[Federal Register Volume 74, Number 73 (Friday, April 17, 2009)]
[Notices]
[Pages 17863-17866]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E9-8859]
=======================================================================
-----------------------------------------------------------------------
FEDERAL TRADE COMMISSION
Privacy Act of 1974; System of Records Notices
AGENCY: Federal Trade Commission (FTC).
ACTION: Notice of revised Privacy Act system notices.
-----------------------------------------------------------------------
SUMMARY: The FTC is revising several of the notices that it is required
to publish under the Privacy Act of 1974 to describe its systems of
records about individuals. This action is intended to make these
notices clearer, more accurate, and up-to-date.
DATES: This notice shall become final and effective on April 17, 2009.
FOR FURTHER INFORMATION CONTACT: Alex Tang, G. Richard Gold, or
Lorielle L. Pankey, Attorneys, Office of the General Counsel, FTC, 600
Pennsylvania Avenue, NW., Washington, DC 20580, (202) 326-2424.
SUPPLEMENTARY INFORMATION: To inform the public, the FTC publishes in
the FEDERAL REGISTER and posts on its Web site a ``system of records
notice'' (SORN) for each system of records about individuals that the
FTC currently maintains within the meaning of the Privacy Act of 1974,
as amended, 5 U.S.C. 552a. See (http://www.ftc.gov/foia/listofpaysystems.shtm). Each SORN describes the records maintained in
that particular system, including the categories of individuals that
the records in the system are about (e.g., FTC employees or consumers).
Each system notice also contains information about how to find out if
that particular system contains any records about you.
On June 12, 2008, the FTC republished and updated all of the FTC's
SORNs, describing all of the agency's systems of records covered by the
Privacy Act in a single document for ease of use and reference. 73 FR
33592. To ensure the SORNs remain accurate, FTC staff engages in a
comprehensive review of each SORN on a periodic basis. As a result of
this systematic review, the FTC is making the following revisions to
several of its SORNs.\1\
---------------------------------------------------------------------------
\1\ The FTC is not adding or changing any routine uses of its
system records or making other significant system changes that would
require prior public comment or notice to the Office of Management &
Budget (OMB) and Congress. See U.S.C. 552a(e)(11), (r); OMB Circular
A-130, Appendix I.
---------------------------------------------------------------------------
I. FTC Law Enforcement Systems of Records
FTC-I-1 (Nonpublic Investigational and Other Nonpublic Legal
Program Records--FTC). This SORN includes nonpublic investigational and
other nonpublic program records. We have added language that clarifies
the categories of individuals and types of records covered by the
system.
FTC-I-7 (Office of Inspector General Investigative Files--FTC).
This SORN covers investigatory records in the FTC's Office of Inspector
General (OIG). The FTC is revising the retention and disposal section
of this SORN to reflect that these records are retained indefinitely,
pending approval of an applicable retention and disposal schedule by
the National Archives and Records Administration.
II. FTC Personnel Systems of Records
FTC-II-1 (General Personnel Records--FTC). This SORN covers
Official Personnel Folders (OPFs) and other personnel records that the
FTC's Human Resources Management Office (HRMO) maintains about FTC
employees. We are including additional authorities for the system.
FTC-II-2 (Unofficial Personnel Records--FTC). This SORN covers
personnel records maintained outside of the FTC's HRMO by FTC managers
about their employees, including employee performance files. We are
including additional authorities for the system.
FTC-II-7 (Ethics Program Records--FTC). This SORN covers annual
financial statements and other filings or requests made by FTC
officials and employees under the FTC's ethics program. The FTC is
making a technical revision to reflect the appropriate title of
[[Page 17864]]
the system manager (``Designated Agency Ethics Official'' as opposed to
``Designated Agency Ethics Officer'').
FTC-II-10 (Employee Health Care Records--FTC). This SORN covers
records maintained by the FTC's employee health unit, which relies upon
a U.S. Department of Health and Human Services Program Support Center
(PSC) contractor to provide on-site health services to our employees at
certain FTC facilities. The FTC is revising this SORN to clarify that
this system excludes medical records pertaining to requests for
reasonable accommodation, see Sections 501 and 505 of the
Rehabilitation Act of 1973 as amended (Pub. L. 93-112), which would be
covered by the applicable OPM Government-wide SORN, OPM/GOVT-10
(Employee Medical File System Records). See 71 FR 35342, 35360 (June
19, 2006).
III. FTC Financial Systems of Records
FTC-III-1 (Personnel Payroll System--FTC). This SORN covers payroll
processing records for FTC employees and retirement records. The FTC is
removing the reference to the Director of the Division of Finance and
Budget as a system manager and leaving the Director of the Human
Resources Management Office as now the sole FTC manager of this system.
IV. FTC Correspondence Systems of Records
FTC-IV-1 (Consumer Information System--FTC). This SORN covers
complaints and information requests received from consumers. We are
including additional details about the safeguards employed to protect
this information.
FTC-IV-3 (National Do Not Call Registry--FTC). This SORN covers
records of individuals who wish to be placed on the FTC's telemarketing
do-not-call list. It also covers information collected from
telemarketers, sellers, or agents who are required to comply with the
list, but only to the extent, if any, that such telemarketers, sellers,
or agents are also ``individuals'' within the meaning of the Privacy
Act. The FTC is revising the Authority for Maintenance of the System
section to include references to the Do-Not-Call Improvement Act of
2007 (Pub. L. No. 110-187 (2008)) (eliminating the automatic removal of
numbers from the registry) and the Do-Not-Call Registry Fee Extension
Act of 2007 (Pub. L. No. 110-188 (2008)) (modifying the fees that
organizations accessing the registry must pay).
VII. FTC Miscellaneous Systems of Records
FTC-VII-3 (Computer Systems User Identification and Access
Records--FTC). This SORN covers records that the FTC maintains on those
who have access to FTC computer systems in order to monitor and control
the usage of such systems. The FTC is revising this SORN to make
further clarifications in the system's scope, purpose and safeguards.
We are also adding the Assistant Chief Information Officer, Operations
Assurance, Office of Information and Technology Management as a system
manager.
FTC-VII-4 (Call Detail Records--FTC). This SORN covers records that
the FTC maintains on telephone usage by employees, contractors and
other individuals. The FTC is revising this SORN to add the Assistant
Chief Information Officer for Customer Services as a system manager.
---------------------------------------------------------------------------
\2\ This SORN was incorrectly identified as FTC-VII-8 in the
``System-by-System SORN Summary'' section of the FTC's June 12, 2008
Notice. 73 FR 33592, 33596.
---------------------------------------------------------------------------
FTC Systems of Records Notices
Accordingly, the FTC revises and updates the Privacy Act systems of
records below as follows:
I. FTC Law Enforcement Systems of Records
FTC-I-1
SYSTEM NAME:
Nonpublic Investigational and Other Nonpublic Legal Program
Records--FTC.
* * * * *
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
This system consists of case or matter files and other nonpublic
records created, collected and maintained by the FTC's Bureaus and
other offices in the course of law enforcement investigations,
administrative or court litigation, and other agency legal proceedings
and matters (e.g., rulemakings, requests for formal advisory opinions).
The system covers investigatory targets, witnesses, consumers, redress
claimants, commenters, requesters, and other individuals whose
information the FTC ``retrieves'' from these nonpublic records, as
explained below. (Entities that are not ``individuals,'' such as
businesses, sole proprietorships, or corporations, are not covered by
this system.) Parties requesting informal advisory opinions are covered
by FTC-I-3, Informal Advisory Opinion Request and Response Files--FTC.
CATEGORIES OF RECORDS IN THE SYSTEM:
Records maintained in this system include information about
individuals such as name, address, employment status, age, date of
birth, financial information, credit information, social security
number and personal history. Records in this system are collected and
generated during law enforcement investigations and litigation and may
include: copies of subpoenas and other compulsory process issued during
the investigation; documents and records (including copies) obtained
during the investigation in response to subpoenas and other compulsory
process, or otherwise provided to the Commission; affidavits and other
statements from witnesses; transcripts of testimony taken in the
investigation and accompanying exhibits; internal staff memoranda;
interview notes, investigative notes, staff working papers, draft
materials, and other documents and records relating to the
investigation; correspondence; and internal status reports including
matter initiation reports, progress reports, and closing reports.
Records in this system may also include other investigatory information
or data relating to any of the following: docketed and consent matters;
redress distribution proceedings; rulemakings, workshops, and other
public proceedings, including comments or other materials submitted in
such proceedings; assurances of voluntary compliance; and advisory
opinions.
This system is limited to files and records that are about an
individual, and only when the file or record is pulled (``retrieved'')
by the name of that individual or other personal identifier (e.g.,
number, symbol, fingerprint, etc.). As described below, records in this
system may become public if they are subject to such disclosure under
the FTC's Rules of Practice.
* * * * *
FTC-I-7
SYSTEM NAME:
Office of Inspector General Investigative Files--FTC.
* * * * *
RETENTION AND DISPOSAL:
Records are retained indefinitely, pending approval of an
applicable retention and disposal schedule by the National Archives and
Records Administration.
* * * * *
[[Page 17865]]
II. FTC Personnel Systems of Records
FTC-II-1
SYSTEM NAME:
General Personnel Records--FTC.
* * * * *
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 301, 1302, 2951, 3301, 3372, 4118, 8347; Executive Orders
9397, 9830, and 12107; and 5 CFR 293.
* * * * *
FTC-II-2
SYSTEM NAME:
Unofficial Personnel Records--FTC.
* * * * *
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 301, 1104, 3321, 4301-4305; 4311-4315; 5405, 6101-6106;
6301-6326; 6331-6340; 6361-6373; 6381-6387; 6391; 7301-7353; 5 U.S.C.
Chapter 75; Executive Order 12107; and 5 CFR 293.
* * * * *
FTC-II-7
SYSTEM NAME:
Ethics Program Records--FTC.
* * * * *
SYSTEM MANAGER(S) AND ADDRESS:
Designated Agency Ethics Official, Office of General Counsel,
Federal Trade Commission, 600 Pennsylvania Avenue, NW., Washington, DC
20580.
* * * * *
FTC-II-10
SYSTEM NAME:
Employee Health Care Records--FTC.
* * * * *
CATEGORIES OF RECORDS IN THE SYSTEM:
Names, medical reports, opinions, evaluations, diagnoses and
treatment information; and other records of the type described in the
Privacy Act system of records notice published by the Health and Human
Services' Program Support Center (HHS/PSC) for System No. 09-40-0005
(Public Health Service (PHS) Beneficiary-Contract Medical/Health Care
Records), or any successor system notice for that system. The FTC
currently has an interagency contract with HHS/PSC, which, in turn,
uses private contractors to provide nursing, vaccination, and other
miscellaneous on-site health care services to FTC employees.
This system (FTC-II-10) excludes other medical records, if any,
that may be compiled or maintained by the FTC or a contractor on the
FTC's behalf about FTC employees resulting from: (1) a request for
reasonable accommodation under Sections 501 and 505 of the
Rehabilitation Act of 1973, as amended (Pub. L. 93-112); (2) a
condition of the individual's employment (e.g., fitness-for-duty
examination, drug testing); or (3) an on-the-job occurrence (e.g.,
medical injury report). Those records, if any, are described in and
covered by the Office of Personnel Management (OPM) Privacy Act system
of records notice for such records, OPM/GOVT-10 (Employee Medical File
System Records), or any successor system notice for that system.
* * * * *
III. FTC Financial Systems of Records
FTC-III-1
SYSTEM NAME:
Personnel Payroll System--FTC.
* * * * *
SYSTEM MANAGER(S) AND ADDRESS:
Director, Human Resources Management Office, Federal Trade
Commission, 600 Pennsylvania Avenue, NW., Washington, DC 20580.
See DOI-85 for the FPPS system manager and address.
* * * * *
IV. FTC Correspondence Systems of Records
FTC-IV-1
SYSTEM NAME:
Consumer Information System--FTC.
* * * * *
SAFEGUARDS:
The system can currently be accessed by FTC staff, contractors, and
other system users, such as authorized law enforcement agency
personnel. This access occurs via a Web-based interface and is
authorized only on a need-to-know basis to those individuals and
organizations requiring access. Contractors and other non-FTC users
must sign confidentiality and nondisclosure agreements, and, in some
cases, are required to undergo additional security clearance
procedures. Letters or other system records in paper format are
maintained in lockable rooms and cabinets. Access to the electronic
database requires users to have the correct ``user ID'' and password
combination, individual security token code, and Internet protocol
(``IP'') address for the user's law enforcement agency. The system
database is maintained on secure servers, protected by firewalls,
access and usage logs, and other security controls. Servers are
maintained in a secure physical environment, including building locks,
security guards, and cameras.
* * * * *
FTC-IV-3
SYSTEM NAME:
National Do Not Call Registry System--FTC.
* * * * *
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Federal Trade Commission Act, 15 U.S.C. 41 et seq., Telemarketing
and Consumer Fraud and Abuse Prevention Act, 15 U.S.C. 6101-6108; Do-
Not-Call Implementation Act, Pub. L. No. 108-10 (2003); Do-Not-Call
Improvement Act of 2007, Pub. L. No. 110-187 (2008); Do-Not-Call
Registry Fee Extension Act of 2007, Pub. L. No. 110188 (2008).
* * * * *
VII. FTC Miscellaneous Systems of Records
FTC-VII-3
SYSTEM NAME:
Computer Systems User Identification and Access Records--FTC.
* * * * *
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Commission employees and others (e.g., contractors) with access to
FTC computer systems, including various system platforms, applications,
and databases (e.g., Outlook, Business Objects, Oracle, Redress,
STAFFID, CIS, etc.), operated by the FTC or by a contractor for the
FTC.
CATEGORIES OF RECORDS IN THE SYSTEM:
This Privacy Act system consists of the login and other user
identification and access records that FTC computer systems routinely
compile and maintain about users of those systems. These records
include user data such as: user name; e-mail address; employee or other
user identification number; organization code; systems or services to
which the individual has access; systems and services used; amount of
time spent using each system; number of usage sessions; and user
profile. These system records include log-in, passphrase, and other
system usage files and directories when they contain data on specific
users. Many FTC computer systems collect and maintain additional
information, other than system use data, about individuals inside and
outside the FTC. See a complete list of FTC Privacy Act systems on the
FTC's Web site, (http://www.ftc.gov/foia/listofpaysystems.shtm), to
learn about
[[Page 17866]]
other categories of information collected and maintained about
individuals in the FTC's computer systems.
* * * * *
PURPOSE(S):
To monitor usage of computer systems; to support server and desktop
hardware and software; to ensure the availability and reliability of
the agency computer facilities; to help document and/or control access
to various computer systems; to audit, log, and alert responsible FTC
personnel when certain personally identifying information is accessed
in specified systems; to prepare budget requests for automated
services; to identify the need for and to conduct training programs,
which can include the topics of information security, acceptable
computer practices, and FTC information security policies and
procedures; to monitor security on computer systems; to add and delete
users; to investigate and make referrals for disciplinary or other
action if improper or unauthorized use is suspected or detected.
* * * * *
SAFEGUARDS:
Access is restricted to agency personnel and contractors whose
responsibilities require access. Paper records, if any, maintained in
lockable rooms or file cabinets. Access to electronic records is
controlled by ``user ID'' and passphrase combination and/or other
appropriate electronic access or network controls (e.g., firewalls).
FTC buildings are guarded and monitored by security personnel, cameras,
ID checks, and other physical security measures.
* * * * *
SYSTEM MANAGER(S) AND ADDRESS:
Assistant Chief Information Officer, Infrastructure Operations,
Office of Information and Technology Management, Federal Trade
Commission, 600 Pennsylvania Avenue, NW., Washington, DC 20580.
Assistant Chief Information Officer, Operations Assurance, Office
of Information and Technology Management, Federal Trade Commission, 600
Pennsylvania Avenue, NW., Washington, DC 20580.
* * * * *
FTC-VII-4
SYSTEM NAME:
Call Detail Records--FTC.
* * * * *
SYSTEM MANAGER(S) AND ADDRESS:
Assistant Chief Information Officer, Customer Services, Office of
Information and Technology Management, Federal Trade Commission, 600
Pennsylvania Avenue, NW., Washington, DC 20580.
Assistant Chief Information Officer, Infrastructure Operations,
Office of Information and Technology Management, Federal Trade
Commission, 600 Pennsylvania Avenue, NW., Washington, DC 20580.
* * * * *
David C. Shonka,
Acting General Counsel.
[FR Doc. E9-8859 Filed 4-16-09: 8:45 am]
BILLING CODE 6750-01-S