Privacy
Impact Assessment
August
2008
Page
Privacy
Impact Assessment
for the
Emergency Management Training Program Home Study Courses (Independent Study Database)
August 2008
Contact
Point
Jennifer Ogle
Independent Study Program
COTR
FEMA/EMI
301-447-1585
Reviewing Official
Hugo Teufel III
Chief Privacy Officer
Department of Homeland Security
(571) 227-3813
The Emergency Management Institute (EMI), Federal Emergency Management Agency (FEMA), Department of Homeland Security (DHS), maintains an Independent Study database, also known as the Emergency Management Training Program Home Study Courses system. This system collects and maintains student training completion information for the FEMA Independent Study program. FEMA’s Independent Study program enables individuals from local, tribal, state, and federal agencies as well as the general public to take various types of distance learning courses on an electronic platform. The courses available cover various emergency management concepts; such as, preparedness, response, recovery and mitigation. The information collected is used to create and update student records, track completions and failures and issue completion certificates. Tracking this information is important to the program in order to issue college credits, as well as issuing student transcripts. It is also necessary to provide training completion data to the State, local, and Tribal emergency management agencies to satisfy their compliance with Homeland Security Presidential Directive‑5, “Management of Domestic Incidents and Homeland Security Presidential Directive-8, “National Preparedness”. This is a legacy electronic system that existed prior to 1990 (pre E-Government Act) and is being updated to implement improvements. A System of Records Notice (SORN) was published for this information collection in September 1990, volume 55, number 174, Page 37195. An update to the System of Record is in process. A copy of the current SORN is attached (Appendix A). This SORN is being updated and a draft will be available soon.
Improvements to the system will include the collection of organizational information to limit the amount of personally identifying information in the system. Only the minimum necessary “personally identifying” information under the Privacy Act of 1974, 5 U.S.C. 552a (Privacy Act) will be collected. In addition, enhancements will include system safeguards and the FEMA Independent Study Program will provide unique statistical data that will allow training officials to better meet their National Incident Management System (NIMS) compliancy.
System Name: Emergency Management Training Program Home Study Courses (also known as the Independent Study Database).
DHS Component That Owns the System: Emergency Management Institute, FEMA.
General Description: The Independent Study (IS) Program is authorized under the Robert T. Stafford Disaster Relief and Emergency Assistance Act, Public Law 106-390, as amended. The program supports the DHS mission by providing valuable training via on-line courses to Federal, State, local and Tribal emergency management personnel, as well as the general citizenry of the United States. This program allows training to reach vast and diverse audiences without requiring them to attend a resident course. It specifically supports DHS Strategic Objective 4.2, Provide Scalable and Robust All-Hazard Response Capability as it Relates to the National Incident Management System.
The Independent Study (IS) Program offers over 60 distance learning emergency management courses supporting National Preparedness, by enabling students to better prepare for and respond to threats and hazards directed towards the Nation. The complete course list can be found at http://training.fema.gov. Distance learning significantly reduces the cost of hosting training and associated travel costs for students.
The purpose of Emergency Management Training Program Home Study Courses System is to collect and maintain student training completion information. This includes the individual student’s personally identifying information such as name, social security number, address, etc. The FEMA Independent Study Program recognizes the importance of protecting the privacy of students’ information.
The Emergency Management Training Program Home Study Courses System also maintains training completion data for the National Incident Management System (NIMS) training courses that are required of all Federal departments and agencies through Homeland Security Presidential Directive 5 (HSPD-5), “Management of Domestic Incidents.” This directive also requires that Federal preparedness assistance funding for States, Territories, local jurisdictions and Tribal entities be dependent on NIMS compliance. Training is one of the important elements that State, territory, local and Tribal entities must complete in order to become NIMS compliant. The NIMS training courses are a core part of FEMA/EMI’s Independent Study Program. It is necessary to collect personally identifying information in order to process training course submissions and provide accurate training completion data to the State, local, and Tribal emergency management agencies to satisfy their compliance with HSPD‑5 and HSPD-8
Over the last three years, the requirements of NIMS compliance and increased number of personnel that are trained through the Independent Study Program have grown by over 1,000 percent. These factors required the Independent Study Program data collection tool be re-evaluated and that the system’s privacy impact to be reassessed.
The system will handle the current enrollment numbers, use cutting edge technology, eliminate unnecessary personally identifying information, collect the statistical data for NIMS and enhance system safeguards. This system will continue to the allow students the opportunity to decline providing their Privacy Act protected information.
The following questions are intended to define the scope of the information requested as well as the reasons for its collection as part of the system, rule, and/or technology being developed.
The information is collected on a paper or electronic form (FEMA Form 95-23, OMB 1660-0046, Appendix B). Approval was received from OMB to collect organizational information. The electronic version of the form will be available at the FEMA/EMI training web site for the Independent Study Program http://training.fema.gov under FEMA Independent Study. The following information will be collected on all individuals who take Independent Study courses.
Name
Shipping Address (sometimes a home address)
City
State
Zip Code + Four
Category of the Organization or Affiliation (i.e. State, local, tribal, etc.)
DHS Affiliation (the component in DHS)
Other Federal Agencies (i.e. USDA, DOD, etc.)
Type of Organization or Affiliation (i.e. Emergency Management, Law Enforcement, etc.)
Current Status in the Organization (Paid Full-time, volunteer, etc.)
Organization Name
Organization Address
Organization City
Organization State
Organization Zip Code + Four
Organization County/Parish
Tribal Name (if applicable)
Organizational Local Jurisdiction (if applicable)
Work Phone
Home Phone
Date of Birth
Course Code
Email Address
Exam Answers
Information is being collected by Federal, State, local, and Tribal emergency management personnel and the general citizenry of the United States who take Independent Study courses from FEMA.
The EMI Training Program Home Study Courses System’s will collect and maintain the Independent Study Program’s students’ training completion information necessary for creating and updating student records, tracking completions and failures, and issuing completion certificates. This information will be used to issue college credit for completion of FEMA/EMI IS courses and issue student transcripts.
The Emergency Management Training Program Home Study Courses System also maintains training completion data for the National Incident Management System (NIMS) training courses that are required of all Federal departments and agencies through Homeland Security Presidential Directive 5, “Management of Domestic Incidents”. These courses provide a consistent nationwide template to enable all government, private-sector, and nongovernmental organizations to work together during domestic incidents. Organizations are required to be compliant with NIMS in order to receive NIMS grant funding. The individual student completion data is reported to the State Training Officers (STO) so they can ensure compliance with NIMS as defined by HSPD-5 and HSPD-8.
The Independent Study (IS) Program only collects the minimal personally identifying information necessary for processing training course submissions and providing accurate statistical data. The regulations pertaining to the IS Program are presented in the Robert T. Stafford Disaster Relief and Emergency Act, Public Law 106-390, as amended, and the DHS Presidential Directive 5, “Management of Domestic Incidents.” In order to provide training completion data to the State, local, and Tribal emergency management agencies to satisfy their compliance with HSPD‑5 and HSPD-8, it is necessary to collect registration information as well as organizational data, which is usually an individual’s employer. These directives require that Federal preparedness assistance funding for States, Territories, local jurisdictions and Tribal entities be dependent on NIMS compliance. Training is one of the important elements that State, territory, local and Tribal entities must complete in order to become NIMS compliant. The NIMS training courses are a core part of FEMA/EMI’s Independent Study Program. The data collected is entered into a secure government database and all paper submissions are placed in locked storage areas in accordance with records management regulations
In the redesign of our database we are discontinuing the use of the Social Security Number and establishing a unique identifier in its place to significantly reduce the likelihood of identity theft.
The privacy risks include the collection of Privacy Act protected data. As the database is enhanced, the use of the SSN as the unique identifier in the system will be discontinued and instead a unique identifier such as a randomly generated number and/or allow the user to select a unique user name to be used as their unique identifier. Only shipping address information, which can sometimes be a home address, will be collected on the limited number of people who submit a paper form. Approximately 2% of the total submissions come from individuals where a shipping address could potentially be a home address. A privacy risk was identified in terms of collecting this data electronically. The electronic version of the form will be available at the FEMA/EMI training web site for the Independent Study Program http://training.fema.gov and will encrypt the data as it is sent to the Emergency Management Training Program Home Study Courses System to mitigate the privacy risk.
The following questions are intended to delineate clearly the use of information and the accuracy of the data being used.
Similar to Section 1.3, this information is used to maintain student training completion information. The information collected allows FEMA to create and update student records, track completions and failures and issue completion certificates of students who take Independent Study courses. This information is used to issue college credit for completion of FEMA/EMI IS courses and student transcripts which are provided to institutions for assisting students in obtaining continuing education units and/or to military institutions for military personnel to earn retirement points for successful completion of IS courses.
The Emergency Management Training Program Home Study Courses System also maintains training completion data for the National Incident Management System (NIMS) training courses that are required of all Federal departments and agencies through Homeland Security Presidential Directive 5, “Management of Domestic Incidents”. This individual student completion data is reported to our customers, the State Training Officers (STO) in order to ensure compliance with NIMS as defined by HSPD-5 and HSPD-8.
No, not applicable.
Individuals will be asked to select from a list of verified, accurate, available organizations to identify their affiliation during course enrollment. If the organization is not listed, they can submit information for the organization to be vetted and added to the list. Students will select from a list the city, state, and zip to prohibit inadvertent errors being entered. Data is also periodically reviewed to merge accounts as appropriate. In addition, the IS staff also corrects information on a daily basis and cleans up records based on student inquiries.
System audit trails within the system will provide the ability to track users that perform the data manipulation actions. Periodically, these trails are queried to ensure that the system is working as designed. If an individual was found to be using the information inappropriately, immediate disciplinary actions would be taken.
FEMA/EMI has limited the amount and type of personal information collected in the Independent Study Program. The IS Program has in place auditing practices to ensure that the information is not used for other purposes. Only authorized users of the system may gain access to the information. If an individual is found to be misusing the information, appropriate disciplinary actions will be taken.
The following questions are intended to outline how long information will be retained after the initial collection.
The retention period for the data in the system is 40 years. Database records will be saved with the Independent Study program for 40 years in order to provide complete course transcripts.
Yes. It is in accordance with FEMA Records Disposition Schedule TNG 11-1.
The information is retained for the indicated period to allow the IS programto provide accurate transcripts for students and to allow records to be restored as needed.
The following questions are intended to define the scope of sharing within the Department of Homeland Security.
Limited information is shared with FEMA Regional, Headquarters and EMI staff. Information may also be shared with DHS/FEMA Office of Chief Counsel (OCC) and/or Office of the Inspector General (OIG) based on each FEMA internal office’s official role.
PII including the student’s name, organizational information, training courses completed and dates of completion are shared to FEMA Regional Training Managers, FEMA EMI Course managers, leadership and administration staff and FEMA Cadre Managers. This information is shared with FEMA personnel for the purpose of verifying that the individual has completed Independent Study prerequisite courses prior to classroom training and/or to verify other mandatory training has been completed. It is also used to analyze students’/organizations’ application and enrollment patterns for specific courses and to respond to student inquiries. Information is provided to FEMA’s Office of Chief Counsel (OCC) or the DHS Office of Inspector General (OIG), when necessary for litigation purposes and/or investigations.
Such information will be viewable by authorized FEMA employees through a web-application as part of the upgrade to the Emergency Management Training Program Home Study Courses System. Specific roles and rights within the system limit the amount and type of information that is viewable to each FEMA role (i.e. FEMA Cadre Manager can only see their cadre member’s completions, etc.). Hard copies of the requested documents would be delivered via fax, mail or courier, as necessary to the OCC or the OIG.
The main privacy risk identified is that the system collects the minimum necessary “personally identifying” information under the Privacy Act of 1974, 5 U.S.C. 552a (Privacy Act), which should not be disclosed. This was mitigated by only allowing non-Privacy Act information for users to view, such as name, organizational information, course code, course title, and course completion date. Additionally, information is provided specific to each role that is in the system, allowing users to only view the information they require and not open access to all system information.
The following questions are intended to define the content, scope, and authority for information sharing external to DHS which includes Federal, state and local government, and the private sector.
FEMA/EMI does not share personally identifying information with external agencies other than as outlined in the “Routine Uses” in the SORN and listed under the Privacy Act Statement on FEMA Form 95-23:
Members of the Board of Visitors
Sponsoring Colleges
Sponsoring State or local officials and agencies (including State Training Officers)
Member of Congress
Agency training program contractors and computer centers
Military personnel or training offices
Information may also be shared with the Office of Personnel Management (OPM) for the Enterprise Human Resource Integration (EHRI) government initiative. EHRI is one of the 24 e-Government initiatives designed to support the President's Management Agenda (PMA). OPM's EHRI will support human resources management across the Federal Government at all levels from front-line employee to senior management. When fully implemented, EHRI will replace the current Official Personnel Folder (OPF) with an electronic employee record for all Executive Branch employees, resulting in a comprehensive electronic personnel data repository covering the entire life cycle of Federal employment which includes employee Training. Training Records shared with EHRI would only include records from federal employees. Information provided for EHRI includes information on Federal employees only and includes the following information; unique identifier, course title and course completion date and is provided to comply with OMB and OPM reporting requirements for training data on Federal employees.
Additionally, all students will be able to view their own training records through a web-based application.
FEMA/EMI shares only the minimum necessary personally identifying information with external agencies as outlined in the “Routine Uses” in the SORN and listed under the Privacy Act Statement on FEMA Form 95-23. The following information is provided to the entities below along with its purpose:
Members of the Board of Visitors – number of course completions based on course code and state for the specific purpose of evaluating programmatic statistics.
Sponsoring Colleges – student name, address, course code, course title, and completion date to provide college credit for completed courses.
Sponsoring State or local officials and agencies – student name, address, unique identifier, email address, course code, course title, and completion date to update and evaluate statistics of EMI participants.
Member of Congress – student name, address, email address, course code, course title, completions date, or course completions based on course code and state for first party information requests.
Agency training program contractors and computer centers - student name, address, organizational information, unique identifier, email address, course code, course title, completion date, score and answers to perform administrative functions of entering data into the system and responding to student inquiries.
Military personnel or training offices – student name, address, course code, course title, completion date and continuing education units to award military credit for completed courses.
Additional routine uses are listed below. In the update to the SORN, the routine uses will be revised to include the following:
Federal, State, territorial, tribal, local, international, or foreign agency law enforcement authority or other appropriate agency – Where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law—criminal, civil or regulatory—the relevant records may be referred to any of the aforementioned agencies charged with investigating or prosecuting such a violation or enforcing or implementing such law.
Agency, organization, or individual – for the purposes of performing authorized audit or oversight operations.
Contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the Federal Government – when necessary to accomplish an agency function related to this system of records.
Sponsoring state or local officials and agency training program contractors will access the information via a web-based application. Based on roles and rights within the system, they will only be able to access information related to their state or local agency. Security protocols, in accordance with DHS standards will be implemented to prohibit unauthorized personnel from accessing student information. Security protocols including items such as verification of the organization via organizational letterhead and using a unique username and security question to verify individuals’ identity. All transmitted files containing PII will be encrypted to 128-bit Advanced Encryption Standard (AES).
The information for OPM’s EHRI will be sent via a secured XML file.
No, not applicable.
When information is provided, FEMA/EMI will include a letter to the external agency indicating that FEMA’s Privacy Act records are being provided and indicate that they can only be used for the applicable routine use, and that further disclosure of the records is not permissible.
Not applicable. We will only share this information with external agencies pursuant to the allowable “Routine Uses.”
FEMA/EMI limits the sharing of personal information collected as part of IS Program to external agencies. FEMA/EMI will review the request and determine whether or not it meets the standards set out by the “Routine Uses” and the SORN. The system has specific roles and rights that restriction access to data that is not specific to the individual or agency.
The following questions are directed at notice to the individual of the scope of information collected, the right to consent to uses of said information, and the right to decline to provide information.
Yes. The data collection form contains a Privacy Act notice and the original SORN refers to routine uses. In addition, a Privacy Act notice is given to the individual on the website where the forms are filled out and on the form itself. The link to the Privacy Policy is https://training.fema.gov/EMIWeb/IS/Exams/privacystatement.html. A copy of Privacy Act notice is attached (Appendix C).
Yes, students can opt-out of providing certain information. As a minimum we must collect, their name and state in which they reside in order for them to receive credit for their training completion. We are now giving the students the option of using a unique identification number as alternative to a social security number. In the upgraded system they will use a unique user name.
Yes, the individual has the right to consent to particular uses of the information consistent with the routine uses in the SORN and in the Privacy Act Statement. In addition, we will update the SORN and during the public comment period, all individuals have the opportunity to inquire and comment on the uses of the information.
Notice is provided at the point of collection of the individual’s PII both in the hardcopy and the online Privacy Act Statement as a link to the privacy policy and is also on the instructions for the actual forms. In addition, routine uses are included in the SORN.
The following questions are directed at an individual’s ability to ensure the accuracy of the information collected about them.
A web-based application will allow individuals to electronically access and view the courses only they have completed. Verification of individuals’ identity is done through the use of a unique username and password. Further validation requires them to answer a security question. If users are unable to access their records electronically, they may follow procedures outlined in FEMA’s and the DHS’s Privacy Act regulations, 44 CFR Part 6 and 6 CFR Part 5. Requests for Privacy Act protected information must be made in writing, and clearly marked as a “Privacy Act Request.” The name of the requester, the nature of the record sought, and the required verification of identity must be clearly indicated. Requests should be sent to: FOIA Officer, Records Management, Federal Emergency Management Agency, Department of Homeland Security, 500 C Street, SW, Washington DC 20472.
The same as above in 7.1. Students can also call or send an email to the IS Program office to request the correction of erroneous information. IS staff (throughout their daily operations and telephonic or e-mail interaction with students) correct and consolidate information as necessary and appropriate. If the student calls or emails, they will be required to provide their user name and answer their security question to verify their identity.
Procedures for correcting information are located on our EMI Contact Us webpage of our website (http://www.training.fema.gov/EMIWeb/contactus.asp). Additionally, individual can follow the procedures identified above in 7.1.
Not applicable.
Access to and correction of information is provided through the web-based application as well as procedures outlined in the DHS Privacy Act regulations, 44 CFR Part 6 and 6 CFR Part 5..
The following questions are intended to describe technical safeguards and security measures.
The user groups with access are students, state or local training officials, FEMA employees, and contractors working for FEMA. Each user will have access to personally identifying information only to the extent necessary to perform their official roles on the system.
A student will have access to only his/her own training record, training plan, and access to courses.
State and local training officials will have limited access to only the individuals included in his/her state or organizational training records and training plan.
FEMA employees, authorized information technology (IT) contractors and IS Program administrative support contractors will have access to Emergency Management Training Program Home Study Courses System (Independent Study Database) only to extent necessary to perform their official duties. Each authorized contractor will have limited access to only that information pertinent to his/her function. Authorized IT contractors who handle the operations and maintenance of the system will have limited access to the system to support the trouble shooting of technical system issues encountered on a day-to-day basis. Authorized program administrative contractors who handle the daily process of paper enrollments and submissions and provide customer service support will have limited access to the system to provide support necessary to answer student inquiries and process exams. Some FEMA EMI staff and IT managers will have complete access to the system in order to ensure that the system is operating appropriately and in accordance with applicable regulations.
Additionally, the DHS Office of the Inspector General may request and be given access to the data, and the DHS/FEMA Office of Chief Counsel may request and be given access to the data to represent DHS/FEMA in personnel employment and litigation matters. Such internal data sharing is discussed in Section 4.0.
Yes. Limited access is described in 8.1 above.
Yes. FEMA user access is managed via automated role-based access controls. The user's access into the system is limited only to the extent necessary based upon the user’s official role. Personally identifying information is granted only to the extent that it is necessary for a user to perform his or her official role. User roles are outlined as follows:
Student—only permits access to their individual student record information.
Jurisdictional Point of Contact and Organizational Point of Contact—only have rights to view employees’ completions within their jurisdiction or organization. Jurisdictional and Organizational Points of Contact will go through a vetting process whereby they must submit an official request to be listed as an organization or jurisdiction on their organization/jurisdiction’s letter.
State Training Officer—only has rights to view their state completion records. EMI currently maintains a list of State Training Officers that is updated daily and validated every year to ensure the appropriate STO is listed in the database.
Cadre Manager - only has rights to view their cadre’s completion records. EMI maintains a list of FEMA Cadre Managers.Leadership, Leadership Admin Assistant, Scheduler, and Course Manager – only have limited rights specific to the sections of the data that relate to their official positions.
IS Program Manager, Key Entry Operator, Customer Service Representative and DL Section Support – have access to student records and functions required to manage daily interactions with students.
Systems Administrators—allowed full access to the data for system backup and to troubleshoot any system issues.
For users with roles other than “student”, they are vetted by the IS Contracting Officer’s Technical Representative (COTR) or the Independent Study Program administrative support personnel based on the user’s official role and duties as they relate to the Independent Study Program and access is limited to the extent necessary.
Technical, operational and management controls are in place allowing authorized users access only to the personal data necessary for each user’s official role and their required use of data. There are several roles within the system. These roles limit which rights and access people have in the system. Specific user roles are described in section 8.3 above.
The procedures will be documented in the Independent Study Program Standard Operating Procedures Manual which is scheduled to be updated by May 2009.
Management controls will include periodic auditing of the system that will be donein accordance with DHS System Security guidelines as established in the 4300 guidelines, as well as following current FEMA policies and procedures. Roles and rules established within the application are governed by local system administrators and auditing of all user accounts is defined in the system requirements.
The following controls are in place to prevent data misuse:
Each authorized individual will have access to only that information pertinent to him/her.
Activity logs (audit trails) are enabled and secured on the system and a periodic review will be conducted to monitor all user access.
Procedures for the handling and storage of information are established to restrict access to unauthorized users.
All FEMA employees are required to complete FEMA Annual Security Awareness Training, which addresses privacy and confidentiality awareness. In addition, all contract employees are required to adhere to the Privacy Act/Confidentially clauses as per terms of their contracts with FEMA.
This system is currently under the C&A of another system, the FEMA Employee Knowledge Center (FEKC). When the Emergency Management Training Program Home Study Courses System (Independent Study Database) was placed under the FEKC, IT Cyber Security indicated that minor systems and sub-systems did not require a full C&A. A full Certificate and Accreditation of the upgraded system is being conducted since many enhancements have been made.
FEMA/EMI has instituted strong security controls to ensure that the online collection of the Independent Study information is protected throughout the process. This includes extensive access controls and audit trails. The major privacy risk that was identified was the limited personally identifying information on students could be viewed by others. This was mitigated by implementing limitations on roles to only allow those with an official role and need to view certain data. In addition, verifying individuals are who they say they are was a concern. In order to address this issue, students are required to use strong passwords on their accounts and set up security questions and answers. This helps verify the students’ identity when calling or emailing for assistance from our Customer Service Representatives. Additionally, the transfer of any PII data will be protected through a Secure Socket Layer with 128 bit encryption.
The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics and other technology.
FEMA/EMI followed industry best practices and built the system from the ground up to replace a legacy system.
The data resides on a server that is only accessible to authorized users. Access is further protected through authentication for the application, using a login and password. FEMA/EMI determined how the upgrade to the Emergency Management Training Program Home Study Courses System (Independent Study Database) would be selected by conducting a thorough requirements analysis and design – including integrity, privacy, and security considerations for the entire system. The analysis showed the need for several distinct roles to be developed in order to limit the amount of PII that would be available to certain roles. It also showed that we could eliminate certain PII currently being collected, such as the SSN, by changing current business processes. FEMA considered the protection of individual’s privacy when designing and building the system.
In the redesign of the system, the use of the SSN as the unique identifier was eliminated to enhance privacy. The student could potentially use their SSN as their user name in the upgraded system, but it is not required and would not be recommended in order to limit the privacy data collected. In addition, unnecessary personally identifying information has been eliminated in the collection and display of student records and limited information is provided to data based strictly on users’ official roles.
The Emergency Management Institute (EMI) of the Federal Emergency Management Agency (FEMA), Department of Homeland Security (DHS), maintains an Independent Study database, the Emergency Management Training Program Home Study Courses System. This system collects and maintains student training completion information for the FEMA Independent Study program. FEMA’s Independent Study program enables individuals from local, tribal, state, federal agencies, and the general public to take various types of distance learning courses on an electronic platform. These courses cover various emergency management concepts. The information collected is used to create and update student records, track completions and failures, and issue completion certificates. Tracking training information is necessary to provide training completion data to the State, local, and Tribal emergency management agencies to satisfy their compliance with Homeland Security Presidential Directive‑5, “Management of Domestic Incidents and Homeland Security Presidential Directive-8, “National Preparedness”. This is a legacy electronic system that existed prior to 1990 (pre E-Government Act) and is being updated to implement improvements. A System of Records Notice (SORN) was published for this information collection on September 1990, volume 55, number 174, Page 37195. An update to the System of Records is in process.
Improvements to the system will include the collection of organizational information to limit the amount of personally identifying information in the system. Only the minimum necessary personally identifying information under the Privacy Act of 1974, 5 U.S.C. 552a (Privacy Act) will be collected. In addition, enhancements include system safeguards and the FEMA Independent Study Program will provide unique statistical data that will allow training officials to better meet their National Incident Management System (NIMS) compliancy.
The system was built from the ground up and was designed to replace a legacy system. It uses industry-standard best practices currently available.
The program was designed with privacy considerations in mind. Such considerations include eliminating the use of the Social Security Number, implementing security questions and passwords to verify individuals, and limiting information provided to internal and external organizations listed in our Routine Uses. Additionally encryption via a Secure Socket Layer will be implemented when sharing any PII> By collecting only the necessary individually identifying information and providing access to training records online, FEMA/EMI will be able to better support the needs of the Independent Study Program students and state and local training officials. This will enhance the accuracy and efficiency in the Independent Study Program, as well as allow the nation’s emergency management network the ability to easily access NIMS training compliance information and meet its mission-critical training objectives.
John A. Sharetts-Sullivan
Privacy Officer
Federal Emergency Management Agency
Department of Homeland Security
________________________________ <<Sign
Hugo Teufel III
Chief Privacy Officer
Department of Homeland Security
FEMA
EMI Emergency Management Training Program Home Study Courses System
– PIA Page
File Type | application/msword |
File Title | 4 of 19 DOCUMENTS |
Author | withnell |
Last Modified By | FEMA Employee |
File Modified | 2008-08-21 |
File Created | 2008-08-21 |