[Federal Register Volume 82, Number 134 (Friday, July 14, 2017)]
[Notices]
[Pages 32564-32567]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-14839]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

[Docket No. DHS-2017-0023]


Privacy Act of 1974; System of Records

AGENCY: Department of Homeland Security, Privacy Office.

ACTION: Notice of Modified Privacy Act System of Records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of 
Homeland Security proposes to modify and reissue a current Department 
of Homeland Security system of records titled, ``Department of Homeland 
Security/Federal Emergency Management Agency-002 Quality Assurance 
Recording System of Records.'' This system of records allows the 
Department of Homeland Security/Federal Emergency Management Agency to 
collect and maintain records on the customer service performance of its 
employees and contractors who interact with individuals who apply for 
the Agency's individual assistance and public assistance programs.
    As a result of a biennial review of this system, the Department of 
Homeland Security/Federal Emergency Management Agency is updating this 
system of records notice to update the system location, remove the use 
of the term vendors for clarity as it is interchangeable with 
contractors in this instance, and replace the use of the term National 
Processing Service Center (NPSC) with the new term Regional Service 
Center (RSC). Additionally, this notice includes non-substantive 
changes to simplify the formatting and text of the previously published 
notice. This modified system will be included in the Department of 
Homeland Security's inventory of record systems.

DATES: Submit comments on or before August 14, 2017. This modified 
system will be effective August 14, 2017.

ADDRESSES: You may submit comments, identified by docket number DHS-
2017-0023 by one of the following methods:
     Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: 202-343-4010.
     Mail: Jonathan R. Cantor, Acting Chief Privacy Officer, 
Privacy Office, Department of Homeland Security, Washington, DC 20528-
0655.

FOR FURTHER INFORMATION CONTACT: For general questions, please contact: 
William Holzerland, (202) 212-5100, Senior Director for Information 
Management, Federal Emergency Management Agency, Washington, DC 20478. 
For privacy questions, please contact: Jonathan R. Cantor, (202) 343-
1717, Acting Chief Privacy Officer, Privacy Office, Department of 
Homeland Security, Washington, DC 20528-0655.

SUPPLEMENTARY INFORMATION:

I. Background

    In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the 
Department of Homeland Security (DHS)/Federal Emergency Management 
Agency (FEMA) proposes to modify and reissue a current DHS system of 
records titled, ``DHS/FEMA-002 Quality Assurance Recording System of 
Records.''
    DHS/FEMA published this system of records notice because FEMA 
collects, uses, maintains, and retrieves personally identifiable 
information (PII) from its employees and contractors for internal 
employee performance evaluations, training, process improvement, and 
quality assurance purposes to improve customer service to individual 
assistance and public assistance applicants. FEMA collects information 
from individual applicants (including PII) as necessary, or uses 
information previously collected from them to provide customer service 
to these applicants.
    FEMA is updating this system of records notice to provide greater 
transparency to the public on its migration to the Contact Center 
Capability Modernization Program (C3MP), a new information technology 
system. FEMA is updating the system location to: 1) include the C3MP IT 
system, which maintains these records; 2) remove the use of the term 
vendors for clarity as it is interchangeable with contractors in this 
instance; and 3) replace the use of the term National Processing 
Service Center (NPSC) with the new term Regional Service Center (RSC). 
Additionally, FEMA is making non-substantive grammatical changes 
throughout this notice for the purpose of clarification.
    The purpose of this system of records is to enable FEMA's Quality 
Control Department, Customer Satisfaction Analysis Section, Contract 
Oversight Management Section, and FEMA RSC Supervisory staff to better 
monitor, evaluate, and assess its employees and contractors so that 
FEMA can improve customer service to those seeking disaster assistance. 
The purpose is consistent with FEMA's mission to improve its capability 
to respond to all hazards and support the citizens of our Nation.
    FEMA is authorized to collect information in order to properly 
administer the programs that are

[[Page 32565]]

authorized and described in this system of record notice. FEMA 
collects, uses, and maintains the records within this system under the 
authority of: 5 U.S.C. 301; 5 CFR 430.102; 5 U.S.C. 4302; 5 U.S.C. 
7106(a); 6 U.S.C. 795; 29 U.S.C. 204(b); Executive Order No. 13571; 
FEMA Directive 3100.1; FEMA Directive 3700.1; and FEMA Directive 
3700.2.
    Consistent with DHS's information sharing mission, information 
stored in the DHS/FEMA-002 Quality Assurance Recording System of 
Records may be shared with other DHS components that have a need to 
know the information to carry out their national security, law 
enforcement, immigration, intelligence, or other homeland security 
functions. In addition, DHS/FEMA may share information with appropriate 
federal, state, local, tribal, territorial, foreign, or international 
government agencies consistent with the routine uses set forth in this 
system of records notice.
    This modified system will be included in the Department of Homeland 
Security's inventory of record systems.

II. Privacy Act

    The Privacy Act embodies fair information practice principles in a 
statutory framework governing the means by which Federal Government 
agencies collect, maintain, use, and disseminate individuals' records. 
The Privacy Act applies to information that is maintained in a ``system 
of records.'' A ``system of records'' is a group of any records under 
the control of an agency from which information is retrieved by the 
name of an individual or by some identifying number, symbol, or other 
identifying particular assigned to the individual. In the Privacy Act, 
an individual is defined to encompass U.S. citizens and lawful 
permanent residents. Additionally, and similarly, the Judicial Redress 
Act (JRA) provides a statutory right to covered persons to make 
requests for access and amendment to covered records, as defined by the 
JRA, along with judicial review for denials of such requests. In 
addition, the JRA prohibits disclosures of covered records, except as 
otherwise permitted by the Privacy Act.
    Below is the description of the DHS/FEMA-002 Quality Assurance 
Recording System of Records.
    In accordance with 5 U.S.C. 552a(r), DHS has provided a report of 
this system of records to the Office of Management and Budget and to 
Congress.

SYSTEM NAME AND NUMBER:
    Department of Homeland Security (DHS)/Federal Emergency Management 
Agency (FEMA)-002 Quality Assurance Recording System.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Records are maintained at the FEMA Headquarters in Washington, DC 
and field offices, and also within the Contact Center Modernization 
Program (C3MP) IT system.

SYSTEM MANAGER(S):
    Program Manager, Recovery Technology Programs Division, Federal 
Emergency Management Agency, Texas Recovery Service Center, Denton, TX 
76208, (940) 891-8500.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301; 5 CFR 430.102; 5 U.S.C. 4302; 5 U.S.C. 7106(a); 6 
U.S.C. 795; 29 U.S.C. 204(b); Executive Order No. 13571; FEMA Directive 
3100.1; FEMA Directive 3700.1; and FEMA Directive 3700.2.

PURPOSE OF THE SYSTEM:
    The purpose of this system is to collect, maintain, use, and 
retrieve performance records of the FEMA employees and contractors who 
interact with applicants of the Agency's individual assistance and 
public assistance programs for internal employee and contractor 
performance evaluations, training, and quality assurance purposes to 
improve FEMA's customer service to and satisfaction of those 
individuals applying for FEMA's individual and public assistance 
programs.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system collects information from FEMA employees and 
contractors who are making or receiving telephone calls to or from 
disaster assistance applicants; FEMA employees and contractors engaged 
in the case review of disaster assistance applications not related to a 
telephone call to or from a disaster assistance applicant; and FEMA 
employees and contractors performing customer service satisfaction 
assessments involving applicants of FEMA individual assistance or 
public assistance programs. Voice recordings or screenshots may be 
captured during provision of customer service for training and feedback 
purposes. These captures may contain disaster survivor information as 
listed below under ``Categories of Record in the System.''

CATEGORIES OF RECORDS IN THE SYSTEM:
     Voice recordings of telephone calls between FEMA employees 
and contractors and applicants for FEMA's individual assistance and 
public assistance programs. Telephone calls may include a third-party 
vendor that is providing language translation services on behalf of 
FEMA;
     A ``quality result'' generated in C3MP for each call or 
case processing activity that is evaluated by a FEMA supervisor or 
quality control specialist assessing the level of customer service 
provided by the FEMA employee/contractor to the FEMA individual 
assistance or public assistance applicant;
     System-generated Contact ID;
     Name of FEMA employee who conducted the assessment;
     Identification number of FEMA employee who conducted the 
assessment;
     FEMA employee/contractor name; and
     FEMA employee/contractor user identification number.
    Tracking of FEMA employee/contractor activity related to call 
recordings, case review processing not related to a phone call, and 
customer satisfaction assessments may include the following individual 
assistance applicant information:
     Survey ID;
     Applicant's name;
     Applicant email address;
     Home address;
     Social Security number;
     Applicant phone number(s);
     Current mailing address; and
     Personal financial information including applicant's bank 
name, bank account information, insurance information, and individual 
or household income.
    Tracking of FEMA employee/contractor activity related to call 
recordings for customer satisfaction assessments may include the 
following public assistance applicant information:
     Survey ID;
     Applicant/Point of Contact name and title;
     Applicant email address;
     Organization Name;
     Applicant's organization phone number(s); and
     Organization's business and/or mailing address.

RECORD SOURCE CATEGORIES:
    FEMA obtains records from FEMA employees and contractors who assist 
disaster survivors in the disaster

[[Page 32566]]

assistance application and casework process, FEMA employees, and 
contractors initiating customer satisfaction assessments of FEMA 
disaster assistance applicants, and from supervisors or quality control 
specialists. This system of records contains personally identifiable 
information (PII) of individual assistance applicants, which is part of 
the DHS/FEMA-008 Disaster Recovery Assistance Files System of Records, 
78 FR 25282 (April 30, 2013), as well as PII of public assistance 
applicants, which is part of the DHS/FEMA-009 Hazard Mitigation 
Disaster Public Assistance and Disaster Loan Programs System of 
Records, 79 FR 16015 (March 24, 2014).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DHS as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To the Department of Justice (DOJ), including Offices of the 
U.S. Attorneys, or other federal agency conducting litigation or in 
proceedings before any court, adjudicative, or administrative body, 
when it is relevant or necessary to the litigation and one of the 
following is a party to the litigation or has an interest in such 
litigation:
    1. DHS or any component thereof;
    2. Any employee or former employee of DHS in his/her official 
capacity;
    3. Any employee or former employee of DHS in his/her individual 
capacity when DOJ or DHS has agreed to represent the employee; or
    4. The United States or any agency thereof.
    B. To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of the individual to whom the record pertains.
    C. To the National Archives and Records Administration (NARA) or 
General Services Administration pursuant to records management 
inspections being conducted under the authority of 44 U.S.C. 2904 and 
2906.
    D. To an agency or organization for the purpose of performing audit 
or oversight operations as authorized by law, but only such information 
as is necessary and relevant to such audit or oversight function.
    E. To appropriate agencies, entities, and persons when:
    1. DHS determines that information from this system of records is 
reasonably necessary and otherwise compatible with the purpose of 
collection to assist another federal recipient agency or entity in (1) 
responding to a suspected or confirmed breach or (2) preventing, 
minimizing, or remedying the risk of harm to individuals, the recipient 
agency or entity (including its information systems, programs, and 
operations), the Federal Government, or national security, resulting 
from a suspected or confirmed breach; or
    2. DHS suspects or has confirmed that there has been a breach of 
this system of records; and (a) DHS has determined that as a result of 
the suspected or confirmed breach, there is a risk of harm to 
individuals, harm to DHS (including its information systems, programs, 
and operations), the Federal Government, or national security; and (b) 
the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with DHS's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    F. To contractors and their agents, grantees, experts, consultants, 
and others performing or working on a contract, service, grant, 
cooperative agreement, or other assignment for DHS, when necessary to 
accomplish an agency function related to this system of records. 
Individuals provided information under this routine use are subject to 
the same Privacy Act requirements and limitations on disclosure as are 
applicable to DHS officers and employees.
    G. To an appropriate federal, state, tribal, local, international, 
or foreign law enforcement agency or other appropriate authority 
charged with investigating or prosecuting a violation or enforcing or 
implementing a law, rule, regulation, or order, when a record, either 
on its face or in conjunction with other information, indicates a 
violation or potential violation of law, which includes criminal, 
civil, or regulatory violations and such disclosure is proper and 
consistent with the official duties of the person making the 
disclosure.
    H. To the news media and the public, with the approval of the Chief 
Privacy Officer in consultation with counsel, when there exists a 
legitimate public interest in the disclosure of the information, when 
disclosure is necessary to preserve confidence in the integrity of DHS, 
or when disclosure is necessary to demonstrate the accountability of 
DHS's officers, employees, or individuals covered by the system, except 
to the extent the Chief Privacy Officer determines that release of the 
specific information in the context of a particular case would 
constitute a clearly unwarranted invasion of personal privacy.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    DHS/FEMA stores records in this system electronically or on paper 
in secure facilities in a locked drawer behind a locked door. The 
records may be stored on magnetic disc, tape, and digital media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by the FEMA employee and/or contractor's 
name and user identification number, or system-generated Contact ID 
number. This system does not retrieve information by individual or 
public assistance applicant information.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    The retention period for information maintained in C3MP depends on 
the use of the data. Records within C3MP that are used in an evaluation 
of a FEMA employee or contractor are retained for six years, pursuant 
to FEMA Records Schedule, Series 15-1 ``National Processing Service 
Centers Evaluated Call Recordings,'' NARA Authority N1-311-08-1. 
Records that are not used in an evaluation of a FEMA employee or 
contractor are purged from the secured servers within 45 days, per FEMA 
Records Schedule, Series 15-2 ``National Processing Service Centers 
Unevaluated Call Recordings,'' also under NARA Authority N1-311-08-1.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    DHS/FEMA safeguards records in this system according to applicable 
rules and policies, including all applicable DHS automated systems 
security and access policies. FEMA has imposed strict controls to 
minimize the risk of compromising the information that is being stored. 
Access to the computer system containing the records in this system is 
limited to those individuals who have a need to know the information 
for the performance of their official duties and who have appropriate 
clearances or permissions.

RECORDS ACCESS PROCEDURES:
    Individuals seeking access to and notification of any record 
contained in this system of records, or seeking to contest its content, 
may submit a request in writing to the Chief Privacy Officer and 
Headquarters or FEMA Freedom of Information Act (FOIA) Officer, whose 
contact information can be found at http://www.dhs.gov/foia

[[Page 32567]]

under ``Contacts Information.'' If an individual believes more than one 
component maintains Privacy Act records concerning him or her, the 
individual may submit the request to the Chief Privacy Officer and 
Chief Freedom of Information Act Officer, Department of Homeland 
Security, Washington, DC 20528-0655. Even if neither the Privacy Act 
nor the Judicial Redress Act provide a right of access, certain records 
about you may be available under the Freedom of Information Act.
    When seeking records about yourself from this system of records or 
any other Departmental system of records, your request must conform to 
the Privacy Act regulations set forth in 6 CFR part 5. You must first 
verify your identity, meaning that you must provide your full name, 
current address, and date and place of birth. You must sign your 
request, and your signature must either be notarized or submitted under 
28 U.S.C. 1746, a law that permits statements to be made under penalty 
of perjury as a substitute for notarization. While no specific form is 
required, you may obtain forms for this purpose from the Chief Privacy 
Officer and Chief Freedom of Information Act Officer, http://www.dhs.gov/foia or 1-866-431-0486. In addition, you should:
     Explain why you believe the Department would have 
information on you;
     Identify which component(s) of the Department you believe 
may have the information about you;
     Specify when you believe the records would have been 
created; and
     Provide any other information that will help the FOIA 
staff determine which DHS component agency may have responsive records;
    If your request is seeking records pertaining to another living 
individual, you must include a statement from that individual 
certifying his/her agreement for you to access his/her records.
    Without the above information, the component(s) may not be able to 
conduct an effective search, and your request may be denied due to lack 
of specificity or lack of compliance with applicable regulations.

CONTESTING RECORD PROCEDURES:
    For records covered by the Privacy Act or covered JRA records, see 
``Record Access Procedures'' above. For records not covered by the 
Privacy act or JRA covered records an applicant may call and connect 
directly with a live Human Services Specialist (HSS) to update the 
applicant's information.

NOTIFICATION PROCEDURES:
    See ``Record Access Procedures.''

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    79 FR 35366; 76 FR 8758.

    Dated: July 10, 2017.
Jonathan R. Cantor,
Acting Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2017-14839 Filed 7-13-17; 8:45 am]
 BILLING CODE 9110-17-P