AGENCY:

Privacy Office, DHS.

ACTION:

Notice of Privacy Act system of records.

SUMMARY:

In accordance with the Privacy Act of 1974, the Department of Homeland Security proposes to establish a new Department of Homeland Security system of records titled, “Department of Homeland Security Federal Emergency Management Agency—002 Quality Assurance Recording System of Records.” This system will record telephone calls made or received by Federal Emergency Management Agency employees and/or contractors at the Federal Emergency Management Agency's National Processing Service Centers and record the screen activity in the National Emergency Management Information System for both call-related customer service transactions and case review transactions not related to a telephone call. This system of records may contain personally identifiable information of disaster assistance applicants, which is covered by Department of Homeland Security Federal Emergency Management Agency—008 Disaster Recovery Assistance Files System of Records, September 24, 2009, and will contain the personally identifiable information of Federal Emergency Management Agency employees and/or contractors that provide customer service to them. The proposed system will be used for internal employee performance evaluations, training, and quality assurance purposes to improve customer service to disaster assistance applicants. This collection was previously covered by the DHS/All—020 Department of Homeland Security Internal Affairs system of records [November 18, 2008, 73 FR 67529]. The Department decided to provide additional transparency that a new specific System of Records Notice would be published. This newly established system will be included in the Department of Homeland Security's inventory of record systems.

DATES:

Submit comments on or before March 17, 2011. This new system will be effective March 17, 2011.

ADDRESSES:

You may submit comments, identified by docket number DHS-2010-0067 by one of the following methods:

• Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
• Fax: 703-483-2999.
• Mail: Mary Ellen Callahan, Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528.
• Instructions: All submissions received must include the agency name and docket number for this rulemaking. All comments received will be posted without change and may be read at http://www.regulations.gov,, including any personal information provided.
• Docket: For access to the docket to read background documents or comments received, go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT:

For general questions please contact: Thomas R. McQuillan (202-646-3323), Privacy Officer, Federal Emergency Management Agency, Department of Homeland Security, Washington, DC 20478. For privacy issues please contact: Mary Ellen Callahan (703-235-0780), Chief Privacy Officer, Privacy Office, Department of Homeland Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION:

I. Background

In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Department of Homeland Security (DHS) Federal Emergency Management Agency (FEMA) proposes to establish a new DHS system of records titled, “DHS/FEMA—002 Quality Assurance Recording System of Records.” This collection was previously covered by the DHS/All—020 Department of Homeland Security Internal Affairs system of records [November 18, 2008, 73 FR 67529]. The Department decided to provide additional transparency that a new specific System of Records Notice would be published.Start Printed Page 8759

FEMA's Response and Recovery Bureau operates the Quality Assurance Recording System (QARS). The proposed system is for internal employee performance evaluations, training and quality assurance purposes to improve customer service to disaster assistance applicants. The purpose of QARS is consistent with FEMA's mission to improve its capability to respond to all hazards and support the citizens of our Nation. In addition, QARS will assist FEMA in accomplishing a critical objective presented in FEMA's 2008-2013 Strategic Plan. QARS will enable both FEMA's Quality Control Department and National Processing Service Center (NPSC) Supervisory staff to better monitor, evaluate, and assess its employees and/or contractors at the NPSCs, so that FEMA can improve customer service to those seeking disaster assistance.

Currently, FEMA conducts only real-time call monitoring of disaster assistance calls at its NPSCs for quality assurance and provides notice to disaster assistance applicants of such monitoring. The current procedure requires the reviewer to access four separate systems simultaneously to accomplish the quality monitoring process of one call: (1) The Call Management System (CMS) to identify the agent and his/her availability to be monitored on a live call; (2) the Systems Management Server (SMS) to capture the agents desktop screen as they perform work in National Emergency Management Information System (NEMIS); (3) Avaya Softphone to log into the desktop phone of the agent being monitored; and (4) the Quality Control Application to conduct the evaluation process and complete the form and house the quality score of the agent being monitored. The current call monitoring procedure places laborious requirements upon the Quality Control reviewer, resulting in a less efficient, more time consuming evaluation process that may make it more difficult for the Quality Control department to achieve its goal to evaluate a minimum of five calls and/or case reviews, per employee/contractor during a two-week pay period.

QARS will allow FEMA to increase the cost-effectiveness of its quality evaluation processes. FEMA can evaluate more calls, encompassing various call types across all hours of operation while reducing the subjectivity associated with real-time, live call monitoring. With the ability of QARS to record and playback calls at the discretion of the Supervisor and/or Quality Control reviewer, the employee/contractor can listen and learn accordingly during the evaluation process. The efficiency and flexibility of QARS makes it a superior tool for conducting employee/contractor evaluations and quality assurance. In addition, using QARS to validate the accuracy of FEMA employees' and contractors' inputs into NEMIS ensures that disaster assistance benefits are received by eligible individuals and are routed appropriately, thereby improving FEMA's efficiency and customer service.

The evaluations stemming from the recordings in QARS are used to determine training/coaching opportunities for FEMA employees and/or contractors, which will impact continued employment qualifications and/or promotion within FEMA. Contract staff calls are subject to evaluation by FEMA Supervisory and/or quality control staff according to the guidelines and provisions written in the contract between FEMA and the contracting entity. QARS may include the personally identifiable information (PII) of disaster assistance applicants from the Federal Emergency Management Agency—008 Disaster Recovery Assistance (DRA) Files system of records [September 24, 2009, 74 FR 48763], which FEMA employees and/or contractors access via NEMIS when interacting with disaster assistance applicants or during case review. The supervisory review of agent calls and casework within QARS includes validating that applicant PII is entered into NEMIS accurately; therefore, supervisors must have access to this information while conducting their review. While QARS cannot mask information contained with the screen captures or audio files, access to QARS is role-based and limited to only those employees/contractors and supervisors with a “need to know.” Although QARS recordings may include the disaster assistance applicant's PII, recordings are only retrievable using FEMA employee/contractor information. FEMA will access the information in QARS using the employee/contractor's name and/or their user identification number. The system will not retrieve information by the individual disaster applicant. Evaluated records will be maintained for six years, unevaluated calls will be retained for no more than 45 days.

The collection of the employee/contractor quality assurance information is covered by the DHS/All—020 Department of Homeland Security Internal Affairs system of records [November 18, 2008, 73 FR 67529]. In order to provide more transparency to the program, DHS/FEMA is publishing a new system of records.

II. Privacy Act

The Privacy Act embodies fair information principles in a statutory framework governing the means by which the United States Government collects, maintains, uses, and disseminates individuals' records. The Privacy Act applies to information that is maintained in a “system of records.” A “system of records” is a group of any records under the control of an agency for which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to the individual. In the Privacy Act, an individual is defined to encompass United States citizens and lawful permanent residents. As a matter of policy, DHS extends administrative Privacy Act protections to all individuals where systems of records maintain information on U.S. citizens, lawful permanent residents, and visitors. Individuals may request access to their own records that are maintained in a system of records in the possession or under the control of DHS by complying with DHS Privacy Act regulations, 6 CFR part 5.

The Privacy Act requires each agency to publish in the Federal Register a description denoting the type and character of each system of records that the agency maintains, and the routine uses that are contained in each system in order to make agency recordkeeping practices transparent, to notify individuals regarding the uses to their records are put, and to assist individuals to more easily find such files within the agency. Below is the description of the DHS/FEMA-002 Quality Assurance Recording System of Records.

In accordance with 5 U.S.C. 552a(r), DHS has provided a report of this system of records to the Office of Management and Budget and to Congress.

SYSTEM OF RECORDS

DHS/FEMA-002.

System name:

Department of Homeland Security (DHS) Federal Emergency Management Agency (FEMA)-002 Quality Assurance Recording System (QARS).

Security classification:

Unclassified.

System location:

Federal Emergency Management Agency, Texas National Processing Service Center, Denton, TX 76208.Start Printed Page 8760

Categories of individuals covered by the system:

FEMA employees and/or contractors at FEMA's National Processing Service Centers who are making telephone calls to, or receiving telephone calls from, and those FEMA employees and/or contractors engaged in the case review of disaster assistance applications not related to a telephone call to or from a disaster assistance applicant.

Categories of records in the system:

• Voice recordings of telephone calls between FEMA employees and/or contractors and disaster assistance applicants;
• A “quality score” generated in QARS for each call or case processing activity that is evaluated by a FEMA supervisor or Quality Control Specialist, assessing the level of customer service provided by the FEMA employee/contractor to the disaster assistance applicant;
• FEMA supervisor or Quality Control Specialists name who conducted the assessment;
• FEMA supervisor or Quality Control Specialists user identification number who conducted the assessment;
• FEMA employee name;
• FEMA user identification number;
• FEMA contractor name; and
• FEMA contractor user identification number.

Tracking of FEMA employee/contractor activity in NEMIS related to call recordings and/or case review processing not related to a phone call may include the following disaster applicant information:

• Applicant's name;
• Home address;
• Social Security number;
• Home phone number;
• Current mailing address; and
• Personal financial information including applicant's bank name, bank account information, insurance information and individual or household income.

Authority for maintenance of the system:

5 U.S.C. Sec. 301; Federal Sector Labor Management Relations Act, Pub. L. 95-454 as amended, codified in 5 U.S.C. Sec. 4302, and 5 U.S.C. 7106(a); Pub. L. 109-295, title VI, Sec. 696, Oct. 4, 2006, 120 Stat. 1460, as codified in 6 U.S.C. 795; Fraud, Waste, and Abuse Controls; 29 U.S.C Sec. 204(b), Appointment, selection, classification, and promotion of employees by Administrator; FEMA Directive 3100.1 (M) Merit Promotion Plan; FEMA Directive 3700.1 (I) Performance Management System (PMS) for General Schedule and Prevailing Rate Employees; FEMA Directive 3700.2 (M) Employee Performance System.

Purpose(s):

The proposed system will be used for internal employee and/or contractor performance evaluations, training, and quality assurance purposes to improve customer service to disaster assistance applicants.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

A. To the Department of Justice (including United States Attorney Offices) or other Federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body, when it is necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation:

1. DHS or any component thereof;

2. Any employee of DHS in his/her official capacity;

3. Any employee of DHS in his/her individual capacity where DOJ or DHS has agreed to represent the employee; or

4. The United States or any agency thereof, is a party to the litigation or has an interest in such litigation, and DHS determines that the records are both relevant and necessary to the litigation and the use of such records is compatible with the purpose for which DHS collected the records.

B. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains.

C. To the National Archives and Records Administration or other federal government agencies pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.

D. To an agency, organization, or individual for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.

E. To appropriate agencies, entities, and persons when:

1. DHS suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised;

2. The Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by DHS or another agency or entity) or harm to the individual that rely upon the compromised information; and

3. The disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DHS's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

F. To contractors and their agents, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for DHS, when necessary to accomplish an agency function related to this system of records. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to DHS officers and employees.

G. To an appropriate federal, state, tribal, local, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations and such disclosure is proper and consistent with the official duties of the person making the disclosure.

Disclosure to consumer reporting agencies:

None.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

Records in this system are stored electronically in secure facilities behind a locked door. The records are stored on, tape and digital media.

Retrievability:

Records in QARS will be retrieved, and are only retrievable, by the FEMA employee and/or contractor's name and user identification number. This system cannot be used to retrieve by disaster applicant information. Disaster applicant information is covered by Department of Homeland Security, Federal Emergency Management Agency DHS/FEMA-008 Disaster Recovery Assistance (DRA) Files system of Start Printed Page 8761records [September 24, 2009, 74 FR 48763].

Safeguards:

Records in this system are safeguarded in accordance with applicable rules and policies, including all applicable DHS automated systems security and access policies. Strict controls have been imposed to minimize the risk of compromising the information that is being stored. The access granted is based upon an individual's position of responsibilities for “official use” only. FEMA employees and/or contractors are allowed access to the data as a function of their specific job assignments within their respective organizations and who have appropriate clearances or permissions.

Retention and disposal:

FEMA's “Request for Records Disposition Authority” was submitted to NARA (Job Number N1-311-08-01) on March 27, 2008, and approved by NARA on June 27, 2008. The retention period for information maintained in QARS depends on the use of the data. Records within QARS that are used in an evaluation of a FEMA Customer Service Representative or contractor will be retained for six years, pursuant to General Records Schedule “FEMA Series Disaster Assistance Programs-15-1.” Records that are not used in an evaluation of a FEMA Customer Service Representative or contractor will be purged from the secured servers within 45 days, per General Records Schedule “FEMA Series Disaster Assistance Programs-15-2.” QARS data is stored separately from the applicant information stored in NEMIS. NEMIS has its own independent retention policy.

System Manager and address:

Manager (940-891-8500), Enterprise Performance Information Management Section, Federal Emergency Management Agency, Texas National Processing Service Center, Denton, TX 76208.

Notification procedure:

Individuals seeking notification of and access to any record contained in this system of records, or seeking to contest its content, may submit a request in writing to the FEMA FOIA Officer, whose contact information can be found at http://www.dhs.gov/​foia under “contacts.”

When seeking records about yourself from this system of records or any other Departmental system of records your request must conform with the Privacy Act regulations set forth in 6 CFR part 5. You must first verify your identity, meaning that you must provide your full name, current address and date and place of birth. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. While no specific form is required, you may obtain forms for this purpose from the Chief Privacy Officer and Chief Freedom of Information Act Officer, http://www.dhs.gov or 1-866-431-0486. In addition you should provide the following:

• An explanation of why you believe the Department would have information on you;
• Identify which component(s) of the Department you believe may have the information about you;
• Specify when you believe the records would have been created;
• Provide any other information that will help the FOIA staff determine which DHS component agency may have responsive records; and
• If your request is seeking records pertaining to another living individual, you must include a statement from that individual certifying his/her agreement for you to access his/her records.

Without this bulleted information the component(s) may not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations.

Record access procedures:

See “Notification procedure” above.

Contesting record procedures:

See “Notification procedure” above.

Record source categories:

Records are obtained from FEMA employees and contractors in putting data received from disaster applicants and from those FEMA employees and/or contractors engaged in the case review of quality of customer service provided to disaster assistance applications by FEMA employees and contractors.

Exemptions claimed for the system:

None.