Download:
pdf |
pdfPrivacy Impact Assessment
for the
Mapping Information Platform (MIP)
October 1, 2010
Contact Point
Mary Jo Mullen
FEMA
202-646-3227
Reviewing Official
Mary Ellen Callahan
Chief Privacy Officer
Department of Homeland Security
(703) 235-0780
�omeland
Security
Privacy Impact Assessment
FEMA, Multihazard Information Platform
3
Abstract
The Mapping
Platform (MTP) is provided to support the National Flood Insurance
Program
This project provides an online method to
and update the
which define
flood planes throughout the
and its territories.
collection of data which is used to support this
about the names and
effort causes
data in this application's repository to contain
addresses of mapping professionals which constitutes PlI.
Overview
The National Flood Insurance Act of 1968, Public Law 90-448, as amended by the Flood Disaster
Protection Act
1973, Public Law 93-234, established that the NFIP will provide flood insurance in
voluntarily adopt
floodplain management ordinances that meet minimum
communities by producing flood maps that
NFIP requirements. As part
the NFTP, FEMA
(SFHA). This
indicate, among
things, which
are located in Special Flood Hazard
application maintains and
maps which define
statutory zones
During the process of administering the flood maps it sometimes u,-",v",,,,,,
those maps.
process
the maps
that
professionals
etc.) make changes to the maps
appropriate research and surveys have been performed to justify the
amendment. To ensure that only proper changes to the maps are made, the
professional. This
when taken in
is considered
information about the
PH and must
protected. Records in the system are retained for 20 years after creation
record in
accordance with records schedule N 1-311-86-1
The processes that collect PH are called the electronic Letter of Map Amendment (eLOMA)
process, and the paper Amendments and
Workflow. During the eLOMA process
certifying
professionals provide data necessary to establish their competence to
maps. This is done by
providing their licensed engineer certification number or
surveyor certification number.
is to
protected by the
This information when
their
and their
During the paper
amendments and revisions
simple ownership changes are not entered by
certified professionals and hydrological/topological
are only performed by
All paper
changes to the MIP are
into
electronic system by FEMA
All PH is
employees/contractors.
all collect PH in the form of names and
in a manner defined in
Plan (SSP).
SSP is evaluated in a continuous process by
staff personnel and at least every three years during recertification by external
�Privacy Impact Assessment
omeland
Security
Multihazard Information Platform
Page 4
Section 1.0 Authorities and Other Requi
1.1 What specific legal authorities and/or agreements permit
and define the collection of information by the project in
question?
The National
Insurance Act of 1968, Public Law 90-448, as
flood insurance in
that the NFIP
Protection Act of 1973, Public Law 93-234,
communities that voluntarily adopt and
floodplain management ordinances that meet minimum
NFIP,
by
flood maps
NFIP
As part of
indicate, among other things, which properties are located in Special Flood Hazard Areas (SFHA). This
application maintains
administers
maps which
the statutory zones
above.
1.2 What Privacy Act System of Records Notice(s) (SORN(s))
apply to the information?
1
a system security plan been completed for the
information system(s) supporting the project?
A full authority to operate was granted on June 4, 20 I 0 with a one-year
1.4 Does a records retention schedule approved by the
National Archives and Records Administration (NARA)
exist?
Yes, the records retention policy in effect for the
1
is records schedule N 1-311-86-1 2A2c.
If the information is covered by the Paperwork Reduction
Act (PRA), provide the OM Control number and the
agency number for the collection. If there
multiple
forms, include a list in an appendix.
application is not covered by the paperwork reduction act.
�Privacy Impact Assessment
Homeland
Security
FEMA, Multihazard Information Platfonn
Page 5
Section 2.0 Characterization of the Information
The following questions are intended to define the scope of the information
well as reasons for its collection.
CUU.C;"'OU
and/or
as
2.1 Identify the information the project collects, uses,
disseminates, or maintains.
The DHSfFEMA
002 NFIP Letter
Map Change
''',~U''tY'I
of Records contains personally
identifiable infonnation voluntarily provided by individuals or
Conditional Letters of Map Amendment,
include Letters of Map 0"'''''''''
on Fill and Conditional Letters
Map
which include Letters
for NFIP MT-l
Map
on
of
LOMCs,
Map Revision and Conditional Letters of Map Revision.
An individual is any person financing or refinancing structures or parcels of land (hereinafter
rpf"'''rr''f1
to as "property" or "properties") with a federally-backed loan. Examples of individuals are
homeowners, investors, and property developers.
is a
A
or
Surveyor who provides
technical infonnation, such as elevation, to FEMA. A certifier is a Registered
who provides technical infonnation, such as elevation, to FEMA. A
Licensed Land
may also be a community official with authority over a community's flood plain
concurrence for
who provides
issuance of a LOMe.
electronically or in hard copy on behalf
The infonnation
m£ln£l(JPrrlP
individual.
includes the individual's name,
number (which are not required)
enables
109
to contact
and
individual should "",,,,.v••,, arise. In
addition, the certifier is required to provide name, professional license number
expiration date (if
applicable), company or community name (whichever is required), property address or
and
to
uu,,. ...~""
telephone number. The
documents related to the
activities,
may provide infonnation either
The individual can voluntarily provide daytime telephone number,
enables
or
1J"".t",<'C'.
description,
can voluntarily provide a fax number that
MT-J and/or MT-2 LOMe.
2.2 What are the sources of the information and how is the
information collected for the project?
source for the
is the licensed professional that is
the paper based process, the general public will be providing PlI.
the eLOMA online and
�....1"11.lfI2f'.vlmpact AS5ie~m
Homeland
Security
FEMA, Multihazard Information Platform
6
2.3 Does the project use information from commercial sources
or publicly available data? If so, explain why and how this
information is used.
No such
IS
2.4 Discuss how accuracy of the data is ensured.
its accuracy.
The individual that is providing the PH
can be addressed
through the helpdesk if npp,rlp/1
2.5
~~==~~~~~~~~~.
Related to Characterization of the
Information
elements that are col
are publicly available in all respects. Changes
the integrity of the public record.
access to the record of the IIc~ms~~a professional is
the individual in question;
are logged and can
removed at the
professional.
to administrators and
of the
Section 3.0 Uses of the Information
The following
a clear description of the project's use of information.
3.1 Describe how and why the project uses the information.
The information is used to correctly identify
licensed professional
NFIP reference maps.
licensed professionals are allowed to modify the
to confirm the status those that submit modifications to the NHP maps.
3.2
is making changes to
data serves
project use technology to cond
electronic
queries, or
in an electronic database to
discover or locate a predictive pattern or an anomaly? If
so,
how DHS plans to use such res
No such use is
for this data.
3.3 Are
other components with assigned roles and
responsibilities within the system?
Other than FEMA and its contractors, no, there are no other components with assigned roles in
MIP system.
�Homeland
Security
Privacy Impact Assessment
FEMA, Multihazard Information Platform
Page 7
3.4 Privacy Impact Analysis: Related to the Uses of
Information
Privacy Risk: PH for each user is stored within the system.
Mitigation: The annual awareness training for all administrative users includes a discussion
about PH and the responsibilities that each admin user bears in protecting and using that data. End users
are cautioned about appropriate use when the login banner is displayed for the system.
Section 4.0 Notice
The following questions seek information about the project' s notice to the indiv idual about the information
collected, the right to consent to uses of said information, and the right to decline to provide information.
4.1 How does the project provide individuals notice prior to the
collection of information? If notice is not provided, explain
why not.
A privacy act statement is posted through a web page during the registration process of a new
licensed professional. The same privacy act statement is available from within the application at any time.
For the paper based process the privacy act statement is included on the application forms.
4.2 What opportunities are available for individuals to consent
to uses, decline to provide information, or opt out of the
project?
In order for a licensed professional to provide letters of map amendment to FEMA, they must
register and provide PH to FEMA through the registration process. Failure to provide the required data
will prevent the professional from gaining access to create LOMAs online. The process of registration is
an opt-in process. Professionals that do not wish to use the electronic LOMA functions of the website are
still permitted to provide paper LOMAs to FEMA and thus avoid the PH disclosure online.
For the paper based process, end users voluntarily provide their PH to be put into the system . This
is an opt-in format and end users that wish to remain anonymous may do so but cannot submit
LOMAlLOMRs.
4.3 Privacy Impact Analysis: Related to Notice
Privacy Risk: PH For each user is stored in the system
Mitigation: Multiple informational statements within the sign-up process and during each
subsequent authentication sequence indicate the data retained and its private nature to the certifier. Only
those documents that would normally be " sealed" with an engineer or licensed surveyor's stamp retain
reference to the certifier's PI!. That reference is required because it is the minimal necessary to establish
the licensure status of the certifier.
�Privacy Impact Assessment
Homeland
Security
Multi hazard Information Platform
8
During the paper
PII is used to communicate with
end users and is
available only through privileged interfaces to the MIP
are not available to the
public. Role
based authentication protects this data after it has been entered into the system. The paper records are kept
in secured
In
with
retention policy cited above.
Section 5.0 Data Retention by the project
are intended to outline how long the project retains the information after
the initial collection.
5.1 Explain how long and for what reason the information is
retained.
The infonnation is maintained for 20 years according to the retention policy referenced above.
infonnation is maintained to facilitate
records of the
of the
characteristics of specific
of land as
are and were previously categorized under the NFIP.
to those classifications affect the costs of insuring land under the NFIP which requires that the
program have the ability to
a flood plane classification at
point in the last 20 years to
address potential disputes and provide data for forward-looking
decisions .
5.2
.:.....::..:::..::.=..;::;...&....:..::...:..:.a::::..::::..;;:;.;:;...::....=;;.:..&.;=.
Privacy Risk: PI!
Related to
professionals is
in the
Mitigation: Due to the
nature of the records retained in the NFIP, it is
that the
infonnation which is
retain PI! for
years in accordance with the above referenced policy.
rp('£wn" are kept
to be
been reduced to the bare
possible to identify a user. All
in secure storage and all electronic records are protected as described in the system security plan.
Section 6.0 Information Sharing
The following questions are intended to
the
of the project infonnation
to the Department.
sharing encompasses sharing with other federal, state and local
government, and private sector entities.
6.1 Is information shared outside of DHS as part of the normal
agency operations? If so, identify the organization(s) and how
the information accessed and how it is to be
11.1"",,,",'-1
There is exactly one external data sharing channel and it is with North
Flood Mapping
Information
That interconnection is
to
extracts that are
a
public user could accomplish.
is no additional exposure of data through this channel.
�omeland
Security
Privacy Impact Assessment
FEMA, Multihazard Infonnation Platfonn
Page 9
6.2 Describe how the external sharing noted in 6.1
compatible with the SORN noted in 1.2.
Only publicly available data is transmitted over that interface. That
is controlled by an
ISA and each participant has agreed to
the data as required by federal and state laws.
6.3 Does the project place limitations on re-dissemination?
are no ..",,,f.... ,,h
of public record and cannot be
on re-dissemination of documents
for re-dissemination.
by the MIP. These are matters
6.4 Describe how the project maintains a record of any
disclosures outside of the Department.
All disclosures of PH are logged in the log server for the MIP project. There are paper records of
disclosures that occur on paper only transactions at the secure storage facility.
�Homeland
Security
Privacy Impact Assessment
FEMA, Multihazard Infonnation Platfonn
Page 10
6.5 Privacy Impact Analysis: Related to Information Sharing
Privacy Risk: PH for all users is retained in the system
Mitigation: The ability to access PH that is hosted in the
is restricted to administrative
users for all records and to those with elevated privileges for a specific case. End users are not able to
access PH from a case to which they are not a party. Role based user accounts prevent accessing this data
online and policies that are taught during annual security awareness training are used to prevent release
from the paper records.
Section 7.0 Redress
The following questions seek infonnation about processes in place for individuals to seek redress
which may include access to records about themselves,
the accuracy the infonnation collected
about them, and/or filing complaints.
7.1
What are the procedures that allow
their information?
to access
Changes to personal infonnation of any kind (including PU) are accomplished through editing
one's own account or requesting assistance from the help desk to make the change. A request with proof
of the needed change (license document etc.) sent to the help desk will be acted on to remedy the error in
a user record. In the case of paper records, all changes are accomplished by resubmitting the case
7.2 What procedures are in place to allow the subject
individual to correct inaccurate or erroneous information?
Changes to personal infonnation of any kind (including PH) are accomplished through editing
one's own account or requesting assistance from the help desk to make the change. A request with proof
of the needed
(license document etc.) sent to the help desk will be acted on to remedy the error in
a user record. In the case of paper records, all changes are accomplished by resubmitting
case papers.
7.3 How does the project notify individuals about the
procedures for correcting their information?
Change procedures are outlined in the user documentation for the application. All user
documentation for this application is located online and accessible from the application home page.
help is available to users by calling the dedicated helpdesk.
7.4 Privacy Impact Analysis: Related to Redress
Privacy Risk: PH is maintained in the application
Mitigation: Some user account details can be edited by the users. If the
needs to
is not changeable by them, a call to the helpdesk can
element that a user
assistance in changing other ''''n,,,,,,tc
�Homeland
Security
Privacy Impact Assessment
FEMA, Multihazard Information Platform
Page II
the account data.
change process for
online application includes ,..""t."'.... "'l""" by the end user
that the data is now accurately reflected online.
Section 8.0 Auditing and Accountability
The following questions are intended to describe technical and policy based safeguards and
security measures.
8.1 How does the project ensure that the information is used in
accordance with stated practices in this PIA?
There are no celebrity users and there is no reason to
effort on an audit regime that does not
protect individuals. Audits of account modifications and
operations are monitored constantly.
Modifying a
creates a security event that is logged. Logs are reviewed on a monthly basis.
Additionally. there is an IDS/IPS in place that throws a warning when security operations fail repeatedly.
8.2 Describe what privacy training is provided to users either
generally or specifically relevant to the project.
Users are required to complete annual security awareness training. That is performed by security
staff at all work locations. Annual security awareness training includes training on privacy and protection
of privacy.
8.3 What procedures are in place to determine which users
may access the information and how does the project
determine who has access?
This is managed by LDAP accounts for each user.
The roles are completely defined in the System
account has
Plan also on
privileges based on
DHSIFEMA.
�Homeland
Security
Privacy Impact Assessment
FEMA, Multihazard Information Platform
Page 12
8.4 How does the project review and approve information
sharing agreements, MOUs, new uses of the information, new access
to the system by organizations within DHS and outside?
All proposed MOU's, ISA' s, etc. are reviewed by project security and infrastructure staff and
then forwarded to FEMA for final approval. There is only one ISA in existence for this project to date.
Responsible Officials
Mary 10 Mullens
MIP Operations Manager
Phone: 202-646-3227
E-mail: [email protected]
Department of Homeland SecuritylFederal Emergency Management Agency
Approval Signature
Mary Ellen Callahan
Chief Privacy Officer
Department of Homeland Security
�| File Type | application/pdf |
| File Modified | 2010-10-20 |
| File Created | 2010-10-20 |