[Federal Register Volume 76, Number 31 (Tuesday, February 15, 2011)]
[Notices]
[Pages 8758-8761]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2011-3449]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Office of the Secretary

[Docket No. DHS-2010-0067]


Privacy Act of 1974; Department of Homeland Security Federal 
Emergency Management Agency--002 Quality Assurance Recording System of 
Records

AGENCY: Privacy Office, DHS.

ACTION: Notice of Privacy Act system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of 
Homeland Security proposes to establish a new Department of Homeland 
Security system of records titled, ``Department of Homeland Security 
Federal Emergency Management Agency--002 Quality Assurance Recording 
System of Records.'' This system will record telephone calls made or 
received by Federal Emergency Management Agency employees and/or 
contractors at the Federal Emergency Management Agency's National 
Processing Service Centers and record the screen activity in the 
National Emergency Management Information System for both call-related 
customer service transactions and case review transactions not related 
to a telephone call. This system of records may contain personally 
identifiable information of disaster assistance applicants, which is 
covered by Department of Homeland Security Federal Emergency Management 
Agency--008 Disaster Recovery Assistance Files System of Records, 
September 24, 2009, and will contain the personally identifiable 
information of Federal Emergency Management Agency employees and/or 
contractors that provide customer service to them. The proposed system 
will be used for internal employee performance evaluations, training, 
and quality assurance purposes to improve customer service to disaster 
assistance applicants. This collection was previously covered by the 
DHS/All--020 Department of Homeland Security Internal Affairs system of 
records [November 18, 2008, 73 FR 67529]. The Department decided to 
provide additional transparency that a new specific System of Records 
Notice would be published. This newly established system will be 
included in the Department of Homeland Security's inventory of record 
systems.

DATES: Submit comments on or before March 17, 2011. This new system 
will be effective March 17, 2011.

ADDRESSES: You may submit comments, identified by docket number DHS-
2010-0067 by one of the following methods:
     Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: 703-483-2999.
     Mail: Mary Ellen Callahan, Chief Privacy Officer, Privacy 
Office, Department of Homeland Security, Washington, DC 20528.
     Instructions: All submissions received must include the 
agency name and docket number for this rulemaking. All comments 
received will be posted without change and may be read at http://www.regulations.gov, including any personal information provided.
     Docket: For access to the docket to read background 
documents or comments received, go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: For general questions please contact: 
Thomas R. McQuillan (202-646-3323), Privacy Officer, Federal Emergency 
Management Agency, Department of Homeland Security, Washington, DC 
20478. For privacy issues please contact: Mary Ellen Callahan (703-235-
0780), Chief Privacy Officer, Privacy Office, Department of Homeland 
Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION: 

I. Background

    In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the 
Department of Homeland Security (DHS) Federal Emergency Management 
Agency (FEMA) proposes to establish a new DHS system of records titled, 
``DHS/FEMA--002 Quality Assurance Recording System of Records.'' This 
collection was previously covered by the DHS/All--020 Department of 
Homeland Security Internal Affairs system of records [November 18, 
2008, 73 FR 67529]. The Department decided to provide additional 
transparency that a new specific System of Records Notice would be 
published.

[[Page 8759]]

    FEMA's Response and Recovery Bureau operates the Quality Assurance 
Recording System (QARS). The proposed system is for internal employee 
performance evaluations, training and quality assurance purposes to 
improve customer service to disaster assistance applicants. The purpose 
of QARS is consistent with FEMA's mission to improve its capability to 
respond to all hazards and support the citizens of our Nation. In 
addition, QARS will assist FEMA in accomplishing a critical objective 
presented in FEMA's 2008-2013 Strategic Plan. QARS will enable both 
FEMA's Quality Control Department and National Processing Service 
Center (NPSC) Supervisory staff to better monitor, evaluate, and assess 
its employees and/or contractors at the NPSCs, so that FEMA can improve 
customer service to those seeking disaster assistance.
    Currently, FEMA conducts only real-time call monitoring of disaster 
assistance calls at its NPSCs for quality assurance and provides notice 
to disaster assistance applicants of such monitoring. The current 
procedure requires the reviewer to access four separate systems 
simultaneously to accomplish the quality monitoring process of one 
call: (1) The Call Management System (CMS) to identify the agent and 
his/her availability to be monitored on a live call; (2) the Systems 
Management Server (SMS) to capture the agents desktop screen as they 
perform work in National Emergency Management Information System 
(NEMIS); (3) Avaya Softphone to log into the desktop phone of the agent 
being monitored; and (4) the Quality Control Application to conduct the 
evaluation process and complete the form and house the quality score of 
the agent being monitored. The current call monitoring procedure places 
laborious requirements upon the Quality Control reviewer, resulting in 
a less efficient, more time consuming evaluation process that may make 
it more difficult for the Quality Control department to achieve its 
goal to evaluate a minimum of five calls and/or case reviews, per 
employee/contractor during a two-week pay period.
    QARS will allow FEMA to increase the cost-effectiveness of its 
quality evaluation processes. FEMA can evaluate more calls, 
encompassing various call types across all hours of operation while 
reducing the subjectivity associated with real-time, live call 
monitoring. With the ability of QARS to record and playback calls at 
the discretion of the Supervisor and/or Quality Control reviewer, the 
employee/contractor can listen and learn accordingly during the 
evaluation process. The efficiency and flexibility of QARS makes it a 
superior tool for conducting employee/contractor evaluations and 
quality assurance. In addition, using QARS to validate the accuracy of 
FEMA employees' and contractors' inputs into NEMIS ensures that 
disaster assistance benefits are received by eligible individuals and 
are routed appropriately, thereby improving FEMA's efficiency and 
customer service.
    The evaluations stemming from the recordings in QARS are used to 
determine training/coaching opportunities for FEMA employees and/or 
contractors, which will impact continued employment qualifications and/
or promotion within FEMA. Contract staff calls are subject to 
evaluation by FEMA Supervisory and/or quality control staff according 
to the guidelines and provisions written in the contract between FEMA 
and the contracting entity. QARS may include the personally 
identifiable information (PII) of disaster assistance applicants from 
the Federal Emergency Management Agency--008 Disaster Recovery 
Assistance (DRA) Files system of records [September 24, 2009, 74 FR 
48763], which FEMA employees and/or contractors access via NEMIS when 
interacting with disaster assistance applicants or during case review. 
The supervisory review of agent calls and casework within QARS includes 
validating that applicant PII is entered into NEMIS accurately; 
therefore, supervisors must have access to this information while 
conducting their review. While QARS cannot mask information contained 
with the screen captures or audio files, access to QARS is role-based 
and limited to only those employees/contractors and supervisors with a 
``need to know.'' Although QARS recordings may include the disaster 
assistance applicant's PII, recordings are only retrievable using FEMA 
employee/contractor information. FEMA will access the information in 
QARS using the employee/contractor's name and/or their user 
identification number. The system will not retrieve information by the 
individual disaster applicant. Evaluated records will be maintained for 
six years, unevaluated calls will be retained for no more than 45 days.
    The collection of the employee/contractor quality assurance 
information is covered by the DHS/All--020 Department of Homeland 
Security Internal Affairs system of records [November 18, 2008, 73 FR 
67529]. In order to provide more transparency to the program, DHS/FEMA 
is publishing a new system of records.

II. Privacy Act

    The Privacy Act embodies fair information principles in a statutory 
framework governing the means by which the United States Government 
collects, maintains, uses, and disseminates individuals' records. The 
Privacy Act applies to information that is maintained in a ``system of 
records.'' A ``system of records'' is a group of any records under the 
control of an agency for which information is retrieved by the name of 
an individual or by some identifying number, symbol, or other 
identifying particular assigned to the individual. In the Privacy Act, 
an individual is defined to encompass United States citizens and lawful 
permanent residents. As a matter of policy, DHS extends administrative 
Privacy Act protections to all individuals where systems of records 
maintain information on U.S. citizens, lawful permanent residents, and 
visitors. Individuals may request access to their own records that are 
maintained in a system of records in the possession or under the 
control of DHS by complying with DHS Privacy Act regulations, 6 CFR 
part 5.
    The Privacy Act requires each agency to publish in the Federal 
Register a description denoting the type and character of each system 
of records that the agency maintains, and the routine uses that are 
contained in each system in order to make agency recordkeeping 
practices transparent, to notify individuals regarding the uses to 
their records are put, and to assist individuals to more easily find 
such files within the agency. Below is the description of the DHS/FEMA-
002 Quality Assurance Recording System of Records.
    In accordance with 5 U.S.C. 552a(r), DHS has provided a report of 
this system of records to the Office of Management and Budget and to 
Congress.
SYSTEM OF RECORDS
    DHS/FEMA-002.

System name:
    Department of Homeland Security (DHS) Federal Emergency Management 
Agency (FEMA)-002 Quality Assurance Recording System (QARS).

Security classification:
    Unclassified.

System location:
    Federal Emergency Management Agency, Texas National Processing 
Service Center, Denton, TX 76208.

[[Page 8760]]

Categories of individuals covered by the system:
    FEMA employees and/or contractors at FEMA's National Processing 
Service Centers who are making telephone calls to, or receiving 
telephone calls from, and those FEMA employees and/or contractors 
engaged in the case review of disaster assistance applications not 
related to a telephone call to or from a disaster assistance applicant.

Categories of records in the system:
     Voice recordings of telephone calls between FEMA employees 
and/or contractors and disaster assistance applicants;
     A ``quality score'' generated in QARS for each call or 
case processing activity that is evaluated by a FEMA supervisor or 
Quality Control Specialist, assessing the level of customer service 
provided by the FEMA employee/contractor to the disaster assistance 
applicant;
     FEMA supervisor or Quality Control Specialists name who 
conducted the assessment;
     FEMA supervisor or Quality Control Specialists user 
identification number who conducted the assessment;
     FEMA employee name;
     FEMA user identification number;
     FEMA contractor name; and
     FEMA contractor user identification number.
    Tracking of FEMA employee/contractor activity in NEMIS related to 
call recordings and/or case review processing not related to a phone 
call may include the following disaster applicant information:
     Applicant's name;
     Home address;
     Social Security number;
     Home phone number;
     Current mailing address; and
     Personal financial information including applicant's bank 
name, bank account information, insurance information and individual or 
household income.

Authority for maintenance of the system:
    5 U.S.C. Sec. 301; Federal Sector Labor Management Relations Act, 
Pub. L. 95-454 as amended, codified in 5 U.S.C. Sec. 4302, and 5 U.S.C. 
7106(a); Pub. L. 109-295, title VI, Sec. 696, Oct. 4, 2006, 120 Stat. 
1460, as codified in 6 U.S.C. 795; Fraud, Waste, and Abuse Controls; 29 
U.S.C Sec. 204(b), Appointment, selection, classification, and 
promotion of employees by Administrator; FEMA Directive 3100.1 (M) 
Merit Promotion Plan; FEMA Directive 3700.1 (I) Performance Management 
System (PMS) for General Schedule and Prevailing Rate Employees; FEMA 
Directive 3700.2 (M) Employee Performance System.

Purpose(s):
    The proposed system will be used for internal employee and/or 
contractor performance evaluations, training, and quality assurance 
purposes to improve customer service to disaster assistance applicants.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DHS as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To the Department of Justice (including United States Attorney 
Offices) or other Federal agency conducting litigation or in 
proceedings before any court, adjudicative or administrative body, when 
it is necessary to the litigation and one of the following is a party 
to the litigation or has an interest in such litigation:
    1. DHS or any component thereof;
    2. Any employee of DHS in his/her official capacity;
    3. Any employee of DHS in his/her individual capacity where DOJ or 
DHS has agreed to represent the employee; or
    4. The United States or any agency thereof, is a party to the 
litigation or has an interest in such litigation, and DHS determines 
that the records are both relevant and necessary to the litigation and 
the use of such records is compatible with the purpose for which DHS 
collected the records.
    B. To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of the individual to whom the record pertains.
    C. To the National Archives and Records Administration or other 
federal government agencies pursuant to records management inspections 
being conducted under the authority of 44 U.S.C. 2904 and 2906.
    D. To an agency, organization, or individual for the purpose of 
performing audit or oversight operations as authorized by law, but only 
such information as is necessary and relevant to such audit or 
oversight function.
    E. To appropriate agencies, entities, and persons when:
    1. DHS suspects or has confirmed that the security or 
confidentiality of information in the system of records has been 
compromised;
    2. The Department has determined that as a result of the suspected 
or confirmed compromise there is a risk of harm to economic or property 
interests, identity theft or fraud, or harm to the security or 
integrity of this system or other systems or programs (whether 
maintained by DHS or another agency or entity) or harm to the 
individual that rely upon the compromised information; and
    3. The disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with DHS's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.
    F. To contractors and their agents, grantees, experts, consultants, 
and others performing or working on a contract, service, grant, 
cooperative agreement, or other assignment for DHS, when necessary to 
accomplish an agency function related to this system of records. 
Individuals provided information under this routine use are subject to 
the same Privacy Act requirements and limitations on disclosure as are 
applicable to DHS officers and employees.
    G. To an appropriate federal, state, tribal, local, international, 
or foreign law enforcement agency or other appropriate authority 
charged with investigating or prosecuting a violation or enforcing or 
implementing a law, rule, regulation, or order, where a record, either 
on its face or in conjunction with other information, indicates a 
violation or potential violation of law, which includes criminal, 
civil, or regulatory violations and such disclosure is proper and 
consistent with the official duties of the person making the 
disclosure.

Disclosure to consumer reporting agencies:
    None.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    Records in this system are stored electronically in secure 
facilities behind a locked door. The records are stored on, tape and 
digital media.

Retrievability:
    Records in QARS will be retrieved, and are only retrievable, by the 
FEMA employee and/or contractor's name and user identification number. 
This system cannot be used to retrieve by disaster applicant 
information. Disaster applicant information is covered by Department of 
Homeland Security, Federal Emergency Management Agency DHS/FEMA-008 
Disaster Recovery Assistance (DRA) Files system of

[[Page 8761]]

records [September 24, 2009, 74 FR 48763].

Safeguards:
    Records in this system are safeguarded in accordance with 
applicable rules and policies, including all applicable DHS automated 
systems security and access policies. Strict controls have been imposed 
to minimize the risk of compromising the information that is being 
stored. The access granted is based upon an individual's position of 
responsibilities for ``official use'' only. FEMA employees and/or 
contractors are allowed access to the data as a function of their 
specific job assignments within their respective organizations and who 
have appropriate clearances or permissions.

Retention and disposal:
    FEMA's ``Request for Records Disposition Authority'' was submitted 
to NARA (Job Number N1-311-08-01) on March 27, 2008, and approved by 
NARA on June 27, 2008. The retention period for information maintained 
in QARS depends on the use of the data. Records within QARS that are 
used in an evaluation of a FEMA Customer Service Representative or 
contractor will be retained for six years, pursuant to General Records 
Schedule ``FEMA Series Disaster Assistance Programs-15-1.'' Records 
that are not used in an evaluation of a FEMA Customer Service 
Representative or contractor will be purged from the secured servers 
within 45 days, per General Records Schedule ``FEMA Series Disaster 
Assistance Programs-15-2.'' QARS data is stored separately from the 
applicant information stored in NEMIS. NEMIS has its own independent 
retention policy.

System Manager and address:
    Manager (940-891-8500), Enterprise Performance Information 
Management Section, Federal Emergency Management Agency, Texas National 
Processing Service Center, Denton, TX 76208.

Notification procedure:
    Individuals seeking notification of and access to any record 
contained in this system of records, or seeking to contest its content, 
may submit a request in writing to the FEMA FOIA Officer, whose contact 
information can be found at http://www.dhs.gov/foia under ``contacts.''
    When seeking records about yourself from this system of records or 
any other Departmental system of records your request must conform with 
the Privacy Act regulations set forth in 6 CFR part 5. You must first 
verify your identity, meaning that you must provide your full name, 
current address and date and place of birth. You must sign your 
request, and your signature must either be notarized or submitted under 
28 U.S.C. 1746, a law that permits statements to be made under penalty 
of perjury as a substitute for notarization. While no specific form is 
required, you may obtain forms for this purpose from the Chief Privacy 
Officer and Chief Freedom of Information Act Officer, http://www.dhs.gov or 1-866-431-0486. In addition you should provide the 
following:
     An explanation of why you believe the Department would 
have information on you;
     Identify which component(s) of the Department you believe 
may have the information about you;
     Specify when you believe the records would have been 
created;
     Provide any other information that will help the FOIA 
staff determine which DHS component agency may have responsive records; 
and
     If your request is seeking records pertaining to another 
living individual, you must include a statement from that individual 
certifying his/her agreement for you to access his/her records.
    Without this bulleted information the component(s) may not be able 
to conduct an effective search, and your request may be denied due to 
lack of specificity or lack of compliance with applicable regulations.

Record access procedures:
    See ``Notification procedure'' above.

Contesting record procedures:
    See ``Notification procedure'' above.

Record source categories:
    Records are obtained from FEMA employees and contractors in putting 
data received from disaster applicants and from those FEMA employees 
and/or contractors engaged in the case review of quality of customer 
service provided to disaster assistance applications by FEMA employees 
and contractors.

Exemptions claimed for the system:
    None.

    Dated: January 19, 2011.
Mary Ellen Callahan,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2011-3449 Filed 2-14-11; 8:45 am]
BILLING CODE 9110-17-P