Collapse to view only § 6.8 - Subpoena and other legal demands.

§ 6.1 - Purpose and scope of part.

This part sets forth policies and procedures concerning the collection, use and dissemination of records maintained by the Federal Emergency Management Agency (FEMA) which are subject to the provision of 5 U.S.C. 552a, popularly known as the “Privacy Act of 1974” (hereinafter referred to as the Act). These policies and procedures govern only those records as defined in § 6.2. Policies and procedures governing the disclosure and availability of records in general are in part 5 of this chapter. This part also covers: (a) Procedures for notification to individuals of a FEMA system of records pertaining to them; (b) guidance to individuals in obtaining information, including inspections of, and disagreement with, the content of records; (c) accounting of disclosure; (d) special requirements for medical records; and (e) fees.

§ 6.2 - Definitions.

For the purpose of this part:

(a) Agency includes any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the Government (including the Executive Office of the President), or any independent regulatory agency (see 5 U.S.C. 552(e)).

(b) Individual means a citizen of the United States or an alien lawfully admitted for permanent residence.

(c) Maintain includes maintain, collect, use, and disseminate.

(d) Record means any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to those concerning education, financial transactions, medical history, and criminal or employment history, and that contains the name or other identifying particular assigned to the individual, such as a fingerprint, voiceprint, or photograph.

(e) System of records means a group of any records under the control of an agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identification assigned to that individual.

(f) Statistical record means a record in a system of records maintained for statistical research or reporting purposes only and not used in whole or in part in making any determination about an identifiable individual, except as provided by 13 U.S.C. 8.

(g) Routine use means, with respect to the disclosure of a record, the use of that record for a purpose which is compatible with the purpose for which it was collected.

(h) System manager means the employee of FEMA who is responsible for the maintenance of a system of records and for the collection, use, and dissemination of information therein.

(i) Subject individual means the individual named or discussed in a record of the individual to whom a record otherwise pertains.

(j) Disclosure means a transfer of a record, a copy of a record, or any or all of the information contained in a record to a recipient other than the subject individual, or the review of a record by someone other than the subject individual.

(k) Access means a transfer of a record, a copy of a record, or the information in a record to the subject individual, or the review of a record by the subject individual.

(l) Solicitation means a request by an officer or employee of FEMA that an individual provide information about himself or herself.

(m) Administrator means the Administrator, FEMA.

(n) Deputy Administrator means the Deputy Administrator, FEMA, or, in the case of the absence of the Deputy Administrator, or a vacancy in that office, a person designated by the Administrator to perform the functions under this regulation of the Deputy Administrator.

(o) Privacy Appeals Officer means the FOIA/Privacy Act Specialist or his/her designee.

[44 FR 50293, Aug. 27, 1979, as amended at 45 FR 17152, Mar. 18, 1980; 51 FR 34604, Sept. 30, 1986]

§ 6.3 - Collection and use of information (Privacy Act statements).

(a) General. Any information used in whole or in part in making a determination about an individual's rights, benefits, or privileges under FEMA programs will be collected directly from the subject individual to the extent practicable. The system manager also shall ensure that information collected is used only in conformance with the provisions of the Act and these regulations.

(b) Solicitation of information. System managers shall ensure that at the time information is solicited the solicited individual is informed of the authority for collecting that information, whether providing the information is mandatory or voluntary, the purpose for which the information will be used, the routine uses to be made of the information, and the effects on the individual, if any, of not providing the information. The Director, Records Management Division, Office of Management and Regional Administrators shall ensure that forms used to solicit information are in compliance with the Act and these regulations.

(c) Solicitation of Social Security numbers. Before an employee of FEMA can deny to any individual a right, benefit, or privilege provided by law because such individual refuses to disclose his/her social security account number, the employee of FEMA shall ensure that either:

(1) The disclosure is required by Federal statute; or

(2) The disclosure of a social security number was required under a statute or regulation adopted before January 1, 1975, to verify the identity of an individual, and the social security number will become a part of a system of records in existence and operating before January 1, 1975.

If solicitation of the social security number is authorized under paragraph (c) (1) or (2) of this section, the FEMA employee who requests an individual to disclose the social security account number shall first inform that individual whether that disclosure is mandatory or voluntary, by what statutory or other authority the number is solicited, and the use that will be made of it.

(d) Soliciting information from third parties. An employee of FEMA shall inform third parties who are requested to provide information about another individual of the purposes for which the information will be used.

[44 FR 50293, Aug. 27, 1979, as amended at 47 FR 13149, Mar. 29, 1982; 48 FR 12091, Mar. 23, 1983; 50 FR 40006, Oct. 1, 1985]

§ 6.4 - Standards of accuracy.

The system manager shall ensure that all records which are used by FEMA to make determinations about any individual are maintained with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to ensure fairness to the individual.

§ 6.5 - Rules of conduct.

Employees of FEMA involved in the design, development, operation, or maintenance of any system of records or in maintaining any record, shall conduct themselves in accordance with the rules of conduct concerning the protection of personal information in § 3.25 of this chapter.

§ 6.6 - Safeguarding systems of records.

(a) Systems managers shall ensure that appropriate administrative, technical, and physical safeguards are established to ensure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained.

(b) Personnel information contained in both manual and automated systems of records shall be protected by implementing the following safeguards:

(1) Official personnel folders, authorized personnel operating or work folders and other records of personnel actions effected during an employee's Federal service or affecting the employee's status and service, including information on experience, education, training, special qualification, and skills, performance appraisals, and conduct, shall be stored in a lockable metal filing cabinet when not in use by an authorized person. A system manager may employ an alternative storage system providing that it furnished an equivalent degree of physical security as storage in a lockable metal filing cabinet.

(2) System managers, at their discretion, may designate additional records of unusual sensitivity which require safeguards similar to those described in paragraph (a) of this section.

(3) A system manager shall permit access to and use of automated or manual personnel records only to persons whose official duties require such access, or to a subject individual or his or her representative as provided by this part.

§ 6.7 - Records of other agencies.

If FEMA receives a request for access to records which are the primary responsibility of another agency, but which are maintained by or in the temporary possession of FEMA on behalf of that agency, FEMA will advise the requestor that the request has been forwarded to the responsible agency. Records in the custody of FEMA which are the primary responsibility of the Office of Personnel Management are governed by the rules promulgated by it pursuant to the Privacy Act.

§ 6.8 - Subpoena and other legal demands.

Access to records in systems of records by subpoena or other legal process shall be in accordance with the provisions of part 5 of this chapter.

§ 6.9 - Inconsistent issuances of FEMA and/or its predecessor agencies superseded.

Any policies and procedures in any issuances of FEMA or any of its predecessor agencies which are inconsistent with the policies and procedures in this part are superseded to the extent of that inconsistency.

§ 6.10 - Assistance and referrals.

Requests for assistance and referral to the responsible system manager or other FEMA employee charged with implementing these regulations should be made to the Privacy Appeals Officer, Federal Emergency Management Agency, Washington, DC 20472.

[45 FR 17152, Mar. 18, 1980]