[Federal Register Volume 87, Number 6 (Monday, January 10, 2022)]
[Notices]
[Pages 1171-1175]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-00182]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

[Docket No. FEMA-2021-0031]


Privacy Act of 1974; System of Records

AGENCY: Federal Emergency Management Agency, Department of Homeland 
Security.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of 
Homeland Security (DHS) proposes to establish a new Department of 
Homeland Security system of records titled, ``Department of Homeland 
Security/Federal Emergency Management Agency (FEMA)-016 Disaster Case 
Management Files System of Records.'' This system of records allows the 
Department of Homeland Security/Federal Emergency Management Agency to 
collect and maintain records on survivors of a Presidentially-declared 
major disaster with Individual Assistance (IA) authorized (as 
documented in the declaration published in the Federal Register) who 
participate in Federal Emergency Management Agency-administered 
Disaster Case Management (DCM) Programs. This newly established system 
will be included in the Department of Homeland Security's inventory of 
record systems.

DATES: Submit comments on or before February 9, 2022. This new system 
will be effective upon publication. Routine uses will be effective 
February 9, 2022.

ADDRESSES: You may submit comments, identified by docket number FEMA-
2021-0031 by one of the following methods:
     Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: 202-343-4010.
     Mail: Lynn Parker Dupree, Chief Privacy Officer, Privacy 
Office, Department of Homeland Security, Washington, DC 20528-0655.
    Instructions: All submissions received must include the agency name 
and docket number FEMA-2021-0031. All comments received will be posted 
without change to http://www.regulations.gov, including any personal 
information provided.
    Docket: For access to the docket to read background documents or 
comments received, go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: For general questions, please contact: 
Tammi Hines, (202) 212-5100, [email protected], Senior Director 
for Information Management, Federal Emergency Management Agency, 
Department of Homeland Security, Washington, DC 20528. For privacy 
questions, please contact: Lynn Parker Dupree, (202) 343-1717, 
[email protected], Chief Privacy Officer, Privacy Office, Department 
of Homeland Security, Washington, DC 20528-0655.

SUPPLEMENTARY INFORMATION:

I. Background

    Pursuant to Executive Order 12148, as amended by Executive Orders 
12673 and 13286, the President of the United States has delegated to 
the Department of Homeland Security, including the Federal Emergency 
Management Agency, the authority to provide case management services, 
pursuant to the Robert T. Stafford Disaster Relief and Emergency 
Assistance Act (Stafford Act), 42 U.S.C. 5189d. Under the Stafford Act, 
the Federal Emergency Management Agency (or another federal agency, 
non-profit organization, or qualified private organization when 
operating on behalf of the Federal Emergency Management Agency) may 
provide Disaster Case Management services directly to survivors or 
through financial assistance (funding through a federal award) to state 
(which includes the fifty states, the territories, and the District of 
Columbia) or local government agencies, Indian tribes, or qualified 
private organizations.
    Disaster Case Management services include identifying and 
addressing disaster-caused unmet needs of survivors through 
identification of, and referral to, available resources. A disaster-
caused unmet need is an un-resourced item, support, or assistance that 
has been assessed and verified as necessary for a survivor to recover 
from a disaster. This may include food, clothing, shelter, first aid, 
emotional and spiritual care, household items, home repair, or 
rebuilding.
    In order to provide immediate to long-term Disaster Case Management 
during a Presidentially-declared major disaster declaration when 
Individual Assistance has been authorized, the Federal Emergency 
Management Agency may: (1) Directly provide Disaster Case Management 
services; (2) contract with a non-profit organization or qualified 
private organization who implements Disaster Case Management on behalf 
of the Federal Emergency Management Agency; (3) enter into an 
interagency agreement or mission assignment with another federal agency 
who implements Disaster Case Management on behalf of the Federal 
Emergency Management Agency; or (4) award federal funding through a 
grant or cooperative agreement to a state or local government, a tribe, 
or a qualified private organization who implements their own Disaster 
Case Management program.
    This System of Records Notice only applies to Disaster Case 
Management services administered directly by the Federal Emergency 
Management Agency or by a non-profit organization, qualified private 
organization, or federal

[[Page 1172]]

agency on the Federal Emergency Management Agency's behalf. Records 
collected and maintained during Disaster Case Management program 
implementation will be used to provide these services and to monitor 
and assess the effectiveness of the Federal Emergency Management 
Agency-administered Disaster Case Management programs. Disaster Case 
Management may also include: Making intake assessments and referrals 
for critical unmet needs; providing outreach and triage at locations 
such as shelters, congregate areas, and temporary disaster housing 
locations; developing and monitoring a disaster recovery plan, which 
documents a survivor's unmet needs, recovery goals, referral resources, 
and status of survivor recovery efforts; connecting the disaster 
survivor to recovery resources that are locally available; and 
advocating for available resources to assist survivors.
    In addition, the Federal Emergency Management Agency and the 
entities providing Federal Emergency Management Agency-administered 
Disaster Case Management may share information with federal, state, 
tribal, local, and voluntary entities, as well as Federal Emergency 
Management Agency-recognized and/or state-recognized long term recovery 
committees (LTRC) and their members (long term recovery groups (LTRG)) 
for a declared county charged through legislation or chartered with 
administering disaster relief or assistance programs consistent with 
the routine uses set forth in this system of records notice. Note that 
a state, local, or tribal entity providing case management services is 
not acting on behalf of the Federal Emergency Management Agency. 
However, this System of Records Notice does support sharing with state, 
local, and tribal entities when the Federal Emergency Management Agency 
is sharing information after a Federal Emergency Management Agency-
administered Disaster Case Management implementation.
    The records that the Federal Emergency Management Agency or another 
federal agency, a non-profit organization, or a qualified private 
organization will collect and maintain on behalf of the Federal 
Emergency Management Agency in order to provide Federal Emergency 
Management Agency-administered Disaster Case Management services may be 
first collected in the field from disaster survivors or may be provided 
by the Federal Emergency Management Agency to these entities. The 
implementing non-profit organization, qualified private organization, 
or other federal agency will enter into agreements with the Federal 
Emergency Management Agency to maintain the records in accordance with 
the National Archives and Records Administration (NARA) and Federal 
Emergency Management Agency-approved records polices. The Federal 
Emergency Management Agency is currently working with the National 
Archives and Records Administration to establish the appropriate 
records retention schedule for the records collected and covered by 
this System of Records.
    Consistent with the Department of Homeland Security' information 
sharing mission, information stored in the DHS/FEMA-016 Disaster Case 
Management Files System of Records may be shared with other Department 
of Homeland Security components that have a need to know the 
information to carry out their national security, law enforcement, 
immigration, intelligence, or other homeland security functions. In 
addition, the Federal Emergency Management Agency may share information 
with appropriate federal, state, tribal, local, foreign, or 
international government agencies consistent with the routine uses set 
forth in this system of records notice.
    This newly established system will be included in the Department of 
Homeland Security's inventory of record systems.

II. Privacy Act

    The Privacy Act embodies fair information practice principles in a 
statutory framework governing the means by which Federal Government 
agencies collect, maintain, use, and disseminate individuals' records. 
The Privacy Act applies to information that is maintained in a ``system 
of records.'' A ``system of records'' is a group of any records under 
the control of an agency from which information is retrieved by the 
name of an individual or by some identifying number, symbol, or other 
information assigned to the individual. In the Privacy Act, an 
individual is defined to encompass U.S. citizens and lawful permanent 
residents. Additionally, the Judicial Redress Act (JRA) provides 
covered persons with a statutory right to make requests for access and 
amendment to covered records, as defined by the Judicial Redress Act, 
along with judicial review for denials of such requests. In addition, 
the Judicial Redress Act prohibits disclosures of covered records, 
except as otherwise permitted by the Privacy Act.
    Below is the description of the DHS/FEMA-016 Disaster Case 
Management Files System of Records.
    In accordance with 5 U.S.C. 552a(r), the Department of Homeland 
Security has provided a report of this system of records to the Office 
of Management and Budget and to Congress.

SYSTEM NAME AND NUMBER:
    Department of Homeland Security (DHS)/Federal Emergency Management 
Agency (FEMA)-016 Disaster Case Management (DCM) Files System of 
Records.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Records are maintained at the Federal Emergency Management Agency 
Headquarters in Washington, DC; Federal Emergency Management Agency 
Regional Offices; Joint Field Offices; Disaster Field Offices; National 
Processing Service Centers; Disaster Recovery Centers; and the Federal 
Emergency Management Agency data centers located in Bluemont, Virginia, 
and Clarksville, Virginia. Subject to agreement with an organization 
chosen by the Federal Emergency Management Agency to implement Disaster 
Case Management on its behalf, records may be maintained at the 
facilities of federal agencies with interagency agreements or mission 
assignments or with non-profit organizations or qualified private 
organizations under contract.

SYSTEM MANAGER(S):
    Division Director, Individual Assistance Division, (202) 646-3642, 
[email protected], Federal Emergency Management Agency, 
500 C Street SW, Washington, DC 20472.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Section 426 of the Robert T. Stafford Disaster Relief and Emergency 
Assistance Act, as amended (42 U.S.C. 5189d); Executive Order 12148, as 
amended by Executive Order 12673 and Executive Order 13286.

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system is to enable the Federal Emergency 
Management Agency, and its chosen providers (which can be non-profit 
organizations, qualified private organizations, or federal agencies 
working on behalf of the Federal Emergency Management Agency), to 
provide services in an efficient and expeditious manner that support 
the overall Federal Emergency Management Agency-administered Disaster 
Case Management programs. Records will primarily be used to connect 
disaster survivors who have disaster-related

[[Page 1173]]

unmet needs to locally available services and will additionally support 
long term recovery assistance provided by state, tribal, and local 
entities and the Federal Emergency Management Agency and/or state 
recognized long term recovery committees and their members (e.g., long 
term recovery groups).

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Following a Presidentially-declared major disaster when Individual 
Assistance is authorized, all individuals and their family and 
household members who register for Federal Emergency Management Agency-
administered Disaster Case Management, who express interest in 
registering for Federal Emergency Management Agency-administered 
Disaster Case Management, or who may benefit from Federal Emergency 
Management Agency-administered Disaster Case Management, as well as 
employees, contractors, or other personnel providing Disaster Case 
Management assistance.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Disaster-related case management records, consisting of:
     Disaster number;
     Case ID numbers (e.g., FEMA Registration ID, client 
numbers);
     Written consents;
     Disaster Case Management Applicant/Co-Applicant and 
Household Information:
    [cir] Full name;
    [cir] Languages spoken, written, or signed;
    [cir] Address;
    [cir] Location types;
    [cir] Dates of occupation;
    [cir] Location at time of registration;
    [cir] Phone numbers;
    [cir] Email addresses;
    [cir] Disaster Case Management-related healthcare records (e.g., 
health insurance type, status, service provider, type of appointment 
referral);
    [cir] Household size;
    [cir] Demographic information (e.g., age, gender, relationship to 
head of household, marital status);
    [cir] Referral assessment and tracking information/Disaster 
Recovery Plan:
    [ssquf] Referral source;
    [ssquf] Appointment times and attendance/no show to appointment;
    [ssquf] Reported symptoms and feelings of distress;
    [ssquf] Behavioral health advocacy assessment;
    [ssquf] Children and youth, clothing assessment;
    [ssquf] Employment assessment;
    [ssquf] Food assessment;
    [ssquf] Furniture and appliances assessment;
    [ssquf] Healthcare needs assessment;
    [ssquf] Housing assessment;
    [ssquf] Transportation assessment;
    [ssquf] Senior services assessment;
    [ssquf] Legal services assessment;
    [ssquf] Assistance animals and household pets; and
    [ssquf] Funeral assistance.
     Federal Emergency Management Agency Disaster Assistance 
Registration Assistance Records:
    [cir] Homeowners insurance coverage details (including flood 
coverage and compliance);
    [cir] Details on damage to real and personal property (Federal 
Emergency Management Agency verified);
    [cir] Degree of total damage incurred (Federal Emergency Management 
Agency verified);
    [cir] Residence type;
    [cir] Self-reported income;
    [cir] Housing Assistance (HA) eligibility, types, and amounts;
    [cir] Other Needs Assistance (ONA) eligibility, types, and amounts;
    [cir] Approved direct assistance received, including Direct Housing 
Assistance eligibility, types, received status;
    [cir] Total Individuals and Households Program (IHP) amount 
approved, assistance sought, assistance received, source of assistance;
    [cir] Small Business Administration (SBA) referral details, and 
status of access and functional needs and/or emergency needs; and
    [cir] Self-reported disability or access and functional need, such 
as Personal Assistance Services.
     Business contact information collected from employees, 
contractors, and other personnel providing Disaster Case Management 
assistance (e.g., name, title, email address, phone number).

RECORD SOURCE CATEGORIES:
    Records may be obtained from disaster survivors (i.e., applicant) 
or a member of the applicant's family or household, or may be provided 
by other governmental entities (e.g., federal, state, tribal, or local 
governments) through the Federal Emergency Management Agency-
Administered Disaster Case Management Intake Form and the Federal 
Emergency Management Agency-Administered Disaster Case Management 
Consent Form, as well as the Federal Emergency Management Agency's 
Disaster Assistance Registration Form (FEMA Forms 009-0-1 and 009-0-2).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside the 
Department of Homeland Security as a routine use pursuant to 5 U.S.C. 
552a(b)(3) as follows:
    A. To the Department of Justice (DOJ), including the U.S. Attorneys 
Offices, or other federal agencies conducting litigation or proceedings 
before any court, adjudicative, or administrative body, when it is 
relevant or necessary to the litigation and one of the following is a 
party to the litigation or has an interest in such litigation:
    1. Department of Homeland Security or any component thereof;
    2. Any employee or former employee of the Department of Homeland 
Security in his/her official capacity;
    3. Any employee or former employee of the Department of Homeland 
Security in his/her individual capacity, only when the Department of 
Justice or the Department of Homeland Security has agreed to represent 
the employee; or
    4. The United States or any agency thereof.
    B. To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of the individual to whom the record pertains.
    C. To the National Archives and Records Administration or General 
Services Administration pursuant to records management inspections 
being conducted under the authority of 44 U.S.C. 2904 and 2906.
    D. To an agency or organization for the purpose of performing audit 
or oversight operations as authorized by law, but only such information 
as is necessary and relevant to such audit or oversight function.
    E. To appropriate agencies, entities, and persons when (1) the 
Department of Homeland Security suspects or has confirmed that there 
has been a breach of the system of records; (2) the Department of 
Homeland Security has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, the Department 
of Homeland Security (including its information systems, programs, and 
operations), the federal government, or national security; and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with the Department of Homeland 
Security's efforts to respond

[[Page 1174]]

to the suspected or confirmed breach or to prevent, minimize, or remedy 
such harm.
    F. To another federal agency or federal entity, when the Department 
of Homeland Security determines that information from this system of 
records is reasonably necessary to assist the recipient agency or 
entity in (1) responding to a suspected or confirmed breach or (2) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    G. To an appropriate federal, state, tribal, local, international, 
or foreign law enforcement agency or other appropriate authority 
charged with investigating or prosecuting a violation or enforcing or 
implementing a law, rule, regulation, or order, when a record, either 
on its face or in conjunction with other information, indicates a 
violation or potential violation of law, which includes criminal, 
civil, or regulatory violations and such disclosure is proper and 
consistent with the official duties of the person making the 
disclosure.
    H. To contractors and their agents, grantees, experts, consultants, 
and others performing or working on a contract, service, grant, 
cooperative agreement, or other assignment or agreement for the 
Department of Homeland Security, when necessary to accomplish an agency 
function related to this system of records. Individuals provided 
information under this routine use are subject to the same Privacy Act 
requirements and limitations on disclosure as are applicable to 
Department of Homeland Security officers and employees.
    I. To a voluntary organization, as defined in 44 CFR 206.2(a)(27), 
or to a Federal Emergency Management Agency-recognized or state-
recognized long term recovery committee and its members (long term 
recovery groups) for a declared county charged through legislation or 
chartered with administering disaster relief or assistance programs, 
that is actively involved in the recovery efforts of the disaster and 
that has an assistance program to address one or more unmet disaster-
related needs of disaster survivors. The Federal Emergency Management 
Agency may disclose to such voluntary organizations lists of applicant 
names and contact information, as well as information necessary to 
provide the identified additional disaster assistance and/or address a 
specified unmet need.
    J. To a state, tribal, or local agency for a statistical or 
research purpose, including the development of methods or resources to 
support statistical or research activities, provided that the records 
support Department of Homeland Security programs and activities that 
relate to the purpose(s) stated in this System of Records Notice, and 
will not be used in whole or in part in making any determination 
regarding an individual's rights, benefits, or privileges under federal 
programs, or published in any manner that identifies an individual.
    K. To recipients of a long-term Disaster Case Management federal 
award, such as a state, tribal, or local government entity or a non-
profit entity, to ensure continuity of services for each disaster 
survivor, if the disaster survivor still has unmet needs at the 
conclusion of the Federal Emergency Management Agency-administered 
Disaster Case Management program.
    L. To the subject of a Disaster Case Management case file, the 
name, title, and business contact information of the employee or 
contractor providing Disaster Case Management assistance.
    M. To the news media and the public, with the approval of the Chief 
Privacy Officer in consultation with counsel, when there exists a 
legitimate public interest in the disclosure of the information, when 
disclosure is necessary to preserve confidence in the integrity of the 
Department of Homeland Security, or when disclosure is necessary to 
demonstrate the accountability of the Department of Homeland Security's 
officers, employees, or individuals covered by the system, except to 
the extent the Chief Privacy Officer determines that release of the 
specific information in the context of a particular case would 
constitute a clearly unwarranted invasion of personal privacy.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    The Federal Emergency Management Agency and non-profit 
organizations, qualified private organizations, or federal agencies 
supporting Federal Emergency Management Agency-administered Disaster 
Case Management programs store records in this system in a secure 
computer system electronically or on paper in secure facilities in a 
locked drawer behind a locked door. The records may be stored on 
magnetic disc, tape, and digital media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    The Federal Emergency Management Agency and non-profit 
organizations, qualified private organizations, or federal agencies 
supporting the Federal Emergency Management Agency-administered 
Disaster Case Management program may retrieve records by a case 
identification number, name, or address.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    In accordance with National Archives and Records Administration 
Authority N1-311-86-1, Item 4C10a, records pertaining to disaster 
assistance will be placed in inactive storage when two years old and 
will be destroyed when they are six years and three months old. In 
accordance with National Archives and Records Administration Authority 
N1-311-86-1, Item 4C6a, Disaster Case Management files covering the 
administrative management, program, and information functions (such as 
mission assignments and correspondence with state and local officials) 
will be consolidated at appropriate regional offices upon close of the 
Disaster Field Office (DFO). These files will be retired to off-site 
storage one year after closeout and destroyed three years after 
closeout.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The Federal Emergency Management Agency safeguards records in this 
system according to applicable rules and policies, including all 
applicable federal and national standard automated systems security and 
access policies. The Federal Emergency Management Agency has imposed 
strict controls to minimize the risk of compromising the information 
that is being stored. Access to computer systems containing the records 
in this system is limited to those individuals who have a need to know 
the information for the performance of their official duties and who 
have appropriate clearances or permissions.

RECORD ACCESS PROCEDURES:
    Individuals seeking access to and notification of any record 
contained in this system of records, or seeking to contest its content, 
may submit a request in writing to the Chief Privacy Officer and the 
Federal Emergency Management Agency Freedom of Information Act (FOIA) 
Officer, whose contact information can be found at http://www.dhs.gov/foia under ``Contact Information.'' If an individual believes more than 
one component maintains Privacy Act records concerning him or her, the 
individual may submit the request to the Chief Privacy Officer and 
Chief Freedom of Information Act Officer, Department of Homeland 
Security, Washington, DC 20528-0655.

[[Page 1175]]

Even if neither the Privacy Act nor the Judicial Redress Act provide a 
right of access, certain records about you may be available under the 
Freedom of Information Act.
    When an individual is seeking records about himself or herself from 
this system of records or any other Departmental system of records, the 
individual's request must conform with the Privacy Act regulations set 
forth in 6 CFR part 5. The individual must first verify his/her 
identity, meaning that the individual must provide his/her full name, 
current address, and date and place of birth. The individual must sign 
the request, and the individual's signature must either be notarized or 
submitted under 28 U.S.C. 1746, a law that permits statements to be 
made under penalty of perjury as a substitute for notarization. In 
addition, the individual should:
     Explain why he or she believes the Department would have 
information being requested;
     Identify which component(s) of the Department he or she 
believes may have the information;
     Specify when the individual believes the records would 
have been created; and
     Provide any other information that will help the Freedom 
of Information Act staff determine which the Department of Homeland 
Security component agency may have responsive records.
    If the request is seeking records pertaining to another living 
individual, the request must include an authorization from the 
individual whose record is being requested, authorizing the release to 
the requester.
    Without the above information, the component(s) may not be able to 
conduct an effective search, and the individual's request may be denied 
due to lack of specificity or lack of compliance with applicable 
regulations.

CONTESTING RECORD PROCEDURES:
    For records covered by the Privacy Act or covered Judicial Redress 
Act records, individuals may make a request for amendment or correction 
of a record of the Department about the individual by writing directly 
to the Department component that maintains the record, unless the 
record is not subject to amendment or correction. The request should 
identify each particular record in question, state the amendment or 
correction desired, and state why the individual believes that the 
record is not accurate, relevant, timely, or complete. The individual 
may submit any documentation that would be helpful. If the individual 
believes that the same record is in more than one system of records, 
the request should state that and be addressed to each component that 
maintains a system of records containing the record.

NOTIFICATION PROCEDURES:
    See ``Record Access Procedures'' above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.
* * * * *

Lynn P Dupree,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2022-00182 Filed 1-7-22; 8:45 am]
BILLING CODE 9111-19-P