Skip to main content
U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Federal Emergency Management Agency Privacy Stewardship

Executive Summary

We performed an audit of the Federal Emergency Management Agency’s (FEMA) privacy stewardship. Our audit objectives were to determine whether FEMA’s plans and activities instill a culture of privacy that protects sensitive personally identifiable information and whether FEMA ensures compliance with Federal privacy laws and policies. FEMA has made progress in implementing plans and activities to instill a culture of privacy. Specifically, it has established a privacy office that, among other functions, prepares reports on FEMA’s privacy activities to the Department of Homeland Security Privacy Office, reviews suspected privacy incidents, and oversees FEMA’s privacy training. However, FEMA faces a number of challenges in ensuring that personally identifiable information is protected. Specifically, it needs an accurate inventory of its information technology systems that impact privacy. In addition, FEMA needs to complete required privacy compliance analyses, including privacy threshold analyses, privacy impact assessments, and system of records notices, for 430 information technology systems that were reported as unauthorized.

Report Number
Issue Date
Document File
DHS Agency
Oversight Area
Fiscal Year