AGENCY:

Federal Communications Commission.

ACTION:

Notice of a new system of records.

SUMMARY:

The Federal Communications Commission (FCC or Commission or Agency) proposes to add a new system of records, FCC/WCB-4, Consumer Challenge Process, to its inventory of records systems subject to the Privacy Act of 1974, as amended. This action is necessary to meet the requirements of the Privacy Act to publish in the Federal Register notice of the existence and character of records maintained by the Agency. The FCC maintains programs that require Start Printed Page 13546telecommunication providers and carriers (Participants) to report service coverage or locations eligible for support to the FCC, such as the FCC's Digital Opportunity Data Collection (DODC) and the Universal Service Fund (USF) Eligible Location Adjustment Process (ELAP). Under these programs, consumers and third parties (collectively, Stakeholders) may challenge the service coverage or number of locations eligible for support (eligible locations) reported by Participants. The Consumer Challenge Process system of records contains personally identifiable information (PII) submitted by individuals, or third parties on behalf of individuals, needed to establish eligibility to challenge the accuracy of Participants' submissions, provide sufficient information for Participants to respond to a challenge, and create accurate maps of Participant coverage or eligible locations. To establish eligibility, prospective Stakeholders who are individuals must submit certain PII that will be used to verify their identities and their interest in receiving services from a Participant in the relevant geographic area, i.e., the coverage area for DODC, or the Participant's supported areas for ELAP. In certain programs, the PII will also be used to establish that the Stakeholders do not hold a controlling interest in a competitor. Once verified, Stakeholders may submit additional PII to establish that specific geolocations are eligible locations, such as evidence verifying ownership or occupancy of a location. Participation in any Consumer Challenge Process is voluntary.

DATES:

This system of records will become effective on March 9, 2021. Written comments on the routine uses are due by April 8, 2021. The routine uses will become effective on April 8, 2021, unless written comments are received that require a contrary determination.

ADDRESSES:

Send comments to Margaret Drake at privacy@fcc.gov or at Federal Communications Commission, 45 L Street NE, Washington, DC 20554 at 202-418-1707.

FOR FURTHER INFORMATION CONTACT:

Margaret Drake, 202-418-1707, or privacy@fcc.gov (and to obtain a copy of the Narrative Statement that includes details of this proposed new system of records).

SUPPLEMENTARY INFORMATION:

Depending on the program, the FCC or the Universal Service Administrative Company, in conjunction with and under the supervision of the FCC, will collect and maintain documentation in the system of records to verify the identity and eligibility of certain individuals to participate as Stakeholders in the process, including information that may link individuals to particular properties and/or commercial interests (e.g., geolocation coordinates, billing information).

SYSTEM NAME AND NUMBER:

FCC/WCB-3, Consumer Challenge Process.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION(S):

Federal Communications Commission (FCC), 45 L Street NE, Washington, DC 20554; and Universal Service Administrative Company (USAC), 700 12th Street NW, Suite 900, Washington, DC 20005.

SYSTEM MANAGER(S):

The FCC and, in some cases, USAC on behalf of and under the supervision of the FCC.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

47 U.S.C. 151-154, 254; 47 CFR Sections 0.91, 0.291, 1.11.427, 54.310; Connect America Fund, WC Docket No. 10-90 et al., Order on Reconsideration, 33 FCC Rcd 1380, 1390-92, paras. 23-28 (2018); Connect America Fund, WC Docket No. 10-90, 34 FCC Rcd 10395 (2019); 47 U.S.C. 641-646; Establishing the Digital Opportunity Data Collection, WC Docket No. 19-195.

PURPOSE(S) OF THE SYSTEM:

The Consumer Challenge Process system contains information to facilitate challenges to (1) Participant service reports under the DODC or other Commission adjustment programs, on a state-by-state basis, and (2) Participants' defined deployment obligations (and associated support) under the USF. In this system, the Commission or USAC, on behalf of the Commission, will gather information to verify the identity of prospective Stakeholders and their direct interests in receiving certain services in the relevant locations. The submitted PII may link one or more individuals to locations and/or commercial interests and services relating to such locations. In some circumstances, prospective Stakeholders must certify that they do not hold a controlling interest in one or more competitors of the Participant that they are challenging.

CATEGORIES OF INDIVDUALS COVERED BY THE SYSTEM:

The individuals in this system include actual and potential consumers of fixed or mobile broadband services; individuals challenging mobile coverage in a specific area; and individuals who submit information to verify their eligibility to challenge a Participant's location data.

CATEGORIES OF RECORDS IN THE SYSTEM:

The records in this system may include name, address, email address, phone number, partial Social Security Number (or Tribal Identification Number if no Social Security Number is available), requests for broadband services, commercial records associated with the receipt of residential services and utilities, home ownership, land use rights (including building development), government forms, statements, authorizations, and certifications. Further, such records may include information confirming that individuals do not have a controlling interest in one or more competitors of the Participant being challenged.

RECORD SOURCE CATEGORIES:

The information in the system is provided by individuals who are consumers of fixed or mobile broadband services, residents or property owners in areas where Participants have been authorized (or are eligible to be authorized) to receive universal service support through certain high-cost programs, and government agencies or other entities (e.g., consumer groups) who collect challenges from individuals and submit them in bulk.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed to authorized entities, as is determined to be relevant and necessary, outside the FCC as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

1. Program Management—To USAC employees to conduct official duties associated with the management, operation, and oversight of the ELAP as directed by the Commission, including but not limited to, decisions to modify the number of locations (and associated support) that Participants must serve to satisfy their USF obligations.

2. Third Party Contractors—To an employee of any third-party contractor engaged by USAC or the Commission to, among other things, develop IT systems or applications; conduct the Stakeholder eligibility verification process; verify the completeness and accuracy of Participants' coverage information; Start Printed Page 13547develop and maintain relevant maps; and, develop the Commission order modifying the Participants' defined deployment obligation.

3. Participants—Stakeholder challenge information, including Stakeholder contact information, geolocation, and other location information (e.g., the number of units at a location) will be made available to relevant Participants for the purposes of allowing them to file a reply to Stakeholder challenges.

4. Stakeholders—For ELAP, Stakeholder contact information and certain other challenge information will be made available to other verified Stakeholders filing challenges in the same study area. Other Stakeholders include individuals, entities, and non-Federal agencies, including any State or local government, or agency thereof.

5. Public—Stakeholder geolocation information may be included on coverage maps published on the FCC and/or USAC websites.

6. Congressional Inquiries—To a Congressional office from the record of an individual in response to an inquiry from that Congressional office made at the written request of that individual.

7. Government-Wide Program Management and Oversight—To the Department of Justice (DOJ) to obtain that department's advice regarding disclosure obligations under the Freedom of Information Act (FOIA); or to the Office of Management and Budget (OMB) to obtain that office's advice regarding obligations under the Privacy Act.

8. Law Enforcement and Investigation—To appropriate Federal, State, local, or Tribal agencies, authorities, and officials responsible for investigating, prosecuting, enforcing, or implementing a statute, rule, regulation, or order, where the FCC becomes aware of an indication of a violation or potential violation of a civil or criminal statute, law, regulation, or order.

9. Adjudication and Litigation—To the Department of Justice (DOJ), or to a court or adjudicative body before which the FCC is authorized to appear, when: (a) The FCC or any component thereof; or (b) any employee of the FCC in his or her official capacity; or (c) any employee of the FCC in his or her individual capacity where the DOJ or the FCC have agreed to represent the employee; or (d) the United States is a party to litigation or have an interest in such litigation, and the use of such records by the DOJ or the FCC is deemed by the FCC to be relevant and necessary to the litigation.

10. Breach Notification—To appropriate agencies, entities, and persons when: (a) The Commission suspects or has confirmed that there has been a breach of the system of records; (b) the Commission has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Commission (including its information systems, programs, and operations), the Federal Government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Commission's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

11. Assistance to Federal Agencies and Entities—To another Federal agency or Federal entity, when the Commission determines that information from this system is reasonably necessary to assist the recipient agency or entity in: (a) Responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, program, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

12. Prevention of Fraud, Waste, and Abuse Disclosure—To Federal agencies, non-Federal entities, their employees, and agents (including contractors, their agents or employees; employees or contractors of the agents or designated agents); or contractors, their employees or agents with whom the FCC or USAC has a contract, service agreement, or cooperative agreement, for the purpose of: (1) Detection and prevention of fraud, waste, and abuse in Federal programs administered by a Federal agency or non-Federal entity; (2) detection of fraud, waste, and abuse by individuals in their operations and programs, but only to the extent that the information shared is necessary and relevant to verify and audit information necessary to determine whether the participant carrier has intentionally or through negligence, reduced its universal service obligations to exclude locations in eligible areas that are the most difficult and/or expensive to serve.

REPORTING TO A CONSUMER REPORTING AGENCY:

In addition to the routine uses listed above, the Commission may share information from this system of records with a consumer reporting agency regarding an individual who has not paid a valid and overdue debt owed to the Commission, following the procedures set out in the Debt Collection Act, 31 U.S.C. 3711(e).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

The system is maintained in secure, limited access areas. Electronic files are maintained in the FCC or USAC network accreditation boundaries. Physical entry by unauthorized persons is restricted through use of locks, passwords, and other security measures. Paper documents and other physical records, if any, will be kept in locked, controlled access areas until digitized and then destroyed.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Information in this system can be retrieved by various identifiers, which may include Stakeholder name, Social Security Number (Tribal Identification Number if Social Security Number is not available), physical address, geolocation coordinates, property information, email address, telephone number, competitive interests, and supporting evidence.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

1. The National Archives and Records Administration (NARA) established records schedule number DAA-0173-2017-0001-001 for the Universal Service High Cost Program Files. In accordance with this records schedule, the FCC and USAC, as appropriate, will maintain all information in the ELAP system of records for ten (10) years after cut-off, or when no longer needed for business or audit purposes, whichever comes later. Cut-off is determined as the end of the calendar year from the date an item is filed or prepared. Disposal of obsolete or out-of-date paper documents and files is by shredding only. Electronic data, files, and records are destroyed by electronic erasure in compliance with National Institute of Standards and Technology (NIST) guidelines.

2. Information in this system of records that is not collected or maintained in connection with the CAF Program Files, including DODC challenge data, will be maintained in accordance with General Records Schedule 5.2, Item 20, which provides that records will be destroyed upon verification of successful creation of the final document or file, or when no longer needed for business use, whichever is later.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

1. ELAP-related data: The electronic data, records, and files will be stored within the High-Cost Broadband Portal (HCBP) system accreditation boundaries. The FCC will oversee the Start Printed Page 13548management of the HCBP system, including USAC's records management activities. After a Participant window for filing replies to Stakeholder information closes, access to the electronic files is restricted to the FCC staff and its contractors and subcontractors, as well as USAC and its contractors and subcontractors who carry out ELAP functions and activities. Other FCC employees and contractors and USAC employees, contractors, and subcontractors may be granted access only on a need-to-know basis. The data are protected by the FCC and USAC security safeguards, a comprehensive and dynamic set of information technology (IT) safety and security protocols and features that are designed to meet all Federal IT standards, including, but not limited to, those required by the Federal Information Security Modernization Act of 2014 (FISMA), the Office of Management and Budget (OMB), and NIST.

Employees of the FCC and USAC may print paper copies of these ELAP electronic records for various short-term uses, as necessary. Paper copies will be stored in locked file cabinets when not in use. Physical entry by unauthorized persons where this information is stored is restricted through use of locks, passwords, and other security measures. Only authorized FCC and USAC employees may have access to these documents. Participants receiving access to the ELAP portion of the HCBP system will be prohibited from printing paper copies when such information contains PII, although they will be permitted to download redacted versions of such information.

2. Non-ELAP data: The electronic records, files, and data are stored within FCC accreditation boundaries. Access to the electronic files is restricted to IT staff, contractors, and vendors who maintain the networks and services. Other FCC employees, contractors, vendors, and users may be granted access on a need-to- know basis. The FCC's data are protected by the FCC and privacy safeguards, a comprehensive and dynamic set of IT safety and security protocols and features that are designed to meet all Federal IT privacy standards, including those required by FISMA, OMB, and NIST. Paper copies will be stored in locked file cabinets when not in use. Physical entry by unauthorized persons where this information is stored is restricted through use of locks, passwords, and other security measures. Only authorized FCC employees and contractors may have access to these documents.

RECORDS ACCESS PROCEDURES:

Individuals wishing to request access to and/or amendment of records about themselves should follow the Notification Procedure below.

CONTESTING RECORDS PROCEDURES:

Individuals wishing to request access to and/or amendment of records about them should follow the Notification Procedure below.

NOTIFICATION PROCEDURES:

Individuals wishing to determine whether this system of records contains information about them may do so by writing to Margaret Drake at privacy@fcc.gov or Federal Communications Commission, 45 L Street NE, Washington, DC 20554, 202-418-1707.

Individuals requesting access must also comply with the FCC's Privacy Act regulations regarding verification of identity and access to records (47 CFR part 0, subpart E).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

This is a new system of records.