Download: doc | pdf

Privacy Impact Assessment
for the

National Flood Insurance Program Appeals Procedure

02-09-06

Contact Point
James Shortley
Director of Claims
Federal Emergency Management Agency
202-646-3418

Reviewing Official
Maureen Cooney
Acting Chief Privacy Officer
Department of Homeland Security
(571) 227-3813

Introduction

In the face of mounting flood losses and escalating costs of disaster relief to the taxpayers, the National Flood Insurance Program (NFIP) was established by Congress in 1968 (42 U.S.C. 4001, et seq.). The intent of the NFIP is to reduce future flood damage through effective community floodplain management, and insurance protection for property owners. Congress designated FEMA to be the administrator of the NFIP and the FEMA Mitigation Division has responsibility for program management and oversight

In 1983, to increase availability, FEMA partnered with the private insurance industry to sell and service flood insurance coverage. This partnership between FEMA and private sector property insurance companies is termed the Write Your Own (WYO) program. Under the WYO program, the private WYO Companies are responsible for all of the day-to-day administrative activities associated with the policies they write. Over 95 percent of the flood insurance polices in force are maintained by WYO Companies. Specifically, they are responsible for policy issuances, claim processing and upon request, payment when losses occur. Policyholder information is maintained by the WYO Company and considered part of their system of records. FEMA has access to these records as part of its oversight role. Once FEMA obtains the WYO Company’s policyholder records, the records will become part of FEMA’s existing Privacy Act system of records, the “National Flood Insurance Bureau and Statistical Agent (BSA) Data Elements and Related Files.”

The remaining policies in force are written and maintained directly by FEMA via a contractor known as the NFIP Servicing Agent, and are considered part of FEMA’s preexisting Privacy Act system of records, the “National Flood Insurance Direct Servicing Agent Application and Related Document Files.” The NFIP Servicing Agent serves as a private insurance company and writes NFIP flood insurance policies on behalf of the Federal government.

This system of records currently has provisions and authorities for data collection with respect to the Privacy Act. This Privacy Impact Assessment (PIA) primarily focuses on the additional use of personally identifying information. This system is used to verify that accuracy and validity of the appeal request using personally identifying information. The current system of records will also continue to be used as the primary system of record and the final appeal resolution file will be archived as a part of this system.

Section 205 of the Bunning-Bereuter-Blumenauer Flood Insurance Reform (FIRA) Act of 2004, 42 U.S.C. 4011, requires that FEMA establish an appeals process that will provide NFIP flood insurance policyholders with the option to dispute decisions with respect to:

• Claims (request for payment associated with losses from floods);

• Proofs of Loss (statement of the amount claimed, sworn and signed by the policyholder); and

• Loss estimates relating to the flood insurance policy.

This PIA will cover the Appeals Procedure of the NFIP. The NFIP Appeal Procedure will provide the individual policyholder a voluntary option for resolving problems by requesting an appeal of their NFIP insurance claim without proceeding to a lawsuit.

Section 1.0 Information Collected and Maintained

1.1 What information is to be collected?

If a policyholder requests an appeal, the following information will be requested from him and verified by either the entity that services the policy—either the WYO Company or the NFIP Servicing Agent.

• Individual Policyholder Name: The name of the person requesting an appeal.

• Policyholder Address: Policyholder address/place where the loss occurred, which is potentially an individual’s home.

• Policyholder Telephone Number: Policyholder telephone, where he can be reached, which is potentially a home phone number.

• Personal Property Claimed: A list of personal property claimed as damaged and the subject of the appeal.

• Policyholder statement of facts: Policyholder statement of why he is contesting the claim’s disposition and supporting proof or records to document the policyholder’s position.

1.2 From whom is information collected?

Policyholder-provided Information

Information is collected from the individual NFIP policyholder, who has voluntarily chosen to appeal the disposition of his flood insurance claim. In addition, FEMA collects policyholder information from the WYO Company or the NFIP Servicing Agent that services the flood insurance policy which is the subject of the appeal.

Write Your Own (WYO) Company provided information.

Unlike the NFIP Servicing Agent, a WYO Company serves as a private insurance company for polices written and serviced. Accordingly, the WYO Company is responsible for the day-to-day processing and all administrative actions, relative to flood insurance polices, such as policy rating and payment of claims. These records are maintained separate and distinct from NFIP records because these records are considered the records of the individual WYO Company. However, FEMA may request verification of individual policyholder’s personal records from the WYO Company that initially issued the policy, in order for FEMA to review the record as part of our appeal review process. Once the WYO company records are received, the records will become a part of FEMA’s new proposed “NFIP Claims Appeals Process” system of records.

1.3 Why is the information being collected?

Section 205 of the FIRA of 2004, 42 U.S.C. 4011, requires that FEMA establish an appeals process that provides flood insurance policyholders with the option to dispute decisions of any insurance agent or adjuster, insurance company, or any FEMA employee or contractor with respect to their NFIP policy claim, proof of loss or estimates. The individual policyholder may appeal any decision to FEMA rendered regarding the disposition of his flood insurance which he believes is inappropriate.

The information collected is required to address the issues presented by the policyholders in their appeals and in order to respond to their concerns. The NFIP must have the critical background information needed that includes “personally identifying information” of the policyholder to objectively review of the policyholder’s file and to make an independent determination of the merits of the issues presented in the policyholder’s appeal.

1.4 What specific legal authorities/arrangements/agreements define the collection of information?

FEMA collects only the personal information necessary for processing the appeals requested by NFIP policyholders in our appeals process. As stated previously, Section 205 of the Bunning-Bereuter-Blumenauer Flood Insurance Reform Act of 2004, 42 U.S.C. 4011 requires that FEMA establish an appeals process for NFIP policyholders. FEMA has drafted an Interim Final Rule that outlines the specific requirements of the appeals process. FEMA has also drafted a proposed new Privacy Act System of Records Notice (SORN), the “NFIP Claims Appeals Process.”

1.5 Privacy Impact Analysis

In developing the Appeals Process, FEMA reviewed current claims dispute procedures and determined the minimum amount of personally identifying information necessary to provide a meaningful appeal process review. FEMA made a conscious decision to limit the amount of information collected to reduce the burden upon the policyholder yet not adversely affect the appeal process. Privacy risks were considered and therefore the collected information is restricted to only the necessary records needed to evaluate the issues presented in the policyholders’ appeal, and provide a decision.

Section 2.0 Uses of the System and the Information

2.1 Describe all the uses of information.

FEMA will use the information collected from the individual policyholder solely for the purpose of making a decision on the policyholder’s appeal. Once the appeal process is completed, the individual policyholder’s information will be stored as a part of FEMA’s new system of records in accordance with National Archive and Records Administration (NARA) requirements.

2.2 Does the system analyze data to assist users in identifying previously unknown areas of note, concern, or pattern (Sometimes referred to as data mining)?

No, not applicable.

2.3 How will the information collected from individuals or derived from the system be checked for accuracy?

The policyholder information provided from the individual during the appeals process will be verified against FEMA’s system of records or the information contained in our WYO files to ensure that the information is correct. If critical personal information is inconsistent with the information contained in these sources, FEMA will reconcile the information to achieve accuracy. This may entail contacting the individual policyholder to verify the submitted information.

2.4 Privacy Impact Analysis

FEMA has limited the amount of and type of personal information used in the appeals process. FEMA has in place training and auditing practices to ensure that the information is not used for any other purposes. Only authorized users of the system may gain access to the information for authorized usages. If an individual is found to be misusing the information, appropriate disciplinary actions will be taken.

Section 3.0 Retention

3.1 What is the retention period for the data in the system?

In accordance with an approved Federal records retention schedule, the data will be retained for approximately seven (7) years.

3.2 Has the retention schedule been approved by the National Archives and Records Administration (NARA)?

Yes. NARA AUTHORITY: N1-311-86-1 2A12(a)(2).

Section 4.0 Internal Sharing and Disclosure

4.1 With which internal organizations is the information shared?

Information will be shared internally within DHS, primarily among authorized individuals of FEMA’s Mitigation Division Risk Insurance Branch and the FEMA Mitigation Division Administrator, the DHS Office of the Inspector General’s (OIG), and the Office of General Counsel (OGC).

4.2 For each organization, what information is shared and for what purpose?

Appeals Process Records may be shared with the FEMA Office of General Counsel (OGC) for litigation purposes. Appeals Process Records also may be shared with the DHS OIG for auditing and oversight and for investigation.

4.3 How is the information transmitted or disclosed (when shared is what this question goes to, I believe)?

The information will be sent by mail, fax, or by courier.

4.4 Privacy Impact Analysis

Information is shared internally within DHS for oversight of the program and is not shared with other components, as there is no need for them to have the information. Risks are minimal since information is provided to limited number of internal organizations.

Section 5.0 External Sharing and Disclosure

5.1 With which external organizations is the information shared?

FEMA does not plan to share this information with external organizations other than at its discretion for the routine uses that are included in the System of Records Notice for the NFIP Claims Appeals Process System of Records.

5.2 What information is shared and for what purpose?

External information sharing is limited only to the routine uses described in the SORN

5.3 How is the information transmitted or disclosed?

As already indicated in 5.2, not applicable because external information sharing is limited only to the routine uses described in the SORN.

5.4 Is a Memorandum of Understanding (MOU), contract, or any agreement in place with any external organizations with whom information is shared, and does the agreement reflect the scope of the information currently shared?

No.

5.5 How is the shared information secured by the recipient?

Not applicable.

5.6 What type of training is required for users from agencies outside DHS prior to receiving access to the information?

Not applicable.

5.7 Privacy Impact Analysis

Not Applicable. No external sharing of information is anticipated except as outlined in the SORN

Section 6.0 Notice

6.1 Was notice provided to the individual prior to collection of information? If yes, please provide a copy of the notice as an appendix. A notice may include a posted privacy policy, a Privacy Act notice on forms, or a system of records notice published in the Federal Register Notice. If notice was not provided, why not?

Yes, a policyholder is notified of the option to appeal and given guidance for voluntarily pursuing this option at the time of purchase, policy renewal, and in the event of a claim on his flood insurance policy. Notice is also provided through our SORN, the “NFIP Claims Appeals Process,” that will be published in the Federal Register and the final rule for the “National Flood Insurance Program: Appeal of Decisions Relating to Flood Insurance Claims.”

6.2 Do individuals have an opportunity and/or right to decline to provide information?

Yes. The appeals procedure is completely voluntary, and can only be initiated by the individual policyholder. A policyholder is notified of the option to appeal and given guidance for voluntarily pursuing this option at the time of purchase, policy renewal, and in the event of a claim on his flood insurance policy. Accordingly, policyholders are advised that the submission of their personally identifying information is voluntary. However, the policyholder is also advised that failure to submit the necessary personal identifying information may result in the denial of the appeal.

6.3 Do individuals have the right to consent to particular uses of the information, and if so, how does the individual exercise the right?

Consent is presumed to use the information for appeals if a policyholder elects to submit an appeal.

6.4 Privacy Impact Analysis

Notice is provided to policyholders of the potential use of their personally identifying information at the time insurance is purchased or a claim is made, and also through publication of the SORN and the regulation establishing the NFIP appeal process.

Section 7.0 Individual Access, Redress and Correction

7.1 What are the procedures which allow individuals to gain access to their own information?

The procedures for policyholders to gain access to their own information from FEMA are listed both in FEMA’s and DHS’s Privacy Act Regulations, 44 CFR Part 6 and 6 CFR Part 5. Requests for Privacy Act protected information must be made in writing, and clearly marked as a “Privacy Act Request.” The name of the requester, the nature of the record sought, and the required verification of identity must be clearly indicated. Requests should be sent to the Privacy Act Officer, DHS/FEMA, Office of General Counsel (GL), Room 406, 500 C Street, SW, Washington, DC 20472.

Policyholders may also contact their insurance provider to obtain this information.

7.2 What are the procedures for correcting erroneous information?

Same as the notification procedure above. If an individual policyholder finds incorrect information, he/she is encouraged to advise FEMA of the error, and provide FEMA the correct information. Typically, individuals work with their respective insurance carrier to correct erroneous information contained in their policies.

7.3 How are individuals notified of the procedures for correcting their information?

Same as 7.1 above. Notice will be given in the new proposed system of records. In addition, if we are cognizant of any misinformation in the file or if we suspect that information is incorrect, we will contact the policyholder and request additional information be provided to address the matter.

7.4 If no redress is provided, are alternatives are available?

Redress is afforded to policyholders, so alternatives are not applicable.

7.5 Privacy Impact Analysis

Access and other procedural rights are provided for in the Privacy Act of 1974.

Section 8.0 Technical Access and Security

8.1 Which user group(s) will have access to the system? (For example, program managers, IT specialists, and analysts will have general access to the system and registered users from the public will have limited access.)

The user groups are FEMA employees and contractors working for FEMA’s NFIP. Employees of FEMA’s Claims and Underwriting Division, authorized Information Technology (IT) contractors and FEMA’s NFIP contractors will have restricted access to the Appeal Procedure Review System only to the extent necessary to perform their official duties. IT contractors who handle the operations and maintenance of the system will also have limited access to the system to support the trouble shooting of technical system issues encountered on a day-to-day basis. FEMA managers and some IT managers will have complete access to the system in order to ensure that the Appeal Procedure is being carried out in accordance with applicable regulations.

Additionally, as specified in the Routine Uses section of the SORN, the DHS OIG may request and be given access to the data, and the DHS and FEMA OGC may request and be given access to the data to represent DHS/FEMA in litigation matters.

8.2 Will contractors to DHS have access to the system? If so, please submit a copy of the contract describing their role to the Privacy Office with this PIA.

No, not applicable.

8.3 Does the system use “roles” to assign privileges to users of the system?

Yes, FEMA user access is managed via automated role-based access controls for official use that includes only authorized FEMA employees and contractors. Each user’s access to the system is limited to the extent necessary, based upon the user’s official role in the FEMA appeal process. Moreover, access to personally identifying information is granted only to the extent necessary for the user to perform his official function in the appeals review process.

8.4 What procedures are in place to determine which users may access the system and are they documented?

FEMA has appropriate security measures that restrict access to its records system only to required staff who have a need to know in order for each user to perform his or her official duties. The security documents outlines user access are not generally available for security reasons. Access to data is controlled through use of the user ID and password combination. Strong passwords following DHS’s standards are required and enforced through system and application controls. User passwords must be changed on a regular basis. Additional Secure Sockets Layer (SSL) encryption is used to protect the transfer of data.

8.5 How are the actual assignments of roles and rules verified according to established security and auditing procedures?

Role-based access, usernames, passwords, security awareness programs and monitoring/auditing technologies are included in FEMA’s Security systems architectures and plans. Intrusion detection capabilities are also required for FEMA Security systems to prevent unauthorized access to NFIP databases.

8.6 What auditing measures and technical safeguards are in place to prevent misuse of data?

Each authorized individual working on the appeals procedure will only have access to information pertinent to his/her function.

Activity logs (audit trails) are enabled and secured on operating systems, applications, and middleware. A periodic review is conducted to monitor all user access.

Incident response procedures are established to address reported security incidents as quickly as possible.

In addition, FEMA has established procedures for the handling and storage of information established to restrict access to unauthorized users.

8.7 Describe what privacy training is provided to users either generally or specifically relevant to the functionality of the program or system?

All FEMA employees are required to complete the Emergency Preparedness and Response (EP&R)/FEMA Annual Security Awareness Training course. In addition, all contract employees are required to adhere to the Privacy Act/confidentially clauses as per the terms of their contracts with FEMA.

8.8 Is the data secured in accordance with FISMA requirements? If yes, when was Certification & Accreditation last completed?

Yes. As noted previously, the final information will be stored in the primary system of records. This system has received the required certifications to indicate FISMA compliance. The additional FISMA criteria and completion dates are shown below:

• Federal Information Processing Standards Publication (FIPS) 199 assessment completed 11/10/2005

• E Authentication Worksheet completed 11/10/2005

• National Institute of Standards and Technology (NIST) 800-26 Security Self Assessment completed 10/11/2005

8.9 Privacy Impact Analysis

FEMA has instituted strong security controls to ensure that the collection of policyholder information for the Appeals Procedure process is protected throughout the entire process. This includes extensive access controls, and audit trails

Section 9.0 Technology

9.1 Was the system built from the ground up or purchased and installed?

FEMA built the system from the ground up and followed industry best practices with support from commercial products that have been tested for reliability.

9.2 Describe how data integrity, privacy, and security were analyzed as part of the decisions made for your system.

The NFIP, in its decision selection process, consulted with FEMA’s Cyber Security office and determined that a commercial off the shelf (COTS) security and authentication software would be used to maintain the data integrity meeting Federal computer and electronic standards

9.3 What design choices were made to enhance privacy?

FEMA specifically chose to use a secure socket layer for protecting the privacy of our NFIP individual policyholders.

Conclusion

In order to implement the statutory directive that FEMA establish an appeals procedure for flood insurance claims, FEMA has created the National Flood Insurance Program Appeals Procedure and has implemented an electronic system to maintain all records concerning these appeals. FEMA has purposely minimized the data to be collected and incorporated other privacy protections in order to ensure that the system is both privacy sensitive and effective for the business purposes for which it was developed. The formalization of FEMA’s National Flood Insurance Program’s NFIP’s policyholders' right to appeal their flood insurance claim (the policyholder may appeal any disposition regarding his claim with which he disagrees) provides policyholders a final review of the denial of their flood insurance claim. The new appeals process codifies and clearly establishes this course of action as a policyholder voluntary right. We believe this is a very positive step to ensure that all NFIP policyholders are satisfied with the manner in which their flood insurance claim is resolved.

Responsible Officials

James Shortley
Director of Claims
Federal Emergency Management Agency
Department of Homeland Security
202-646-3418

Approval Signature

________________________________ February 3, 2006

Maureen Cooney
Acting Chief Privacy Officer
Department of Homeland Security

File Type	application/msword
File Title	Privacy Impact Assessment
Author	nathan.coleman
Last Modified By	scorrea
File Modified	2006-05-16
File Created	2006-05-16