AGENCY:

Federal Energy Regulatory Commission (FERC), DOE.

ACTION:

Notice of a modified system of records.

SUMMARY:

In accordance with the Privacy Act of 1974, all agencies are required to publish in the Federal Register a notice of their systems of records. Notice is hereby given that the Federal Energy Regulatory Commission (FERC) is publishing a notice of modification to an existing FERC system of records previously titled “ Critical Energy Infrastructure Information (CEII) Records (FERC–58)” and now titled “ Critical Energy/Electric Infrastructure Information (CEII) Records (FERC–58).”

DATES:

Comments on this modified system of records must be received no later than 30 days after date of publication in the Federal Register . If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by FERC, the modified system of records will become effective a minimum of 30 days after date of publication in the Federal Register . If FERC receives public comments, FERC shall review the comments to determine whether any changes to the notice are necessary.

ADDRESSES:

Comments should be submitted in writing to Federal Energy Regulatory Commission, 888 First Street NE, Washington, DC 20426 or electronically to privacy@ferc.gov. Comments should indicate that they are submitted in response to “Critical Energy/Electric Infrastructure Information (CEII) Records (FERC–58)”.

FOR FURTHER INFORMATION CONTACT:

Mittal Desai, Chief Information Officer & Senior Agency Official for Privacy, Office of the Executive Director, Federal Energy Regulatory Commission, 888 First Street NE, Washington, DC 20426, (202) 502–6432.

SUPPLEMENTARY INFORMATION:

In Order No. 833, the Federal Energy Regulatory Commission amended its regulations to implement provisions of the Fixing America's Surface Transportation Act (FAST Act), codified at 16 U.S.C. 824o–1, related to Critical Electric Infrastructure Information. Regulations Implementing FAST Act Section 61003—Critical Electric Infrastructure Security and Amending Critical Energy Infrastructure Information, Availability of Certain North American Electric Reliability Corporation Databases to the Commission, Order No. 833, 157 FERC ¶ 61,123 (2016). The amended regulations refer to Critical Energy/Electric Infrastructure Information (CEII). Accordingly, this SORN which was previously titled “ Critical Energy Infrastructure Information (CEII) Records (FERC–58)” will now be titled “ Critical Energy/Electric Infrastructure Information (CEII) Records (FERC–58).”

Moreover, in accordance with the Privacy Act of 1974, and to comply with the Office of Management and Budget (OMB) Memorandum M–17–12, Preparing for and Responding to a Breach of Personally Identifiable Information, January 3, 2017, this notice has twelve (12) new routine uses, including two routine uses that will permit FERC to disclose information as necessary in response to an actual or suspected breach that pertains to a breach of its own records or to assist another agency in its efforts to respond to a breach that was previously published separately at 87 FR 35543 (June 10, 2022).

The following sections have been updated to reflect changes made since the publication of the last notice in the Federal Register : dates; addresses for further contact information; system location; system manager; authority for maintenance of the system; purpose of the system; categories of individuals covered by the system; categories of records in the system; record source categories; routine uses of records maintained in the system, including categories of users and the purpose of such; policies and practices for storage of records; policies and practices for retrieval of records; policies and practices for retention and disposal of records; administrative, technical, physical safeguards; records access procedures; contesting records procedures; notification procedures; and history.

SYSTEM NAME AND NUMBER:

Critical Energy/Electric Infrastructure Information (CEII) Records (FERC–58).

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Federal Energy Regulatory Commission, Office of External Affairs, 888 First Street NE, Washington, DC 20426.

SYSTEM MANAGER(S):

Office of External Affairs, CEII Coordinator, Federal Energy Regulatory Commission, 888 First Street NE, Washington, DC 20426.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

16 U.S.C. 824o–1; 18 CFR 388.113.

PURPOSE(S) OF THE SYSTEM:

The purpose of the system is to determine: (1) what the type of CEII material has been requested; (2) whether an individual seeking CEII is a legitimate requester with a valid need that should be provided CEII under a non-disclosure agreement; and (3) assess whether individuals have previously asked for or been granted access to CEII.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The following categories of individuals are covered by this system: members of the public and outside entities who request access to CEII from the Commission.

CATEGORIES OF RECORDS IN THE SYSTEM:

Individuals seeking CEII from FERC file a signed, written request for access to CEII along with an executed non- Start Printed Page 13070 disclosure agreement. The material in the record would contain the following: (1) requester's full name (including any other name(s) which the requester has used and the dates the requester used such name(s)), title, address, telephone number; (2) the name, address, and telephone number of the person or entity on whose behalf the information is requested; (3) the name and contact information of business references; (4) a detailed statement explaining the particular need for and intended use of the information; and (5) a statement as to the requester's willingness to adhere to limitations on the use and disclosure of the information requested. Furthermore, if it is determined by the CEII Coordinator that additional information is necessary to process the request, a requester in some instances may be asked to provide supporting information such as his or her date and place of birth.

RECORD SOURCE CATEGORIES:

Information in these records is supplied by individuals and companies requesting information along with external comments on the requests.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, information maintained in this system may be disclosed to authorized entities outside FERC for purposes determined to be relevant and necessary as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

1. To appropriate agencies, entities, and persons when (1) FERC suspects or has confirmed that there has been a breach of the system of records; (2) FERC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Commission (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Commission's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

2. To another Federal agency or Federal entity, when FERC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

3. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of that individual.

4. To the Equal Employment Opportunity Commission (EEOC) when requested in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or other functions of the Commission as authorized by law or regulation.

5. To the Federal Labor Relations Authority or its General Counsel when requested in connection with investigations of allegations of unfair labor practices or matters before the Federal Service Impasses Panel.

6. To disclose information to another Federal agency, to a court, or a party in litigation before a court or in an administrative proceeding being conducted by a Federal agency, when the Government is a party to the judicial or administrative proceeding. In those cases where the Government is not a party to the proceeding, records may be disclosed if a subpoena has been signed by a judge.

7. To the Department of Justice (DOJ) for its use in providing legal advice to FERC or in representing FERC in a proceeding before a court, adjudicative body, or other administrative body, where the use of such information by the DOJ is deemed by FERC to be relevant and necessary to the advice or proceeding, and such proceeding names as a party in interest: (a) FERC; (b) any employee of FERC in his or her official capacity; (c) any employee of FERC in his or her individual capacity where DOJ has agreed to represent the employee; or (d) the United States, where FERC determines that litigation is likely to affect FERC or any of its components.

8. To non-Federal Personnel, such as contractors, agents, or other authorized individuals performing work on a contract, service, cooperative agreement, job, or other activity on behalf of FERC or Federal Government and who have a need to access the information in the performance of their duties or activities.

9. To the National Archives and Records Administration in records management inspections and its role as Archivist.

10. To the Merit Systems Protection Board or the Board's Office of the Special Counsel, when relevant information is requested in connection with appeals, special studies of the civil service and other merit systems, review of OPM rules and regulations, and investigations of alleged or possible prohibited personnel practices.

11. To appropriate Federal, State, or local agency responsible for investigating, prosecuting, enforcing, or implementing a statute, rule, regulation, or order, if the information may be relevant to a potential violation of civil or criminal law, rule, regulation, order.

12. To appropriate agencies, entities, and person(s) that are a party to a dispute, when FERC determines that information from this system of records is reasonably necessary for the recipient to assist with the resolution of the dispute; the name, address, telephone number, email address, and affiliation; of the agency, entity, and/or person(s) seeking and/or participating in dispute resolution services, where appropriate.

13. In addition to those disclosures generally permitted under 5 U.S.C. 552a(b), these records or information contained therein may specifically be disclosed as a routine use to determine who has asked for access to CEII and who has received such access.

POLICIES AND PRACTICES FOR THE STORAGE OF RECORDS:

Records are maintained in electronic format using a tracker system and saved on a shared drive with access limited to individuals whose official duties require access.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

The records are retrieved by the names of the individual requester, the name of the company, where applicable, and the reference number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records are retained in accordance with the applicable National Archives and Records Administration schedules, General Records Schedule (GRS) 4.2: Information Access and Protection Records Item 020. Temporary. Destroy six (6) years after final agency action or three (3) years after final adjudication by the courts, whichever is later, but longer retention is authorized if required for business use.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Access is restricted to agency personnel or contractors whose responsibilities require access. Access to electronic records is controlled by the organizations Single Sign-On and Multi-Factor Authentication solution. Role based access is used to restrict electronic data access allowing only Start Printed Page 13071 authorized users with access (or processes acting on behalf of users) necessary to accomplish assigned tasks in accordance with organizational missions and business functions.

RECORD ACCESS PROCEDURES:

Individuals requesting access to the contents of records must submit a request through the Freedom of Information Act (FOIA) office. The FOIA website is located at: https://www.ferc.gov/​foia. CEII requests, along with Non-Disclosure Agreements may be submitted through the following link: https://www.ferc.gov/​enforcement-legal/​ceii/​electronic-ceii-request-form. Written requests for access to records should be directed to: Director, Office of External Affair, Federal Energy Regulatory Commission, 888 First Street NE, Washington, DC 20426.

CONTESTING RECORD PROCEDURES:

See Records Access procedures.

NOTIFICATION PROCEDURES:

Generalized notice is provided by the publication of this notice. For specific notice, see Records Access Procedure, above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

Under 5 U.S.C. 552a(k)(2) this system of records is exempted from the following provisions of the Privacy Act, 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (H), and (I), and (f). Furthermore, during the course of reviewing a CEII request, exempt materials from other systems of records may in turn become part of the case records. To the extent that copies of exempt records from those other systems of records are entered into this system of records, FERC hereby claims the same exemptions for the records from those other systems that are entered into this system, as claimed for the original primary systems of records of which they are a part. FOIA lists the following exemptions, which are provided in 5 U.S.C 552(b). In addition, the FAST Act, 16 U.S.C. 824o–1(d)(1), exempts CEII from mandatory disclosure under the FOIA.

HISTORY: 79 FR 17530, March 28, 2014.