AGENCY:

Commodity Futures Trading Commission.

ACTION:

Notice of Two Modified Systems of Records.

SUMMARY:

In accordance with the requirements of the Privacy Act of 1974, as amended, the Commodity Futures Trading Commission (CFTC or Commission) is republishing two existing System of Record Notices (SORNs): CFTC-39, Freedom of Information Act Requests and CFTC-40, Privacy Act Requests. The modification will add three routine uses, clarify existing routine uses, and bring the SORNs in compliance with the Office of Management and Budget (OMB) Circular A-108 SORN template. Two of the new routine uses pertain to sharing information to mitigate a breach and are required by OMB Memorandum 17-12. The third new routine use is requested by the Office of Government Information Services (OGIS) to allow disclosure of personally identifiable information to OGIS for Freedom of Information Act (FOIA) dispute resolution and compliance review purposes. Other updates include identifying the specific routine uses applicable to each of the systems of records rather than relying on CFTC's previously published blanket routine uses, and administrative updates to comply with the OMB Circular A-108 SORN template format.

DATES:

Comments must be received on or before August 20, 2018. This action takes effect without further notice on August 20, 2018, unless revised pursuant to comments received.

ADDRESSES:

You may submit comments identified as pertaining to “Freedom of Information Act Requests” or “Privacy Act Requests” by any of the following methods:

• Agency website, via its Comments Online process: https://comments.cftc.gov. Follow the instructions for submitting comments through the website.
• Mail: Christopher J. Kirkpatrick, Secretary of the Commission, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.
• Hand Delivery/Courier: Same as Mail, above.

Please submit your comments using only one method.

All comments must be submitted in English, or if not, accompanied by an English translation. Comments will be posted as received to http://www.cftc.gov. You should submit only information that you wish to make available publicly. If you wish the Commission to consider information that you believe is exempt from disclosure under the Freedom of Information Act (FOIA), a petition for confidential treatment of the exempt information may be submitted according to the procedures established in § 145.9 of the Commission's regulations, 17 CFR 145.9.

The Commission reserves the right, but shall have no obligation, to review, pre-screen, filter, redact, refuse, or remove any or all of a submission from http://www.cftc.gov that it may deem to be inappropriate for publication, such as obscene language. All submissions that have been redacted or removed that contain comments on the merits of the notice will be retained in the comment file and will be considered as required under all applicable laws, and may be accessible under the FOIA.

FOR FURTHER INFORMATION CONTACT:

Chief Privacy Officer, privacy@cftc.gov, Office of the Executive Director, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.

SUPPLEMENTARY INFORMATION:

I. The Privacy Act

Under the Privacy Act of 1974, 5 U.S.C. 552a, a “system of records” is defined as any group of records under the control of a Federal government agency from which information about individuals is retrieved by name or by some identifying number, symbol, or other identifying particular assigned to the individual. The Privacy Act establishes the means by which government agencies must collect, maintain, and use information about an individual in a government system of records.

Each government agency is required to publish a notice in the Federal Register in which the agency identifies and describes each system of records it maintains, the reasons why the agency uses the information therein, the routine uses for which the agency will disclose such information outside the agency, and how individuals may exercise their rights under the Privacy Act.

In accordance with 5 U.S.C. 552a(r), CFTC has provided reports of these systems of records to the Office of Management and Budget (OMB) and to Congress.

II. Background

The Commodity Futures Trading Commission (CFTC or Commission) is republishing two existing SORNs: CFTC-39, Freedom of Information Act Requests and CFTC-40, Privacy Act Requests. The SORNs are being republished to add three routine uses, clarify existing routine uses, and bring the SORN in compliance with OMB Circular A-108 SORN template. The records covered under the Freedom of Information Act Requests SORN are collected and maintained to process requests made under the provisions of the FOIA, and to assist the CFTC in carrying out any other responsibilities relating to the FOIA. The records covered under the Privacy Act Requests SORN are collected and maintained to process requests made under the provisions of the Privacy Act, and to assist the CFTC in carrying out any other responsibilities relating to the Privacy Act. Two routine uses are being added to both SORNs to permit sharing with other Federal agencies or Federal entities as required by OMB Memorandum 17-12, “Preparing for and Responding to a Breach of Personally Identifiable Information.” These routine uses will assist the CFTC and/or other Federal agencies or entities in responding to a suspected or confirmed breach and/or prevent, minimize, or remedy the risk of harm to the requesters, the CFTC, the Federal government, or national security. A third routine use is being added to both SORNs to permit sharing with the National Archives and Records Administration (NARA), Office of Government Information Services (OGIS) so OGIS can review administrative policies, procedures, and compliance, and to facilitate resolutions to disputes between persons making FOIA requests and the CFTC. Additional updates to both SORNs include clarifying the specific routine uses applicable to each system of records, and administrative updates including section name and organization updates to comply with the OMB Circular A-108 SORN template format.Start Printed Page 34124

III. Notice: Freedom of Information Act Requests, CFTC-39.

SYSTEM NAME AND NUMBER

Freedom of Information Act Requests, CFTC-39.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

This system is located at the Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. Other offices involved in the processing of requests may also maintain copies of the requests and any related internal administrative records.

SYSTEM MANAGER(S):

General Counsel, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

The collection of this information is authorized under the Freedom of Information Act, 5 U.S.C. 552, 5 U.S.C. 301.

PURPOSE(S) OF THE SYSTEM:

The information in this system is being collected to enable the CFTC to carry out its responsibilities under the FOIA. These responsibilities include enabling CFTC staff to receive, track, and respond to FOIA requests. This requires maintaining documentation gathered during the consideration and disposition process and administering annual reporting requirements.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals requesting information from the Commission pursuant to provisions of FOIA, 5 U.S.C. 552, and individuals who are the subjects of FOIA requests.

CATEGORIES OF RECORDS IN THE SYSTEM:

The system of records includes information that may contain: requests, responsive documents, internal memoranda, electronic mail, response letters, appeals of denials, appeal determinations, electronic tracking data, fee schedules, cost calculations, and assessed cost for disclosed FOIA records.

RECORD SOURCE CATEGORIES:

Individuals requesting information from the Commission pursuant to the FOIA and CFTC staff processing the requests.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

These records and information in these records may be used:

(a) To disclose information to the National Archives and Records Administration, Office of Government Information Services (OGIS), to the extent necessary to fulfill its responsibilities in 5 U.S.C. 552(h), to review administrative agency policies, procedures, and compliance with the Freedom of Information Act, and to facilitate OGIS' offering of mediation services to resolve disputes between persons making FOIA requests and administrative agencies;

(b) To disclose in any administrative proceeding before the Commission, in any injunctive action authorized under the Commodity Exchange Act, or in any other action or proceeding in which the Commission or its staff participates as a party or the Commission participates as amicus curiae;

(c) To disclose to Federal, State, local, territorial, Tribal, or foreign agencies for use in meeting their statutory or regulatory requirements;

(d) To disclose to contractors, grantees, volunteers, experts, students, and others performing or working on a contract, service, grant, cooperative agreement, or job for the Federal government when necessary to accomplish an agency function;

(e) To disclose to Congress upon its request, acting within the scope of its jurisdiction, pursuant to the Commodity Exchange Act, 7 U.S.C. 1 et seq., and the rules and regulations promulgated thereunder;

(f) To disclose to appropriate agencies, entities, and persons when (1) the Commission suspects or has confirmed that there has been a breach of the system of records; (2) the Commission has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Commission (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Commission's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm; or

(g) To disclose to another Federal agency or Federal entity, when the Commission determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

The FOIA system of records stores records in this system electronically. The records are stored on the Commission's secure network and secure back-up media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Information covered by this system of records notice may be retrieved by assigned control number, name of requester, or by subject of request.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records for this system will be maintained in accordance with General Records Schedule 4.2 of the National Archives and Records Administration. All approved schedules are available at http://www.cftc.gov.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records are protected from unauthorized access and improper use through administrative, technical, and physical security measures. Administrative safeguards include written guidelines on handling FOIA information including agency-wide procedures for safeguarding personally identifiable information. In addition, all CFTC staff are required to take annual privacy and security training. Technical security measures within CFTC include restrictions on computer access to authorized individuals who have a legitimate need to know the information; required use of strong passwords that are frequently changed; multi-factor authentication for remote access and access to many CFTC network components; use of encryption for certain data types and transfers; firewalls and intrusion detection applications; and regular review of security procedures and best practices to enhance security. Physical safeguards include restrictions on building access to authorized individuals, 24-hour security guard service, and maintenance of records in lockable offices and filing cabinets.

RECORD ACCESS PROCEDURES:

Individuals seeking to determine whether this system of records contains information about themselves or seeking access to records about themselves in Start Printed Page 34125this system of records should address written inquiries to the Office of General Counsel, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. See 17 CFR 146.3 for full details on what to include in a Privacy Act access request.

CONTESTING RECORD PROCEDURES:

Individuals contesting the content of records about themselves contained in this system of records should address written inquiries to the Office of General Counsel, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. See 17 CFR 146.8 for full details on what to include in a Privacy Act amendment request.

NOTIFICATION PROCEDURES:

Individuals seeking notification of any records about themselves contained in this system of records should address written inquiries to the Office of General Counsel, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. See 17 CFR 146.3 for full details on what to include in a Privacy Act notification request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

A previous version of this SORN was published in the Federal Register on February 02, 2011 at 76 FR 5973.

IV. Notice: Privacy Act Requests, CFTC-40.

SYSTEM NAME AND NUMBER

Privacy Act Requests, CFTC-40.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

This system is located at the Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. Other offices involved in the processing of requests may also maintain copies of the requests and any related internal administrative records.

SYSTEM MANAGER(S):

General Counsel, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

The collection of this information is authorized under the Privacy Act, 5 U.S.C. 552a, 5 U.S.C. 301.

PURPOSE(S) OF THE SYSTEM:

The information in this system is being collected to enable the CFTC to carry out its responsibilities under the Privacy Act. These responsibilities include enabling CFTC staff to receive, track, and respond to Privacy Act requests.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals filing requests for access to, correction of, or an accounting of disclosures of personal information contained in systems of records maintained by the Commission, pursuant to the Privacy Act of 1974. 5 U.S.C. 552a.

CATEGORIES OF RECORDS IN THE SYSTEM:

Requests, responsive documents, internal memoranda, response letters, appeals of denials, appeal determinations, and electronic tracking data.

RECORD SOURCE CATEGORIES:

Individuals requesting information from the Commission pursuant to the Privacy Act and CFTC staff processing the requests.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

These records and information in these records may be used:

(a) To disclose information to the National Archives and Records Administration, Office of Government Information Services (OGIS), to the extent necessary to fulfill its responsibilities in 5 U.S.C. 552(h), to review administrative agency policies, procedures, and compliance with the Freedom of Information Act, and to facilitate OGIS' offering of mediation services to resolve disputes between persons making FOIA requests and administrative agencies;

(b) To disclose in any administrative proceeding before the Commission, in any injunctive action authorized under the Commodity Exchange Act, or in any other action or proceeding in which the Commission or its staff participates as a party or the Commission participates as amicus curiae;

(c) To disclose to Federal, State, local, territorial, Tribal, or foreign agencies for use in meeting their statutory or regulatory requirements;

(d) To disclose to anyone during the course of a Commission investigation if Commission staff has reason to believe that the person to whom it is disclosed may have further information about matters relevant to the subject of the investigation;

(e) To disclose to contractors, grantees, volunteers, experts, students, and others performing or working on a contract, service, grant, cooperative agreement, or job for the Federal government when necessary to accomplish an agency function;

(f) To disclose to Congress upon its request, acting within the scope of its jurisdiction, pursuant to the Commodity Exchange Act, 7 U.S.C. 1 et seq., and the rules and regulations promulgated thereunder;

(g) To disclose to appropriate agencies, entities, and persons when (1) the Commission suspects or has confirmed that there has been a breach of the system of records; (2) the Commission has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Commission (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Commission's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm; or

(h) To disclose to another Federal agency or Federal entity, when the Commission determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

The Privacy Act Requests system of records stores records in this system electronically. The records are stored on the Commission's secure network, and on secure back-up media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Information covered by this system of records notice may be retrieved by assigned control number, name of requester, or by subject of request.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records for this system will be maintained in accordance with General Records Schedule 4.2 of the National Archives and Records Administration. All approved schedules are available at http://www.cftc.gov. Start Printed Page 34126

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records are protected from unauthorized access and improper use through administrative, technical, and physical security measures. Administrative safeguards include agency-wide training and procedures for safeguarding personally identifiable information. Technical security measures within CFTC include restrictions on computer access to authorized individuals who have a legitimate need to know the information; required use of strong passwords that are frequently changed; multi-factor authentication for remote access and access to many CFTC network components; use of encryption for certain data types and transfers; firewalls and intrusion detection applications; and regular review of security procedures and best practices to enhance security. Physical safeguards include restrictions on building access to authorized individuals, 24-hour security guard service, and maintenance of records in lockable offices and filing cabinets.

RECORD ACCESS PROCEDURES:

Individuals seeking to determine whether this system of records contains information about themselves or seeking access to records about themselves in this system of records should address written inquiries to the Office of General Counsel, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. See 17 CFR 146.3 for full details on what to include in Privacy Act access request.

CONTESTING RECORD PROCEDURES:

Individuals contesting the content of records about themselves contained in this system of records should address written inquiries to the Office of General Counsel, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. See 17 CFR 146.8 for full details on what to include in a Privacy Act amendment request.

NOTIFICATION PROCEDURES:

Individuals seeking notification of any records about themselves contained in this system of records should address written inquiries to the Office of General Counsel, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. See 17 CFR 146.3 for full details on what to include in a Privacy Act notification request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

A previous version of this SORN was published in the Federal Register on February 02, 2011 at 76 FR 5973.