Privacy Act of 1974; System of Records, 69284-69288 [2022-25124]

Agencies

• DEPARTMENT OF HOMELAND SECURITY

[Federal Register Volume 87, Number 222 (Friday, November 18, 2022)]
[Notices]
[Pages 69284-69288]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-25124]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

[Docket No. DHS-2022-0032


Privacy Act of 1974; System of Records

AGENCY: Federal Emergency Management Agency, Department of Homeland 
Security.

ACTION: Notice of a Modified System of Records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of 
Homeland Security (DHS) proposes to modify a current DHS system of 
records titled, ``DHS/Federal Emergency Management Agency (FEMA)-006 
Citizen Corps Program System of Records'' and retitle it, ``DHS/FEMA-
006 Individual and Community Preparedness Division System of Records.'' 
This system of records allows DHS/FEMA to collect from and maintain 
records on individuals who contact the agency about their interest in 
preparedness and specific voluntary programs, register and participate 
in FEMA's Individual and Community Preparedness Division (ICPD) 
programs, correspond with community stakeholder organizations, and 
receive survey responses. DHS/FEMA is updating this System of Records 
Notice to (1) revise the system name, (2) modify the system location, 
(3) update the purpose of the system, (4) update the authority for 
maintenance of the system, (5) revise the category of individuals 
covered by the system, (6) update the category of records in the 
system, (7) update record source categories; (8) update record access 
procedures; and (9) revise and add routine uses. Additionally, this 
notice includes non-substantive changes to simplify the formatting and 
text of the previously published notice. This modified system will be 
included in DHS's inventory of record systems.

DATES: Submit comments on or before December 19, 2022. This modified 
system will be effective upon publication. New or modified routine uses 
will be effective December 19, 2022.

[[Page 69285]]


ADDRESSES: You may submit comments, identified by docket number DHS-
2022-0032 by one of the following methods:
     Federal e-Rulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: 202-343-4010.
     Mail: Lynn Parker Dupree, Privacy Office, Department of 
Homeland Security, Washington, DC 20528-0655.
    Instructions: All submissions received must include the agency name 
and docket number DHS-2022-0032 All comments received will be posted 
without change to https://www.regulations.gov, including any personal 
information provided.
    Docket: For access to the docket to read background documents or 
comments received, go to https://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: For general questions, please contact: 
Tammi Hines, (202) 212-5100, [email protected], Senior Director 
for Information Management, Federal Emergency Management Agency, 
Department of Homeland Security, Washington, DC 20472. For privacy 
questions, please contact: Lynn Parker Dupree, (202) 343-1717, 
[email protected], Chief Privacy Officer, Privacy Office, Department 
of Homeland Security, Washington, DC 20528-0655.

SUPPLEMENTARY INFORMATION:

I. Background

    This modified System of Records Notice is being published because 
the Federal Emergency Management Agency (FEMA) collects, maintains, 
uses, retrieves, and disseminates the personally identifiable 
information (PII) of individuals who contact the agency about their 
interest in preparedness and specific voluntary programs, register and 
participate in FEMA's Individual and Community Preparedness Division 
(ICPD) programs, correspond with community stakeholder organizations, 
and receive survey responses to facilitate development of emergency 
preparedness measures and strengthen collaborations with stakeholders 
to better prepare individuals and communities to respond to disasters.
    The Robert T. Stafford Disaster Relief and Emergency Assistance 
Act, Public Law 93-288, as amended, at Section 611, 42 U.S.C. 
5196(e)(1), authorizes the FEMA Administrator to ``study and develop 
emergency preparedness measures designed to afford adequate protection 
of life and property, including--research and studies as to the best 
methods of treating the effects of hazards.''
    According to 6 U.S.C. 313(b)(1), ``the primary mission of the 
Agency is to reduce the loss of life and property and protect the 
nation from all hazards, including natural disasters, acts of 
terrorism, and other man-made disasters, by leading and supporting the 
Nation in a risk-based, comprehensive emergency management system of 
preparedness, protection, response, recovery, and mitigation.''
    According to 6 U.S.C. 314(a)(9)(B), the Administrator is required 
to take leadership in preparedness, by planning, training, and building 
the emergency management profession to prepare effectively for, 
mitigate against, respond to, and recover from any hazard.
    FEMA's Individual and Community Preparedness Division supports the 
FEMA mission by connecting individuals, organizations, and communities 
with research and tools to build and sustain capabilities to prepare 
for any disaster or emergency. The Individual and Community 
Preparedness Division conducts research to develop emergency 
preparedness measures and conducts surveys to better understand 
effective preparedness actions and ways to motivate the public to take 
those actions. Through the Individual and Community Preparedness 
Division, FEMA administers the Citizen Responder Program, which 
includes Citizen Corps and Community Emergency Response Teams (CERT); 
the Youth Preparedness Council; the National Household Survey on 
Disaster Preparedness; the Post-Disaster Survivor Survey Preparedness 
Research; and the Preparedness Activity Registration and Feedback 
collection.
    Citizen Responder aims to strengthen the collaboration with 
communities and to enhance their preparation and response to threats of 
terrorism, crime, public health issues, and disasters of all kinds. As 
part of this responsibility to help and support emergency response 
providers, FEMA supports efforts to train and assist in organizing 
citizen responder programs. Citizen Responder allows the Individual and 
Community Preparedness Division to analyze program activities, 
structures, and proper sponsorship. Data collected indicates, at a 
state, local, tribal, and territorial (SLTT) level, how local 
grassroots programs help to prepare communities and individuals. This 
information is required to link members of the public who are 
interested in getting prepared with organizations in their community 
that can help.
    The Youth Preparedness Council (YPC) brings together youth leaders 
nationwide who are highly interested and engaged in advocating youth 
disaster preparedness and making a difference in their communities. 
Youth applicants, between the ages of 13 and 17, apply to the Youth 
Preparedness Council in their 8th, 9th, 10th, or 11th grade. Youth 
Preparedness Council members represent the youth perspective on 
emergency preparedness and share this information with their 
communities. FEMA collects information from Youth Preparedness Council 
applicants in various forms (paper, electronic, video, or web), as well 
contact information for parents of applicants under the age of 18, and 
individuals providing recommendations of applicants.
    The National Household Survey on Disaster Preparedness identifies 
progress and gaps in individual and community preparedness and helps 
FEMA better understand the motivators and barriers to preparedness and 
specific hazards. The survey measures the public's knowledge, 
attitudes, and behaviors relative to preparing for a wide range of 
hazards and is used by FEMA to tailor messaging and public information 
efforts, community outreach, and strategic planning initiatives.
    The Post-Disaster Survivor Preparedness Survey was created after 
the 2017 hurricane season where Hurricanes Harvey, Irma, and Maria 
significantly impacted historically underserved communities and 
illustrated the critical importance of tailoring preparedness and 
warning information for specific local features, and the need for 
protective action guidance based on these likely local impacts. This 
survey helps identify how members of specific communities impacted by 
disasters prepare, as well as the barriers that prevent underserved 
individuals and families from being more prepared.
    The Preparedness Activity Registration and Feedback collection 
provides general feedback on the (1) effectiveness of national FEMA 
preparedness programs and initiatives; (2) website user experience; (3) 
activity details and other information regarding the type, size, and 
location of preparedness activities hosted by members of the public and 
community organizers; (4) point of contact information for registration 
within the site, follow-on communication, if needed, and future 
engagement requests that will allow for the public to enroll in the 
Individual and Community Preparedness Division newsletter or other 
public communications; and (6) publication ordering via submitting

[[Page 69286]]

requests to the FEMA publication warehouse to have materials shipped 
directly to members of the public.
    FEMA is updating this System of Records Notice to reflect the 
following changes. First, the system name is revised to incorporate 
additional Individual and Community Preparedness Division programs and 
activities. When the system of records was established, Citizen Corps 
was the primary program in the Individual and Community Preparedness 
Division. Since that time, Citizen Corps has become one of many 
Individual and Community Preparedness Division programs and the purpose 
of this update is to incorporate all current Individual and Community 
Preparedness Division collections. The system name has been updated to 
accurately align with additional Individual and Community Preparedness 
Division programs.
    Second, the system location is updated to accurately reflect the 
location of the records within the Federal Risk and Authorization 
Management Program (FedRAMP) approved Salesforce Government Cloud 
environment, a Software-as-a-Service (SaaS) cloud system located in 
Salesforce Data Center, Ashburn, VA.
    Third, the purpose of the system is updated to document the various 
preparedness activities, programs, and surveys administered by FEMA, in 
addition to the Citizen Corp and CERT programs.
    Fourth, the authority for maintenance of the system is updated to 
include FEMA's statutory authority to administer preparedness 
activities, programs, and surveys.
    Fifth, the category of individuals has been revised to include 
individuals engaging in preparedness programs, in addition to Citizen 
Corp and CERT programs, and survey respondents for preparedness 
assessment surveys.
    Sixth, the category of records has been updated to include date of 
birth, race/ethnicity, gender/sex, academic records, letters of 
recommendation, school grade level and extracurricular activities (for 
Youth Preparedness Council only; disciplinary records are not requested 
or required). Other CERT program information has been removed.
    Seventh, the record source categories are modified to align with 
the system's purpose and to include additional sources of records.
    Eighth, record access procedures are updated to include 
notification procedures that reflect FEMA's internal reorganization.
    Finally, routine uses are updated to comply with OMB Memorandum M-
17-12 requiring disclosure of information necessary to respond to a 
breach either of the agency's personally identifiable information or, 
as appropriate, to assist another agency in its response to a breach. 
The incident-related routine uses will help identify what information 
was potentially compromised, the population of individuals potentially 
affected, the purpose for which the information had originally been 
collected, the permitted uses and disclosures of the information, and 
other information that may be useful when developing the agency's 
incident response. Former Routine Use H has been removed from the 
System of Records Notice. Previous Routine Uses I and J have been 
combined, re-lettered, and modified to reflect the current name of the 
program, Citizen Responder and CERT. Routine Use J has been added to 
account for the use of FEMA data to conduct testing of new 
technologies, with the exception of Youth Preparedness Council data.
    DHS/FEMA may share information with appropriate federal, state, 
local, tribal, territorial, foreign, or international government 
agencies, consistent with the routine uses set forth in this System of 
Records Notice.
    This updated system will be included in DHS's inventory of record 
systems.

II. Privacy Act

    The fair information practice principles found in the Privacy Act 
underpin the statutory framework governing the means by which Federal 
Government agencies collect, maintain, use, and disseminate 
individuals' records. The Privacy Act applies to information that is 
maintained in a ``system of records.'' A ``system of records'' is a 
group of any records under the control of an agency from which 
information is retrieved by the name of an individual or by some 
identifying number, symbol, or other identifying particular assigned to 
the individual. In the Privacy Act, an individual is defined to 
encompass U.S. citizens and lawful permanent residents. Additionally, 
the Judicial Redress Act (JRA) provides covered persons with a 
statutory right to make requests for access and amendment to covered 
records, as defined by the Judicial Redress Act, along with judicial 
review for denials of such requests. In addition, the Judicial Redress 
Act prohibits disclosures of covered records, except as otherwise 
permitted by the Privacy Act.
    Below is the description of the DHS/FEMA-006 Individual and 
Community Preparedness System of Records.
    In accordance with 5 U.S.C. 552a(r), DHS has provided a report of 
this system of records to the Office of Management and Budget and to 
Congress.

SYSTEM NAME AND NUMBER:
    Department of Homeland Security (DHS)/Federal Emergency Management 
Agency (FEMA)-006 Individual and Community Preparedness System of 
Records.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Records are maintained at the FEMA Headquarters in Washington, DC, 
and field offices. Records also are maintained in the Salesforce 
Government Cloud environment located in Salesforce Data Center, 
Ashburn, VA.

SYSTEM MANAGER(S):
    Individual and Community Preparedness Division (ICPD) Preparedness 
Behavior Change Branch Chief, 500 C St SW, Washington, DC 20472.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Robert T. Stafford Disaster Relief and Emergency Assistance Act, 
Public Law 93-288, as amended, Sec. 611, at 42 U.S.C 5196(e); 6 U.S.C. 
314(a)(9)(B); 6 U.S.C. 313(b)(1), (b)(2)(H); Exec. Order (E.O.) No. 
13254, ``Establishing the USA Freedom Corps'', Jan. 29, 2002, as 
amended by E.O. 13286.

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system is to enable FEMA to facilitate contact 
between individuals, communities, and organizations about their 
interest in preparedness and specific voluntary programs; enable 
individuals, communities, and organizations to register and participate 
in FEMA's Individual and Community Preparedness Division programs; and 
enable FEMA to correspond with community stakeholder organizations, 
administer surveys, and receive survey responses. As a whole, these 
records enable FEMA and the Individual and Community Preparedness 
Division to connect with individuals, organizations, and communities 
with research, training, and tools to build and sustain capabilities to 
prepare for any disaster, hazard, or emergency.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals designated as the points of contact for a citizen 
responder team (Community Emergency Response Team (CERT) or Citizen 
Corps partner organization), members of the public who contact the 
agency about their interest in preparedness programs,

[[Page 69287]]

which may include youth between grades 8 and 11, their parents or 
guardians, or individuals recommending the youth for preparedness 
programs. This system will also include members of the public who 
respond to FEMA-administered preparedness assessment surveys.

CATEGORIES OF RECORDS IN THE SYSTEM:
     Individual's Name;
     Organization or Sponsoring Organization;
     Telephone Number;
     Fax Number;
     Mailing Address;
     Email Address;
     Unique User ID (for IT system access);
     Password (for IT system access);
     User Type;
     Date of Birth;
     Race/Ethnicity;
     Gender/Sex;
     Academic Records;
     Letter of Recommendation, including Relationship to 
Applicant;
     School Grade Level;
     Extracurricular Activities;
     Volunteer Program Area and Type of Interest;
     Emergency Preparedness Training Information (e.g., courses 
taken and dates of courses);
     Community Preparedness Surveys and Instruments (aggregate 
self-reported attitudes, opinions and experiences of disasters and 
preparedness)

RECORD SOURCE CATEGORIES:
    FEMA collects information directly from the individuals who 
contact, correspond with, register for, and participate in FEMA's 
Individual and Community Preparedness programs.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DHS as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To the Department of Justice (DOJ), including the U.S. Attorneys 
Offices, or other federal agencies conducting litigation or proceedings 
before any court, adjudicative, or administrative body, when it is 
relevant or necessary to the litigation and one of the following is a 
party to the litigation or has an interest in such litigation:
    1. DHS or any component thereof;
    2. Any employee or former employee of DHS in his/her official 
capacity;
    3. Any employee or former employee of DHS in his/her individual 
capacity, only when DOJ or DHS has agreed to represent the employee; or
    4. The United States or any agency thereof.
    B. To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of the individual to whom the record pertains.
    C. To the National Archives and Records Administration (NARA) or 
General Services Administration pursuant to records management 
inspections being conducted under the authority of 44 U.S.C. secs. 2904 
and 2906.
    D. To an agency or organization for the purpose of performing audit 
or oversight operations as authorized by law, but only such information 
as is necessary and relevant to such audit or oversight function.
    E. To appropriate agencies, entities, and persons when (1) DHS 
suspects or has confirmed that there has been a breach of the system of 
records; (2) DHS has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, DHS (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with DHS's efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm.
    F. To another federal agency or federal entity, when DHS determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach.
    H. To contractors and their agents, grantees, experts, consultants, 
and others performing or working on a contract, service, grant, 
cooperative agreement, or other assignment for DHS, when necessary to 
accomplish an agency function related to this system of records. 
Individuals provided information under this routine use are subject to 
the same Privacy Act requirements and limitations on disclosure as are 
applicable to DHS officers and employees.
    I. To organizations participating, partnering, or affiliated with 
the Citizen Responder Program if an individual has volunteered to 
assist or requested information about this specific type of 
organization.
    J. To appropriate federal, state, local, tribal, or foreign 
governmental agencies or multilateral governmental organizations, with 
the approval of the Chief Privacy Officer, when DHS is aware of a need 
to use relevant aggregate, deidentified data, that relate to the 
purpose(s) stated in this System of Records Notice, for purposes of 
testing new technology. Data collected through the Youth Preparedness 
Council will not be used to test new technology.
    K. To the news media and the public, with the approval of the Chief 
Privacy Officer in consultation with counsel, when there exists a 
legitimate public interest in the disclosure of the information, when 
disclosure is necessary to preserve confidence in the integrity of DHS, 
or when disclosure is necessary to demonstrate the accountability of 
DHS's officers, employees, or individuals covered by the system, except 
to the extent the Chief Privacy Officer determines that release of the 
specific information in the context of a particular case would 
constitute a clearly unwarranted invasion of personal privacy.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    DHS/FEMA stores records in this system electronically or on paper 
in secure facilities in a locked drawer behind a locked door. The 
records may be stored on magnetic disc, tape, and digital/electronic 
media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    DHS/FEMA may retrieve records using a system-generated case number 
associated with a unique application, or by Name, Mailing Address, 
Email Address, Phone Number, and User ID and password. DHS/FEMA may 
also retrieve records by non-personal information in aggregate, such as 
CERTs or survey respondents by county or state location, preparedness 
events by number of training events held per period-of-time, average 
positive feedback rating on preparedness surveys, and types of 
preparedness events and activities conducted by individuals.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Youth Preparedness Council applications are maintained in 
accordance with National Archives and

[[Page 69288]]

Records Administration N1-311-86-1, Item 1K1c (Administrative records 
common to most offices in FEMA). In accordance with N1-311-86-1, Item 
1K1c, for enrolled applicants, Youth Preparedness Council application 
records will be destroyed at the end of the calendar year of the 
applicant's last year in the program. For applicants that are not 
enrolled, Youth Preparedness Council application records will be 
destroyed at the end of calendar year submitted.
    For all other Individual and Community Preparedness Division 
records (e.g., results from surveys) that are not Youth Preparedness 
Council applications, the records are only retained until they are 
incorporated into the master file in accordance with NARA General 
Records Schedule 5.2, Item 20. (Intermediary Records). Individual and 
Community Preparedness Division staff use the collected data for 
studies and development of trend analysis. Records are continuously 
used and monitored and are retained until they are no longer deemed 
useful for analysis after which the records will be destroyed after 
another 3 years in accordance with NARA General Records Schedule 5.3, 
Item 010 (continuity planning and related emergency planning files).

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    DHS/FEMA safeguards records in this system according to applicable 
rules and policies, including all applicable DHS automated systems 
security and access policies. DHS/FEMA has imposed strict controls to 
minimize the risk of compromising the information that is being stored. 
Access to the computer system containing the records in this system is 
limited to those individuals who have a need to know the information 
for the performance of their official duties and who have appropriate 
clearances or permissions.

RECORD ACCESS PROCEDURES:
    Individuals seeking access to and notification of any record 
contained in this system of records, or seeking to contest its content, 
may submit a request in writing to the Chief Privacy Officer and the 
FEMA Freedom of Information Act (FOIA) Officer, whose contact 
information can be found at https://www.dhs.gov/foia under ``Contact 
Information.'' If an individual believes more than one component 
maintains Privacy Act records concerning them, the individual may 
submit the request to the Chief Privacy Officer and Chief Freedom of 
Information Act Officer, Department of Homeland Security, Washington, 
DC 20528-0655 or electronically at https://www.dhs.gov/dhs-foia-privacy-act-request-submission-form. Even if neither the Privacy Act 
nor the Judicial Redress Act provide a right of access, certain records 
about you may be available under the Freedom of Information Act.
    When an individual is seeking records about themself from this 
system of records or any other Departmental system of records, the 
individual's request must conform with the Privacy Act regulations set 
forth in 6 CFR part 5. The individual must first verify their identity, 
meaning that the individual must provide their full name, current 
address, and date and place of birth. The individual must sign the 
request, and the individual's signature must either be notarized or 
submitted under 28 U.S.C. 1746, a law that permits statements to be 
made under penalty of perjury as a substitute for notarization. An 
individual may obtain more information about this process at https://www.dhs.gov/foia. In addition, the individual should, whenever 
possible:
     Explain why they believe the Department would have 
information being requested;
     Identify which component(s) of the Department they believe 
may have the information;
     Specify when the individual believes the records would 
have been created; and
     Provide any other information that will help the FOIA 
staff determine which DHS component agency may have responsive records;
    If the request is seeking records pertaining to another living 
individual, the request must include an authorization from the 
individual whose record is being requested, authorizing the release to 
the requester.
    Without the above information, the component(s) may not be able to 
conduct an effective search, and the individual's request may be denied 
due to lack of specificity or lack of compliance with applicable 
regulations.

CONTESTING RECORD PROCEDURES:
    For records covered by the Privacy Act or covered Judicial Redress 
Act records, individuals may make a request for amendment or correction 
of a record of the Department about the individual by writing directly 
to the Department component that maintains the record, unless the 
record is not subject to amendment or correction. The request should 
identify each particular record in question, state the amendment or 
correction desired, and state why the individual believes that the 
record is not accurate, relevant, timely, or complete. The individual 
may submit any documentation that would be helpful. If the individual 
believes that the same record is in more than one system of records, 
the request should state that and be addressed to each component that 
maintains a system of records containing the record.

NOTIFICATION PROCEDURES:
    See ``Record Access Procedures'' above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    78 FR 43890 (July 22, 2013); 73 FR 77785 (December 19, 2008).
* * * * *

Lynn P. Dupree,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2022-25124 Filed 11-17-22; 8:45 am]
BILLING CODE 9110-17-P