Privacy Act of 1974; Department of Homeland Security Federal Emergency Management Agency-003 National Flood Insurance Program Files System of Records
Notice Of Privacy Act System Of Records.
In accordance with the Privacy Act of 1974, the Department of Homeland Security proposes to consolidate, update, and reissue the current Department of Homeland Security/Federal Emergency Management Agency system of records titled, “Department of Homeland Security/Federal Emergency Management Agency—003 National Flood Insurance Program Files System of Records” with the systems of records titled, “Department of Homeland Security/Federal Emergency Management Agency/Mitigation/Mitigation—1 National Flood Insurance Program Claims Appeals Process,” and “Department of Homeland Security/Federal Emergency Management Agency—007 National Flood Insurance Program Marketing Files.” This consolidated and updated system of records enables the Department of Homeland Security/Federal Emergency Management Agency to administer all aspects of the National Flood Insurance Program. The Department has consolidated and updated these systems of records to more accurately reflect how the Department of Homeland Security/Federal Emergency Management Agency collects, maintains, and shares information pertaining to the National Flood Insurance Program.
The Department of Homeland Security/Federal Emergency Management Agency has consolidated categories of individuals, categories of records, authority for maintenance, routine uses, retrievability, retention and disposal, and record sources to accurately reflect the entirety of the National Flood Insurance Program, and to reflect the Biggert-Waters Act. Also, the Department of Homeland Security/Federal Emergency Management Agency is updating the consolidated system of records notice to include: (1) Category of individuals; (2) category of records; and (3) routine uses. Additionally, this notice includes non-substantive changes to simplify the formatting and text of the previously published notices. This consolidated and updated system will be included in the Department's inventory of record systems.
Table of Contents Back to Top
- FOR FURTHER INFORMATION CONTACT:
- SUPPLEMENTARY INFORMATION:
- I. Background
- II. Privacy Act
- System of Records
- System name:
- Security classification:
- System location:
- Categories of individuals covered by the system:
- Categories of records in the system:
- Authority for maintenance of the system:
- Routine uses of records maintained in the system, including categories of users and the purposes of such uses:
- Disclosure to consumer reporting agencies:
- Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:
- Retention and disposal:
- System Manager and address:
- Notification procedure:
- Record access procedures:
- Contesting record procedures:
- Record source categories:
- Exemptions claimed for the system:
DATES: Back to Top
Submit comments on or before June 18, 2014 This new system will be effective June 18, 2014.
ADDRESSES: Back to Top
You may submit comments, identified by docket number DHS-2014-0028 by one of the following methods:
- Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
- Fax: 202-343-4010.
- Mail: Karen L. Neuman, Chief Privacy Officer, Privacy Office, Department of Homeland Security, 245 Murray Drive SW., Building 410, STOP-0655, Washington, DC 20528.
Instructions: All submissions received must include the agency name and docket number for this rulemaking. All comments received will be posted without change and may be read at http://www.regulations.gov, including any personal information provided.
Docket: For access to the docket to read background documents or comments received, go to http://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: Back to Top
For general questions, please contact Eric M. Leckey (202) 212-5100, Privacy Officer, Federal Emergency Management Agency, Department of Homeland Security, Washington, DC 20528. For privacy issues please contact Karen L. Neuman (202) 343-1717, Chief Privacy Officer, Privacy Office, 245 Murray Drive SW., Building 410, STOP-0655, Washington, DC 20528.
SUPPLEMENTARY INFORMATION: Back to Top
I. Background Back to Top
In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Department of Homeland Security (DHS), Federal Emergency Management Agency (FEMA) proposes to consolidate, update, and reissue the current DHS system of records titled, “DHS/FEMA—003 National Flood Insurance Program Files System of Records” to include the systems of records titled, “DHS/FEMA/Mitigation/Mitigation—1 National Flood Insurance Program Claims Appeals Process” and “DHS/FEMA—007 National Flood Insurance Program Marketing Files,” to form one comprehensive system of records notice that accurately reflects all information collection and maintenance pertaining to the National Flood Insurance Program.
Congress passed the National Flood Insurance Act (NFIA), 42 U.S.C. 4001 in 1968, creating the National Flood Insurance Program (NFIP) in order to reduce future flood losses through flood hazard identification, manage floodplain, and provide insurance protection. The Department of Housing and Urban Development (HUD) originally administered the NFIP, and Congress subsequently transferred the NFIP to FEMA upon its creation in 1979. FEMA and insurance companies participating in FEMA's Write Your Own (WYO) program offer NFIP insurance coverage for building structures as well as for contents and personal property with the building structures to eligible and insurable properties. Individuals seeking flood insurance are required to submit an application with all necessary information in order to properly rate their property and issue an appropriate insurance policy.
FEMA administers NFIP by ensuring insurance applications are processed properly; determining correct premiums; renewing, reforming, and cancelling insurance policies; transferring policies from the seller of the property to the purchaser of the property in certain circumstances; and processing insurance claims. Individuals obtain a NFIP policy directly from FEMA or through a private insurance company participating in NFIP's WYO program. The WYO program began in 1983 with NFIP operating under Part B of the NFIA, and allows FEMA to authorize private insurance companies to issue the Standard Flood Insurance Policy (SFIP) as FEMA's fiduciary and fiscal agent. Building and contents coverage may be purchased separately or together under NFIP.
Participating WYO insurance companies sell a SFIP to a home or business owner, which is often an existing customer who has also purchased other private lines of insurance (such as home and fire). Mortgage lenders require borrowers to purchase flood insurance in addition to regular homeowner's insurance because NFIA requires flood insurance as a condition for obtaining a federally-backed mortgage for a property located in a Special Flood Hazard Area (SFHA) as shown on the Flood Insurance Rate Map (FIRM). The home or business owner is required to purchase flood insurance as a condition for obtaining a federally-backed loan if an owner or borrower's insurance company participates in the WYO program and the home or business owner's building is located in an SFHA. In addition, mortgage lenders can contractually require the owner or borrower to obtain flood insurance.
Flood insurance agents and brokers serving owners or applicants submit flood applications to FEMA's NFIP Direct Servicing Agent (DSA) or to a participating WYO insurance company as the prospective insurer. The DSA (for FEMA-issued policies) or insurer processes the applications, policies, and claims. The DSA or insurer receives the application, processes the application, and determines eligibility and premiums for the policy. The DSA or insurer then issues the appropriate SFIP policy in accordance with the applicable statutes and regulations.
FEMA's Community Rating System (CRS) enables flood insurance premiums to be less expensive for insurance policy holders in communities that implement protective floodplain management practices designed to lessen the impact of damages caused by future floods to insurable property. These practices include activities such as enforcing building codes that limit new construction in flood prone areas and implementing public education programs to avoid flood damage.
Private insurers issue SFIPs in their own name, administer and process SFIP claims, and market and sell SFIPs in their capacity as FEMA's fiduciary and fiscal agent under the WYO program. The paid premiums of SFIPs and claims payments for damaged property are processed through the National Flood Insurance Fund (NFIF). NFIF was established by the National Flood Insurance Act of 1968 (42 U.S.C. 4001, et seq.), and is a centralized premium revenue and fee-generated fund that supports NFIP, which holds these U.S. Treasury funds. Portions of the paid SFIP premiums cover the private insurer's administrative and operating costs. Thus, the private insurers' own funds are not used in issuing checks to SFIP claimants. Private insurers handle all SFIP claims they issue and adjust and settle SFIP claims consistent with FEMA guidelines and standards.
FEMA directly handles appeals from all policyholders pursuant to 44 CFR 62.20 processes. Section 205 of the Bunning-Bereuter-Blumenauer Flood Insurance Reform Act of 2004 (FIRA), 42 U.S.C. 4011, requires FEMA to establish an appeals process for flood insurance policyholders to dispute claims, proof of loss, or loss estimate decisions made by any insurance agent or adjuster, WYO agent, insurance company, or FEMA.
As part of NFIP, FEMA engages in marketing efforts to publicize and educate the public on the NFIP program in accordance with 42 U.S.C. 4020. FEMA targets these marketing efforts towards homeowners and business owners whose properties are located in a participating NFIP community. FEMA also provides useful general rate quote information to prospective flood insurance buyers by linking them with prospective insurance agents serving their areas. FEMA facilitates this connection using internet Web sites and other marketing media to provide a 1-800 number to the NFIP Telephone Response Center that provides general information about NFIP.
Previously, DHS/FEMA issued separate systems of records notices to cover information collection and maintenance in the various NFIP functions. However, FEMA is consolidating key NFIP program functions into one comprehensive notice to streamline compliance documentation processes and increase transparency. DHS/FEMA has consolidated categories of individuals, categories of records, authority for maintenance, routine uses, retrievability, retention and disposal, and record sources from the previous system of records notices to more accurately reflect these NFIP systems and functions. DHS/FEMA proposes to update and reissue this renewed system of records notice as a result of a review necessary to consolidate the system of records. First, FEMA updated the category of individuals to include individuals requesting NFIP information and Severe Repetitive Loss (SRL) property owners (previously known as Repetitive Loss Target Group). FEMA next modified the category of records to include documents submitted to DHS/FEMA verifying primary residence, names and contact information of insurance adjusters, and individuals seeking NFIP information. Changes to category of records also include notations and documentation of payments and payment related transactions or inquiries from other sources regarding insured properties (such as mortgage lenders). Finally, FEMA updated the routine uses to include the addition of routine use (V) that allows FEMA to share information with private reinsurers, private capital firms, and financial institutions to comply with section 232(c)(2) of Biggert Waters Act of 2012. Additionally, FEMA modified routine use (A) to include former employees of DHS and to eliminate redundant language; updated routine use (C) to specify that information may be shared with the General Services Administration (GSA); and modified routine uses (D), (E), (O), (P), and (Q) for clarity.
This system of records allows DHS/FEMA to collect and maintain records and information regarding applicants, policyholders, prospective policyholders, insurance agents, and other individuals associated with NFIP. DHS/FEMA needs the information in order to properly administer the NFIP. The NFIP system collects and maintains records of individuals that seek NFIP policies and/or rate quotes, apply for an NFIP policy, make NFIP insurance claims, appeal flood insurance claim decisions, and are involved in NFIP administration or marketing efforts.
Consistent with DHS and FEMA's information-sharing mission, information stored in the DHS/FEMA—003 National Flood Insurance Program Files System of Records may be shared with other DHS components that have a need to know the information to carry out their national security, law enforcement, immigration, intelligence, or other homeland security functions. In addition, DHS/FEMA may share information with appropriate federal, state, local, tribal, territorial, foreign, or international government agencies consistent with the routine uses set forth in this system of records notice.
This consolidated and updated system will be included in DHS's inventory of record systems.
II. Privacy Act Back to Top
The Privacy Act embodies fair information principles in a statutory framework governing the means by which the Federal Government agencies collect, maintain, use, and disseminate individuals' records. The Privacy Act applies to information that is maintained in a “system of records.” A “system of records” is a group of any records under the control of an agency from which information is retrieved by the name of an individual or by identifying number, symbol, or other identifying particular assigned to the individual. In the Privacy Act, an individual is defined to encompass U.S. citizens and lawful permanent residents. As a matter of policy, DHS extends administrative Privacy Act protections to all individuals when systems of records maintain information on U.S. citizens, lawful permanent residents, and visitors.
Below is the description of the DHS/FEMA—003 National Flood Insurance Program Files System of Records.
In accordance with 5 U.S.C. 552a(r), DHS has provided a report of this system of records to the Office of Management and Budget (OMB) and to Congress.
System of Records Back to Top
Department of Homeland Security (DHS)/Federal Emergency Management Agency (FEMA)—003
DHS/FEMA—003 National Flood Insurance Program Files.
FEMA maintains records at FEMA Headquarters in Washington, DC and FEMA field offices, Write Your Own (WYO) companies' office locations, and the Direct Servicing Agent (DSA) offices. Additionally, FEMA may store records in the FEMA National Flood Insurance Program (NFIP) Information Technology Systems (ITS) and FloodSmart.
Categories of individuals covered by the system:
Categories of individuals covered by this system include individual flood insurance policyholders; policyholders who claim losses due to flooding; flood insurance claimants who appeal flood loss decisions; individuals requesting NFIP information; applicants (individuals or certifiers); Severe Repetitive Loss (SRL) property owners (previously known as Repetitive Loss Target Group); independent insurance agents; WYO insurance companies and WYO company agents; representatives from communities that submit Community Rating System (CRS) applications; and certified flood adjusters.
Categories of records in the system:
Categories of records in the NFIP system include:
- Individual or property owner's name;
- Social Security number (SSN) for older policies, as NFIP has ceased collecting and maintaining this information;
- Property addresses;
- Telephone numbers;
- Email address;
- Tax Identification Number (TIN);
- Insurance policy numbers and coverage information;
- Group Flood Insurance Program (GFIP) Certificate Holders Property (CHP) information:
○ Name of the bank or lender;
○ Date of mortgage; and
○ Address of bank/lender.
- Loan information, such as:
○ Loan number;
○ Names and addresses of first and possible second mortgages; and
○ File or identification number of loan.
- Administration records regarding an individual's policy, such as:
○ Transaction errors and rejects per WYO Company; and
○ Documents and photographs necessary to substantiate claims for losses not covered by policy (such as burglary or robbery);
- Elevation certificates of insured properties;
- Documents verifying primary residence of policyholder (i.e., driver's license or automobile registration);
- Adjuster reports and notations of adjusting company's paid bills (including photographs diagrams of damaged property that may or may not be covered by insurance);
- Names and contact information of insurance agents, adjusters, and adjusting companies;
- Property payments, related transaction notations, and records from other sources (i.e., homeowners insurance carrier and mortgage lender);
- Data elements required for reporting purposes under the FEMA Mitigation Directorate Bureau and Statistical Agent contract for private insurance companies including:
○ Policy reinstatement with/without policy changes;
○ Insurance claims; and
○ Payment of claims.
FEMA collects the following records to administer the claims appeal process:
- Property address where the loss occurred;
- List of damaged personal or real property that is subject of the appeal;
- Policyholder's statement of facts about the claim;
- Policyholder's statement on why the policyholder is disputing the claim's disposition and supporting proof or records to document the policyholder's position;
- Correspondence pertaining to the appeal, which includes the individual's contact information; and
- FEMA's appeal decision.
FEMA collects the following records to administer marketing efforts:
- Accounts or order numbers;
- Names and address of individuals seeking NFIP information;
- Flood insurance quote rate information and flood map zone rating for individuals seeking NFIP information;
- Individuals' feedback regarding NFIP, including information regarding awareness, attitudes, and satisfaction;
- Telephone Response Center (TRC) records regarding research conducted with policyholders, insurance agents, and WYO companies; and
- Names and contact information of insurance companies and agents responding to quote requests.
FEMA collects the following records to administer CRS rating determinations:
- CRS applications to adjust NFIP insurance premiums based on the mitigation activities implemented by a community;
- CRS participant (community and local government agency) contact information; and
- Other verification documents associated with CRS participation (such as elevation certificates).
Authority for maintenance of the system:
National Flood Insurance Act of 1968, as amended, 42 U.S.C. 4001, et seq.
The purpose of this system of records is to manage and account for key NFIP aspects including policy or program marketing, policy issuance, claims processing, and claims appeals.
Routine uses of records maintained in the system, including categories of users and the purposes of such uses:
In addition to those disclosures permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records of information contained in this system may be disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To the Department of Justice (DOJ), including Offices of the U.S. Attorneys, or other federal agency conducting litigation or in proceedings before any court, adjudicative, or administrative body, when it is relevant or necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation:
1. DHS or any component thereof;
2. Any employee or former employee of DHS in his/her official capacity;
3. Any employee or former employee of DHS in his/her individual capacity when DOJ or DHS has agreed to represent the employee; or
4. The U.S. or any agency thereof.
B. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains.
C. To the National Archives and Records Administration (NARA) or General Services Administration pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.
D. To an agency or organization for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.
E. To appropriate agencies, entities, and persons when:
1. DHS suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised;
2. DHS has determined that as a result of the suspected or confirmed compromise, there is a risk of identity theft or fraud, harm to economic or property interests, harm to an individual, or harm to the security or integrity of this system or other systems or programs (whether maintained by DHS or another agency or entity) that rely upon the compromised information; and
3. The disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DHS's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.
F. To contractors and their agents, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or assignment for DHS, when necessary to accomplish an agency function related to this system of records. Any individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to DHS officers and employees.
G. To an appropriate federal, state, tribal, local, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, when a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations and such disclosure is proper and consistent with the official duties of the person making the disclosure.
H. To Write Your Own insurance companies as authorized under 44 CFR 62.23 to administer flood insurance in partnership with FEMA.
I. To federal, state, local, and tribal government agencies, insurance companies, and established voluntary organizations in order to determine eligibility for benefits, verify non-duplication of benefits following a flooding event or another disaster, and provide needs unmet by NFIP claims payouts within their jurisdictions and service areas.
J. To state government agencies in order to provide GFIP certificates for carrying out the purposes of the NFIP within its jurisdiction.
K. To property loss reporting bureaus, state insurance departments, and insurance companies to investigate fraud or potential fraud in connection with claims, subject to the approval of the DHS Office of the Inspector General.
L. To state, local, and tribal government agencies to ascertain the degree of financial burdens they expect to assume in the event of a flooding disaster within its jurisdiction.
M. To state, local, and tribal government agencies to further NFIP outreach and education activities within their jurisdiction.
N. To state, local, and tribal government agencies that provide names, addresses of policyholders within their jurisdictions, and a brief general description of their plan for acquiring and relocating their flood prone properties for the purpose of ensuring that communities engage in floodplain management, improved real property acquisitions, and relocation projects that are consistent with the NFIP. This is contingent upon the Federal Insurance Mitigation Administration determining that the use furthers the flood plain management and hazard mitigation goals of the agency.
O. To the Army Corps of Engineers and federal, state, local, and tribal government agencies to review NFIP policy and claims information for properties within its jurisdiction in order to assist in hazard mitigation and floodplain management activities, and in monitoring compliance with the floodplain management measures adopted by the community.
P. To lending institutions and mortgage servicing companies for purposes of assisting with lender compliance.
Q. To current owners of properties for the purpose of providing the dates and dollar amounts of past loss payments made to the said property.
R. To federal, state, local, and tribal government agencies to conduct research, analysis, and feasibility studies of policies and claims within its jurisdiction.
S. To financial institutions for purposes of providing referral or cooperative reimbursement payments to insurance agents to share marketing and advertising costs between NFIP and entities participating in the NFIP.
T. To community officials and representatives to provide repetitive loss records of properties within that community.
U. To OMB in for purposes related to the review of private relief legislation in accordance with OMB Circular No. A-19.
V. To private reinsurers, private capital firms, and financial institutions for the purposes of preparing NFIP assumption of risk proposals.
W. To the news media and the public, with the approval of the Chief Privacy Officer in consultation with counsel, when there exists a legitimate public interest in the disclosure of the information, when disclosure is necessary to demonstrate the accountability of DHS's officers, employees, or individuals covered by the system, except to the extent the Chief Privacy Officer determines that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.
Disclosure to consumer reporting agencies:
DHS/FEMA discloses information from this system to “consumer reporting agencies,” per 5 U.S.C. 552a(b)(12), as defined in the Fair Credit Reporting Act, 15 U.S.C. 1681a(f), as amended; or the Federal Claims Collection Act of 1966, 31 U.S.C. 3701(a)(3), as amended.
Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:
DHS/FEMA stores records in this system electronically or on paper in secure facilities, in a locked drawer, and behind a locked door. The records are stored on magnetic disc, tape, and digital media.
DHS/FEMA retrieves records by individual or policyholder's name; an individual's insurance policy number; Repetitive Loss Target Group number; property address or legal description of the property; telephone number; insurance agents; an individual's uniquely identifying case, account, or order number; and CRS application number.
DHS/FEMA safeguards records in this system according to applicable rules and policies, including all applicable DHS automated system security access policies. DHS/FEMA has imposed strict controls to minimize the risk of compromising the information that is being stored. Access to the computer system containing the records in this system is limited to those individuals who have a need to know the information for the performance of their official duties and who have appropriate clearances or permissions.
Retention and disposal:
Policy records are kept as long as the property owner is enrolled in the insurance program and pays the policy premiums. Records are cutoff when the file becomes inactive. Policy records are destroyed five years after the cutoff with FEMA Records Schedule N1-311-86-1, Item 1A13a(2). Claim records are maintained for six years and three months after final action, unless litigation exists. Records are disposed in accordance with FEMA Records Schedule N1-311-86-1, Item 2A212(2)(b). Claims records with pending litigation are destroyed after review by General Counsel with FEMA Records Schedule N1-311-86-1, Item 2A13a(1). Consumer records, including CRS records are retired to the Federal Records Center two years after cutoff, and destroyed 10 years after cutoff in accordance with FEMA Records Schedule N1-311-02-01, Item 4.
System Manager and address:
Associate Administrator, Federal Insurance and Mitigation Administration, FEMA Headquarters, 500 C Street SW., Washington, DC 20472.
Individuals seeking notification of and access to any record contained in this system of records, or seeking to contest its content, may submit a request in writing to FEMA's FOIA Officer, whose contact information can be found at http://www.dhs.gov/foia under “Contacts.” If an individual believes more than one component maintains Privacy Act records concerning him or her, the individual may submit a request to the Chief Privacy Officer and Chief Freedom of Information Act Officer, Department of Homeland Security, 245 Murray Drive SW., Building 410, STOP-0655, Washington, DC 20528.
When seeking records about yourself from this system of records or any other Departmental system of records, your request must conform with the Privacy Act regulations set forth in 6 CFR Part 5. You must first verify your identity, meaning that you must provide your full name, current address, and date and place of birth. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. While no specific form is required, you may obtain forms for this purpose from the Chief Privacy Officer and Chief Freedom of Information Act Officer, http://www.dhs.gov/foia or 1-866-431-0486. In addition you should:
- Explain why you believe the Department would have information on you;
- Identify which component(s) of the Department you believe may have the information about you;
- Specify when you believe the records would have been created;
- Provide any information that will help the FOIA staff determine which DHS component agency may have responsive records; and
If your request is seeking records pertaining to another living individual, you must include a statement from that individual certifying his/her agreement for you to access his/her records.
Without this bulleted information the component(s) may not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations.
Record access procedures:
See “Notification procedure” above.
Contesting record procedures:
See “Notification procedure” above.
Record source categories:
Records are obtained from individuals who apply for and individuals who are insured under the NFIP; WYO companies; flood insurance agents and lenders; individuals requesting NFIP information; insurance appraisal records, title reports, homeowner reports, notations, and documents from homeowner/condominium associations, and NFIP flood maps. DHS/FEMA and WYO companies use various Housing and Urban Development (HUD) and FEMA forms to collect information within this system of records.
Exemptions claimed for the system:
Dated: May 8, 2014
Karen L. Neuman,
Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2014-11386 Filed 5-16-14; 8:45 am]
BILLING CODE 4410-10-P