Civics: FEMA Did Not Safeguard Disaster Survivors’ Sensitive Personally Identifiable Information

Taxpayer supported US Department of Homeland Security:

A privacy incident occurred because FEMA did not ensure it shared with the contractor only the data elements the contractor requires to perform its official duties administering the TSA program. FEMA provided and continues to provide with more than 20 unnecessary data fields for survivors participating in the TSA program. Of the 20 unnecessary data fields, FEMA does not safeguard and improperly releases 6 that include SPII: