AGENCY:

Federal Trade Commission (FTC).

ACTION:

Notice of revised Privacy Act system notices.

SUMMARY:

The FTC is revising several of the notices that it is required to publish under the Privacy Act of 1974 to describe its systems of records about individuals. This action is intended to make these notices clearer, more accurate, and up-to-date.

DATES:

This notice shall become final and effective on April 17, 2009.

FOR FURTHER INFORMATION CONTACT:

Alex Tang, G. Richard Gold, or Lorielle L. Pankey, Attorneys, Office of the General Counsel, FTC, 600 Pennsylvania Avenue, NW., Washington, DC 20580, (202) 326-2424.

SUPPLEMENTARY INFORMATION:

To inform the public, the FTC publishes in the FEDERAL REGISTER and posts on its Web site a “system of records notice” (SORN) for each system of records about individuals that the FTC currently maintains within the meaning of the Privacy Act of 1974, as amended, 5 U.S.C. 552a. See (http://www.ftc.gov/​foia/​listofpaysystems.shtm). Each SORN describes the records maintained in that particular system, including the categories of individuals that the records in the system are about (e.g., FTC employees or consumers). Each system notice also contains information about how to find out if that particular system contains any records about you.

On June 12, 2008, the FTC republished and updated all of the FTC’s SORNs, describing all of the agency’s systems of records covered by the Privacy Act in a single document for ease of use and reference. 73 FR 33592. To ensure the SORNs remain accurate, FTC staff engages in a comprehensive review of each SORN on a periodic basis. As a result of this systematic review, the FTC is making the following revisions to several of its SORNs.¹

I. FTC Law Enforcement Systems of Records

FTC-I-1 (Nonpublic Investigational and Other Nonpublic Legal Program Records—FTC). This SORN includes nonpublic investigational and other nonpublic program records. We have added language that clarifies the categories of individuals and types of records covered by the system.

FTC-I-7 (Office of Inspector General Investigative Files—FTC). This SORN covers investigatory records in the FTC’s Office of Inspector General (OIG). The FTC is revising the retention and disposal section of this SORN to reflect that these records are retained indefinitely, pending approval of an applicable retention and disposal schedule by the National Archives and Records Administration.

II. FTC Personnel Systems of Records

FTC-II-1 (General Personnel Records—FTC). This SORN covers Official Personnel Folders (OPFs) and other personnel records that the FTC’s Human Resources Management Office (HRMO) maintains about FTC employees. We are including additional authorities for the system.

FTC-II-2 (Unofficial Personnel Records—FTC). This SORN covers personnel records maintained outside of the FTC’s HRMO by FTC managers about their employees, including employee performance files. We are including additional authorities for the system.

FTC-II-7 (Ethics Program Records—FTC). This SORN covers annual financial statements and other filings or requests made by FTC officials and employees under the FTC’s ethics program. The FTC is making a technical revision to reflect the appropriate title of Start Printed Page 17864the system manager (“Designated Agency Ethics Official” as opposed to “Designated Agency Ethics Officer”).

FTC-II-10 (Employee Health Care Records—FTC). This SORN covers records maintained by the FTC’s employee health unit, which relies upon a U.S. Department of Health and Human Services Program Support Center (PSC) contractor to provide on-site health services to our employees at certain FTC facilities. The FTC is revising this SORN to clarify that this system excludes medical records pertaining to requests for reasonable accommodation, see Sections 501 and 505 of the Rehabilitation Act of 1973 as amended (Pub. L. 93-112), which would be covered by the applicable OPM Government-wide SORN, OPM/GOVT-10 (Employee Medical File System Records). See 71 FR 35342, 35360 (June 19, 2006).

III. FTC Financial Systems of Records

FTC-III-1 (Personnel Payroll System—FTC). This SORN covers payroll processing records for FTC employees and retirement records. The FTC is removing the reference to the Director of the Division of Finance and Budget as a system manager and leaving the Director of the Human Resources Management Office as now the sole FTC manager of this system.

IV. FTC Correspondence Systems of Records

FTC-IV-1 (Consumer Information System—FTC). This SORN covers complaints and information requests received from consumers. We are including additional details about the safeguards employed to protect this information.

FTC-IV-3 (National Do Not Call Registry—FTC). This SORN covers records of individuals who wish to be placed on the FTC’s telemarketing do-not-call list. It also covers information collected from telemarketers, sellers, or agents who are required to comply with the list, but only to the extent, if any, that such telemarketers, sellers, or agents are also “individuals” within the meaning of the Privacy Act. The FTC is revising the Authority for Maintenance of the System section to include references to the Do-Not-Call Improvement Act of 2007 (Pub. L. No. 110-187 (2008)) (eliminating the automatic removal of numbers from the registry) and the Do-Not-Call Registry Fee Extension Act of 2007 (Pub. L. No. 110-188 (2008)) (modifying the fees that organizations accessing the registry must pay).

VII. FTC Miscellaneous Systems of Records

FTC-VII-3 (Computer Systems User Identification and Access Records—FTC). This SORN covers records that the FTC maintains on those who have access to FTC computer systems in order to monitor and control the usage of such systems. The FTC is revising this SORN to make further clarifications in the system’s scope, purpose and safeguards. We are also adding the Assistant Chief Information Officer, Operations Assurance, Office of Information and Technology Management as a system manager.

FTC-VII-4 (Call Detail Records—FTC). This SORN covers records that the FTC maintains on telephone usage by employees, contractors and other individuals. The FTC is revising this SORN to add the Assistant Chief Information Officer for Customer Services as a system manager.

FTC Systems of Records Notices

Accordingly, the FTC revises and updates the Privacy Act systems of records below as follows:

I. FTC Law Enforcement Systems of Records

FTC-I-1

SYSTEM NAME:

Nonpublic Investigational and Other Nonpublic Legal Program Records—FTC.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

This system consists of case or matter files and other nonpublic records created, collected and maintained by the FTC’s Bureaus and other offices in the course of law enforcement investigations, administrative or court litigation, and other agency legal proceedings and matters (e.g., rulemakings, requests for formal advisory opinions). The system covers investigatory targets, witnesses, consumers, redress claimants, commenters, requesters, and other individuals whose information the FTC “retrieves” from these nonpublic records, as explained below. (Entities that are not “individuals,” such as businesses, sole proprietorships, or corporations, are not covered by this system.) Parties requesting informal advisory opinions are covered by FTC-I-3, Informal Advisory Opinion Request and Response Files—FTC.

CATEGORIES OF RECORDS IN THE SYSTEM:

Records maintained in this system include information about individuals such as name, address, employment status, age, date of birth, financial information, credit information, social security number and personal history. Records in this system are collected and generated during law enforcement investigations and litigation and may include: copies of subpoenas and other compulsory process issued during the investigation; documents and records (including copies) obtained during the investigation in response to subpoenas and other compulsory process, or otherwise provided to the Commission; affidavits and other statements from witnesses; transcripts of testimony taken in the investigation and accompanying exhibits; internal staff memoranda; interview notes, investigative notes, staff working papers, draft materials, and other documents and records relating to the investigation; correspondence; and internal status reports including matter initiation reports, progress reports, and closing reports. Records in this system may also include other investigatory information or data relating to any of the following: docketed and consent matters; redress distribution proceedings; rulemakings, workshops, and other public proceedings, including comments or other materials submitted in such proceedings; assurances of voluntary compliance; and advisory opinions.

This system is limited to files and records that are about an individual, and only when the file or record is pulled (“retrieved”) by the name of that individual or other personal identifier (e.g., number, symbol, fingerprint, etc.). As described below, records in this system may become public if they are subject to such disclosure under the FTC’s Rules of Practice.

FTC-I-7

SYSTEM NAME:

Office of Inspector General Investigative Files—FTC.

RETENTION AND DISPOSAL:

Records are retained indefinitely, pending approval of an applicable retention and disposal schedule by the National Archives and Records Administration.

 Start Printed Page 17865

II. FTC Personnel Systems of Records

FTC-II-1

SYSTEM NAME:

General Personnel Records—FTC.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S.C. 301, 1302, 2951, 3301, 3372, 4118, 8347; Executive Orders 9397, 9830, and 12107; and 5 CFR 293.

FTC-II-2

SYSTEM NAME:

Unofficial Personnel Records—FTC.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S.C. 301, 1104, 3321, 4301-4305; 4311-4315; 5405, 6101-6106; 6301-6326; 6331-6340; 6361-6373; 6381-6387; 6391; 7301-7353; 5 U.S.C. Chapter 75; Executive Order 12107; and 5 CFR 293.

FTC-II-7

SYSTEM NAME:

Ethics Program Records—FTC.

SYSTEM MANAGER(S) AND ADDRESS:

Designated Agency Ethics Official, Office of General Counsel, Federal Trade Commission, 600 Pennsylvania Avenue, NW., Washington, DC 20580.

FTC-II-10

SYSTEM NAME:

Employee Health Care Records—FTC.

CATEGORIES OF RECORDS IN THE SYSTEM:

Names, medical reports, opinions, evaluations, diagnoses and treatment information; and other records of the type described in the Privacy Act system of records notice published by the Health and Human Services’ Program Support Center (HHS/PSC) for System No. 09-40-0005 (Public Health Service (PHS) Beneficiary-Contract Medical/Health Care Records), or any successor system notice for that system. The FTC currently has an interagency contract with HHS/PSC, which, in turn, uses private contractors to provide nursing, vaccination, and other miscellaneous on-site health care services to FTC employees.

This system (FTC-II-10) excludes other medical records, if any, that may be compiled or maintained by the FTC or a contractor on the FTC’s behalf about FTC employees resulting from: (1) a request for reasonable accommodation under Sections 501 and 505 of the Rehabilitation Act of 1973, as amended (Pub. L. 93-112); (2) a condition of the individual’s employment (e.g., fitness-for-duty examination, drug testing); or (3) an on-the-job occurrence (e.g., medical injury report). Those records, if any, are described in and covered by the Office of Personnel Management (OPM) Privacy Act system of records notice for such records, OPM/GOVT-10 (Employee Medical File System Records), or any successor system notice for that system.

III. FTC Financial Systems of Records

FTC-III-1

SYSTEM NAME:

Personnel Payroll System—FTC.

SYSTEM MANAGER(S) AND ADDRESS:

Director, Human Resources Management Office, Federal Trade Commission, 600 Pennsylvania Avenue, NW., Washington, DC 20580.

See DOI-85 for the FPPS system manager and address.

IV. FTC Correspondence Systems of Records

FTC-IV-1

SYSTEM NAME:

Consumer Information System—FTC.

SAFEGUARDS:

The system can currently be accessed by FTC staff, contractors, and other system users, such as authorized law enforcement agency personnel. This access occurs via a Web-based interface and is authorized only on a need-to-know basis to those individuals and organizations requiring access. Contractors and other non-FTC users must sign confidentiality and nondisclosure agreements, and, in some cases, are required to undergo additional security clearance procedures. Letters or other system records in paper format are maintained in lockable rooms and cabinets. Access to the electronic database requires users to have the correct “user ID” and password combination, individual security token code, and Internet protocol (“IP”) address for the user’s law enforcement agency. The system database is maintained on secure servers, protected by firewalls, access and usage logs, and other security controls. Servers are maintained in a secure physical environment, including building locks, security guards, and cameras.

FTC-IV-3

SYSTEM NAME:

National Do Not Call Registry System—FTC.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Federal Trade Commission Act, 15 U.S.C. 41 et seq., Telemarketing and Consumer Fraud and Abuse Prevention Act, 15 U.S.C. 6101-6108; Do-Not-Call Implementation Act, Pub. L. No. 108-10 (2003); Do-Not-Call Improvement Act of 2007, Pub. L. No. 110-187 (2008); Do-Not-Call Registry Fee Extension Act of 2007, Pub. L. No. 110188 (2008).

VII. FTC Miscellaneous Systems of Records

FTC-VII-3

SYSTEM NAME:

Computer Systems User Identification and Access Records—FTC.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Commission employees and others (e.g., contractors) with access to FTC computer systems, including various system platforms, applications, and databases (e.g., Outlook, Business Objects, Oracle, Redress, STAFFID, CIS, etc.), operated by the FTC or by a contractor for the FTC.

CATEGORIES OF RECORDS IN THE SYSTEM:

This Privacy Act system consists of the login and other user identification and access records that FTC computer systems routinely compile and maintain about users of those systems. These records include user data such as: user name; e-mail address; employee or other user identification number; organization code; systems or services to which the individual has access; systems and services used; amount of time spent using each system; number of usage sessions; and user profile. These system records include log-in, passphrase, and other system usage files and directories when they contain data on specific users. Many FTC computer systems collect and maintain additional information, other than system use data, about individuals inside and outside the FTC. See a complete list of FTC Privacy Act systems on the FTC’s Web site, (http://www.ftc.gov/​foia/​listofpaysystems.shtm), to learn about Start Printed Page 17866other categories of information collected and maintained about individuals in the FTC’s computer systems.

PURPOSE(S):

To monitor usage of computer systems; to support server and desktop hardware and software; to ensure the availability and reliability of the agency computer facilities; to help document and/or control access to various computer systems; to audit, log, and alert responsible FTC personnel when certain personally identifying information is accessed in specified systems; to prepare budget requests for automated services; to identify the need for and to conduct training programs, which can include the topics of information security, acceptable computer practices, and FTC information security policies and procedures; to monitor security on computer systems; to add and delete users; to investigate and make referrals for disciplinary or other action if improper or unauthorized use is suspected or detected.

SAFEGUARDS:

Access is restricted to agency personnel and contractors whose responsibilities require access. Paper records, if any, maintained in lockable rooms or file cabinets. Access to electronic records is controlled by “user ID” and passphrase combination and/or other appropriate electronic access or network controls (e.g., firewalls). FTC buildings are guarded and monitored by security personnel, cameras, ID checks, and other physical security measures.

SYSTEM MANAGER(S) AND ADDRESS:

Assistant Chief Information Officer, Infrastructure Operations, Office of Information and Technology Management, Federal Trade Commission, 600 Pennsylvania Avenue, NW., Washington, DC 20580.

Assistant Chief Information Officer, Operations Assurance, Office of Information and Technology Management, Federal Trade Commission, 600 Pennsylvania Avenue, NW., Washington, DC 20580.

FTC-VII-4

SYSTEM NAME:

Call Detail Records—FTC.

SYSTEM MANAGER(S) AND ADDRESS:

Assistant Chief Information Officer, Customer Services, Office of Information and Technology Management, Federal Trade Commission, 600 Pennsylvania Avenue, NW., Washington, DC 20580.

Assistant Chief Information Officer, Infrastructure Operations, Office of Information and Technology Management, Federal Trade Commission, 600 Pennsylvania Avenue, NW., Washington, DC 20580.

Footnotes