Download:
pdf |
pdfPrivacy Impact Assessment
for the
National Flood Insurance Program Appeals Procedure
February 9, 2006
Contact Point
James Shortley
Director of Claims
Federal Emergency Management Agency
202-646-3418
Reviewing Official
Maureen Cooney
Acting Chief Privacy Officer
Department of Homeland Security
(571) 227-3813
�Privacy Impact Assessment
NFIP Appeals Procedure, FEMA
February 9, 2006
Page 2
Introduction
In the face of mounting flood losses and escalating costs of disaster relief to the taxpayers,
the National Flood Insurance Program (NFIP) was established by Congress in 1968 (42 U.S.C.
4001, et seq.). The intent of the NFIP is to reduce future flood damage through effective
community floodplain management, and insurance protection for property owners. Congress
designated FEMA to be the administrator of the NFIP and the FEMA Mitigation Division has
responsibility for program management and oversight.
In 1983, to increase availability, FEMA partnered with the private insurance industry to sell
and service flood insurance coverage. This partnership between FEMA and private sector property
insurance companies is termed the Write Your Own (WYO) program. Under the WYO program,
the private WYO Companies are responsible for all of the day-to-day administrative activities
associated with the policies they write. Over 95 percent of the flood insurance polices in force are
maintained by WYO Companies. Specifically, they are responsible for policy issuances, claim
processing and upon request, payment when losses occur. Policyholder information is maintained
by the WYO Company and considered part of their system of records. FEMA has access to these
records as part of its oversight role. Once FEMA obtains the WYO Company’s policyholder
records, the records will become part of FEMA’s existing Privacy Act system of records, the
“National Flood Insurance Bureau and Statistical Agent (BSA) Data Elements and Related Files.”
The remaining policies in force are written and maintained directly by FEMA via a
contractor known as the NFIP Servicing Agent, and are considered part of FEMA’s preexisting
Privacy Act system of records, the “National Flood Insurance Direct Servicing Agent Application
and Related Document Files.” The NFIP Servicing Agent serves as a private insurance company
and writes NFIP flood insurance policies on behalf of the Federal government.
This system of records currently has provisions and authorities for data collection with
respect to the Privacy Act. This Privacy Impact Assessment (PIA) primarily focuses on the
additional use of personally identifying information. This system is used to verify that accuracy
and validity of the appeal request using personally identifying information. The current system of
records will also continue to be used as the primary system of record and the final appeal
resolution file will be archived as a part of this system.
Section 205 of the Bunning-Bereuter-Blumenauer Flood Insurance Reform (FIRA) Act of
2004, 42 U.S.C. 4011, requires that FEMA establish an appeals process that will provide NFIP
flood insurance policyholders with the option to dispute decisions with respect to:
• Claims (request for payment associated with losses from floods);
• Proofs of Loss (statement of the amount claimed, sworn and signed by the policyholder);
and
• Loss estimates relating to the flood insurance policy.
This PIA will cover the Appeals Procedure of the NFIP. The NFIP Appeal Procedure will
provide the individual policyholder a voluntary option for resolving problems by requesting an
appeal of their NFIP insurance claim without proceeding to a lawsuit.
�Privacy Impact Assessment
NFIP Appeals Procedure, FEMA
February 9, 2006
Page 3
Section 1.0 Information Collected and Maintained
1.1
What information is to be collected?
If a policyholder requests an appeal, the following information will be requested from him
and verified by either the entity that services the policy—either the WYO Company or the NFIP
Servicing Agent.
•
•
•
•
•
1.2
Individual Policyholder Name: The name of the person requesting an appeal.
Policyholder Address: Policyholder address/place where the loss occurred, which is
potentially an individual’s home.
Policyholder Telephone Number: Policyholder telephone, where he can be reached,
which is potentially a home phone number.
Personal Property Claimed: A list of personal property claimed as damaged and the
subject of the appeal.
Policyholder statement of facts: Policyholder statement of why he is contesting the
claim’s disposition and supporting proof or records to document the policyholder’s
position.
From whom is information collected?
Policyholder-provided Information
Information is collected from the individual NFIP policyholder, who has voluntarily
chosen to appeal the disposition of his flood insurance claim. In addition, FEMA collects
policyholder information from the WYO Company or the NFIP Servicing Agent that services the
flood insurance policy which is the subject of the appeal.
Write Your Own (WYO) Company provided information.
Unlike the NFIP Servicing Agent, a WYO Company serves as a private insurance company
for polices written and serviced. Accordingly, the WYO Company is responsible for the day-to-day
processing and all administrative actions, relative to flood insurance polices, such as policy rating
and payment of claims. These records are maintained separate and distinct from NFIP records
because these records are considered the records of the individual WYO Company. However,
FEMA may request verification of individual policyholder’s personal records from the WYO
Company that initially issued the policy, in order for FEMA to review the record as part of our
appeal review process. Once the WYO company records are received, the records will become a
part of FEMA’s new proposed “NFIP Claims Appeals Process” system of records.
1.3
Why is the information being collected?
Section 205 of the FIRA of 2004, 42 U.S.C. 4011, requires that FEMA establish an appeals
process that provides flood insurance policyholders with the option to dispute decisions of any
�Privacy Impact Assessment
NFIP Appeals Procedure, FEMA
February 9, 2006
Page 4
insurance agent or adjuster, insurance company, or any FEMA employee or contractor with respect
to their NFIP policy claim, proof of loss or estimates. The individual policyholder may appeal any
decision to FEMA rendered regarding the disposition of his flood insurance which he believes is
inappropriate.
The information collected is required to address the issues presented by the policyholders
in their appeals and in order to respond to their concerns. The NFIP must have the critical
background information needed that includes “personally identifying information” of the
policyholder to objectively review of the policyholder’s file and to make an independent
determination of the merits of the issues presented in the policyholder’s appeal.
1.4
What specific legal authorities/arrangements/agreements define the
collection of information?
FEMA collects only the personal information necessary for processing the appeals requested
by NFIP policyholders in our appeals process. As stated previously, Section 205 of the BunningBereuter-Blumenauer Flood Insurance Reform Act of 2004, 42 U.S.C. 4011 requires that FEMA
establish an appeals process for NFIP policyholders. FEMA has drafted an Interim Final Rule that
outlines the specific requirements of the appeals process. FEMA has also drafted a proposed new
Privacy Act System of Records Notice (SORN), the “NFIP Claims Appeals Process.”
1.5
Privacy Impact Analysis
In developing the Appeals Process, FEMA reviewed current claims dispute procedures and
determined the minimum amount of personally identifying information necessary to provide a
meaningful appeal process review. FEMA made a conscious decision to limit the amount of
information collected to reduce the burden upon the policyholder yet not adversely affect the
appeal process. Privacy risks were considered and therefore the collected information is restricted
to only the necessary records needed to evaluate the issues presented in the policyholders’ appeal,
and provide a decision.
Section 2.0 Uses of the System and the Information
2.1
Describe all the uses of information.
FEMA will use the information collected from the individual policyholder solely for the
purpose of making a decision on the policyholder’s appeal. Once the appeal process is completed,
the individual policyholder’s information will be stored as a part of FEMA’s new system of records
in accordance with National Archive and Records Administration (NARA) requirements.
�Privacy Impact Assessment
NFIP Appeals Procedure, FEMA
February 9, 2006
Page 5
2.2
Does the system analyze data to assist users in identifying previously
unknown areas of note, concern, or pattern (Sometimes referred to as
data mining)?
No, not applicable.
2.3
How will the information collected from individuals or derived from the
system be checked for accuracy?
The policyholder information provided from the individual during the appeals process will
be verified against FEMA’s system of records or the information contained in our WYO files to
ensure that the information is correct. If critical personal information is inconsistent with the
information contained in these sources, FEMA will reconcile the information to achieve accuracy.
This may entail contacting the individual policyholder to verify the submitted information.
2.4
Privacy Impact Analysis
FEMA has limited the amount of and type of personal information used in the appeals
process. FEMA has in place training and auditing practices to ensure that the information is not
used for any other purposes. Only authorized users of the system may gain access to the
information for authorized usages. If an individual is found to be misusing the information,
appropriate disciplinary actions will be taken.
Section 3.0 Retention
3.1
What is the retention period for the data in the system?
In accordance with an approved Federal records retention schedule, the data will be
retained for approximately seven (7) years.
3.2
Has the retention schedule been approved by the National Archives and
Records Administration (NARA)?
Yes.
NARA AUTHORITY: N1-311-86-1 2A12(a)(2).
Section 4.0 Internal Sharing and Disclosure
4.1
With which internal organizations is the information shared?
Information will be shared internally within DHS, primarily among authorized individuals
of FEMA’s Mitigation Division Risk Insurance Branch and the FEMA Mitigation Division
�Privacy Impact Assessment
NFIP Appeals Procedure, FEMA
February 9, 2006
Page 6
Administrator, the DHS Office of the Inspector General’s (OIG), and the Office of General Counsel
(OGC).
4.2
For each organization, what information is shared and for what purpose?
Appeals Process Records may be shared with the FEMA Office of General Counsel (OGC)
for litigation purposes. Appeals Process Records also may be shared with the DHS OIG for auditing
and oversight and for investigation.
4.3
How is the information transmitted or disclosed?
The information will be sent by mail, fax, or by courier.
4.4
Privacy Impact Analysis
Information is shared internally within DHS for oversight of the program and is not shared
with other components, as there is no need for them to have the information. Risks are minimal
since information is provided to limited number of internal organizations.
Section 5.0 External Sharing and Disclosure
5.1
With which external organizations is the information shared?
FEMA does not plan to share this information with external organizations other than at its
discretion for the routine uses that are included in the System of Records Notice for the NFIP
Claims Appeals Process System of Records.
�Privacy Impact Assessment
NFIP Appeals Procedure, FEMA
February 9, 2006
Page 7
5.2
What information is shared and for what purpose?
External information sharing is limited only to the routine uses described in the SORN
5.3
How is the information transmitted or disclosed?
As already indicated in 5.2, not applicable because external information sharing is limited
only to the routine uses described in the SORN.
5.4
Is a Memorandum of Understanding (MOU), contract, or any agreement
in place with any external organizations with whom information is
shared, and does the agreement reflect the scope of the information
currently shared?
No.
5.5
How is the shared information secured by the recipient?
Not applicable.
5.6
What type of training is required for users from agencies outside DHS
prior to receiving access to the information?
Not applicable.
5.7
SORN.
Privacy Impact Analysis
Not Applicable. No external sharing of information is anticipated except as outlined in the
Section 6.0 Notice
6.1
Was notice provided to the individual prior to collection of information?
If yes, please provide a copy of the notice as an appendix. A notice may
include a posted privacy policy, a Privacy Act notice on forms, or a
system of records notice published in the Federal Register Notice. If
notice was not provided, why not?
Yes, a policyholder is notified of the option to appeal and given guidance for voluntarily
pursuing this option at the time of purchase, policy renewal, and in the event of a claim on his
�Privacy Impact Assessment
NFIP Appeals Procedure, FEMA
February 9, 2006
Page 8
flood insurance policy. Notice is also provided through our SORN, the “NFIP Claims Appeals
Process,” that will be published in the Federal Register and the final rule for the “National Flood
Insurance Program: Appeal of Decisions Relating to Flood Insurance Claims.”
6.2
Do individuals have an opportunity and/or right to decline to provide
information?
Yes. The appeals procedure is completely voluntary, and can only be initiated by the
individual policyholder. A policyholder is notified of the option to appeal and given guidance for
voluntarily pursuing this option at the time of purchase, policy renewal, and in the event of a
claim on his flood insurance policy. Accordingly, policyholders are advised that the submission of
their personally identifying information is voluntary. However, the policyholder is also advised
that failure to submit the necessary personal identifying information may result in the denial of
the appeal.
6.3
Do individuals have the right to consent to particular uses of the
information, and if so, how does the individual exercise the right?
Consent is presumed to use the information for appeals if a policyholder elects to submit
an appeal.
6.4
Privacy Impact Analysis
Notice is provided to policyholders of the potential use of their personally identifying
information at the time insurance is purchased or a claim is made, and also through publication of
the SORN and the regulation establishing the NFIP appeal process.
Section 7.0 Individual Access, Redress and Correction
7.1
What are the procedures which allow individuals to gain access to their
own information?
The procedures for policyholders to gain access to their own information from FEMA are
listed both in FEMA’s and DHS’s Privacy Act Regulations, 44 CFR Part 6 and 6 CFR Part 5. Requests
for Privacy Act protected information must be made in writing, and clearly marked as a “Privacy
Act Request.” The name of the requester, the nature of the record sought, and the required
verification of identity must be clearly indicated. Requests should be sent to the Privacy Act
Officer, DHS/FEMA, Office of General Counsel (GL), Room 406, 500 C Street, SW, Washington,
DC 20472.
Policyholders may also contact their insurance provider to obtain this information.
�Privacy Impact Assessment
NFIP Appeals Procedure, FEMA
February 9, 2006
Page 9
7.2
What are the procedures for correcting erroneous information?
Same as the notification procedure above. If an individual policyholder finds incorrect
information, he/she is encouraged to advise FEMA of the error, and provide FEMA the correct
information. Typically, individuals work with their respective insurance carrier to correct
erroneous information contained in their policies.
7.3
How are individuals notified of the procedures for correcting their
information?
Same as 7.1 above. Notice will be given in the new proposed system of records. In
addition, if we are cognizant of any misinformation in the file or if we suspect that information is
incorrect, we will contact the policyholder and request additional information be provided to
address the matter.
7.4
If no redress is provided, are alternatives are available?
Redress is afforded to policyholders, so alternatives are not applicable.
7.5
Privacy Impact Analysis
Access and other procedural rights are provided for in the Privacy Act of 1974.
Section 8.0 Technical Access and Security
8.1
Which user group(s) will have access to the system? (For example,
program managers, IT specialists, and analysts will have general access
to the system and registered users from the public will have limited
access.)
The user groups are FEMA employees and contractors working for FEMA’s NFIP.
Employees of FEMA’s Claims and Underwriting Division, authorized Information Technology (IT)
contractors and FEMA’s NFIP contractors will have restricted access to the Appeal Procedure
Review System only to the extent necessary to perform their official duties. IT contractors who
handle the operations and maintenance of the system will also have limited access to the system to
support the trouble shooting of technical system issues encountered on a day-to-day basis. FEMA
managers and some IT managers will have complete access to the system in order to ensure that
the Appeal Procedure is being carried out in accordance with applicable regulations.
Additionally, as specified in the Routine Uses section of the SORN, the DHS OIG may
request and be given access to the data, and the DHS and FEMA OGC may request and be given
access to the data to represent DHS/FEMA in litigation matters.
�Privacy Impact Assessment
NFIP Appeals Procedure, FEMA
February 9, 2006
Page 10
8.2
Will contractors to DHS have access to the system? If so, please submit
a copy of the contract describing their role to the Privacy Office with this
PIA.
No, not applicable.
8.3
Does the system use “roles” to assign privileges to users of the system?
Yes, FEMA user access is managed via automated role-based access controls for official use
that includes only authorized FEMA employees and contractors. Each user’s access to the system is
limited to the extent necessary, based upon the user’s official role in the FEMA appeal process.
Moreover, access to personally identifying information is granted only to the extent necessary for
the user to perform his official function in the appeals review process.
8.4
What procedures are in place to determine which users may access the
system and are they documented?
FEMA has appropriate security measures that restrict access to its records system only to
required staff who have a need to know in order for each user to perform his or her official duties.
The security documents outlines user access are not generally available for security reasons. Access
to data is controlled through use of the user ID and password combination. Strong passwords
following DHS’s standards are required and enforced through system and application controls.
User passwords must be changed on a regular basis. Additional Secure Sockets Layer (SSL)
encryption is used to protect the transfer of data.
8.5
How are the actual assignments of roles and rules verified according to
established security and auditing procedures?
Role-based access, usernames, passwords, security awareness programs and
monitoring/auditing technologies are included in FEMA’s Security systems architectures and plans.
Intrusion detection capabilities are also required for FEMA Security systems to prevent
unauthorized access to NFIP databases.
8.6
What auditing measures and technical safeguards are in place to
prevent misuse of data?
Each authorized individual working on the appeals procedure will only have access to
information pertinent to his/her function.
Activity logs (audit trails) are enabled and secured on operating systems, applications, and
middleware. A periodic review is conducted to monitor all user access.
�Privacy Impact Assessment
NFIP Appeals Procedure, FEMA
February 9, 2006
Page 11
Incident response procedures are established to address reported security incidents as
quickly as possible.
In addition, FEMA has established procedures for the handling and storage of information
established to restrict access to unauthorized users.
8.7
Describe what privacy training is provided to users either generally or
specifically relevant to the functionality of the program or system?
All FEMA employees are required to complete the Emergency Preparedness and Response
(EP&R)/FEMA Annual Security Awareness Training course. In addition, all contract employees are
required to adhere to the Privacy Act/confidentially clauses as per the terms of their contracts with
FEMA.
8.8
Is the data secured in accordance with FISMA requirements? If yes,
when was Certification & Accreditation last completed?
Yes. As noted previously, the final information will be stored in the primary system of
records. This system has received the required certifications to indicate FISMA compliance. The
additional FISMA criteria and completion dates are shown below:
8.9
•
Federal Information Processing Standards Publication (FIPS) 199 assessment
completed 11/10/2005
•
E Authentication Worksheet completed 11/10/2005
•
National Institute of Standards and Technology (NIST) 800-26 Security Self
Assessment completed 10/11/2005
Privacy Impact Analysis
FEMA has instituted strong security controls to ensure that the collection of policyholder
information for the Appeals Procedure process is protected throughout the entire process. This
includes extensive access controls, and audit trails
Section 9.0 Technology
9.1
Was the system built from the ground up or purchased and installed?
FEMA built the system from the ground up and followed industry best practices with
support from commercial products that have been tested for reliability.
�Privacy Impact Assessment
NFIP Appeals Procedure, FEMA
February 9, 2006
Page 12
9.2
Describe how data integrity, privacy, and security were analyzed as part
of the decisions made for your system.
The NFIP, in its decision selection process, consulted with FEMA’s Cyber Security office
and determined that a commercial off the shelf (COTS) security and authentication software
would be used to maintain the data integrity meeting Federal computer and electronic standards
9.3
What design choices were made to enhance privacy?
FEMA specifically chose to use a secure socket layer for protecting the privacy of our NFIP
individual policyholders.
Conclusion
In order to implement the statutory directive that FEMA establish an appeals procedure for
flood insurance claims, FEMA has created the National Flood Insurance Program Appeals
Procedure and has implemented an electronic system to maintain all records concerning these
appeals. FEMA has purposely minimized the data to be collected and incorporated other privacy
protections in order to ensure that the system is both privacy sensitive and effective for the
business purposes for which it was developed. The formalization of FEMA’s National Flood
Insurance Program’s NFIP’s policyholders' right to appeal their flood insurance claim (the
policyholder may appeal any disposition regarding his claim with which he disagrees) provides
policyholders a final review of the denial of their flood insurance claim. The new appeals process
codifies and clearly establishes this course of action as a policyholder voluntary right. We believe
this is a very positive step to ensure that all NFIP policyholders are satisfied with the manner in
which their flood insurance claim is resolved.
�Privacy Impact Assessment
NFIP Appeals Procedure, FEMA
February 9, 2006
Page 13
Responsible Officials
James Shortley
Director of Claims
Federal Emergency Management Agency
Department of Homeland Security
202-646-3418
�
| File Type | application/pdf |
| File Title | privacy_pia_fema_nfipappeals.doc |
| Author | DHS Privacy Office |
| File Modified | 2009-11-17 |
| File Created | 2006-05-16 |