AGENCY:

Federal Trade Commission (FTC).

ACTION:

Notice of modified systems of records.

SUMMARY:

The FTC is making technical revisions to several of the notices that it has published under the Privacy Act of 1974 to describe its systems of records. This action is intended to make these notices clearer, more accurate, and up-to-date.

DATES:

These technical revisions shall become final and effective on March 23, 2020.

FOR FURTHER INFORMATION CONTACT:

G. Richard Gold and Alex Tang, Attorneys, Office of the General Counsel, FTC, 600 Pennsylvania Avenue NW, Washington, DC 20580, (202) 326-2424.

SUPPLEMENTARY INFORMATION:

To inform the public, the FTC publishes in the Federal Register and posts on its website a “system of records notice” (SORN) for each system of records that the FTC currently maintains within the meaning of the Privacy Act of 1974, as amended, 5 U.S.C. 552a (“Privacy Act” or “Act”). See https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems. The Privacy Act protects records about individuals in systems of records collected and maintained by Federal agencies. (A system is not a “system of records” under the Act unless the agency maintains and retrieves records in the system by the relevant individual's name or other personally assigned identifier.) Each Federal agency, including the FTC, must publish a SORN that describes the records maintained in each of its Privacy Act systems, including the categories of individuals that the records in the system are about, where and how the agency maintains these records, and how individuals can find out whether an agency system contains any records about them or request access to such records, if any. The FTC, for example, maintains 40 systems of records under the Act. Some of these systems contain records about the FTC's own employees, such as personnel and payroll files, while other FTC systems contain records about members of the public, such as public comments, consumer complaints, or phone numbers submitted to the FTC's Do Not Call Registry.

The FTC's SORNs discussed in this notice apply only to the FTC's own Privacy Act record systems. They do not cover Privacy Act records that other Federal agencies may collect and maintain in their own systems. Likewise, the FTC's SORNs and the Privacy Act of 1974 do not cover records that private businesses or other non-FTC entities may collect about individuals, which may be covered by other privacy laws.

On June 12, 2008, the FTC republished and updated all of its SORNs, describing all of the agency's systems of records covered by the Privacy Act in a single document for ease of use and reference. See 73 FR 33592. To ensure the SORNs remain accurate, FTC staff reviews each SORN on a periodic basis. As a result of this systematic review, the FTC made revisions to several of its SORNs on April 17, 2009 (74 FR 17863), August 27, 2010 (75 FR 52749), February 23, 2015 (80 FR 9460), November 2, 2017 (82 FR 50871), November 6, 2018 (83 FR 55541), and April 19, 2019 (84 FR 16493).

Based on a periodic review of its SORNs, the FTC is publishing these additional technical revisions, to ensure that the FTC's SORNs remain clear, accurate, and up-to-date:

• First, the FTC is amending several SORNs to clarify or update information about the applicable records disposition schedules published or approved by the National Archives and Records Administration (NARA), which determine how long agency records in each system should be retained and destroyed.
• Second, the FTC is amending multiple SORNs applicable to FTC financial-related records (FTC-III-2 and FTC-III-3) to take account of the FTC's migration of these systems, previously serviced under an interagency agreement with the Department of Interior's National Business Center, to the Department of Treasury's Administrative Resource Center (ARC), part of the Bureau of Fiscal Services, as of October 1, 2019; to also address the new interagency service agreement with ARC for acquisition procurement support (FTC-III-4), and to make other technical changes (e.g., updating the official title of the system manager, explaining how individuals may now access certain records online).
• Third, after consultation with staff at the Office of Management & Budget (OMB), which provides guidance to Federal agencies on complying with the Privacy Act, the FTC is amending the above SORNs to include specific references to the Federal Register notices where the FTC previously published three SORN Appendices applicable to all FTC SORNs. Specifically, these Appendices, which are posted on the FTC's website: List the authorized disclosures and routine uses applicable to all FTC systems of records (Appendix I); how an individual can make a Privacy Act request to determine if the FTC has any records about him or her and, if so, how the individual may request access to or amendment of those records in the FTC's systems (Appendix II); and the location of FTC buildings and offices where the FTC maintains its records subject to the Act (Appendix III).
• Fourth, the FTC is republishing the full text of each of the above SORNs, incorporating the technical amendments, for the convenience of the reader and in accordance with OMB Circular A-108 (2016), which reorganized the format and content for SORNs published by Federal agencies.

The FTC is not substantively adding or amending any routine uses of its Privacy Act system records. Accordingly, the FTC is not required to provide prior public comment or notice to OMB or Congress for these technical amendments, which are final upon publication. See U.S.C. 552a(e)(11) and 552a(r); OMB Circular A-108, supra.

A SORN-by-SORN summary, including a more detailed description of each SORN and how it is being amended, appears below, followed by the full text of the SORNs, as amended.

II. Federal Trade Commission Personnel Systems of Records

FTC-II-12 (Learning Management System—FTC.). This SORN covers the system used by the FTC's Human Capital Management Office to track and log requests of FTC employees to attend training courses. The FTC is revising this SORN to update the “system name and number” heading. The “category of records” section of the SORN is also being amended to recognize that records in this system contain employee names, but no longer include social security numbers or dates of birth. The “policies and practices for retrieval of records” section is revised to reflect that records are not retrieved by social security number.

FTC-II-13 (Staff Time and Activity Reporting (STAR) System—FTC). This SORN covers the system that the FTC uses to compile statistics on time spent by each employee on various FTC matters. The Commission has updated the “retention and disposal” section to cite the applicable General Records Schedule approved by NARA for government-wide use.

III. Federal Trade Commission Financial Systems of Records

FTC-III-2 (Travel Management System—FTC). This SORN covers travel documentation for FTC employees and other authorized individuals on official travel for the FTC. This SORN is revised to take account of the FTC's migration Start Printed Page 16351of this system, which was previously serviced under an interagency agreement with the Department of Interior's National Business Center, to the Department of Treasury's Administrative Resource Center as of October 1, 2019. Thus, the sections on “system location” and “categories of records in the system” are also being updated. The Commission is also updating the “retention and disposal” section to cite the applicable General Records Schedule approved by NARA for government-wide use.

FTC-III-3 (Financial Management System—FTC). This SORN covers FTC records of payments or reimbursements for official travel by its employees and other individuals (compare FTC-III-2 above) and miscellaneous payments for the acquisition of goods or services (compare FTC-III-4 below). This SORN is revised to take account of the FTC's migration of this system, previously serviced under an interagency agreement with the Department of Interior's National Business Center, to the Department of Treasury's Administrative Resource Center as of October 1, 2019. Conforming amendments are also being made to “system location”, “system manager(s)”, and “categories of records in the system”, and a non-substantive update is being made to routine uses (i.e., citing the related Treasury SORN). The Commission has also updated the “retention and disposal” section to cite the applicable General Records Schedule that was approved by NARA for government-wide use.

FTC-III-4 (Automated Acquisitions System—FTC). This SORN covers the system used by the FTC to track requisitions (orders) for goods or services from non-FTC sources. This SORN is revised to take account of the FTC's new interagency service agreement for acquisition systems support with the Department of Treasury's Administrative Resource Center as of October 1, 2019. Conforming amendments are being made to “system location” and “categories of records in the system” (also citing to the relevant Government-wide General Services Administration (GSA) SORN that includes the same record categories). The Commission is also updating the contact information for the “system manager(s)”. Finally, the Commission is updating the “retention and disposal” section to cite the applicable General Records Schedule approved by NARA for government-wide use.

IV. FTC Correspondence Systems of Records

FTC-IV-3 (National Do Not Call Registry—FTC). This SORN covers records of individuals who wish to be placed on the FTC's telemarketing do-not-call list. It also covers information collected from telemarketers, sellers, or agents who are required to comply with the list, but only to the extent, if any, that such telemarketers, sellers, or agents are also “individuals” within the meaning of the Privacy Act. The Commission has updated the official title and contact information for the “system manager(s)”. The Commission is also updating the “retention and disposal” section to cite the applicable General Records Schedule approved by NARA for government-wide use.

VII. FTC Miscellaneous Systems of Records

FTC-VII-3 (Computer Systems User Identification and Access Records—FTC). This SORN covers records that the FTC maintains on individual users of computer systems operated by the FTC or on its behalf in order to monitor and control their usage of such systems. The Commission has updated the official title and contact information for the “system manager(s)”. The Commission is also updating the “retention and disposal” section to cite the applicable General Records Schedule approved by NARA for government-wide use.

FTC-VII-4 (Call Detail Records—FTC). This SORN covers records that the FTC maintains on FTC telephone usage by its employees, contractors, and other individuals. The Commission has updated the official title and contact information for the “system manager(s)”. The Commission is also updating the “retention and disposal” section to cite the applicable General Records Schedule approved by NARA for government-wide use.

FTC-VII-5 (Property Management System—FTC). This SORN covers property logs or other records that the FTC maintains to account for FTC office equipment, keys, or other FTC property assigned to individual employees or others. The Commission is updating the contact information for the “system manager(s)”. Finally, the Commission is updating the “retention and disposal” section to cite the applicable General Records Schedule approved by NARA for government-wide use.

FTC-VII-7 (Information Technology Service Ticket System—FTC). This SORN applies to records maintained by or on behalf of the agency to track FTC “help desk” requests or other information from or about FTC employees and contractors relating to computer assistance, repairs, loss, etc., of FTC equipment and IT resources. The Commission has updated the official title and contact information for the “system manager(s)”. The Commission is also updating the “retention and disposal” section to cite the applicable General Records Schedule approved by NARA for government-wide use.

FTC-VII-8 (Administrative Service Order System—FTC). This SORN covers the database system used by the FTC's Administrative Service Office to track and fulfill requests made by employees or other individuals for building repairs, maintenance, or other administrative services. The Commission has updated the official title and contact information for the “system manager(s)”. The Commission is also updating the “retention and disposal” section to cite the applicable General Records Schedule approved by NARA for government-wide use.

FTC Systems of Records Notices

In light of the updated SORN template set forth in revised OMB Circular A-108 (2016), the FTC is reprinting the entire text of each amended SORN for the public's benefit, to read as follows:

II. Federal Trade Commission Personnel Systems of Records

SYSTEM NAME AND NUMBER:

Learning Management System-FTC (FTC-II-12).

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580. For other locations where records may be maintained or accessed, see Appendix III (Locations of FTC Buildings and Regional Offices), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 80 FR 9460, 9465 (Feb. 23, 2015).

SYSTEM MANAGER(S):

Chief Human Capital Officer, Human Capital Management Office (HCMO), Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580, email: SORNs@ftc.gov.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Federal Trade Commission Act, 15 U.S.C. 41 et seq.; 5 U.S.C. ch. 41; 5 CFR 410.701.

PURPOSE(S) OF THE SYSTEM:

To provide information to agency managers necessary to indicate the Start Printed Page 16352training that has been requested and provided to individual employees; to determine course offerings and frequency; and to manage the training program administered by the Human Capital Management Office. Since this system is legally part of the OPM's Government-wide system of records notice for this system, OPM/GOVT-1, it is subject to the same purposes set forth for that system by OPM, see OPM/GOVT-1, or any successor OPM system notice that may be published for this system (visit www.opm.gov for more information).

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals who, at the time the records are added to the system, are FTC employees who registered to attend training courses offered by the Human Capital Management Office.

CATEGORIES OF RECORDS IN THE SYSTEM:

Employee name, position title, pay plan, series, grade, organizational code, work address, work phone number, supervisor, work email address, course number, course title, course date and time, attendance indicator, separation date, etc.

RECORD SOURCE CATEGORIES:

Individual about whom the record is maintained, supervisors, managers, and Human Capital Management Office staff responsible for the training program.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

Since this system is legally part of the OPM's Government-wide system of records notice for this system, OPM/GOVT-1, it is subject to the same routine uses set forth for that system by OPM, see OPM/GOVT-1, or any successor OPM system notice that may be published for this system (visit www.opm.gov for more information).

For other ways that the Privacy Act permits the FTC to use or disclose system records outside the agency, see Appendix I (Authorized Disclosures and Routine Uses Applicable to All FTC Privacy Act Systems of Records), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 83 FR 55541, 55542-55543 (Nov. 6, 2018).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are stored in electronic record systems and temporary paper printouts.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Indexed by employee name.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Employee training records are generally retained according to General Records Schedule (GRS) 2.6, issued by the National Archives and Records Administration.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Access is restricted to agency personnel or contractors whose responsibilities require access. Paper records are maintained in lockable rooms or file cabinets. Access to electronic records is controlled by “user ID” and password combination and/or other appropriate electronic access and network controls (e.g., firewalls). FTC buildings are guarded and monitored by security personnel, cameras, ID checks, and other physical security measures.

RECORD ACCESS PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

CONTESTING RECORD PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

NOTIFICATION PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

75 FR 52749-52751 (August 27, 2010)

73 FR 33591-33634 (June 12, 2008).

SYSTEM NAME AND NUMBER:

Staff Time and Activity Reporting (STAR) System-FTC (FTC-II-13).

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Financial Management Office, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580. For other locations where records may be maintained or accessed, see Appendix III (Locations of FTC Buildings and Regional Offices), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 80 FR 9460, 9465 (Feb. 23, 2015).

SYSTEM MANAGER(S):

Chief Financial Officer, Financial Management Office, Office of the Executive Director, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580, email: SORNs@ftc.gov.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

31 U.S.C., subtitle III, chapter 35; 31 U.S.C. 1104, 1105, and 1115; 5 U.S.C. 306; OMB Circular A-11; OMB Bulletin 97-01.

PURPOSE(S) OF THE SYSTEM:

To track the time spent by FTC staff on individual investigations, projects, and other activities of the agency and to compare expended staff time against statutory mandates and FTC policy; to generate program and performance information for annual budget submissions, Government Performance and Results Act (GPRA) plans and reports, and agency financial statements that are provided to Congress, the Office of Management and Budget (OMB), the Commission, and others.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Current and former FTC employees.

CATEGORIES OF RECORDS IN THE SYSTEM:

Employee names; staff time reported in hours, by mission, organization, and specific FTC matter, activity, or program.

RECORD SOURCE CATEGORIES:

FTC employees and consultants, including staff responsible for STAR data entry, STAR coordinators, STAR administrative officers, STAR approving officials, and STAR administrators.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

Records in this system may be disclosed to or shared with Congress, OMB, or others where relevant and necessary in connection with annual budget submissions, GPRA plans and reports, and agency financial statements.

For other ways that the Privacy Act permits the FTC to use or disclose Start Printed Page 16353system records outside the agency, see Appendix I (Authorized Disclosures and Routine Uses Applicable to All FTC Privacy Act Systems of Records), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 83 FR 55541, 55542-55543 (Nov. 6, 2018).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Data are stored in an electronic database. Paper may be used for inputs and paper

printouts generated by the database. Records are stored either on site or at an off-site managed information storage facility.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Indexed by employee name and by various codes for mission, organization and specific FTC matter, activity, or program.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records are retained in accordance with the National Archives and Records Administration's General Records Schedule 5.7.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

For records other than those made public, access is restricted to agency personnel or contractors whose responsibilities require access. Paper records are maintained in lockable rooms or file cabinets. Access to electronic records is controlled by “user ID” and password combination and/or other appropriate electronic access or network controls (e.g., firewalls). FTC buildings are guarded and monitored by security personnel, cameras, ID checks, and other physical security measures.

RECORD ACCESS PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

CONTESTING RECORD PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

NOTIFICATION PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

73 FR 33591-33634 (June 12, 2008).

SYSTEM NAME AND NUMBER:

Travel Management System—FTC (FTC-III-2).

SECURITY CLASSIFICATION:

Not applicable.

SYSTEM LOCATION:

Financial Management Office, Federal Trade Commission, 600 Pennsylvania Ave. NW, Washington, DC 20580. This system of records is principally operated and maintained off-site for the FTC under an interagency agreement with the Department of the Treasury's Administrative Resource Center, which is part of the Bureau of Fiscal Services, although this system is also intended to include any miscellaneous official FTC travel data that may be maintained on-site by individual FTC offices and retrieved by name or other personally assigned identifier about individuals on official FTC travel. For other locations where records may be maintained or accessed, see Appendix III (Locations of FTC Buildings and Regional Offices), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 80 FR 9460, 9465 (Feb. 23, 2015).

SYSTEM MANAGER(S):

Chief Financial Officer, Financial Management Office, Federal Trade Commission, 600 Pennsylvania Ave. NW, Washington, DC 20580, email: SORNs@ftc.gov.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

31 U.S.C. 3511, 3512 and 3523; 5 U.S.C. Chapter 57; and implementing Federal Travel Regulations (41 CFR parts 301-304).

PURPOSE(S) OF THE SYSTEM:

To plan, authorize, arrange, process and manage official FTC travel; to maintain records on individuals who are current FTC employees on travel and individuals being provided travel by the Government; to obtain travel authorizations; to prepare and submit local travel vouchers; to generate travel expense reports; and to enable travel agents who are under contract to the Federal government to issue and account for travel provided to individuals.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

FTC employees or other individuals (e.g., witnesses) who travel on official business; FTC administrative staff who perform administrative tasks in the system on behalf of traveling employees or other individuals; and FTC supervisors who approve travel plans for employees or others.

CATEGORIES OF RECORDS IN THE SYSTEM:

Names, Social Security numbers, home and/or business phone numbers, home and/or business addresses, vendor ID numbers, email addresses, emergency contact information (names, addresses, and phone numbers), and credit card information (personal and/or government-issued). For traveling FTC employees or other individuals (e.g., witnesses) only, additional data may be maintained, such as passport numbers (for international travelers), frequent flyer or other rewards membership numbers, and trip-specific information (travel dates, flight numbers, destinations, accommodations, vehicle rental, miscellaneous expenses claimed).

Other types of records covered by this system are set out in the Department of Treasury's Treasury.009 (Treasury Financial Management Systems), and the General Services Administration's (GSA) separate government-wide Privacy Act system of records notice applicable to this system, GSA/GOVT-4, or any successor system notice for this system.

RECORD SOURCE CATEGORIES:

Traveling employees or other individuals (e.g., witnesses), FTC administrative staff, FTC supervisors, credit card companies and travel service providers.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

(1) For any routine use noted in the GSA Privacy Act system of records notice applicable to this system, GSA/GOVT-4, or any successor system notice for this system.

For other ways that the Privacy Act permits the FTC to use or disclose system records outside the agency, see Appendix I (Authorized Disclosures and Routine Uses Applicable to All FTC Privacy Act Systems of Records), available on the FTC's website at Start Printed Page 16354 https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 83 FR 55541, 55542-55543 (Nov. 6, 2018).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Data are entered into system database by traveling individuals and/or administrative staff through system website and stored electronically; temporary paper printouts. Miscellaneous travel data maintained by individual FTC offices are stored in electronic files on secured agency servers.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Indexed by individual name and travel order number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

See National Archives and Records Administration's General Records Schedules 1.1, 2.2 and 5.1.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Access is restricted to agency personnel or contractors whose responsibilities require access. Paper records are maintained in lockable rooms or file cabinets. Access to electronic records is controlled by “user ID” and password combination and/or other appropriate electronic access or network controls (e.g., firewalls). FTC buildings are guarded and monitored by security personnel, cameras, ID checks, and other physical security measures. See GSA/GOVT-4 for additional safeguards applicable to electronic records in this system.

RECORD ACCESS PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

CONTESTING RECORD PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

NOTIFICATION PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

82 FR 50872-50882 (November 2, 2017);

75 FR 52749-52751 (August 27, 2010);

73 FR 33591-33634 (June 12, 2008).

SYSTEM NAME AND NUMBER:

Financial Management System—FTC (FTC-III-3).

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Financial Management Office, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580. This system of records is principally operated and maintained off-site for the FTC under interagency agreement with the Department of the Treasury's Administrative Resource Center (ARC), which is part of the Bureau of Fiscal Services.

For other locations where records may be maintained or accessed, see Appendix III (Locations of FTC Buildings and Regional Offices), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 80 FR 9460, 9465 (Feb. 23, 2015).

SYSTEM MANAGER(S):

(1) Chief Financial Officer, Financial Management Office, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580, email: SORNs@ftc.gov;

(2) The following system manager has overall responsibility for the Federal Financial System: Fiscal Accounting, Assistant Commissioner, Department of the Treasury's Administrative Resource Center (ARC).

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S.C. 4111(b), 5514, 5701 et seq.; 26 U.S.C. 6103(m); 31 U.S.C. 3512, 3711, 3716; 41 CFR parts 301-304; U.S. Treasury Financial Manual.

PURPOSE(S) OF THE SYSTEM:

To perform core accounting functions, which includes but is not limited to supporting and documenting expenses incurred in the performance of official agency duties; to bill and follow-up; to pay creditors; to account for goods and services received; to account for funds paid and received; and to process travel authorizations and claims.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Employees who claim reimbursement from the FTC for travel or other reimbursable expenses personally incurred; individuals doing business as sole proprietors; and individuals who are reimbursed by the FTC for travel or other miscellaneous expenses.

CATEGORIES OF RECORDS IN THE SYSTEM:

For current and former FTC employees, records include names, home addresses, employee supplier numbers, Social Security numbers, banking account numbers for electronic fund transfer payments, invoices and claims for reimbursements.

For non-employee individuals and sole proprietors, records include names, home or business addresses, Social Security numbers, banking account numbers for electronic fund transfer payments, invoices and claims for reimbursement. Records in this system are subject to the Privacy Act only to the extent, if any, they are about an individual within the meaning of the Act, and not if they are about a business or other non-individual.

The FTC system is also covered by the system notice published by the ARC for this system, Treasury.009 (Treasury Financial Management Systems), or any successor system notice published by ARC for this system.

RECORD SOURCE CATEGORIES:

Employees and former employees seeking reimbursement from the FTC for expenses personally incurred, vendor as a corporate entity or federal agency, individual vendor (e.g., sole proprietors), and individual point of contact for a vendor.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

Records in this system:

(1) May be disclosed for any routine use noted in the Department of Treasury Privacy Act system of records notice applicable to their system, Treasury.009 (Treasury Financial Management Systems, or any successor system notice for this system; and

(2) To the extent they pertain to FTC acquisition activities, may be transmitted or disclosed to the General Service Administration's Federal Procurement Data System, a central repository for statistical information on Government contracting, for purposes of providing public access to Government-wide data about agency contract actions.Start Printed Page 16355

For other ways that the Privacy Act permits the FTC to use or disclose system records outside the agency, see Appendix I (Authorized Disclosures and Routine Uses Applicable to All FTC Privacy Act Systems of Records), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 83 FR 55542-55543 (Nov. 6, 2018).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Stored on magnetic disks and tape and on paper.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are retrievable electronically, and are indexed or indexable by virtually any data field available (see record categories above).

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records are retained in accordance with the applicable National Archives and Records Administration schedules, including GRS 1.1, Item 10. Most records are destroyed 6 years after final payment or cancellation, but longer retention is authorized if required for business use.

RECORD ACCESS PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

CONTESTING RECORD PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

NOTIFICATION PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

80 FR 9460-9465 (February 23, 2015)

73 FR 33591-33634 (June 12, 2008).

SYSTEM NAME AND NUMBER:

Automated Acquisitions System-FTC (FTC-III-4).

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580. This system of records is principally operated and maintained off-site for the FTC under interagency agreement with the Department of the Treasury's Administrative Resource Center (ARC), which is part of the Bureau of Fiscal Services.

For other locations where records may be maintained or accessed, see Appendix III (Locations of FTC Buildings and Regional Offices), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 80 FR 9460, 9465 (Feb. 23, 2015).

SYSTEM MANAGER(S):

Chief, Acquisitions Branch, Financial Management Office, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580, email: SORNs@ftc.gov.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

31 U.S.C. 3512; 41 U.S.C. 401 et seq.; Federal Acquisition Regulation, 48 CFR.

PURPOSE(S) OF THE SYSTEM:

To manage the work and fulfillment process for the procurement (acquisition) of goods and services by the FTC, and provide short-term electronic storage of FTC procurement records; to help prepare agency financial reports.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Current or former agency vendors, if any, who are “individuals” within the meaning of the Privacy Act; FTC staff who have requisitioned goods or services; FTC authorizing officials; FTC staff who are on the routing list for the requisition.

CATEGORIES OF RECORDS IN THE SYSTEM:

Name of vendor; business address, business telephone, tax identification number (i.e., employer identification number or Social Security number), and bank routing and account number(s); supporting documents and related correspondence from active contracts and also from pending contracts prior to formal acceptance; name, phone or other administrative point-of-contact information for FTC staff involved in the requisition. Records in this system are subject to the Privacy Act only to the extent, if any, they are about an individual within the meaning of the Act, and not if they are about a business or other non-individual.

The FTC system is also covered by the system notice published by the government-wide GSA/GOVT-10 (Federal Acquisition Regulation (FAR) Data Collection System), or any successor system notice published for this system.

RECORD SOURCE CATEGORIES:

Vendors, FTC staff who requisition goods or services.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

Records in this system pertaining to FTC acquisition activities may be transmitted or disclosed to the General Service Administration's Federal Procurement Data System, a central repository for statistical information on Government contracting, for purposes of providing public access to Government-wide data about agency contract actions.

For other ways that the Privacy Act permits the FTC to use or disclose system records outside the agency, see Appendix I (Authorized Disclosures and Routine Uses Applicable to All FTC Privacy Act Systems of Records), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 83 FR 55542-55543 (Nov. 6, 2018).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Data entered and stored in a structured electronic database using a commercial software application. Paper may be used for inputs and paper printouts generated by the database. Records are stored either on site or at an off-site managed information storage facility.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Indexed by requisition number, contract number, vendor name and number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records are retained and destroyed in accordance with General Records Schedule (GRS) 1.1. Inputs, outputs, and ad hoc reports are covered by GRS 5.2, item 020, and can be destroyed upon verification of successful creation of the final document or file, or when no longer needed for business use, whichever is later.Start Printed Page 16356

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Access is restricted to agency personnel or contractors whose responsibilities require access. Paper records are maintained in lockable rooms or file cabinets. Access to electronic records is controlled by “user ID” and password combination and/or other network access or security controls (e.g., firewalls). FTC buildings are guarded and monitored by security personnel, cameras, ID checks, and other physical security measures. This system is also subject to periodic internal reviews and annual audits by the FTC Office of the Inspector General.

RECORD ACCESS PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

CONTESTING RECORD PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

NOTIFICATION PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

73 FR 33591-33634 (June 12, 2008).

SYSTEM NAME AND NUMBER:

National Do Not Call Registry System—FTC (FTC-IV-3).

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580. System database is maintained and operated off-site by a contractor. For other locations where records may be maintained or accessed, see Appendix III (Locations of FTC Buildings and Regional Offices), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 80 FR 9460, 9465 (Feb. 23, 2015).

SYSTEM MANAGER(S):

National Do Not Call Registry Program Manager, Division of Consumer Response and Operations, Bureau of Consumer Protection, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580, email: SORNs@ftc.gov.

See Treasury/FMS.017 for the system manager and address of the www.pay.gov system.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Federal Trade Commission Act, 15 U.S.C. 41 et seq., Telemarketing and Consumer Fraud and Abuse Prevention Act, 15 U.S.C. 6101-6108; Do-Not-Call Implementation Act, Pub. L. 108-10 (2003); Do-Not-Call Improvement Act of 2007, Pub. L. 110-187 (2008); Do-Not-Call Registry Fee Extension Act of 2007, Pub. L. 110-188 (2008).

PURPOSE(S) OF THE SYSTEM:

To maintain records of the telephone numbers of individuals who do not wish to receive telemarketing calls; to disclose such records to telemarketers, sellers, and their agents in order for them to reconcile their do-not-call lists with the Registry and comply with the do-not-call provisions of the Commission's Telemarketing Sales Rule, 16 CFR part 310; to enable the Commission and other law enforcement officials to determine whether a company is complying with the Rule; to provide statistical data that may lead to or be incorporated into law enforcement investigations and litigation; or for other law enforcement, regulatory or informational purposes. Information submitted by or compiled on telemarketers, sellers, and their agents is used for purposes of fee collection, authorizing their access to the system, and related purposes and uses as described in this notice.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals who notify the Commission that they do not wish to receive telemarketing calls. Individually identifiable information (e.g., name, email address) that telemarketers, sellers, or their agents must submit when paying for and obtaining access to the system is covered by this system only to the extent, if any, that such information is “about [the] individual” within the meaning of the Privacy Act, and is not about the telemarketer, seller, or agent acting in a non-individual business capacity.

CATEGORIES OF RECORDS IN THE SYSTEM:

Telephone numbers of individuals who do not wish to receive telemarketing calls; information automatically generated by the system, including date and/or time that the telephone number was placed on or removed from the Registry; and other information that the individual may be asked to provide voluntarily (such as email address, if the individual registers through the National Do Not Call Registry website). Telemarketers, sellers, and their agents are also required to submit information to pay for and obtain authorized access to the system, including the names of, or other identifiers that may be associated with, individuals (e.g., name of contact person, name of the person to whom the credit card is issued, email address, etc.). Such information is part of this FTC system of records only to the extent, if any, that such information is maintained in the FTC's records and is “about [the] individual” within the meaning of the Privacy Act, and not about a telemarketer, seller, or agent acting in a non-individual business capacity.

Otherwise, user fee payment data from telemarketers, sellers, and their agents required to participate in the National Do Not Call Registry are principally collected and maintained on behalf of the Government by the www.pay.gov website operated by the Department of Treasury Financial Management Service (FMS). Those data are covered by the applicable system notice published by Treasury/FMS, Treasury/FMS.017 (Collections Records), and any successor system notice that may be published for that system

RECORD SOURCE CATEGORIES:

Individuals who inform the Commission through the procedures established by the Commission that they do not wish to receive telemarketing calls. Some records may come from do-not-call lists that some states or organizations separately maintain. Record sources for this system may also include telemarketers, sellers, and agents, but only to the extent, if any, that they are “individuals” within the meaning of the Privacy Act.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

(1) Telephone numbers, but not any email addresses, submitted by individuals may be made available or Start Printed Page 16357referred on an automatic or other basis to telemarketers, sellers, and their agents for the purpose of determining or verifying that an individual does not wish to receive telemarketing calls;

(2) Information submitted by or compiled on telemarketers, sellers, and their agents may be used and disclosed to other Federal, state, or local government authorities for payment or billing purposes, including referral to debt collection agencies or other governmental entities for collection, tax reporting, or other related purposes. Information that is submitted by or compiled on telemarketers, sellers, and their agents and that is incorporated into the www.pay.gov system shall also be subject to routine uses, if any, that may be separately published for that system, Treasury/FMS.017 (Collections Records), or any successor system notice for that system.

For other ways that the Privacy Act permits the FTC to use or disclose system records outside the agency, see Appendix I (Authorized Disclosures and Routine Uses Applicable to All FTC Privacy Act Systems of Records), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 83 FR 55542-55543 (Nov. 6, 2018).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records in the system are collected and maintained by an off-site FTC contractor in an electronic database with Web-based access subject to strict security controls (see “Safeguards” below).

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Indexed by area code and phone number of individuals who have informed the Commission that they do not wish to receive telemarketing calls. May also be retrieved by other data, if any, compiled or otherwise maintained with the record. For information submitted by or compiled on telemarketers, sellers, or their agents, records may be indexed and retrieved by any category of data that is submitted by or compiled on such telemarketers, sellers, or agents.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Information is retained until the individual requests deletion of their information from the system or when the agency determines it no longer has a business need for the data. Disposition is in accordance with applicable records schedules issued or approved by the National Archives and Records Administration (GRS 5.2, item 020 Intermediary records) and in accordance with agency electronic data deletion procedures. The retention and destruction of payment data collected from telemarketers, sellers, and their agents by Treasury's FMS is described in the system notice for the www.pay.gov system, Treasury/FMS.017.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Access is generally restricted to those agency personnel, contractors and other law enforcement users subject to confidentiality agreements whose responsibilities require access, or to approved telemarketers, sellers, and their agents. Electronic access is subject to login ID, password, and other electronic access and security controls (e.g., firewalls). Contractors are required to sign confidentiality and nondisclosure agreements.

RECORD ACCESS PROCEDURES:

To request access to any information maintained with your registration that is not available to you through the automated dial-in system or the designated website described in the notification procedures above, you must submit your request in writing. See Appendix II for details. The same access procedure applies to the extent, if any, that the Privacy Act applies to information submitted by or compiled on telemarketers, sellers, or their agents, where that information is not made available for review or amendments when the telemarketer, seller, or agent accesses the system.

CONTESTING RECORD PROCEDURES:

Where an individual believes the system has erroneously recorded or omitted information that is collected and maintained by the system, the individual will be afforded the opportunity to register, change, or delete that information after the automated system identifies and verifies the telephone number from which the individual is calling, if the individual is using the designated website, or the individual provides other identifying information, if requested by the automated system. To contest the accuracy of any other information that is not accessible to the individual through the automated dial-in system or website as described in the “Notification procedures” section above, the request must be submitted to the FTC in writing. See Appendix II for details. The same written request requirement applies to telemarketers, sellers, or their agents (to the extent, if any, that they are “individuals” within the meaning of the Privacy Act) when seeking to contest the accuracy of system information maintained on them, except for system information, if any, that can be contested or corrected through the automated system.

NOTIFICATION PROCEDURES:

To obtain notification of whether the system contains a record pertaining to that individual (i.e., the individual's telephone number), individuals use a dial-in system or a designated website that will enable the identification and verification of their telephone numbers. Individuals filing written requests pursuant to 16 CFR 4.13 will be acknowledged and directed to use those automated systems. To the extent, if any, that the Privacy Act applies to information submitted by or compiled on telemarketers, sellers, or their agents, the system provides notice (i.e., confirms) that the system is maintaining such information when an individual accesses the system using the account number that was previously assigned to the telemarketer, seller, or agent at the time that entity originally entered information into the system to establish the relevant account.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

74 FR 17863-17866 (April 17, 2009)

73 FR 33591-33634 (June 12, 2008).

SYSTEM NAME AND NUMBER:

Computer Systems User Identification and Access Records-FTC (FTC-VII-3).

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580.

For other locations where records may be maintained or accessed, see Appendix III (Locations of FTC Buildings and Regional Offices), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 80 FR 9460, 9465 (Feb. 23, 2015).

SYSTEM MANAGER(S):

Core Engineering and ISSO Services Program Manager, Office of the Chief Information Officer, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580, email: SORNs@ftc.gov.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Federal Trade Commission Act, 15 U.S.C. 41 et seq.; Federal Information Start Printed Page 16358Security Management Act of 2002, Pub. L. 107-347, Title III.

PURPOSE(S) OF THE SYSTEM:

To monitor usage of computer systems; to support server and desktop hardware and software; to ensure the availability and reliability of the agency computer facilities; to help document and/or control access to various computer systems; to audit, log, and alert responsible FTC personnel when certain personally identifying information is accessed in specified systems; to prepare budget requests for automated services; to identify the need for and to conduct training programs, which can include the topics of information security, acceptable computer practices, and FTC information security policies and procedures; to monitor security on computer systems; to add and delete users; to investigate and make referrals for disciplinary or other action if improper or unauthorized use is suspected or detected.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Commission employees and others (e.g., contractors) with access to FTC computer systems, including various system platforms, applications, and databases (e.g., Outlook, Business Objects, Oracle, Redress, STAFFID, CIS, etc.), operated by the FTC or by a contractor for the FTC.

CATEGORIES OF RECORDS IN THE SYSTEM:

This Privacy Act system consists of the login and other user identification and access records that FTC computer systems routinely compile and maintain about users of those systems. These records include user data such as: user name; email address; employee or other user identification number; organization code; systems or services to which the individual has access; systems and services used; amount of time spent using each system; number of usage sessions; and user profile. These system records include log-in, passphrase, and other system usage files and directories when they contain data on specific users. Many FTC computer systems collect and maintain additional information, other than system use data, about individuals inside and outside the FTC. See a complete list of FTC Privacy Act systems on the FTC's website, http://www.ftc.gov/​foia/​listofpaysystems.shtm,, to learn about other categories of information collected and maintained about individuals in the FTC's computer systems.

RECORD SOURCE CATEGORIES:

Individual about whom record is maintained; internal and external information systems that record usage.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

Records in this system may be disclosed to contractors in connection with developing, maintaining, operating or servicing FTC computerized systems.

For other ways that the Privacy Act permits the FTC to use or disclose system records outside the agency, see Appendix I (Authorized Disclosures and Routine Uses Applicable to All FTC Privacy Act Systems of Records), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 83 FR 55542-55543 (Nov. 6, 2018).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Electronic and paper records.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Indexed by individual's name; employee identification number; and organization code, or other searchable data fields or codes.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records are retained according to GRS 3.2, item 030, and are destroyed when business use ceases.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Access is restricted to agency personnel and contractors whose responsibilities require access. Paper records, if any, maintained in lockable rooms or file cabinets. Access to electronic records is controlled by “user ID” and passphrase combination and/or other appropriate electronic access or network controls (e.g., firewalls). FTC buildings are guarded and monitored by security personnel, cameras, ID checks, and other physical security measures.

RECORD ACCESS PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

CONTESTING RECORD PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

NOTIFICATION PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

80 FR 9460-9465 (February 23, 2015)

74 FR 17863-17866 (April 17, 2009)

73 FR 33591-33634 (June 12, 2008).

SYSTEM NAME AND NUMBER:

Call Detail Records-FTC (FTC-VII-4).

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580.

For other locations where records may be maintained or accessed, see Appendix III (Locations of FTC Buildings and Regional Offices), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 80 FR 9460, 9465 (Feb. 23, 2015).

SYSTEM MANAGER(S):

Core Engineering and ISSO Services Program Manager, Office of the Chief Information Officer, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580, email: SORNs@ftc.gov.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Federal Trade Commission Act, 15 U.S.C. 41 et seq.

PURPOSE(S) OF THE SYSTEM:

To manage agency telecommunications resources; to monitor appropriate use of such resources; to detect and deter possible improper or unauthorized use of such resources; in cases where such use is detected, to determine whether disciplinary or other action, assessment, charge, or referral is warranted; to determine appropriate types and levels of service that should be available to agency staff; and to review and authorize payment of telecommunications invoices.Start Printed Page 16359

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

FTC personnel, consultants, and contractors assigned office telephones, cell phones, telephone calling cards, pagers or other telecommunications resources.

CATEGORIES OF RECORDS IN THE SYSTEM:

Name, office telephone number, cell phone number, telephone calling card number, pager number, originating telephone number, telephone numbers called, length of telephone calls, cost of telephone calls.

RECORD SOURCE CATEGORIES:

Telephone assignment records; computer software that captures telephone call information and permits query and reports generation; logs, reports, or other service records that the FTC may receive from telecommunications service providers.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

Records in this system may be disclosed:

(1) To a telecommunications company and/or the General Services Administration when providing the FTC with telecommunications support in order to verify billing or perform other servicing to the account; and

(2) To respond to a Federal agency's request made in connection with the hiring or retention of an employee, the letting of a contract or issuance of a grant, license or other benefit by the requesting agency, but only to the extent that the information disclosed is relevant and necessary to the requesting agency's decision on the matter.

For other ways that the Privacy Act permits the FTC to use or disclose system records outside the agency, see Appendix I (Authorized Disclosures and Routine Uses Applicable to All FTC Privacy Act Systems of Records), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 83 FR 55542-55543 (Nov. 6, 2018).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Maintained in paper and/or other digital or non-digital formats.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Indexed by office telephone number, cell phone number, pager number, or telephone calling card number, or individual's name.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

See National Archives and Records Administration General Records Schedule 3.1, item 020, regarding information technology operations and maintenance records which are destroyed three years after project completion, but longer retention is authorized if required for business use. See GRS 5.5, item 20, regarding mail, printing, and telecommunication services control records that are retained for one year, but longer retention is authorized if required for business use.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Access is restricted to agency and contractor personnel whose official responsibilities require access. Paper records are maintained in lockable cabinets or offices. Access to electronic records is protected by “user ID” and password combination and/or other electronic access and network controls (e.g., firewalls). FTC buildings are guarded and monitored by security personnel, cameras, ID checks, and other physical security measures.

RECORD ACCESS PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

CONTESTING RECORD PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

NOTIFICATION PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

80 FR 9460-9465 (February 23, 2015)

74 FR 17863-17866 (April 17, 2009)

73 FR 33591-33634 (June 12, 2008).

SYSTEM NAME AND NUMBER:

Property Management System-FTC (FTC-VII-5).

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580.

For other locations where records may be maintained or accessed, see Appendix III (Locations of FTC Buildings and Regional Offices), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 80 FR 9460, 9465 (Feb. 23, 2015).

SYSTEM MANAGER(S):

Director, Administrative Services Office, Office of the Executive Director, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580, email: SORNs@ftc.gov.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Federal Trade Commission Act, 15 U.S.C. 41 et seq.; Federal Property and Administrative Services Act of 1949; Pub. L. 84-863 (1956).

PURPOSE(S) OF THE SYSTEM:

To maintain and control physical resources, including to document the assignment to and acknowledgment of individual responsibility for such resources; to conduct routine and periodic maintenance on equipment; to maintain, confirm, and audit an inventory of physical resources.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Past and present Commission employees or others assigned responsibility for Commission physical resources.

CATEGORIES OF RECORDS IN THE SYSTEM:

Name of individual; employee or other identification number; property item assigned to individual; equipment maintenance information. This system also includes miscellaneous property management records pertaining to individuals assigned specific items of agency property, such as property passes or acknowledgment forms completed and signed by individuals.

RECORD SOURCE CATEGORIES:

Individual responsible for the equipment and staff responsible for maintaining the equipment.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

Records in this system may be disclosed to contractors in connection Start Printed Page 16360with surveying, maintaining, or otherwise servicing or tracking agency physical resources.

For other ways that the Privacy Act permits the FTC to use or disclose system records outside the agency, see Appendix I (Authorized Disclosures and Routine Uses Applicable to All FTC Privacy Act Systems of Records), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 83 FR 55542-55543 (Nov. 6, 2018).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Electronic and paper records.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Indexed by employee name, employee identification number, and assigned organization.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

The applicable retention schedules are National Archives and Records Administration (NARA) General Records Schedules (GRS) 5.4 and 5.6. Retention periods can vary from 3 months to 3 years, depending on the record. At the FTC, records are generally retained for the life of the physical resource.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Access is restricted to agency personnel or contractors whose responsibilities require access. Paper records are maintained in lockable rooms or file cabinets. Access to electronic records is controlled by “user ID” and password combination and/or other appropriate electronic access and network controls (e.g., firewalls). FTC buildings are guarded and monitored by security personnel, cameras, ID checks, and other physical security measures.

RECORD ACCESS PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

CONTESTING RECORD PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

NOTIFICATION PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

73 FR 33591-33634 (June 12, 2008).

SYSTEM NAME AND NUMBER:

Information Technology Service Ticket System-FTC (FTC-VII-7).

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580. System data are currently maintained off-site by an FTC contractor.

For other locations where records may be maintained or accessed, see Appendix III (Locations of FTC Buildings and Regional Offices), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 80 FR 9460, 9465 (Feb. 23, 2015).

SYSTEM MANAGER(S):

Core Engineering and ISSO Services Program Manager, Office of the Chief Information Officer, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580, email: SORNs@ftc.gov.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Federal Trade Commission Act, 15 U.S.C. 41 et seq.

PURPOSE(S) OF THE SYSTEM:

To register, track and control usage of office telephones, cell telephones and other telecommunication devices by individual users; to record the receipt of requests for information technology (IT) service by the FTC's enterprise service desk (i.e., help desk) and the actions taken to resolve those requests; to provide agency management with information identifying trends in questions and problems for use in managing the Commission's hardware and software resources. The FTC's help desk, currently operated by a contractor, generates and maintains these records (“service tickets”) in the course of fulfilling requests or orders to create or close email and other network accounts when an individual begins or ends employment at the FTC, to answer questions or provide assistance when FTC staff have problems with computer or network access or other FTC IT equipment or software issues, etc.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

FTC employees, contractors or other authorized individuals who have requested service related to the automated information technology equipment and systems available to the FTC staff (e.g., computers, laptops, etc.).

CATEGORIES OF RECORDS IN THE SYSTEM:

FTC personnel, consultants, and contractors assigned office telephones, cell phones, or other telecommunications resources; name of requesting individual, organization code, telephone number, date of reported problem, nature of problem, and action taken to resolve problem.

RECORD SOURCE CATEGORIES:

Individual about whom the record is maintained and staff who responded to the request for service.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

Records in this system may be compiled and used by the FTC's contractors to track and fulfill IT service requests. For other ways that the Privacy Act permits the FTC to use or disclose system records outside the agency, see Appendix I (Authorized Disclosures and Routine Uses Applicable to All FTC Privacy Act Systems of Records), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 83 FR 55542-55543 (Nov. 6, 2018).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Data are entered and stored in the system electronically by the FTC's help desk contractor using proprietary software in a structured database.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Indexed by employee name and tracking number assigned to each service request.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records are retained according to GRS 5.8 and are destroyed 1 year after resolved, or when no longer needed for business use, whichever is appropriate.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Access is restricted to agency personnel and contractors whose Start Printed Page 16361responsibilities require access. Electronic access to FTC records in the contractor's database is provided via the internet, using unique IDs and password combinations, and can be accessed only from internet Protocol (IP) addresses belonging to the FTC. When not in use, access automatically “times out” (cuts off) after 30 minutes. The contractor's servers have firewalls and intrusion detection, and are maintained in locked rooms secured with electronic card access.

RECORD ACCESS PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

CONTESTING RECORD PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

NOTIFICATION PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

80 FR 9460‐9465 (February 23, 2015)

73 FR 33591-33634 (June 12, 2008).

SYSTEM NAME AND NUMBER:

Administrative Service Call System-FTC (FTC-VII-8).

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580.

For other locations where records may be maintained or accessed, see Appendix III (Locations of FTC Buildings and Regional Offices), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 80 FR 9460, 9465 (Feb. 23, 2015).

SYSTEM MANAGER(S):

Chief Administrative Services Officer, Administrative Services Office, Office of the Executive Director, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580, email: SORNs@ftc.gov.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Federal Trade Commission Act, 15 U.S.C. 41 et seq.

PURPOSE(S) OF THE SYSTEM:

To record the receipt of requests for service and the actions taken to resolve those requests; to provide agency management with information identifying trends in questions and problems for use in managing the Commission's office space, furniture, or other physical resources and property.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Current and former FTC employees, contractors, or other authorized individuals who request or previously requested service related to FTC building maintenance and administrative support services.

CATEGORIES OF RECORDS IN THE SYSTEM:

Records include name of requesting individual, organization code, telephone number, date of reported problem, nature of problem, and action taken to resolve problem.

RECORD SOURCE CATEGORIES:

Individual about whom the record is maintained and staff who responded to the request for service.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

Records in this system may be disclosed to FTC contractors as needed for purposes of fulfilling service requests. For other ways that the Privacy Act permits the FTC to use or disclose system records outside the agency, see Appendix I (Authorized Disclosures and Routine Uses Applicable to All FTC Privacy Act Systems of Records), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 83 FR 55542-55543 (Nov. 6, 2018).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Service call records are maintained in an electronic database using a commercial software application. Work orders are generated from these records and printed out.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Indexed by name of requesting individual and tracking number assigned to each service request.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records are retained according to GRS 5.8 and are destroyed 1 year after resolved, or when no longer needed for business use, whichever is appropriate.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Access is restricted to agency personnel or contractors whose responsibilities require access. Access to electronic records is controlled by “user ID” and password combination and/or other appropriate electronic access and network controls (e.g., firewalls). FTC buildings are guarded and monitored by security personnel, cameras, ID checks, and other physical security measures.

RECORD ACCESS PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

CONTESTING RECORD PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

NOTIFICATION PROCEDURES:

See § 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For additional guidance, see also Appendix II (How To Make A Privacy Act Request), available on the FTC's website at https://www.ftc.gov/​about-ftc/​foia/​foia-reading-rooms/​privacy-act-systems and at 73 FR 33592, 33634 (June 12, 2008).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

73 FR 33591-33634 (June 12, 2008).