Download: 
pdf | 
pdfPrivacy Impact Assessment
for the
National Flood Insurance Program (NFIP) PIVOT
System
DHS/FEMA/PIA-050
March 28, 2018
Contact Point
Joshua Smith
Federal Insurance and Mitigation Administration
Federal Emergency Management Agency
Department of Homeland Security
(703) 605-1238
Reviewing Official
Philip S. Kaplan
Chief Privacy Officer
Department of Homeland Security
(202) 343-1717
Privacy Impact Assessment
DHS/FEMA/PIA-050
NFIP PIVOT
Page 1
Abstract
The Department of Homeland Security (DHS) Federal Emergency Management Agency
(FEMA) Federal Insurance and Mitigation Administration (FIMA) National Flood Insurance
Program (NFIP) owns and operates the NFIP PIVOT (not an acronym; formerly called Phoenix)
system. The NFIP PIVOT system is a web-based system designed to help facilitate and consolidate
in one system the NFIP’s core business processes including, but not limited to: validation of
insurance policies, claims, and data; complex modeling; website hosting (including
www.floodsmart.gov); claims administration; policy management; claims review; approvals; and
status inquiries. FEMA is conducting this new Privacy Impact Assessment (PIA) because NFIP
PIVOT collects, uses, maintains, retrieves, and disseminates personally identifiable information
(PII) about individuals who purchase flood insurance policies from NFIP, those who process
insurance policies, and individuals requesting access to the system.
Overview
Congress created the NFIP through the National Flood Insurance Act of 1968.1 The
program was established in response to the rising cost of taxpayer-funded disaster relief for flood
victims and the increasing amount of damage caused by floods. FIMA manages the NFIP and
oversees the insurance, floodplain management, and mapping components of the program.
Approximately 20,000 communities across the United States and its territories participate in the
NFIP by adopting and enforcing floodplain management ordinances to reduce future flood
damage. Based on the communities’ compliance with these ordinances, the NFIP makes federally
backed flood insurance available to property owners and renters in these communities. The NFIP
enables individuals and organizations in the participating communities to purchase insurance
protection against losses from flooding. The basis for a community’s participation in the NFIP is
an agreement with FEMA to adopt and enforce sound floodplain management ordinances to
mitigate future flood risks to new construction, additions, repairs, and rebuilding in certain
specially designated areas.
The FEMA NFIP Community Information System (CIS) collects and maintains flood zone
and floodplain information for participating communities and maintains the official record of a
community’s NFIP participation status. CIS communicates with NFIP PIVOT for validating that
a property is within a participating community to determine eligibility for a flood insurance policy.
NFIP then makes flood insurance available to property owners and renters within the community
as a means of reducing the risk of flood losses. Properties in certain areas within these communities
with a lower risk of flooding are eligible for a Preferred Risk Policy (PRP) with a lower premium.
1
42 U.S.C. §§4001-4129.
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 2
Additionally, certain areas within these communities may be part of a Coastal Barrier Resource
System (CBRS) area, which is managed by the United States Fish and Wildlife Services (FWS).
Properties within a CBRS area require more robust flood management safeguards in order to be
eligible for flood insurance.
To provide flood insurance policies, the NFIP and private sector insurance companies
typically execute a Write Your Own (WYO) agreement that allows the companies to sell and
administer flood insurance on behalf of FEMA. For individuals and organizations within NFIPcompliant communities where WYO companies are not available, NFIP uses contract support
known as the NFIP Direct Servicing Agent (NFIP Direct)2 to provide flood insurance policies
directly to the individual or organization on behalf of FEMA. The NFIP policy and claims
information that FEMA collects from the NFIP Direct and WYO companies includes transaction
data (policy information and PII such as policyholder name, property address, and property
description) and financial statements (contain flood insurance premiums collected and claims paid
for each property). FEMA has an established claims appeals process to appeal policy and claims
determinations made by either a WYO company or NFIP Direct. This process requires both WYO
and NFIP Direct flood insurance policyholders to submit a written, signed appeal letter to FEMA
explaining the nature of their claim, names and titles of persons contacted, dates of contact, contact
information, and details of the contract relevant to their claim appeal, and also to submit a copy of
the insurer’s written denial of the claim, in whole or in part.
NFIP PIVOT
FEMA developed NFIP PIVOT, a web-based system, as a new information technology
solution for the NFIP to replace the legacy information technology systems and to help consolidate
and facilitate the NFIP’s core business processes. NFIP PIVOT will allow FEMA to improve
oversight of the NFIP by modernizing NFIP’s legacy NFIP Information Technology Systems
(ITS)3 and consolidating other NFIP standalone systems such as the Risk Insurance (RI)
Underwriting and Claims Operations Review Tool (UCORT)4 and the FloodSmart system5 into a
single platform.
FEMA will complete migration to the NFIP PIVOT system by early 2019. FEMA is
publishing this new PIA concurrently with the NFIP ITS PIA while FEMA continues to use NFIP
2
See DHS/FEMA/PIA-048 National Flood Insurance Program Direct Servicing Agent System, available at
https://www.dhs.gov/sites/default/files/publications/privacy-pia-fema-048-nfipdirect-october2017.pdf.
3
See DHS/FEMA/PIA-011 National Flood Insurance Program Information Technology Systems, available at
https://www.dhs.gov/publication/dhsfemapia-011-national-flood-insurance-program-information-technologysystems.
4
RI-UCORT is an application used to assist FEMA in ensuring that WYO companies and the NFIP Direct process
policies and claims in accordance with federal statutes and guidelines. FEMA has transferred this application to the
NFIP ITS.
5
FloodSmart is FEMA’s marketing and outreach program that previously used three websites to facilitate contact
between the public and WYO companies.
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 3
ITS during the NFIP PIVOT development. Once PIVOT becomes fully operational, NFIP will
retire the legacy systems and the corresponding PIA(s).
FEMA is using the DHS Agile Development6 discipline during the development of PIVOT,
meaning FEMA incrementally adds functionality and applications to PIVOT as part of the agile
development process. FEMA will regularly update this PIA as PIVOT adds new functionality that
impacts processing of PII.
NFIP PIVOT supports the following core functions:
6
Claims and Policies Review – PIVOT processes and verifies all new and renewal policies
and claims. Flood insurance companies provide information to PIVOT via an automated
push/pull of data from their vendor system. FEMA uses NFIP PIVOT to review
information provided by individuals to WYO companies and NFIP Direct and provide
recommendations for issuance of a flood insurance policy or the processing of a claim
against a flood insurance policy. To support this function, PIVOT collects PII data
including name, address, phone number, and policy number, but does not collect Social
Security numbers (SSN) or dates of birth. However, PIVOT will contain historical claims
and policy information from the NFIP ITS, which does include SSNs collected prior to
2008.
Document and Case Management – NFIP policyholders, both WYO company and NFIP
Direct customers, can submit appeals to FEMA for policy or claims determinations directly
to FEMA for FIMA review and final determination.
Flood Insurance Awareness – PIVOT hosts a public website (FloodSmart) that provides
critical information about flood insurance and how to obtain flood insurance. The general
public will be able to visit a website to access this information without need for a login
credential and will be able to access information about WYO companies’ points of contact
(POC). FloodSmart also will facilitate communication between the public and participating
WYO companies.
Analytics Reporting – PIVOT provides a data analytics and reporting function for the NFIP
that enhances the current analytical functions of NFIP ITS. NFIP will migrate more than
30 years of insurance data to perform data analysis on historical flood policy and claims
data. The analytics generated by this function is used to determine trends or generate
reports and a program level as well as at the property level that is required to track repetitive
loss.
More information about this process is available at
https://www.dhs.gov/sites/default/files/publications/Instruction_102-01004_Revision_00_Agile_Development_SIGNED_04-11-2016%281%29.pdf.
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 4
Catastrophic Modeling – PIVOT will collect address and Geospatial Information Systems
(GIS) data and provide statistical reports on flood and flood insurance trends within a
geographical area. PIVOT will enable FEMA employees and contractors to prepare NFIP
data, including PII, for modeling and import into catastrophe risk models that will analyze
the data and produce output files. FEMA employees and contractors will download the
modeled output and exhibits to their FEMA laptops and then share that with FEMA
employees and contractors via their FEMA email. For reinsurance purposes, FIMA will
verify and share the output file with reinsurers and reinsurance brokers under a NonDisclosure Agreement (NDA) for FIMA-approved marketing and business purposes. For
reinsurance, any output leaving the secure FEMA environment will be aggregated loss
estimates at the zip code level or higher, geolocation data, or location-specific data. No
policy-specific information would leave the FEMA firewall. Data output may also be used
for setting insurance rates, verifying models, real-time event tracking, and other purposes.
FEMA lists all applications within the PIVOT system in Appendix A of this PIA. NFIP
will submit additional Privacy Threshold Analyses (PTA) for applications, modules, proof of
concepts, testing, and for operational uses of the PIVOT IT solution that do not fall under this PIA.
FEMA will add these functions or applications to Appendix A prior to FEMA using the functions
or applications to collect, retain, or disseminate PII. The PIVOT system resides within the U.S.
Department of Agriculture (USDA) National Information Technology Center (NITC) Data Center
in Kansas City, MO. USDA NITC provides a cloud-based solution that is Federal Risk and
Authorization Management Program (FedRAMP)-approved and allows NFIP PIVOT to be in a
Government-owned and Government-operated environment.
PIVOT supports the following high-level technical requirements:
Validating insurance data sent from numerous sources (i.e., WYO companies and NFIP
Direct) against published FEMA business rules so that error notification and relevant
recordkeeping occurs in minutes rather than weeks. For instance, NFIP staff uses NFIP
PIVOT to validate that a WYO company is properly charging insurance premiums for a
property against FEMA’s published insurance rate methodology.
Providing a comprehensive repository of all available NFIP policy and claims processing
data since the inception of the NFIP. This repository will allow authorized stakeholders
(i.e. WYO companies, NFIP Direct, NFIP Third Party Administrators, and other
stakeholders, such as insurance claim adjusters, flood zone determination companies,
participating communities) and service providers to FIMA (contractors) to quickly view
information, including PII, on screens, on dashboards, and in reports based on roles and
permissions. It will also provide NFIP decision makers with access to key information prior
to making program changes or providing information to external stakeholders such as
Congress.
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 5
7
Providing the capability to view NFIP policyholder addresses on a map so that they can be
displayed in a geospatial viewer.
Providing GIS capabilities with a robust and user-friendly programming or scripting
interface, and the ability to load data and download geospatial results and efficiently
analyze data using a collection of geospatial operations. For example, users may be able to
compare National Flood Hazard (NFH) address or GIS data with NFIP property address
data or FEMA Individual Assistance/Public Assistance property address data.
Providing a complex data modeling capability for historical insurance data and other
external variables. This modeling should allow for development of scenarios, “what if”
analysis, sensitivity analysis, forecasting, and impact analysis.
Providing the capability to manage the NFIP’s core business processes that support the
NFIP’s actuarial sciences, claims administration, policy management, program marketing,
and stakeholder training by facilitating reviews, approvals, status inquiries, notifications,
escalations, and delivery of documents or relevant correspondence.
Supporting the FEMA NFIP Reinsurance Program, which is designed to transfer a
significant amount of NFIP insurance risk to the private sector. In order for the reinsurance
companies to quote prices for accepting the risk, they need to be able to model the NFIP
risk profile using both commercial risk models and their own in-house risk models.
Providing the capability to retrieve, analyze, and report operational, financial, and
statistical information on a periodic or variable basis by incorporating extensive query and
analysis features including, but not limited to creating predefined reports, creating ad-hoc
reports, delivering reports on-screen or via paper, email, or the export of data into common
file formats.
Meeting all applicable federal, department, and agency financial (OMB Circular A-1277)
and security regulations and guidelines (DHS 4300A Sensitive Systems Handbook8)
regarding auditability, compliance, privacy, and security.
Integrating with other agency and department systems that require information from the
authoritative source of NFIP information or when authoritative information is required for
NFIP processing.
OMB Circular A-127 prescribes policies and standards for executive departments and agencies to follow when
managing their financial management systems. For more information see
https://obamawhitehouse.archives.gov/omb/circulars_a127/.
8
The DHS 4300A Sensitive Systems Handbook provides techniques and procedures for implementing the
requirements of the DHS Information Security Program for DHS sensitive systems and systems that process
sensitive information for DHS. For more information see https://www.dhs.gov/publication/dhs-4300a-sensitivesystems-handbook.
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 6
Providing a rapid implementation of transformative, secure, cloud-based web hosting and
content management services in order to reduce web presentation costs and internal
engineering risk, improve levels of service for both internal and external customers, and
provide a predictable cost model for ongoing operations.
Providing hardware and software environments that include various processing,
networking, and storage equipment and associated software in a data center setting. FEMA
needs a flexible solution with scalable capacity and seamless license management to
quickly adjust to immediate demand (surge and decrease), with state-of-the-art processing
capacity to support FIMA’s mission.
Process Special Allocated Loss Adjustment Expense (SALAE) expenses and payments.
FEMA collects NFIP claims adjuster and expert service SALAE information for processing
of invoices and payments to support NFIP claims processing.9 These payments are for
circumstances that are above normal payments, such as an adjuster required to travel
beyond 100 miles to process an NFIP claim.
Sharing of NFIP policyholder information with various stakeholders such as the FWS, to
state and local agencies, and to educational institutions. Educational institutions use
geospatial information to help with hazard mapping and research for mitigating flooding.
During disasters, state and local agencies may request NFIP policyholder and property
information to assess unmet needs or to prevent duplication of benefits to their residents.
For instance, FEMA may share or receive information about wind insurance policies to
determine the appropriate flood insurance claims payment amount. Additionally, FEMA
may share information with insurance companies that do not have a WYO agreement with
FEMA for the purpose of assisting insurance companies in beginning to privatize flood
insurance.
FEMA grants access for PIVOT to FEMA employees and contractors, state and local users,
WYO companies, and individual policyholders requesting NFIP claims appeals and loss history.
FEMA employees and contractors access NFIP PIVOT using their federal-issued personal identity
verification (PIV) card issued by FEMA. State and local officials or their designee requesting
access to NFIP PIVOT may provide name, email address, jurisdiction/community, community
identification number (generated by CIS), and telephone number. WYO company agents are not
given individual direct access to NFIP PIVOT; rather, FEMA allows WYO company systems to
access NFIP PIVOT using an application program interface (API).10 This allows WYO companies
and NFIP Direct to update and retrieve information from NFIP PIVOT using their existing IT
9
For more information about the SALAE fee schedule see https://www.fema.gov/media-librarydata/1465484337395-8576da656b8d208ef0d5ce745bb3447e/2012_AdjFee_Schedule.pdf.
10
For more information see http://searchmicroservices.techtarget.com/definition/application-program-interface-API.
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 7
systems. Individual members of the public wishing to submit a claims appeal provide their name,
email address, telephone number, and a password to access PIVOT.
Typical Transaction
A property owner or renter interested in learning more about flood insurance can do so
through FEMA’s FloodSmart website.11 The property owner or renter contacts his or her property
insurance company or seeks out a local insurance company for information about what flood
insurance entails and how much certain coverage will cost. If the property owner or renter decides
to procure flood insurance, then the insurance company collects the required information about the
person and the property. The insurance company uses the NFIP Application forms (FEMA Form
(FF) 086-0-1) as mentioned in Appendix B of this PIA. The insurance company then submits this
information to NFIP PIVOT through an API. NFIP PIVOT evaluates specific criteria based on the
information provided which determines the customer’s eligibility and the cost. A WYO company
or NFIP Direct underwrites the policy once FEMA uses NFIP PIVOT to approve issuance of the
policy. The WYO company or NFIP Direct continues to use the API to update NFIP PIVOT with
premium payments received.
When the policyholder’s property is damaged by flooding, he or she contacts the flood
insurance provider that holds the policy and works with the flood insurance provider to file a claim.
Either the policyholder or the insurance provider uses either a paper or electronic version of the
NFIP Claims Forms and worksheets within Appendix B of this PIA. The flood insurance provider
submits the claim into NFIP PIVOT. FEMA reviews, approves, rejects, or requests an adjustment
to the claim submission. If FEMA approves the claim, then the policyholder receives a check from
FEMA to cover the damages based on their policy coverage. If the claim requires an adjustment
or receives a denial then the policyholder can either agree to the adjustment or appeal the decision
through FEMA.
If the policyholder decides to appeal the decision, he or she will go to the NFIP PIVOT
appeals portal, create an account, input the required information about the claim and reason for
appeal, and submit their appeal. FEMA then approves or rejects the appeal. If FEMA approves the
appeal, FEMA updates NFIP PIVOT with the status and if necessary, a check is issued to the
policyholder based on the appeal adjustment.
If in the future the policyholder pays off the mortgage on the property or moves to a
property outside the flood plain, he or she is able to cancel the policy through the policyholder’s
insurance company. Once this is done, the insurance company updates NFIP PIVOT.
FEMA generates internal reports to determine if a potential flood insurance claim payment
will exceed the total flood insurance premiums collected. As claims payments are updated in
11
See https://www.fema.gov/national-flood-insurance-program.
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 8
PIVOT by insurance agents, NFIP will use the internal reports to determine if executed reinsurance
contracts need to be initiated or if FEMA must request funding by the U.S. Treasury through
Congress. Additionally, internal reports by PIVOT will be used by FEMA to determine if any
NFIP claims payments are duplications of other benefits or payments provided by other FEMA
disaster assistance programs.
To support communities affected by a disaster, FEMA may share NFIP policyholder
information with a state or local agency to determine unmet needs, or to help the state or local
agency prevent duplication of benefits. This is done by the state or local agency submitting a
request to FEMA. FEMA executes this sharing pursuant to either an Information Sharing and
Access Agreement (ISAA) or a routine use letter that stipulates protection of the information,
specifically, the PII. A PIVOT user then downloads the requested information in computer
readable extract format and sends the encrypted information to the requestor.
Section 1.0 Authorities and Other Requirements
1.1
What specific legal authorities and/or agreements permit and
define the collection of information by the project in question?
The National Flood Insurance Act (NFIA) of 1968, as amended,12 establishes the legal
authority for the NFIP, including the sale of flood insurance through the WYO program and the
NFIP Direct.
The Bunning-Bereuter-Blumenauer Flood Insurance Reform Act (FIRA) of 2004 amended
the NFIA-enacted requirements for all new and renewal flood insurance policy transactions. The
FIRA requires the delivery of certain documentation upon initial coverage and annually upon
renewal, including the Flood Insurance Claims Handbook (which provides information about
claims and appeals) and an acknowledgement letter for the policyholder to sign and return as
verification of their receipt of this information.
31 U.S.C. § 770113 allows FEMA to collect SSNs of policyholders to facilitate debt
collection of NFIP-related debts to the Government such as claim overpayments or unpaid
premiums. FIMA no longer collects SSN as of 2008 for this purpose, and is working to remove or
redact historical SSN data.
12
42 U.S.C. §§ 4001 et seq., available at https://www.fema.gov/media-library-data/20130726-1752-250459854/frm_acts.pdf.
13
31 U.S.C § 7701 is available at https://www.gpo.gov/fdsys/pkg/USCODE-2010-title31/pdf/USCODE-2010title31-subtitleV-chap77-sec7701.pdf.
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 9
1.2
What Privacy Act System of Records Notice(s) (SORN(s)) apply
to the information?
The DHS/FEMA-003 National Flood Insurance Program Files System of Records14 applies
to the NFIP information within NFIP PIVOT.
The DHS/ALL-004 General Information Technology Access Account Records System
(GITAARS)15 applies to information FEMA maintains to allow individuals access to NFIP
PIVOT.
The DHS/ALL-026 Personal Identity Verification Management System (PIVMS)16 applies
to PIV card-related information received or maintained by NFIP PIVOT for access control
purposes.
1.3
Has a system security plan been completed for the information
system(s) supporting the project?
The NFIP PIVOT program is a new system and is currently in the development phase of
the DHS System Development Lifecycle (SDLC) and is hosted at the U.S. Department of
Agriculture (USDA) National Information Technology Center (NITC). A System Security Plan
(SSP) is currently in development, and FEMA is working towards an Authority to Operate (ATO).
The anticipated date of an ATO for NFIP PIVOT is March 31, 2018. NFIP PIVOT is participating
in a DHS Agile ATO process that will allow NFIP PIVOT to conduct agile development on an
ongoing basis. This pilot will allow NFIP PIVOT to add functionality to the system without having
to go through the standard DHS/FEMA waterfall method.
1.4
Does a records retention schedule approved by the National
Archives and Records Administration (NARA) exist?
In accordance with NARA GRS 3.2, items 30 and 31, FEMA maintains NFIP PIVOT
system access records for six years after the user account is terminated or password is altered, or
when no longer needed for investigative or security purposes, whichever is later.
Generally, FEMA maintains NFIP records in accordance with FEMA Records Officer
approved NARA authority N1-311-86-1, Item 2A13a(2). The retention schedule is to destroy any
inactive records after five years; however, NFIP has a business need to retain policies and claims
information related specifically to addresses, but not the customer, that have filed claims for the
14
DHS/FEMA-003 National Flood Insurance Program Files System of Records, 79 Fed. Reg. 28,747 (May 19,
2014), available at https://www.gpo.gov/fdsys/pkg/FR-2014-05-19/html/2014-11386.htm.
15
DHS/ALL-004 General Information Technology Access Account Records System, 77 Fed. Reg. 70,792
(November 27, 2012), available at https://www.gpo.gov/fdsys/pkg/FR-2012-11-27/html/2012-28675.htm.
16
DHS/ALL-026 Personal Identity Verification Management System, 74 FR 30301 (June 25, 2009), available at
https://www.gpo.gov/fdsys/pkg/FR-2009-06-25/html/E9-14905.htm.
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 10
life of the NFIP program in order to track repetitive loss and severe repetitive loss. NFIP is working
with FEMA Records Management to obtain NARA’s approval for a longer retention schedule for
NFIP PIVOT. This would allow NFIP to track homes or buildings that may require higher
insurance premiums, property buyback, or mitigation to prevent future flood damage. These
longer-term records will relate only to the property itself and will not contain PII.
1.5
If the information is covered by the Paperwork Reduction Act
(PRA), provide the OMB Control number and the agency number
for the collection. If there are multiple forms, include a list in an
appendix.
NFIP PIVOT information collections are approved and covered by the PRA, and are listed
in Appendix B.
Section 2.0 Characterization of the Information
2.1
Identify the information the project collects, uses, disseminates, or
maintains.
Information collected from external users of NFIP PIVOT such as WYO companies, State
and local users, and other external users of NFIP PIVOT for system access:
Geographical Locations of insured property (includes longitude and latitude information);
Organization Name;
Point of Contact Full Name;
Point of Contact Address(es);
Point of Contact Email Address(es);
Point of Contact Telephone Number(s); and
Aggregate Insurance/Claims Statistical Data (not including PII).
Information collected, used, or maintained about past, current, or potential flood insurance
policyholders:
Policyholder and Policy Information;
Full Name (First, Middle, Last);
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 11
17
Tax Identification Number (TIN)/ SSN;17(FIMA will work to remove SSNs from records
prior to 2008)
Insured Property Address;
Home Mailing Address;
Email Address;
Telephone/Cellular Phone Number(s);
Policy Premium Amount;
Allocated Loss Adjustment Expense Amounts;
Actual Cash Values of Building and Contents;
Coverage Information;
Deductible Information;
Reason for Policy Claim Closing Without Payment;
Applicable Policy Dates;
Fees and Numbers;
Program Types;
Replacement Cost Values;
Risk Rating Methods;
Rollover Indicators;
Previous Loss Amounts Paid;
Date of Loss;
Water Damage Information;
Insurance Coverage;
Deductible Amount;
Claim Payment Information;
Flood Risk Zone;
As of 2008, the program has not requested to collect tax ID numbers and SSNs, but any that were previously
provided to NFIP are retained in the historical records.
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 12
Participating Flood Community Name;
Building or Residence Location:
Construction Details;
Contents Details (machinery, equipment, and other items inside individual homes or
businesses that could be damaged by flooding);
Insurance Company Information;
WYO Company Name;
WYO Company Unique Identifier (assigned by FEMA); and
Wind Policy Information.18
Information collected from FEMA internal users of NFIP PIVOT, including the NFIP Direct, to
create a user access account for system access:
Full Name;
User Identification;
User Password;
Email Address; and
Phone Number.
Information FEMA may collect from reinsurance brokers, reinsurance companies, risk modeling
companies, other insurers, or other stakeholders involved in NFIP Reinsurance Program or
feasibility and trend studies:
18
Organization Name;
Point of Contact Full Name;
Address(es);
Email Address(es);
Telephone Number(s); and
Insurance/Claims Statistical Data.
As of April 2012, NFIP in general is no longer supporting the collection of wind policy information and matching
it to flood policy information, however, there are situations (e.g., duplication of benefits) in which the Program may
collect some wind information in a flood file, even though there is no systematic or routine collection. Any wind
policy information that was previously provided to NFIP is retained in the historical records.
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 13
Information collected from third parties (e.g., expert services, adjuster, and litigation) in support
of the Special Allocated Loss Adjustment Expense (SALAE):
Name of Entity;
Entity Address;
License Number;
Certification Number;
Invoice;
Report/Work Product;
Litigation Information (e.g., summons/complaints, case plan/budget, initial case analysis,
jurisdiction, case number);
Insurance/Claims Statistical Data; and
Geographical data including address, longitude, latitude, elevation.
The above NFIP policy and claims information may also be used to generate statistical
reports.
2.2
What are the sources of the information and how is the
information collected for the project?
The WYO companies and NFIP Direct collect information, including PII, directly from
individuals seeking flood insurance and input the data into NFIP PIVOT to produce scheduled and
ad hoc reports, as well as other forms of data. The WYO companies provide transactional and
financial statement data electronically to NFIP PIVOT. A transaction can either be a request from
an existing customer or potential customer for a new or renewed flood insurance policy, or it can
be a claim of flood damage for an existing customer.
FEMA collects the user account information outlined in Section 2.1 from NFIP
stakeholders and NFIP personnel to allow controlled access to information within NFIP PIVOT
and for WYO companies to submit flood insurance policy and claims information. Information is
submitted using a user account request form.
NFIP PIVOT receives flood zone and community NFIP participation status data on a daily
basis from CIS, via web service-style inquiry to CIS. The CIS data is used to update community
information within the NFIP PIVOT community master file database, which is needed by the
WYO companies to determine if a property is eligible for flood insurance coverage.
NFIP PIVOT uses commercial geographical location data and United States Postal Service
(USPS) address data to help validate structure locations and addresses. This information will be
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 14
used by NFIP PIVOT GIS applications to determine if a property can be considered for a PRP, if
the property is a multiple loss property, or if a property is within a CBRS area. Federal regulations
impose additional requirements for properties within CBRS. If a property is within a CBRS area
and does not meet the requirements, the WYO company must cancel the flood insurance policy
and the property will be considered ineligible for flood insurance. A WYO company is able to
request an appeal, and FWS will provide NFIP with information explaining their determination of
the WYO company appeals request regarding a property’s proximity to the CBRS area, whether it
is located within or outside the CBRS area boundary, and the CBRS area effective date.
FEMA uses the approved forms listed in Appendix B of this PIA to collect information.
2.3
Does the project use information from commercial sources or
publicly available data? If so, explain why and how this
information is used.
Yes, NFIP PIVOT uses commercial geospatial data and United States Postal Service
address data. NFIP PIVOT uses commercial geospatial data to help with mapping and models
which are used to help determine if a property can be covered as a PRP or if it is in a CBRS area.
NFIP PIVOT conducts a monthly download of the data to ensure geospatial maps and data are up
to date.
NFIP PIVOT uses USPS address data to automatically verify customer addresses for
obtaining insurance policies. This is done automatically during the verification process of the NFIP
Claims and Policies application.
NFIP PIVOT also uses commercially available catastrophic modeling results and both
private and publicly available modeling outputs to estimate the impact of events on the NFIP
portfolio.
2.4
Discuss how accuracy of the data is ensured.
Because FEMA collects the information in NFIP either directly from the individual, or
from the individual via the flood insurance provider, there is a high degree of confidence that this
information is correct. NFIP uses program-specific standard forms to ensure consistency of
information collected by the WYO companies. NFIP also conducts Underwriting and Claims
Operational Reviews to assess and ensure the quality of data received from commercial sources.
The WYO companies and NFIP Direct are responsible for the accuracy of information used in any
transaction with their customers.
NFIP PIVOT uses commercial geocoding data and USPS address data to help validate
structure locations and addresses. This reference data, purchased by NFIP, is also used to verify
and validate the NFIP business transaction carried out by participating insurance companies. If the
flood insurance claims and policies application does not find a match to the submitted address, an
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 15
error report is automatically generated and provided to the WYO company. The WYO company
then researches the error and provides any corrected address information during the next monthly
update to the NFIP PIVOT.
NFIP PIVOT generates reports to perform insurance and claims validation reviews. The
WYO company may review these reports against actual hardcopy insurance policy files located at
the WYO company. NFIP staff execute periodic underwriting audits and claims re-inspections to
check for operational accuracy at the WYO companies.
Additionally, NFIP PIVOT generates and distributes property loss history reports to
specific policyholders upon request. NFIP PIVOT collects policy and claims information and
compares it with hardcopy policy and claims files located at the WYO company, including its
flood vendors, and at NFIP Direct sites. NFIP PIVOT replaces a manual process that is needed to
ensure WYO companies and NFIP Direct comply with appropriate flood insurance statues and
regulations as mentioned in section 1.1.
2.5
Privacy Impact Analysis: Related to Characterization of the
Information
Privacy Risk: NFIP PIVOT may collect more information than is necessary to process and
verify the transactions of WYO companies and NFIP Direct for policies and claims.
Mitigation: This privacy risk is mitigated by only collecting information required to
comply with federal statute and regulations for underwriting and processing claims against flood
insurance policies. Additionally, NFIP continually reviews data collection to ensure the need for
data elements collected for insurance purposes. For instance, NFIP previously required the
collection of SSN and Tax ID for insurance policy setup, but after 2008 NFIP no longer requires
or requests SSN or Tax ID from policy applicants and policyholders. FIMA will begin to review
and plan the removal of all SSNs from records prior to 2008.
Privacy Risk: NFIP PIVOT may collect and use inaccurate information about individuals
for the purpose of servicing flood insurance policies and determining flood risk and flood
insurance premium costs.
Mitigation: This risk is partially mitigated. While the NFIP PIVOT System does not
collect all information directly from an individual, it relies on data from WYO companies and
insurance brokers that is generally provided directly by the individual In addition, individuals may
enter their information directly into PIVOT when appealing a claim. FEMA uses commercial
geocoding data and USPS address data to verify accurate structures and addresses for policies;
reviewing reports based on NFIP PIVOT data and validating that data against policy files located
at the WYO company locations; and provides regular policy information to policyholders
requesting updates and corrections. Individuals may also contact the insurance agent or broker
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 16
who administers their flood insurance policy to update or correct erroneous information associated
with their policy. The insurance agent or broker can then update NFIP PIVOT with the updated
information.
Privacy Risk: NFIP maintains SSNs of NFIP policyholders that were collected prior to
2008, which is when NFIP ceased collecting SSN from policyholders.
Mitigation: FEMA is in the process of mitigating this risk by either deleting or redacting
NFIP policyholders’ SSN from historical data maintained by NFIP PIVOT. FEMA anticipates this
action to be complete by July 2019.
Section 3.0 Uses of the Information
3.1
Describe how and why the project uses the information.
NFIP PIVOT is a tool by which WYO companies and NFIP Direct upload data to obtain
flood insurance policies for potential and existing customers or upload claims of flood damage for
current policyholders.
NFIP PIVOT collects policy and claims data from the WYO companies and the NFIP
Direct. NFIP PIVOT uses this information and third-party software to verify property addresses,
to determine whether property is in a CBRS area or on the 1316 Property Ineligibility Declaration19
list, to analyze property loss trends, generate statistical reports, and match records with other
benefits and funds provided by the NFIP. This information is needed to determine flood insurance
eligibility, confirm current fiscal year and determine future fiscal year insurance premium rates,
efficiently respond to data requests from government oversight entities, manage the WYO
program, track and grant Increased Cost of Compliance (ICC) payments20, market the NFIP, and
prevent duplication of benefits.
NFIP PIVOT uses community information from CIS to generate a list of all communities
that have been approved by FEMA to participate in the NFIP. This list is also used by WYO
companies to ensure that they have a current list of flood insurance-eligible communities.
NFIP PIVOT uses SALAE information such as adjuster name, certification or professional
license number, and invoice information, to process a SALAE payment in accordance with
established fees.
19
Section 1316 of the National Flood Insurance Act of 1968 allows the States to declare a structure in violation of a
law, regulation, or ordinance. Flood insurance is not available for properties placed on the 1316 Property List.
20
Increased Cost of Compliance (ICC) coverage is one of several resources for flood insurance policyholders that
need additional help rebuilding after a flood. It will provide up to $30,000 to help cover the cost of mitigation
measures that will reduce flood risk. More information about ICC is available at https://www.fema.gov/medialibrary/assets/documents/12164.
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 17
NFIP PIVOT uses address and a real estate property assessment value information from
third party providers and associates the address information with a policy address to more
accurately determine insurance premium rates.
Additionally, NFIP PIVOT uses contact information to create user access accounts. FEMA
requires user name and password for information technology systems to control access of
information within the system.
3.2
Does the project use technology to conduct electronic searches,
queries, or analyses in an electronic database to discover or locate
a predictive pattern or an anomaly? If so, state how DHS plans to
use such results.
No, NFIP PIVOT does not use technology to conduct electronic searches, queries, or
analyses in an electronic database to discover or locate a predictive pattern or anomaly.
3.3
Are there other components with assigned roles and
responsibilities within the system?
There are no other DHS components outside of FEMA that have assigned roles and
responsibilities within NFIP PIVOT.
3.4
Privacy Impact Analysis: Related to the Uses of Information
Privacy Risk: Information collected and maintained in NFIP PIVOT may be used for
purposes other than its original purpose.
Mitigation: FEMA mitigates this risk by carefully controlling access to the information
and the sharing of any information. Access to the system is role-based, preventing users from
accessing information not vital to their purpose. NFIP PIVOT also limits the risk of inappropriate
use of information by not allowing other DHS components to access the NFIP PIVOT system.
Additionally, NFIP PIVOT enters into Service-Level-Agreements (SLA) with all third-party
vendors that prohibit the use of the information without written consent from FEMA. Individuals
with access to the system who are identified as using NFIP PIVOT information in an inappropriate
way are provided training in coordination with the FEMA Privacy Branch and may face potential
disciplinary action.
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 18
Section 4.0 Notice
4.1
How does the project provide individuals notice prior to the
collection of information? If notice is not provided, explain why
not.
NFIP provides notice by way of this PIA, the SORNs listed in Section 1.2, and the Privacy
Act notices associated with NFIP PIVOT approved forms (listed in Appendix B) and system user
interfaces. The WYO companies inform policyholders of their privacy guidelines and practices
and require policyholders to sign an acknowledgement statement as part of the policy purchase
and renewal process.
4.2
What opportunities are available for individuals to consent to
uses, decline to provide information, or opt out of the project?
Individuals are informed of their right to decline the sharing of their personal information
by way of this PIA, the SORNs listed in Section 1.2, and the Privacy Act notices associated with
NFIP PIVOT approved forms (listed in Appendix B). However, failure to provide the information
requested may prevent property owners and renters from receiving flood insurance. Additionally,
failure to provide information required to create a user account within NFIP PIVOT may prevent
access to the system.
4.3
Privacy Impact Analysis: Related to Notice
Privacy Risk: Individuals who apply for and maintain flood insurance through the WYO
companies may not be aware that this information is collected or maintained by FEMA on behalf
of the NFIP.
Mitigation: This privacy risk is mitigated by providing notice by way of this PIA, the
SORNs listed in Section 1.2, and the Privacy Act notices associated with NFIP ITS approved forms
(listed in Appendix B).
Section 5.0 Data Retention by the project
5.1
Explain how long and for what reason the information is retained.
In accordance with NARA GRS 3.2, items 30 and 31, FEMA maintains NFIP PIVOT
system access records for six years after the user account is terminated or password is altered, or
when no longer needed for investigative or security purposes, whichever is later.
The current records retention period for NFIP policy and claims records requires that
records are destroyed 5 years after inactivity in accordance with NARA Authority N1-311-86-1,
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 19
Item 2A13a(2). However, NFIP has a business need to retain policies and claims information for
longer than the above authority in order to track repetitive loss and severe repetitive loss. This
would allow NFIP to track homes or buildings that may require: higher insurance premiums,
property buyback, and/or mitigation to prevent future flood damage. NFIP is working through
FEMA Information Management Division, Records Management Branch to obtain NARA’s
approval to maintain records pertaining to addresses that have filed claims for the life of the
National Flood Insurance Program in order to track repetitive losses. These longer-term records
will relate only to the property itself and will not contain PII.
5.2
Privacy Impact Analysis: Related to Retention
Privacy Risk: The NFIP may maintain information collected longer than is needed or
authorized.
Mitigation: FEMA has not fully mitigated this risk. FEMA currently has a business need
to retain records longer than five years in order to track repetitive loss and severe repetitive loss
properties. However, FEMA is working to mitigate this risk by requesting approval and
authorization from the FEMA Records Officer and NARA to maintain records for as long there is
a business need for the records. Additionally, FEMA no longer requires or need SSNs that were
collected prior to 2008. FEMA is working on a mitigation strategy to either remove or redact SSNs
related to flood insurance policies that are maintained by FIMA.
Section 6.0 Information Sharing
6.1
Is information shared outside of DHS as part of the normal
agency operations? If so, identify the organization(s) and how the
information is accessed and how it is to be used.
The NFIP program may share information, such as address and claims information, with
reinsurance brokers, reinsurance companies, and other categories of requestors by way of a
reinsurance broker or risk modeling company. The purpose of the information sharing is to
conduct market research on the viability and impact of sharing flood insurance financial risk with
the reinsurance community in order to implement the NFIP Reinsurance Program. The
information sharing enables requestors, such as educational institutions, to conduct flood risk
assessments and feasibilities studies to assist NFIP in assessing national flood risk and impacts
on communities.
FEMA shares or allows access to NFIP information with other federal agencies, including
but not limited to the Census Bureau (Census), the FWS, the Small Business Administration
(SBA), and the U.S. Department of Agriculture (USDA). NFIP shares information such as
policyholder name and property address with Census for the purpose of analyzing flood insurance
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 20
affordability. NFIP shares information such as policyholder name, property address, and claim
processing information with the SBA to review and prevent duplication of benefits. NFIP shares
information such as NFIP policy applicants name, property address, and mailing address with the
FWS to collect information about the CBRS and otherwise protected areas. The USDA NITC
hosts NFIP PIVOT and is granted access to all information in NFIP PIVOT, including
policyholder PII, to provide Helpdesk support of NFIP PIVOT.
FEMA shares policyholder name, address, and claims information pursuant to an ISAA
with states and local communities for mitigation planning and to reduce duplication of disaster
benefits. FEMA shares the information mentioned in the “Characterization of the Information”
section of this PIA via a file transfer. NFIP may share this information using website portal, data
encryption and electronic media such as compact disk (CD), digital video disk (DVD), or portable
hard drive.
FEMA shares policyholder name, property address, and email address information with
insurance companies, marketing companies and vendor for the purposes of promoting the NFIP.
This sharing will be pursuant to an ISAA.
6.2
Describe how the external sharing noted in 6.1 is compatible with
the SORN noted in 1.2.
FEMA shares information the external entities mentioned in Section 6.1 in accordance with
the DHS/FEMA–003 National Flood Insurance Program Files SORN and pursuant to the
following routine uses:
Routine use F allows NFIP to share policy information with its marketing contractor,
vendors, and insurance companies for NFIP marketing and awareness. This is compatible with the
purpose for original collection of information because NFIP uses the information to market the
NFIP program to property owners and renters who do not have flood insurance.
Routine use H allows NFIP to share information with WYO companies involved in
floodplain management to help them understand flood risks and to take actions to mitigate those
risks. This is compatible with the purpose for original collection, which includes the administration
of flood insurance, and coordination of flood plain management with state and local governments.
Routine use I allows the NFIP to share policyholder information with FWS in order to
ensure compliance with the CBRA and to determine eligibility for benefits. This sharing is
compatible with the SORN as FEMA must share flood policy related information with FWS in
order for FIMA to determine eligibility for a NFIP flood policy. Also pursuant to this routine use,
FEMA shares information with SBA to verify non-duplication of benefits following a flooding
event or another disaster. FEMA shares this information in order to determine if FEMA also shares
information with other federal, state, local government agencies to verify prevention of duplication
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 21
of flood-related insurance benefits, and to provide needs unmet by NFIP claims payouts within
their jurisdictions and service areas. This is compatible with the SORN because FEMA needs to
verify that a property with a NFIP flood insurance policy is not over or unpaid for a policy claim
and to help federal state, local governments to assist their residents with addressing unmet flood
insurance needs.
Routine use R allows the NFIP to share with the Census to conduct research, analysis, and
feasibility studies of policies and claims within its jurisdiction. This sharing with Census is outside
of the general exemptions allowed by the Privacy Act of 1974 as amended. Also, this routine use
permits NFIP to share information with other federal, state, and local stakeholders involved in
floodplain management to help understand flood risks and to take actions to mitigate those risks.
This is compatible with the purpose for original collection, which includes the administration of
flood insurance, coordination of flood plain management with federal state and local governments.
Routine use V allows NFIP to share policy information with reinsurance brokers and
reinsurance companies based in the United States. The NFIP Reinsurance Program is compatible
with the purpose for original collection of information because NFIP shares flood insurance
financial risk information with the insurance community (i.e., private reinsurers, private capital
firms, and financial institutions) for the purposes of preparing NFIP assumption of risk proposals.
FEMA may share information with the USDA NITC in accordance with the DHS/ALL004 General Information Technology Access Account Records System (GITAARS) SORN and
pursuant to routine use F that allows FEMA to share information with USDA to host and provide
helpdesk support to the NFIP PIVOT. This is compatible with the original collection of
information, the purpose of which is to provide authorized individuals access to, or allow them to
interact with DHS information technology resources.
6.3
Does the project place limitations on re-dissemination?
Individuals that access their information using the NFIP DCMT portal are not limited in
how they share their own information. NFIP shares NFIP PIVOT data with participating federal,
state, and local officials as well as the WYO companies involved in floodplain management to
help them understand flood risks and to take actions to mitigate those risks. The re-dissemination
of information collected and maintained within the NFIP PIVOT is limited by providing the user
with a warning banner that informs NFIP PIVOT users that re-dissemination of NFIP PIVOT data
is prohibited. Also, FEMA limits re-dissemination of information using language within the
ISAAs, Non-Disclosure Agreements (NDA) or a letter/notification of Privacy Act sharing
limitations that FEMA will initiate with each recipient of NFIP information.
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 22
6.4
Describe how the project maintains a record of any disclosures
outside of the Department.
NFIP maintains audit logs of access of information within NFIP PIVOT. Also, NFIP uses
an internal SharePoint-based tracker to track all ISAAs with states and communities. Generally,
these ISAAs include the data fields that FEMA is sharing or allowing access. Additionally, as
identified in the DHS/FEMA-003 National Flood Insurance Program Files System of Records,
requests for NFIP program information are made through the FEMA Disclosure Branch which
maintains the accounting of records disclosure under the Privacy Act.
NFIP also maintains records of property loss history reports provided to its policyholders.
6.5
Privacy Impact Analysis: Related to Information Sharing
Privacy Risk: Information maintained in NFIP PIVOT may be inadvertently disclosed to
entities that are not compatible with the purpose for which NFIP collects and maintains the
information.
Mitigation: NFIP, with consultation by FEMA’s Office of the Chief Counsel and the
FEMA Privacy Branch, shares information with other federal, state, and local government agencies
and FEMA contractors in accordance with the FEMA SORNs mentioned in Section 1.2 of this
PIA. To help mitigate inappropriate third-party access to FEMA records, NFIP enters into ISAAs
or provides routine use letters that place limitations or further sharing of NFIP information.
Section 7.0 Redress
7.1
What are the procedures that allow individuals to access their
information?
Individuals seeking access to records contained within NFIP PIVOT may submit a request,
in writing, to:
Chief, Disclosure Branch
Information Management Division
Office of the Chief Administrative Officer
Federal Emergency Management Agency
Department of Homeland Security
500 C Street, SW
Washington, D.C. 20472.
Requests should be clearly marked “Privacy Act Request” for U.S. citizens and lawful
permanent residents (LPR). All other individuals should mark their request “Freedom of
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 23
Information Act Request.” In accordance with 6 CFR § 5.21, the name of the requester, the nature
of the record sought, and the required verification of identity should be included, when required.
Policyholders will also receive access to their records when NFIP sends them their property
loss history. This includes claim and payment information regarding the property (both during and
prior to their ownership/tenancy of the insured property).21
WYO companies provide procedures and instructions to policyholders on how to access
information on their policies, and the NFIP Direct Program provides procedures and instructions
to policyholders via the process described in the DHS/FEMA/PIA-049 NFIP Direct Servicing
Agent (Direct) System PIA.
7.2
What procedures are in place to allow the subject individual to
correct inaccurate or erroneous information?
U.S. citizens and LPRs seeking to amend their records contained within NFIP PIVOT may
submit a request, in writing, to:
Chief, Disclosure Branch
Information Management Division
Office of the Chief Administrative Officer
Federal Emergency Management Agency
Department of Homeland Security
500 C Street, SW
Washington, D.C. 20472
Requests should be clearly marked “Privacy Act Amendment Request.” In accordance with
6 CFR § 5.21 the name of the requester, the nature of the record amended, and the required
verification of identity must be clearly indicated.
All NFIP customers, regardless of citizenship, may contact the insurance agent or broker
who administers their flood insurance policy to update or correct erroneous information associated
with their policy. The insurance agent or broker can then update NFIP PIVOT with the updated
information.
Also, the WYO companies provide procedures and instructions to policyholders on how to
correct information on their policies.
Additionally, policyholders can initiate a claims appeal process to correct potential
erroneous claims information. Information on NFIP claims appeal process is accessible on the
21
Property loss history is only available to property owners at this time, but FEMA may update its SORN in the
future to permit the disclosure to renters who are policyholders.
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 24
FEMA.gov website.22 FEMA requests that all WYO companies and NFIP Direct notify their
policyholders of this process.
7.3
How does the project notify individuals about the procedures for
correcting their information?
This PIA, the DHS/FEMA/PIA–048 National Flood Insurance Program (NFIP) Direct
Servicing Agent (NFIP Direct) System PIA, and the SORNs listed in Section 1.2 provide notice
of access and correction. The WYO companies and NFIP Direct also provide procedures and
instructions to policyholders on how to correct information on their policies. Additionally, there is
a formal claims appeals process conducted or monitored by FEMA. Information on the NFIP
claims appeal process is accessible at the FEMA.gov website as well as through FEMA’s
FloodSmart website. FEMA requests all WYO companies and NFIP Direct notify their
policyholders of this process.
7.4
Privacy Impact Analysis: Related to Redress
Privacy Risk: Individuals may not know all the procedures available to correct or address
policy information or claims information that may be inaccurate and may adversely affect a
policyholders final claims determinations.
Mitigation: FEMA has a claims appeals process that is available online to have FEMA
review and correct such information. Individuals are made aware of this process through their
insurance provider, the FEMA.gov website, and FloodSmart website. During the appeals process,
FEMA provides additional information on how information within NFIP PIVOT can be updated
by the policyholder.
Privacy Risk: Policyholders may not know how to access and correct their information
that is maintained within the NFIP PIVOT.
Mitigation: This privacy risk is mitigated. The WYO companies and NFIP Direct also
provide procedures and instructions to policyholders on how to correct information on their
policies. In addition, NFIP provides notice through this PIA, the DHS/FEMA/PIA-048 NFIP
Direct System PIA, the SORNs listed in Section 1.2, and the Privacy Act Notices on FEMA forms
that reference applicable SORNs and information on how to access and correct information.
Privacy Risk: NFIP customers who are not U.S. citizens or LPRs are unable to correct
erroneous information through the PA request process.
Mitigation: The NFIP program allows all customers, regardless of citizenship, to correct
erroneous information through their insurance provider. For corrections that affect an NFIP claim,
22
More information on the NFIP claims appeals process is available at https://www.fema.gov/flood-claim-appealsand-guidance.
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 25
FEMA accepts NFIP claims appeals from all NFIP customers, regardless of citizenship. During
this process the NFIP can correct erroneous policy and claims information.
Section 8.0 Auditing and Accountability
8.1
How does the project ensure that the information is used in
accordance with stated practices in this PIA?
There are several levels of access and a broad range of stakeholders who are authorized to
view NFIP data. The NFIP PIVOT Security Plan provides details about the users who are
authorized access at specific levels, including NFIP employees and contractors (such as NFIP
Direct personnel) and NFIP PIVOT staff, other federal, state, and local officials, and the WYO
companies. The NFIP security authorization process evaluates access levels, user roles, and
associated security controls.
The NFIP PIVOT system also has an access management plan that details how access is
granted and to whom. It requires that monthly audits of accounts are conducted to ensure that the
appropriate personnel have the correct rights for their role. This audit review also ensures that staff
and contractors who no longer work for the program have their accounts deactivated or deleted.
The Information System Security Officer is responsible for monitoring the daily audit logs
monthly, to ensure that users are properly accessing the system and that no inappropriate access of
data is occurring.
All NFIP users, including contractors, have access to national NFIP data sets with viewonly capability. NFIP employees and contractors may only update reference data used to verify
transactions, such as flood map data used to determine the flood risk of a particular location. State
and local users are limited to viewing insurance data within their state or locality. The WYO
company agents, insurance brokers, and the NFIP Direct are limited to viewing only their specific
company’s policyholder data. NFIP claim appellants can only access their own PII after initiating
a NFIP claim appeal.
Formal procedures are in place for establishing user accounts. NFIP approves and verifies
all user accounts and assigns access roles using the NFIP data access application process. NFIP
PIVOT security entities verify the identities of users before granting access to the system. A
supervisory state official or WYO company will identify a point of contact and request that the
user communicate with that contact to obtain access to NFIP. Once the verification process is
complete the user receives an initial ID and password based on his or her organization, position,
and role. At the end of this process, users receive access authorization. The NFIP program
maintains audit records for the system that are sufficient in detail to facilitate the reconstruction of
events if compromise or malfunction occurs or is suspected.
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 26
8.2
Describe what privacy training is provided to users either
generally or specifically relevant to the project.
NFIP employees and contractors are required to take initial and annual security and privacy
awareness training and acknowledge the Rules of Behavior for personnel assigned to NFIP PIVOT
before being granted access.
8.3
What procedures are in place to determine which users may
access the information and how does the project determine who
has access?
Individuals receive access approval through the NFIP account management process.
External users submit access requests to NFIP for approval, after which the request is acted upon
by the NFIP PIVOT account management staff. Once the user is verified against the NFIP domain
address solution, the account credentials are provided via a secure distribution process. Any
verification discrepancies are noted and acted on by NFIP management. External users’ access to
the system is limited to the established public domain websites. However, some of the links on
these sites are protected and require authentication credentials that are established via the access
request process through NFIP.
NFIP PIVOT contractors (internal users) obtain user accounts through the NFIP PIVOT
account management process. Establishing, activating, modifying, disabling, and removing
accounts procedures are documented, implemented, and managed by the NFIP Information
Technology Division. NFIP user account request forms are used to establish what access is
required by the user’s supervisor and then approved by NFIP management. All users are assigned
individual accounts based on role assignment. If a user within a role requires additional access, it
must be specifically requested and approved. Group memberships are not allowed as an account
option. Guest or anonymous accounts are not used, and temporary accounts are established when
necessary for authorized users who require short-term access, typically less than 24 hours.
Notification of user account changes due to user termination, transfer, or access level needs
are communicated to the NFIP Information Technology Division by the user’s manager as part of
the account management procedures. Temporary accounts are terminated immediately by the
Network Operations Manager, who is notified by the System Administrator, after the short-term
access needs are completed
Privileged users who require and are approved for remote access use the approved Nortel
Virtual Private Network (VPN) solution using Internet Protocol Security (IPSec) encryption.
External devices used for remote access are not used for storing personal information, and the hard
drives are encrypted as standard baseline configuration.
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 27
8.4
How does the project review and approve information sharing
agreements, MOUs, new uses of the information, new access to the
system by organizations within DHS and outside?
Any review and approval of information sharing agreements, Memoranda Of
Understanding, Interagency Agreements (IAA), or other sharing of NFIP PIVOT information must
be approved by NFIP PIVOT Program Manager, Contracting Officer’s Representative, System
Owner, FEMA Privacy Officer, and Office of Chief Counsel.
Responsible Officials
Samuel Hultzman
NFIP PIVOT System Owner
Federal Emergency Management Agency
U.S. Department of Homeland Security
William H. Holzerland
Senior Director for Information Management
Privacy Officer
Federal Emergency Management Agency
U.S. Department of Homeland Security
Approval Signature
[Original, signed copy on file with the DHS Privacy Office]
________________________________
Philip S. Kaplan
Chief Privacy Officer
Department of Homeland Security
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 28
Appendix A – PIVOT Functions, Modules, and Applications
PIVOT General Support System (PIVOT GSS) - The PIVOT GSS includes hardware, software,
NFIP data, and applications used to assist FEMA in managing the NFIP. PIVOT GSS provides a
supporting infrastructure and services to allow all other applications to function. While the PIVOT
GSS does not itself use or maintain PII, it hosts other PIVOT applications that process PII, as
outlined below.
PIVOT Analytics Reporting Tool (PART) – PART is a single repository of standardized
reference data that can be used to develop actuarial and risk models to perform underwriting
analysis and is only accessible to FIMA federal staff and badged FIMA contractors. Insurance
businesses, such as the NFIP, rely heavily on historical data to develop mathematical models as
well as to identify marketing trends and high-risk properties (i.e., Severe Repetitive Loss). NFIP
uses PART to support these functions. FIMA also uses PART to run analytics to assist FEMA in
flood insurance premium rate determinations. PART utilizes historical and current PII data
collected by CAP and DCMT such as: names, address, telephone number, flood insurance policy
payment history, vendor TIN, and adjuster’s professional certificate number.
PIVOT Claims and Policies (PIVOT CAP) – PIVOT CAP is the application that processes and
verifies all new and renewal policies and claims. Flood insurance companies provide information
to PIVOT CAP via an automated push/pull of data from their vendor system to PIVOT CAP.
FEMA grants access for PIVOT CAP to FEMA employees and contractors only. CAP collects PII
data including name, address, phone number, and policy number, but does not collect SSN or dates
of birth. However, CAP will also contain historical claims and policy information from the NFIP
ITS, which does include SSNs collected prior to 2008.
PIVOT Document and Case Management Tool (PIVOT DCMT) – This application allows
NFIP policyholders, both WYO company and NFIP Direct customers, to submit appeals to policy
or claims determinations directly to FEMA for FIMA review. FEMA grants access for the PIVOT
DCMT portal to policyholders as well as FEMA employees and contractors. DCMT collects PII
including name, address, phone number, and policy number, but does not collect SSN or dates of
birth.
PIVOT FloodSmart (PIVOT FLSM) – www.floodsmart.gov is the main website for the NFIP
to provide critical information about flood insurance and how to obtain flood insurance. The
general public will be able to visit the website without a login. FEMA grants access for the backend
of PIVOT FLSM to FEMA employees and contractors only to update pages and maintain the
website. FLSM collects the PII of WYO companies’ points of contact (POC) such as name,
company name, telephone number, mailing address, and email address. Additionally, FLSM may
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 29
collect PII of the general public for the purpose of facilitating communication between the public
and participating WYO companies.
Catastrophic Modeling Zone (CatZ) – The CatZ (formally Reinsurance Broker System (RBS))
system collects address and GIS data and provides statistical reports on flood and flood insurance
trends within a geographical area. Within CatZ, FEMA employees and contractors will prepare
NFIP data, including the PII, for modeling and import into catastrophe risk models that will
analyze the data and produce output files. Any output leaving the secure FEMA environment will
be aggregated loss estimates at the county level or higher, geolocation data, or location-specific
data. FEMA employees and contractors download the modeled output and exhibits from CatZ to
their FEMA laptops and then share that with FEMA employees and contractors via their FEMA
email. No policy-specific information would leave the FEMA firewall. For reinsurance purposes,
FIMA will verify and share the output file with reinsurers and reinsurance brokers under a NonDisclosure Agreement (NDA) for FIMA-approved marketing and business purposes. Data output
may also be used for setting insurance rates, verifying models, real-time event tracking, and other
purposes.
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 30
Appendix B - OMB Collection and FEMA Forms Associations
OMB
Control
Number
Collection
1660-0005
National Flood
Insurance Program
Claims Forms
1660-0005
National Flood
Insurance Program
Claims Forms
1660-0005
National Flood
Insurance Program
Claims Forms
1660-0005
1660-0005
1660-0005
1660-0005
1660-0005
National Flood
Insurance Program
Claims Forms
National Flood
Insurance Program
Claims Forms
National Flood
Insurance Program
Claims Forms
Title
FEMA
Form
Number
National Flood Insurance
Program Worksheet - Contents Personal Property
FF 086-0-6
Worksheet - Building
FF 086-0-7
Worksheet - Building (continued)
FF 086-0-8
Proof of Loss
Increase of Compliance Proof of
Loss
Notice of Loss
National Flood
Insurance Program
Claims Forms
Statement as to Full Cost of
Repair or Replacement under the
Replacement Cost Coverage,
Subject to the Terms and
Conditions of this Policy
National Flood
Insurance Program
Claims Forms
National Flood Insurance
Program Preliminary Report
FF 086-0-9
FF 086-0-10
FF 086-0-11
FF 086-0-12
FF 086-0-13
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 31
1660-0005
National Flood
Insurance Program
Claims Forms
1660-0005
National Flood
Insurance Program
Claims Forms
National Flood Insurance
Program Narrative Report
FF 086-0-15
1660-0005
National Flood
Insurance Program
Claims Forms
Cause of Loss and Subrogation
Report
FF 086-0-16
1660-0005
National Flood
Insurance Program
Claims Forms
Manufactured (Mobile)
Home/Travel Trailer Worksheet
FF 086-0-17
1660-0005
National Flood
Insurance Program
Claims Forms
1660-0005
National Flood
Insurance Program
Claims Forms
Increased Cost of Compliance
(ICC) Adjuster Report
FF 086-0-19
National Flood
Insurance Program
Claims Forms
Adjuster Preliminary Damage
Assessment
FF 086-0-20
1660-0005
National Flood
Insurance Program
Claims Forms
Adjuster Certification Application
FF 086-0-21
1660-0005
National Flood
Insurance Program
Claims Forms
NFIP Claims Appeal
1660-0006
National Flood
Insurance Program
Policy Forms
Flood Insurance Application
1660-0005
National Flood Insurance Program
Final Report
FF 086-0-14
Manufactured (Mobile)
Home/Travel Trailer Worksheet
(Continued)
FF 086-0-18
FF 086-0-1
Privacy Impact Assessment
DHS/FEMA-050
NFIP PIVOT System
Page 32
1660-0006
National Flood
Insurance Program
Policy Forms
Flood Insurance
Cancellation/Nullification
Request
FF 086-0-2
1660-0006
National Flood
Insurance Program
Policy Forms
Flood Insurance General Change
Endorsement
FF 086-0-3
1660-0006
National Flood
Insurance Program
Policy Forms
V-Zone Risk Factor Rating Form
and Instructions
FF 086-0-4
1660-0006
National Flood
Insurance Program
Policy Forms
Flood Insurance Preferred
Risk Policy Application
FF 086-0-5
1660-0008
Elevation Certificate /
Floodproofing
Certificate
1660-0008
Elevation Certificate /
Floodproofing
Certificate
Floodproofing Certificate For
Non-Residential Structures
FF 086-0-34
1660-0033
Residential Basement
Floodproofing
Certificate
Residential Basement
Floodproofing Certificate
FF 086-0-24
1660-0040
Standard Flood
Hazard
Determination Form
Standard Flood Hazard
Determination Form
FF 086-0-32
Elevation Certificate
FF 086-0-33
| File Type | application/pdf | 
| File Title | DHS/FEMA/PIA-050 National Flood Insurance Program (NFIP) PIVOT System | 
| Author | U.S. Department of Homeland Security Privacy Office | 
| File Modified | 2018-03-29 | 
| File Created | 2018-03-29 |