Cyb-320 3-2 Activity: Incident Report Componentssouthern New

CYB-320 3-2 Activity: Incident Report ComponentsSouthern New Hampshire University 09:30:36 GMT -05:00FEMA IncidentContributing FactorsOn March 18, 2019, the Office of Inspector General reported that FEMA Violated the1974 Privacy Act and Department of Homeland Security policy in sharing its data. The agency discovered this during an Audit of FEMA's Transitional Sheltering Assistance Program (TSA). This program assisted victims of the 2017 fires and 2017 hurricanes of Harvey, Irma, and Maria, which devasted parts of Texas, Florida, Puerto Rico, and the U.S. Virgin Islands. To provide assistance to the victims, FEMA required the applicants to provide PII (Personally Identifiable Information) and SPII (Sensitive PII). The Contributing factor is that FEMA is required to share13 data elements with its contractors so they can perform their duties administering the TSA program. Unfortunately, FEMA did not verify what data was being shared, and 20 unnecessary data fields, including 6 data fields that included SPII, were being provided to these contractors.Data AssetsDue to the accidental sharing of data with the contractors, the affected data assets of this incident are the PII and SPII of the victims applying for aid from natural disasters. The accidental sharing of this information can raise concerns about FEMA's privacy