Privacy Act of 1974; System of Records, 1988-1993 [2021-00307]

Agencies

• DEPARTMENT OF HOMELAND SECURITY

[Federal Register Volume 86, Number 6 (Monday, January 11, 2021)]
[Notices]
[Pages 1988-1993]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-00307]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

[Docket No. FEMA-2020-0031]


Privacy Act of 1974; System of Records

AGENCY: Federal Emergency Management Agency, U.S. Department of 
Homeland Security.

ACTION: Notice of a Modified System of Records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the U.S. 
Department of Homeland Security (DHS) proposes to modify a current 
system of records titled, ``DHS/Federal Emergency Management Agency 
(FEMA)-014 Hazard Mitigation Planning and Flood Mapping Products and 
Services Records System of Records.'' This system of records allows 
DHS/FEMA to collect and maintain records on individuals who are 
involved in the creation and updating of flood maps, individuals 
requesting information on flood map products or services, and 
individuals involved with hazard mitigation planning. DHS/FEMA is 
updating this system of records notice to (1) modify the records' 
location; (2) update the authority for maintenance of the system; (3) 
update the purpose of the system; (4) revise the categories of 
individuals covered by the system; (5) update the categories of records 
in the system; (6) update record source categories; and (7) revise and 
add routine uses.

DATES: Submit comments on or before February 10, 2021. This modified 
system will be effective upon publication. New or modified routine uses 
will be effective February 10, 2021.

ADDRESSES: You may submit comments, identified by docket number FEMA-
2020-0031 by one of the following methods:
     Federal e-Rulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: 202-343-4010.
     Mail: Constantina Kozanas, Chief Privacy Officer, Privacy 
Office, U.S. Department of Homeland Security, Washington, DC 20528-
0655.
    Instructions: All submissions received must include the agency name 
and docket number FEMA-2020-0031. All comments received will be posted 
without change to https://www.regulations.gov, including any personal 
information provided.
    Docket: For access to the docket to read background documents or 
comments received, go to https://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: For general questions, please contact: 
Tammi Hines, (202) 212-5100, [email protected], Acting Senior 
Director for Information Management, Federal Emergency Management 
Agency, U.S. Department of Homeland Security, Washington, DC 20528. For 
privacy questions, please contact: Constantina Kozanas, (202) 343-1717, 
[email protected], Chief Privacy Officer, Privacy Office, U.S. 
Department of Homeland Security, Washington, DC 20528-0655.

SUPPLEMENTARY INFORMATION:

I. Background

    This modified system of records notice is being published because 
the Federal Emergency Management Agency (FEMA) collects, maintains, 
uses, retrieves, and disseminates personally identifiable information 
of public officials, certifiers, applicants, and homeowners who are 
involved in the Hazard Mitigation and Flood Mapping Process. FEMA 
administers the National Flood Insurance Program (NFIP) and Hazard 
Mitigation Planning programs. The Robert T. Stafford Disaster Relief 
and Emergency Assistance Act, as amended by the Disaster Mitigation Act 
of 2000, provides the legal basis for FEMA and other government 
agencies to undertake a risk-based approach to reducing losses from 
natural hazards through mitigation planning. The Federal Insurance 
Mitigation Administration's (FIMA) Mitigation Planning Program oversees 
and provides guidance to state, local, tribal, and territorial (SLTT) 
governments that are required to develop a FEMA-approved risk-based 
hazard mitigation plan. This plan is a precondition for receiving non-
emergency disaster assistance from the federal government, including 
funding for flood hazard mitigation projects. FEMA collaborates with 
SLTT mitigation planners and risk analysts to support the development, 
review, and approval of SLTT hazard mitigation plans, tracks planned 
mitigation actions, and facilitates collaboration among planners and 
risk analysts.
    The National Flood Insurance Act of 1968 (NFIA) (42 U.S.C. 4001 et 
seq.), and as further amended by the Biggert Waters Flood Insurance 
Reform Act of 2012, Public Law 112-141, establishes that FEMA will 
provide flood insurance in communities that participate in the NFIP by 
adopting and enforcing floodplain management ordinances that meet the 
minimum NFIP requirements. The law requires FEMA to provide, maintain, 
and make public flood hazard information and maps to support floodplain 
management and insurance activities. FEMA's regulations implementing 
NFIA, including the flood mapping program, may be found in 44 CFR 59-
72.
    The NFIA requires insurance companies that write flood insurance 
policies on behalf of the NFIP to use FEMA flood maps to determine 
insurance rates. These flood maps consist of zones or areas. Flood 
hazard areas identified on FEMA flood maps are identified as a Special 
Flood Hazard Area (SFHA). SFHA is defined as the area that will be 
inundated by a flood event having a 1-percent chance of being equaled 
or exceeded in any given year. The 1-percent-annual-chance flood is 
also referred to as the base flood or 100-year flood. SFHAs are labeled 
as Zone A, Zone AO, Zone AH, Zones A1-A30, Zone AE, Zone A99, Zone AR, 
Zone AR/AE, Zone AR/AO, Zone AR/A1-A30, Zone AR/A, Zone V, Zone VE, and 
Zones V1-V30. Moderate flood hazard areas, labeled Zone B or Zone X 
(shaded) are also shown on the maps, and are the areas between the 
limits of the base flood and the 0.2-percent annual-chance (or 500-
year) flood. The areas of minimal flood hazard, which are the areas 
outside the SFHA and higher than the elevation of the 0.2-percent-
annual-chance flood, are labeled Zone C or Zone X (unshaded).
    Members of the public view and review these FEMA maps and related 
products online free of charge to understand a property's flood risk. 
Other related information may also be shown on different layers that 
can be seen on FEMA's National Flood Hazard Layer available at 
msc.fema.gov. In addition, community officials must use

[[Page 1989]]

these maps to manage development in flood-prone areas.
    FEMA flood maps are subject to revision through the Letters of Map 
Change (LOMC) administrative process. Letters of Map Changes are 
documents issued by FEMA to revise or amend the flood hazard 
information shown on the Flood Insurance Rate Map (FIRM) in response to 
requests from community officials and property owners. Letters of Map 
Changes include two types of map changes: Letter of Map Amendment 
(LOMA) or Letter of Map Revision (LOMR). The procedures for both types 
of map changes are outlined in 44 CFR 70 and 65, respectively. LOMRs 
modify small portions of flood maps based on scientific and technical 
information submitted to FEMA with a request to revise flood maps. 
Conditional Letters of Map Revision (CLOMR) are provisional findings 
for flood map revisions based on scientific and technical data based on 
proposed changes to floodplain conditions.
    Letters of Map Revision Based on Fill (LOMR-F) and Conditional 
LOMR-Fs are specific types of (C)LOMR-based floodplain changes 
consisting only of placement of earthen fill to raise the ground level 
in the floodplain. LOMAs are modifications to the regulatory floodplain 
based on documentation that adjacent grade for a particular property or 
structure is naturally higher than the predicted flood elevation and 
was therefore inadvertently included in the floodplain. A Conditional 
LOMA (CLOMA) is a provisional finding that the adjacent grade for a 
proposed structure was inadvertently included in the floodplain. A 
Letter of Determination Review (LODR) is a finding by FEMA of whether 
the documentation provided by the requester shows a particular property 
to be in the floodplain or not.
    Adequate Progress (Zone A99) determinations, regulated through 44 
CFR 61.12, provide for lower flood insurance premium rates in areas 
where FEMA determines that a community has made adequate progress on 
its construction or reconstruction of a project designed for flood risk 
reduction. These areas, landward of the flood protection system, are 
designated as Zone A99 on the FIRM and flood insurance premium rates 
and floodplain management requirements are generally less than those 
required in other SFHAs (e.g., Zone AE, Zone AO, and Zone AH). Flood 
Protection Restoration (Zone AR) determinations, regulated through 44 
CFR 65.14, may provide reduced flood insurance premium rates and 
floodplain management regulations in areas where FEMA has issued a 
determination that a project is sufficiently underway to restore a 
flood protection system to meet 44 CFR 65.10 accreditation 
requirements. Areas landward of the flood protection system that are 
being rehabilitated are designated as Zone AR on the FIRM, and may have 
base flood elevations (BFE) representing the current risk as if the 
flood protection system was not in place.
    FEMA accepts, reviews, and tracks applications from levee owners 
and communities seeking Zone AR designations, Zone A99 designations, 
and recognition of accredited levee systems on FIRMs. To support a 
mapping project, levee owners and communities have the responsibility 
to provide documentation that either a levee system meets the 
requirements of 44 CFR 65.10 to have the levee system shown as 
accredited (i.e., provide protection from the 1-percent-annual-chance 
flood) or the levee system meets the mapping procedure(s) for non-
accredited levee systems.
    FEMA performs the following tasks in support of flood mapping:
     Identify and prioritize the need for flood hazard data 
updates;
     Schedule and track progress and quality of flood hazard 
and risk studies;
     Conduct community outreach and coordinate with SLTT 
officials and the public on the flood hazard and risk study process;
     Collect information to support flood hazard analysis from 
a wide variety of sources including SLTT government organizations and 
other organizations such as levee owners;
     Provide public review of the proposed flood hazard data;
     Adjudicate administrative appeals to flood hazards and 
flood elevations;
     Coordinate and track the request and processing of flood 
map revisions and amendments;
     Publish and distribute map revisions, amendments, flood 
hazard and risk data, maps, and related information;
     Respond to inquiries from stakeholders and help to resolve 
issues related to flood maps;
     Monitor the effectiveness of program delivery and 
stakeholder satisfaction; and
     Collaborate with SLTT mitigation planners and risk 
analysts to support the development, review, and approval of SLTT 
hazard mitigation plans, track planned mitigation actions, and 
facilitate collaboration among planners and risk analysts.

The administrative appeals processes referenced above satisfy due 
process obligations owed to affected communities and property holders. 
This requirement includes making available to the public the relevant 
data documenting the scientific and technical basis of the maps and 
documenting the community and public coordination processes associated 
with the development and publication of the maps. The NFIA also 
requires participating communities to adopt these maps as the basis for 
their land use regulations.
    FEMA obtains information about individuals in various forms (paper 
and electronic): By communicating with SLTT officials, their 
contractors, and community members about flood maps and hazard 
mitigation plans; by collecting requests for LOMCs from public records; 
through FEMA's websites; and by operating call centers. These 
activities allow FEMA to assist states with mitigation planning, as 
well as to ensure FIRMs are accurate and up to date.
    FEMA is updating this system of records notice to reflect the 
following changes. First, the system location has been updated to more 
accurately reflect the location of the records at the FEMA Headquarters 
in Washington, DC and at field offices and electronically in the Risk 
Analysis and Management (RAM) System (formerly Mapping Information 
Platform (MIP) system, the Map Service Center, and Risk Map 
collaboration sites) and LOMA-Logic. Second, the Biggert Waters Flood 
Insurance Reform Act of 2012, Public Law 112-141, 126 Stat. 916 (and 
codified in sections of 42 U.S.C. secs. 4101-4130) was added as an 
authority for maintenance of the system and provides for public 
disclosure flood hazard information and maps to support floodplain 
management and insurance activities. Third, the purpose of the system 
is being updated to document the broader flood mapping, risk analysis, 
and hazard mitigation planning functions supported by the system, and 
to include community outreach, including public meetings, in the hazard 
mitigation and flood mapping processes. Fourth, the categories of 
individuals have been revised to clarify that property owners include 
applicants for letters of map change and to more accurately reflect 
individuals solicited to attend public meetings related to flood hazard 
identification and hazard mitigation and flood mapping activities. 
Fifth, the categories of records have been updated to clarify that 
information collected regarding property owners includes applicants for 
Letters of Map Change; to include business website and business social 
media account information for public officials, certifiers, and others

[[Page 1990]]

included in the approval process; and to include public records 
(including voter records, tax records, real estate records, or 
directories) that are collected to conduct outreach for attendance in 
public meetings related to Letters of Map Change. Sixth, record source 
categories are being updated to clarify that records come from 
homeowners, tenants, state/local/tribal/territorial government, and 
public records. Seventh, Routine Use E is being modified and Routine 
Use F is being added to conform to Office of Management and Budget 
Memorandum M-17-12 regarding breach notification and investigation. 
Routine Use K was added to reflect that pursuant to the National Flood 
Insurance Act, FEMA routinely makes available to the public: Name, 
business contact information, and professional license information for 
public officials, certifiers, engineers, and other licensed 
professionals and their staff who participate in the development, 
update, and approval of flood hazard maps. Additionally, this routine 
use reflects that the address of the subject property is also publicly 
disclosed. Routine Use L was added to account for testing of new 
technology compatible with the purpose of this system of records.
    Furthermore, this notice includes non-substantive changes to 
simplify the formatting and text of the previously published notice.
    Consistent with DHS's information sharing mission, information 
stored in the DHS/FEMA-014 Hazard Mitigation Planning and Flood Mapping 
Products and Services System of Records may be shared with other DHS 
Components that have a need to know the information to carry out their 
national security, law enforcement, immigration, intelligence, or other 
homeland security functions. In addition, DHS/FEMA may share 
information with appropriate federal, state, local, tribal, 
territorial, foreign, or international government agencies consistent 
with the routine uses set forth in this system of records notice.
    This modified system will be included in DHS's inventory of record 
systems.

II. Privacy Act

    The Privacy Act embodies fair information practice principles in a 
statutory framework governing the means by which federal government 
agencies collect, maintain, use, and disseminate individuals' records. 
The Privacy Act applies to information that is maintained in a ``system 
of records.'' A ``system of records'' is a group of any records under 
the control of an agency from which information is retrieved by the 
name of an individual or by some identifying number, symbol, or other 
identifying particular assigned to the individual. In the Privacy Act, 
an individual is defined to encompass U.S. citizens and lawful 
permanent residents. Additionally, the Judicial Redress Act (JRA) 
provides covered persons with a statutory right to make requests for 
access and amendment to covered records, as defined by the JRA, along 
with judicial review for denials of such requests. In addition, the JRA 
prohibits disclosures of covered records, except as otherwise permitted 
by the Privacy Act.
    Below is the description of the DHS/FEMA-014 Hazard Mitigation 
Planning and Flood Mapping Products and Services Records.
    In accordance with 5 U.S.C. sec. 552a(r), DHS has provided a report 
of this system of records to the Office of Management and Budget and to 
Congress.

SYSTEM NAME AND NUMBER:
    U.S. Department of Homeland Security (DHS)/Federal Emergency 
Management Agency (FEMA)-014 Hazard Mitigation Planning and Flood 
Mapping Products and Services Records System of Records.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Records are maintained at the FEMA Headquarters in Washington, DC 
and field offices. Additionally, records may be located in the Risk 
Analysis and Management (RAM) system (formerly Mapping Information 
Platform (MIP) system, the Map Service Center, and Risk Map 
collaboration sites) and the LOMA-Logic system.
    Primary Production Server/Data Storage Locations:
    Alleghany Ballistics Laboratory Data Center (Operated by IBM), 
Rocket Center, WV
    CDS Operations Sites:
    Primary Local Operations Site (Operated by IBM), Fairfax, VA
    Alleghany Ballistics Laboratory Data Center (Operated by IBM), 
Rocket Center, WV
    Secondary Local Operations Site (Operated by Michael Baker 
International), Alexandria, VA
    Backup Data Storage Sites (In Addition to Sites Already Listed 
Above):
    Alleghany Ballistics Laboratory (Operated by IBM), Rocket Center, 
WV
    Iron Mountain Secure Offsite Storage, Various U.S. locations

SYSTEM MANAGER(S):
    Program Management, Risk Management Program, Federal Insurance and 
Mitigation Administration, 400 C Street SW, Washington, DC 20472.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The National Flood Insurance Act of 1968, as amended, including the 
Biggert Waters Flood Insurance Reform Act of 2012, Public Law 112-141, 
126 Stat. 916 (codified in sections of 42 U.S.C. secs. 4001-4130); The 
Robert T. Stafford Disaster Relief and Emergency Assistance Act, as 
amended by the Disaster Mitigation Act of 2000 (DMA 2000), Public Law 
106-390, 14 Stat. 1552; and 44 CFR parts 59-72.

PURPOSE(S) OF THE SYSTEM:
    The purposes of this system of records are to support FEMA's flood 
mapping, risk analysis, and hazard mitigation planning functions, which 
are to: Identify and prioritize the need for flood hazard updates; 
schedule and track progress and quality of flood hazard and risk 
studies; conduct community outreach and coordinate with SLTT officials 
and the public on the flood hazard and risk study process; collect 
information to support flood hazard analysis from a wide variety of 
sources, including SLTT government organizations and other 
organizations such as levee owners; provide public review of the 
proposed flood hazard data; adjudicate administrative appeals to flood 
hazards and flood elevations; coordinate and track the request and 
processing of flood map revisions and amendments; publish and 
distribute flood hazard and risk data, maps, and related information, 
as well as updates, revisions, and amendments thereto; respond to 
inquiries from stakeholders and help to resolve issues related to flood 
maps; monitor the effectiveness of program delivery and stakeholder 
satisfaction; and collaborate with SLTT officials to support the 
development, review, and approval of SLTT hazard mitigation plans, 
track planned mitigation actions, and facilitate collaboration among 
planners and risk analysts.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Members of the general public, including: Letters of map change 
applicants/property owners, developers, investors, and their 
representatives; realtors; certifiers, including Registered 
Professional Engineers and Licensed Land Surveyors; state, local, 
tribal, or territorial government officials with authority over a 
community's flood

[[Page 1991]]

plain management activities, which includes Mapping Review Partners 
(MRP); potential or confirmed respondents to customer service surveys/
focus groups; potential or confirmed attendees at FEMA's public 
meetings or other outreach activities related to flood hazard 
identification and flood mapping activities; and FEMA staff and 
stakeholders registered to use FEMA's information technology systems 
and collaboration sites.

CATEGORIES OF RECORDS IN THE SYSTEM:
     Full name;
     Position or title;
     Email addresses;
     Addresses (mailing and property);
     Business website or business social media account 
information;
     Public Records (such as voter records, tax records, real 
estate records, or directories) to conduct outreach activities;
     Company or community name;
     Organization or agency name;
     Six-digit NFIP community number;
     Fax number;
     Professional license number;
     Professional license expiration date;
     Signature;
     Signature date;
     Fill placement and date;
     Type of construction;
     Elevation data;
     Base Flood Elevation (BFE) data;
     Legal property description;
     FEMA region number (1-10);
     Transcripts of conversations with FEMA call centers or 
helpdesk including name, address, phone number, email address, caller 
type (e.g., property owner, realtor), chat subject, and chat subject 
category;
     Bank name and account information including electronic 
funds transfer, and credit/debit card account information;
     Payment confirmation number;
     User account creation and access information; and
    [cir] Username;
    [cir] Activation code;
    [cir] Password;
    [cir] Roles and responsibilities;
    [cir] Challenge questions and answers; and
    [cir] System permissions or permission levels.
     Voluntary response to customer satisfaction and experience 
surveys and focus groups, including demographic information about the 
individual.

RECORD SOURCE CATEGORIES:
    Records are obtained from individuals (e.g., home and property 
owners, tenants, investors, and property developers, or their 
representatives); LOMC Certifiers (e.g., Registered Professional 
Engineers and Licensed Land Surveyors); state, local, tribal, or 
territorial government officials, including those with authority over a 
community's floodplain management activities or other land use, which 
includes MRPs; FEMA staff and stakeholders registered to use SharePoint 
information and collaboration portals; the FEMA Community Information 
System (CIS) system; and the cloud-based LOMA-LOGIC tool. Records may 
also be obtained from public records maintained by SLTT or private 
entities, such as tax records, real estate records, voter records or 
directories.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
sec. 552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DHS as a 
routine use pursuant to 5 U.S.C. sec. 552a(b)(3) as follows:
    A. To the Department of Justice (DOJ), including the U.S. Attorneys 
Offices, or other federal agencies conducting litigation or proceedings 
before any court, adjudicative, or administrative body, when it is 
relevant or necessary to the litigation and one of the following is a 
party to the litigation or has an interest in such litigation:
    1. DHS or any component thereof;
    2. Any employee or former employee of DHS in his/her official 
capacity;
    3. Any employee or former employee of DHS in his/her individual 
capacity, only when DOJ or DHS has agreed to represent the employee; or
    4. The United States or any agency thereof.
    B. To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of the individual to whom the record pertains.
    C. To the National Archives and Records Administration (NARA) or 
General Services Administration pursuant to records management 
inspections being conducted under the authority of 44 U.S.C. secs. 2904 
and 2906.
    D. To an agency or organization for the purpose of performing audit 
or oversight operations as authorized by law, but only such information 
as is necessary and relevant to such audit or oversight function.
    E. To appropriate agencies, entities, and persons when (1) DHS 
suspects or has confirmed that there has been a breach of the system of 
records; (2) DHS has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, DHS (including 
its information systems, programs, and operations), the federal 
government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with DHS's efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm.
    F. To another federal agency or federal entity, when DHS determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the federal 
government, or national security, resulting from a suspected or 
confirmed breach.
    G. To an appropriate federal, state, tribal, local, international, 
or foreign law enforcement agency or other appropriate authority 
charged with investigating or prosecuting a violation or enforcing or 
implementing a law, rule, regulation, or order, when a record, either 
on its face or in conjunction with other information, indicates a 
violation or potential violation of law, which includes criminal, 
civil, or regulatory violations and such disclosure is proper and 
consistent with the official duties of the person making the 
disclosure.
    H. To contractors and their agents, grantees, experts, consultants, 
and others performing or working on a contract, service, grant, 
cooperative agreement, or other assignment for DHS, when necessary to 
accomplish an agency function related to this system of records. 
Individuals provided information under this routine use are subject to 
the same Privacy Act requirements and limitations on disclosure as are 
applicable to DHS officers and employees.
    I. To state and local governments pursuant to signed agreements 
allowing such governments to assist FEMA in making LOMC determinations.
    J. To the U.S. Department of the Treasury for the processing of 
payments for products and services.
    K. To the public, in accordance with the National Flood Insurance 
Act, the following information: Names and business contact information 
of certifiers, public officials, and others involved in the 
development, update, and approval of flood hazard maps,

[[Page 1992]]

including business websites or business social media account 
information as well as the address of the subject property. This does 
not include names or other information regarding the applicant/property 
owner.
    L. To appropriate federal, state, local, tribal, or foreign 
governmental agencies or multilateral governmental organizations, with 
the approval of the Chief Privacy Officer, when DHS is aware of a need 
to use relevant data, that relate to the purpose(s) stated in this 
SORN, for purposes of testing new technology.
    M. To the news media and the public, with the approval of the Chief 
Privacy Officer in consultation with counsel, when there exists a 
legitimate public interest in the disclosure of the information, when 
disclosure is necessary to preserve confidence in the integrity of DHS, 
or when disclosure is necessary to demonstrate the accountability of 
DHS's officers, employees, or individuals covered by the system, except 
to the extent the Chief Privacy Officer determines that release of the 
specific information in the context of a particular case would 
constitute a clearly unwarranted invasion of personal privacy.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    DHS/FEMA stores records in this system electronically or on paper 
in secure facilities in a locked drawer behind a locked door. The 
records may be stored on magnetic disc, tape, and digital media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    DHS/FEMA retrieves records by name, address information, legal 
description of property, order number, and account number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    In accordance with NARA authority N1-311-01-2, item 1, and FEMA 
records disposition schedule FIA 1-2-2, FEMA retires community case 
file materials to off-site storage when the record is three years old 
and destroys the record 100 years after the retirement date.
    In accordance with NARA authority N1-311-86-1, item 2.A.2, and FEMA 
Records Disposition Schedule FIA-2, appeals records are cut off after 
the appeal is resolved or the appealed map becomes effective and are 
retired two years after cutoff. FEMA destroys appeals records 20 years 
after cutoff.
    Pursuant to NARA authority N1-311-86-1, item 2.A.3, and FEMA 
Records Disposition Schedule FIA-3, digital preliminary flood maps are 
destroyed five years after FEMA issues a flood elevation determination 
or insurance rate map.
    Pursuant to NARA authority N1-311-86-1, item 2.A.4, and FEMA 
Records Disposition Schedule FIA-4, flood elevation determination (or 
insurance rate) maps are permanent, cut off when superseded, and 
transferred directly to the National Archives five years after cutoff, 
or sooner, for permanent storage.
    Pursuant to NARA authority DAA-GRS-2016-0012-0002, NARA's General 
Record Schedule 5.5, item 20, and FEMA Records Disposition Schedule 
COMM 2, FEMA stores copies of checks and credit card numbers received 
by mail from stakeholders who request changes to the flood maps and who 
request engineering library services to obtain copies of flood map 
information for one year.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    DHS/FEMA safeguards records in this system according to applicable 
rules and policies, including all applicable DHS automated systems 
security and access policies. DHS/FEMA has imposed strict controls to 
minimize the risk of compromising the information that is being stored. 
Access to the computer system containing the records in this system is 
limited to those individuals who have a need to know the information 
for the performance of their official duties and who have appropriate 
clearances or permissions.

RECORD ACCESS PROCEDURES:
    Individuals seeking access to and notification of any record 
contained in this system of records, or seeking to contest its content, 
may submit a request in writing to the Chief Privacy Officer and FEMA's 
Freedom of Information Act (FOIA) Officer, whose contact information 
can be found at https://www.dhs.gov/foia under ``Contact Information.'' 
If an individual believes more than one component maintains Privacy Act 
records concerning him or her, the individual may submit the request to 
the Chief Privacy Officer and Chief Freedom of Information Act Officer, 
U.S. Department of Homeland Security, Washington, DC 20528-0655. Even 
if neither the Privacy Act nor the Judicial Redress Act (JRA) provide a 
right of access, certain records about you may be available under the 
Freedom of Information Act.
    When an individual is seeking records about himself or herself from 
this system of records or any other Departmental system of records, the 
individual's request must conform with the Privacy Act regulations set 
forth in 6 CFR part 5. The individual must first verify his/her 
identity, meaning that the individual must provide his/her full name, 
current address, and date and place of birth. The individual must sign 
the request, and the individual's signature must either be notarized or 
submitted under 28 U.S.C. sec. 1746, a law that permits statements to 
be made under penalty of perjury as a substitute for notarization. 
While no specific form is required, an individual may obtain forms for 
this purpose from the Chief Privacy Officer and Chief Freedom of 
Information Act Officer, https://www.dhs.gov/foia or 1-866-431-0486. In 
addition, the individual should:
     Explain why he or she believes the Department would have 
information being requested;
     Identify which component(s) of the Department he or she 
believes may have the information;
     Specify when the individual believes the records would 
have been created; and
     Provide any other information that will help the FOIA 
staff determine which DHS component agency may have responsive records.

If the request is seeking records pertaining to another living 
individual, the request must include an authorization from the 
individual whose record is being requested, authorizing the release to 
the requester.
    Without the above information, the component(s) may not be able to 
conduct an effective search, and the individual's request may be denied 
due to lack of specificity or lack of compliance with applicable 
regulations.

CONTESTING RECORD PROCEDURES:
    For records covered by the Privacy Act or covered JRA records, 
individuals may make a request for amendment or correction of a record 
of the Department about the individual by writing directly to the 
Department component that maintains the record, unless the record is 
not subject to amendment or correction. The request should identify 
each particular record in question, state the amendment or correction 
desired, and state why the individual believes that the record is not 
accurate, relevant, timely, or complete. The individual may submit any 
documentation that would be helpful. If the individual believes that 
the same record is in more than one system of records, the request 
should state that and be addressed to each component that maintains a 
system of records containing the record.

[[Page 1993]]

NOTIFICATION PROCEDURES:
    See ``Record Access Procedures'' above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None

HISTORY:
    82 FR 49404 (October 25, 2017); 71 FR 7990 (February 15, 2006).

Constantina Kozanas,
Chief Privacy Officer, U.S. Department of Homeland Security.
[FR Doc. 2021-00307 Filed 1-8-21; 8:45 am]
BILLING CODE 9111-19-P