Web site. 
DHS has joined the Environmental Protection Electronic Docket System 
(Partner EDOCKET). DHS and its agencies (excluding the United States 
Coast Guard (USCG) and Transportation Security Administration (TSA)) 
will use the EPA Federal Partner EDOCKET system. The USCG and TSA 
[legacy Department of Transportation (DOT) agencies] will continue to 
use the DOT Docket Management System until full migration to the 
electronic rulemaking federal docket management system occurs in 2005.
     Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: (202) 646-4536.
     Mail: Rules Docket Clerk, Federal Emergency Management 
Agency, Office of General Counsel, Room 840, 500 C Street SW., 
Washington, DC 20472.

FOR FURTHER INFORMATION CONTACT: Rena Y. Kim, Privacy Act Officer, 
Federal Emergency Management Agency, Room 840, 500 C Street SW., 
Washington, DC 20472, (202) 646-3949, (not a toll free call), (telefax) 
(202) 646-3949, or email [email protected].

SUPPLEMENTARY INFORMATION: The Privacy Act embodies fair information 
principles in a statutory framework governing the means by which the 
United States Government collects, maintains, uses, and disseminates 
personally identifiable information. 5 U.S.C. 552a. The Privacy Act 
applies to information that is maintained in a ``system of records.'' A 
``system of records'' is a group of any records under the control of an 
agency from which information is retrieved by the name of the 
individual or by some identifying number, symbol, or other identifying 
particular assigned to the individual. Individuals may request their 
own records that are maintained in a system of records in the 
possession or under the control of Department of Homeland Security 
(DHS) by complying with DHS Privacy Act regulations, 6 CFR part 5, 
subpart B and Federal Emergency Management Agency's (FEMA) Privacy Act 
regulations, 44 CFR part 6.
    The Privacy Act requires each agency to publish in the Federal 
Register a description denoting the type and character of each system 
of records that the agency maintains, and the routine uses that are 
contained in each system in order to make agency recordkeeping 
practices transparent, to notify individuals regarding the uses to 
which personally identifiable information is put, and to assist the 
individual to more easily find such files within the Agency.
    The Emergency Preparedness and Response Directorate/FEMA is 
establishing a new system of records pursuant to the Privacy Act of 
1974 for the National Emergency Management Information System--
Mitigation Electronic Grants Management System (NEMIS-MT eGrants). FEMA 
intends to collect personal information in applications for its 
mitigation grant programs through the NEMIS-MT eGrants via the 
Internet. The FEMA mitigation grant programs are the Flood Mitigation 
Assistance (FMA) grant program (42 U.S.C. 4104c) and the Pre-Disaster 
Mitigation (PDM) grant program, (42 U.S.C. 5133). The purpose of FEMA 
mitigation grant programs is to provide funds to eligible Applicants/
States to implement mitigation activities to reduce or eliminate the 
risk of future damage to life and property from disasters.
    Eligible applicants for FEMA mitigation grants are State emergency 
management agencies or a similar State office that has emergency 
management responsibility, the District of Columbia, the United States 
Virgin Islands, the Commonwealth of Puerto Rico, Guam, American Samoa, 
and the Commonwealth of the Northern Mariana Islands, and Federally 
recognized Indian Tribal governments. Eligible Sub-applicants of FEMA 
mitigation grants are State agencies, local governments, or Indian 
Tribal governments to which a sub-grant is awarded. Examples of 
mitigation activities that impact privately owned properties (and which 
may include personally identifiable information in a State or local 
community application) include retrofitting structures, elevation of 
structures, acquisition and demolition or relocation of structures, 
minor structural flood control projects, or construction of safe rooms. 
The personally identifying information

[[Page 75080]]

collected includes an individual's name, home phone number, office 
phone number, cell phone number, damaged property address, and mailing 
address of the individual property owner(s), and the individual's 
status regarding flood insurance, National Flood Insurance Program 
(NFIP) Policy Number and Insurance Policy Provider for the property 
proposed to be mitigated with FEMA funds. This notice will make the 
public aware of routine management and oversight information sharing 
between FEMA and other Federal agencies, State and local governments, 
and contractors providing services in support of FEMA mitigation grant 
programs.
    Accordingly, the NEMIS-MT eGrants Privacy Act system of records is 
added to read as follows:


System Name:
    National Emergency Management Information System--Mitigation 
Electronic Grants Management System (NEMIS-MT eGrants).

System location:
    All servers are operated at FEMA, Mount Weather Emergency 
Operations Center (MWEOC), 19844 Blue Ridge Mountain Road, Bluemont, VA 
20135.

Categories of individuals covered by the system:
    This system of records notice applies only to individuals 
identified by name or other individual identifier, such as home 
address, in the NEMIS-MT eGrants, and includes individuals who are 
private property owners. These individuals voluntarily request that 
their State, Territory or local community submit an application for 
FEMA mitigation grant funds for the purpose of mitigating their 
property and/or structure (e.g., house or commercial building).

Categories of records in the system:
    The categories of records in the system are grant applications. The 
personally identifying information collected includes an individual's 
name, home phone number, office phone number, cell phone number, 
damaged property address, and mailing address of the individual 
property owner(s), and the individual's status regarding flood 
insurance, National Flood Insurance Program (NFIP) Policy Number and 
Insurance Policy Provider for the property proposed to be mitigated 
with FEMA funds.

Authority for maintenance of the System:
    The Robert T. Stafford Disaster Relief and Emergency Assistance 
Act, 42 U.S.C. 5133, and the National Flood Insurance Act, 42 U.S.C. 
4104c.

Purpose(s):
    The purpose of this system of records is to collect and maintain 
individually identifiable information in applications for FEMA 
mitigation grants that are submitted electronically, via the Internet, 
through the NEMIS-MT eGrants from eligible Applicants/States and Sub-
applicants/local communities. The personally identifiable information 
will be collected and maintained in order for FEMA to ascertain 
eligibility of the property or structure for FEMA's mitigation grant 
programs, to verify eligibility of activities for mitigation grants, to 
identify repetitive loss properties, and to implement measures to 
reduce future disaster damage.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b), all or a portion of the records or information contained in 
this system may be disclosed outside FEMA/EP&R/DHS as a routine use 
pursuant to 5 U.S.C. 552a(b)(3) as follows:
    (1) To another Federal agency, State, United States Territory or 
Tribal government agency charged with administering Federal mitigation 
or disaster relief programs to prevent a duplication of efforts or a 
duplication of benefits between FEMA and the other agency. FEMA may 
disclose information to a State, U.S. Territory, Indian Tribal, or 
local community agency eligible to apply for mitigation grant programs 
administered by FEMA.
    (2) To contractors, grantees, experts, consultants, students and 
others performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for the Federal government, when 
necessary to accomplish an agency function related to this system of 
records.
    (3) To an agency, organization, or individual for the purposes of 
performing authorized audit or oversight operations.
    (4) To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of the individual to whom the record pertains.
    (5) Where a record, either on its face or in conjunction with other 
information, indicates a violation or potential violation of law--
criminal, civil, or regulatory--the relevant records may be referred to 
an appropriate Federal, state, territorial, tribal, local, 
international, or foreign agency law enforcement authority or other 
appropriate agency charged with investigating or prosecuting such a 
violation or enforcing or implementing such law.
    (6) To the Department of Justice (DOJ) or other federal agency 
conducting litigation or in proceedings before any court, adjudicative 
or administrative body, when: (a) DHS, or (b) any employee of DHS in 
his/her official capacity, or (c) any employee of DHS in his/her 
individual capacity where DOJ or DHS has agreed to represent the 
employee, or
    (d) the United States or any agency thereof, is a party to the 
litigation or has an interest in such litigation.
    (7) To the NARA or other Federal Government agencies pursuant to 
records management inspections being conducted under the authority of 
44 U.S.C. sections 2904 and 2906.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, 
and Disposing of Records in the System:
Storage:
    All information is stored on secure-access servers operated at a 
single site at the FEMA, MWEOC, 19844 Blue Ridge Mountain Road, 
Bluemont, VA 20135. Backup is provided on a separate server at the same 
secure facility. MWEOC is only accessible by authorized persons, 
including FEMA employees and contractors, and entry to the facility is 
permitted only with a badge issued by the MWEOC.

Safeguards:
    Safeguards exist in the NEMIS-MT eGrants to prevent the 
unauthorized access or misuse of data. First, FEMA maintains security 
safeguards that prevent unauthorized access to the system by assigning 
each authorized user a unique user profile, username and password based 
upon his/her official use of the NEMIS-MT eGrants. Each unique profile 
includes different levels of access rights. For Applicants/States and 
Sub-applicants/local communities, roles in the system via the Internet 
are assigned as Read-Only, Create/Edit, or Sign/Submit, and levels of 
access are assigned by mitigation grant program (i.e., FMA and/or PDM). 
For FEMA employees and contractors, levels of access via the FEMA 
Intranet are assigned by mitigation grant program (i.e., FMA and/or 
PDM) and by Region(s), and roles for FEMA users do not allow FEMA users 
View information submitted in applications. Passwords expire after a 
limited time, and users only have access to the system during the 
period of time that both the assigned username and password are active.

[[Page 75081]]

Access to NEMIS-MT eGrants via the Intranet is assigned to the FEMA 
employees and contractors for official purposes only through the NEMIS 
Access Control System (NACS), which controls access to all software 
available on the FEMA Intranet, and manages roles for FEMA officials 
accessing the system. Access to NEMIS-MT eGrants via the Internet is 
assigned to the Applicants/States and Sub-applicants/local communities 
for official purposes only through the FEMA Access Management System, 
which performs a similar function to NACS, but for eligible mitigation 
grant program Applicants/States and Sub-applicants/local communities, 
and managed roles for these non-FEMA users. The functions of these two 
databases will be combined into the Integrated Security and Access 
Control System. While the system is accessed, if an active NEMIS-MT 
eGrants browser window is left open with no actions taken within the 
system, the displayed page will expire after 30 minutes. The user can 
then re-login using the username and password to access the system. In 
addition, the system will not allow a user to bookmark the URL of the 
MT eGrants with the intent of returning to that page at another time 
without first entering the authorized username and password. Finally, 
FEMA Enterprise Operations and the Office of Cyber Security are able to 
monitor system use and determine whether information integrity has been 
compromised by unauthorized access or use, and whether corrective 
action by the Office of the Chief Information Officer is necessary. 
Procedures are compliant with Title III of the E-Government Act of 2000 
(Federal Information Security Management Act).

Retention and Disposal:
    In accordance with U.S. National Archives & Records Administration 
records retention regulations (GRS 3, 13), records are retained for 6 
years and 3 months. Unsuccessful grant application files will be stored 
in NEMIS-MT eGrants for 3 years from the date of denial, and then 
deleted. Successful grant application files will be stored in the 
NEMIS-MT eGrants for 6 years and 3 months from the date of closeout 
(where closeout is the date FEMA closes the grant in its financial 
system) and then deleted. Computerized records are stored in a database 
server in a secured file server room. Hard copy records are maintained 
for 6 years and 3 months years, at which time they are retired to the 
Federal Records Center. The same retention schedule that applies to 
paper records will be followed. This is consistent with the records 
retention schedule that has been developed for this system.

System Manager(s) and Address:
    Patricia Bowman, Program Manager, IT-SE-CS, 500 C Street SW., 
Washington DC 20472, [email protected], (202) 646-2661.

Notification Procedures:
    Address inquiries to the System Manager named above.

Record Access Procedures:
    A request for access to records in this system may be made by 
writing to the System Manager, identified above, in conformance with 6 
CFR part 5, subpart B, which provides the rules for requesting access 
to Privacy Act records maintained by DHS and FEMA's Privacy Act 
regulations at 44 CFR part 6.

Contesting Record Procedures:
    Same as Notification procedures above. A request for access to 
records in this system may be made by writing to the System Manager, 
identified above, in conformance with 6 CFR part 5, subpart B, which 
provides the rules for requesting access to Privacy Act records 
maintained by DHS and FEMA's Privacy Act regulations at 44 CFR part 6.

Records Source Categories:
    Information in this system of records is obtained from State/
Territory, local government, or Indian Tribal governmentvia the 
Internet to FEMA. While individuals are not eligible Applicants/States 
or Sub-applicants/local communities, and cannot apply directly to FEMA 
for assistance, some (but not all) applications for FEMA mitigation 
grants propose activities that impact properties that are privately 
owned by individuals (e.g., acquisition of a home that has been 
repeatedly flooded) and these applications include personal information 
about the property owners. These individuals voluntarily request that 
their State, Territory, or local community submit an application for 
FEMA mitigation grant funds for the purpose of mitigating their 
property and/or structure (e.g., house or commercial building).

Exemptions Claimed for the System:
    None.

    Dated: December 10, 2004.
David A. Trissell,
Associate General Counsel, Emergency Preparedness and Response, 
Department of Homeland Security.
[FR Doc. 04-27462 Filed 12-14-04; 8:45 am]
BILLING CODE 9110-41-P