Contact Us Search: All EPA Privacy Act

• You are here: EPA Home
• Privacy Act
• Impact Assessments
• Emergency Management Portal

Emergency Management Portal

I. Data in the System

1. Generally describe what data/information will be collected in the system.

   This system collects data that support Emergency Management ( prevention, preparedness, and response).  This includes removal and ER cleanup site data, equipment warehouse management data, personnel readiness data (training and experience) and technical information in support of field personnel.

2. What are the sources and types of the information in the system?

   Data is entered by On Scene Coordinators, National Decontamination Team experts, equipment warehouse managers and Response Support Corp volunteers.  The types of data include site identification and location, results from sampling and monitoring, results from hazardous debris and facilities recon, decision support documents, images,  equipment identificaiton and tracking, technical support information including health and safety, risk and toxicology, decontamination and containment methods, documents and links to other information sources for field personnel.

3. How will the data be used by the Agency?

   Data will be used to manage removal and remedial sites, track readiness, measure progress toward meeting Agency goals.

4. Why is the information being collected? (Purpose)

   Manage removal and remedial sites, track readiness, improve the affectiveness of OSCs, measure progress toward meeting Agency goals.

II. Access to the Data

1. Who will have access to the data/information in the system (internal and external parties)? If contractors, are the Federal Acquisition Regulations (FAR) clauses included in the contract (24.104 Contract clauses; 52.224-1 Privacy Act Notification; and 52.224-2 Privacy Act)?

   All of the data accept individual readiness records and site records restricted by the OSC are available to all EPA employees.  The readiness records can be viewed by the employee (his/her own record), the Health and Safety Officer in each Region (for that region only) and the program manager at HQ (all records). 

   Trusted partners (regional START contractors, state government employees, other Federal Agency employees) are permitted read access to technical information, equipment information and any sites the the OSC releases for viewing.  They are not permitted to see any PII information in this system.  

   Systems development contractors may have these data briefly while migrating it from legacy systems to the new system.  The FAR for privacy are included in these contracts.   

2. What controls are in place to prevent the misuse of data by those having authorized access?

   All employees and contractors are required to take security awareness training each year.  Last year's training specifically focused on rules for PII.  Health and Safety Officers in each Region are specifically trained to handle personnel information that included PII.  

3. Do other systems share data or have access to data/information in this system? If yes, explain who will be responsible for protecting the privacy rights of the individuals affected by the interface? (i.e., System Administrators, System Developers, System Managers)

   No

4. Will other agencies, state or local governments share data/information or have access to data in this system? (Includes any entity external to EPA.)

   No

5. Do individuals have the opportunity to decline to provide information or to consent to particular uses of the information? If yes, how is notice given to the individual? (Privacy policies must clearly explain where the collection or sharing of certain information may be optional and provide users a mechanism to assert any preference to withhold information or prohibit secondary use.)

   Information is collected for EPA employees only.  Privacy statement will be posted on the screen.  Employees can choose to enter data or not when presented with this statement.  

III. Attributes of the Data

1. Explain how the use of the data is both relevant and necessary to the purpose for which the system is being designed.

   EMP is being designed to support EPA employees and their partners in the performance of Emergency Management activities.  The data concerning sites, responder readiness, equipment and technical support information is data used every day by those engaged in this work. 

2. If data are being consolidated, what controls are in place to protect the data from unauthorized access or use? Explain.

   EMP has a robust security design that includes portal Identity and Access Management at the beginning and a customized roles/rights schema within each module

3. If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access? Explain.

   No

4. How will data be retrieved? Can it be retrieved by personal identifier? If yes, explain. (A personal identifier is a name, Social Security Number, or other identifying symbol assigned to an individual, i.e. any identifier unique to an individual.)

   EMP readiness data is retrieved by name.  EMP does not contain Social Security Numbers.  EMP contains the unique employee ID assigned by the agency to allow EMP to retrieve data from the master person database managed by the EPA Portal.  EMP data cannot be retrieved by that number, nor is it displayed on the screen.

5. Is the Web privacy policy machine readable?  Where is the policy stated?  (Machine readable technology enables visitors to easily identify privacy policies and make an informed choice about whether to conduct business with that site.)

   No public PII collected and not public access

IV. Maintenance of Administrative Controls

1. Has a record control schedule been issued for the records in the system? If so, provide the schedule number. What are the retention periods for records in this system? What are the procedures for eliminating the records at the end of the retention period? (You may check with the record liaison officer (RLO) for your AA-ship, Tammy Boulware (Headquarters Records Officer) or Judy Hutt, Agency Privacy Act Officer, to determine if there is a retention schedule for the subject records.)

   Records Schedule:  006a Program Management

   Records are kept as long as the record subject is affiliated with EPA and has emergency responsibilities.

2. While the data are retained in the system, what are the requirements for determining if the data are still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?

   Personnel have access to their own records to ensure that they are accurate. 

3. Will this system provide the capability to identify, locate, and monitor individuals? If yes, explain.

   On Scene Coordinators and Response Support Corps volunteers will have records in this system.  They or the Health and Safety Officer in each Region/AAship will enter data concerning emergency contacts, training, certifications, skill, and experience.  OSCs are required to maintain a certain level of training.  Their training/experience is tracked in this database.

4. Does the system use any persistent tracking technologies?

   No

5. Under which System of Records (SOR) notice does the system operate? Provide the name of the system and its SOR number if applicable. A list of Agency SORs are posted at http://www.epa.gov/privacy/notice/. (A SOR is any collection of records under the control of the Agency in which the data is retrieved by a personal identifier. The Privacy Act Officer will determine if a SOR is necessary for your system.)

   EPA-44

Local Navigation

• Privacy Act Home
• Submit a Request
• Policy
• Laws & Statutes
• Systems of Records
• Impact Assessments
• Frequent Questions
• Related Links

• EPA Home
• Privacy and Security Notice
• Contact Us