-
Start Preamble
AGENCY:
Pension Benefit Guaranty Corporation.
ACTION:
Notice of modified systems of records; notice of a new system of records.
SUMMARY:
Pursuant to the Privacy Act of 1974, the Pension Benefit Guaranty Corporation (PBGC), at the direction of the Office of Information and Regulatory Affairs, is merging all pertinent General Routine Uses from the Prefatory Statement of General Routine Uses into the Routine Uses sections of the following system of records notices (SORN): PBGC–17, Office of Inspector General Investigative File System, and PBGC–28, Physical Security and Facility Access. Additionally, PBGC is making administrative updates to the official addresses to reflect PBGC's new headquarters location and to pertinent system locations, updating the citation to the Contesting Records Procedures section, and updating the citation to the Privacy Act of 1974 to the following SORNs: PBGC–17 and PBGC–28. Moreover, PBGC is adding one routine use to PBGC–17, adding two routine uses to PBGC–28, and, lastly, establishing PBGC–30: Surveys and Complaints—PBGC.
DATES:
Comments must be received on or before February 20, 2024 to be assured of consideration. The new systems of records described herein will become effective February 20, 2024, without further notice, unless comments result in a contrary determination and a notice is published to that effect.
ADDRESSES:
You may submit written comments to PBGC by any of the following methods:
• Federal eRulemaking Portal: https://www.regulations.gov. Follow the website instructions for submitting comments.
• Email: reg.comments@pbgc.gov. Refer to SORN in the subject line.
• Mail or Hand Delivery: Regulatory Affairs Division, Office of the General Counsel, Pension Benefit Guaranty Corporation, 445 12th Street SW, Washington, DC 20024–2101.
Commenters are strongly encouraged to submit comments electronically. Commenters who submit comments on paper by mail should allow sufficient time for mailed comments to be received before the close of the comment period.
All submissions must include the agency's name (Pension Benefit Guaranty Corporation, or PBGC) and reference this notice. Comments received will be posted without change to PBGC's website, http://www.pbgc.gov, including any personal information provided. Do not submit comments that include any personally identifiable information or confidential business information. Copies of comments may also be obtained by writing to the Disclosure Division, ( disclosure@pbgc.gov), Office of the General Counsel, Pension Benefit Guaranty Corporation, 445 12th Street SW, Washington, DC 20024–2101; or calling 202–229–4040 during normal business hours. If you are deaf or hard of hearing, or have a speech disability, please dial 7–1–1 to access telecommunications relay services.
Start Further InfoFOR FURTHER INFORMATION CONTACT:
Shawn Hartley, Chief Privacy Officer, Pension Benefit Guaranty Corporation, Office of the General Counsel, 445 12th Street SW, Washington, DC 20024–2101, 202–229–6321. For access to any of PBGC's systems of records, write to the Disclosure Division, ( disclosure@pbgc.gov), Office of the General Counsel, Pension Benefit Guaranty Corporation, 445 12th Street SW, Washington, DC 20024–2101, or by calling 202–229–4040 during normal business hours, or go to https://www.pbgc.gov/about/policies/pg/privacy-at-pbgc/system-of-records-notices.
End Further Info End Preamble Start Supplemental InformationSUPPLEMENTARY INFORMATION:
(1) At the direction of the Office of Information and Regulatory Affairs, PBGC is merging all pertinent General Routine Uses from the Prefatory Statement of General Routine Uses into the Routine Uses sections of SORNs 17 and 28.
At the direction of the Office of Management and Budget's (OMB) Office of Information and Regulatory Affairs (OIRA), PBGC is proposing to merge all pertinent General Routine Uses from the Prefatory Statement of General Routine Uses, last published at 83 FR 6247 (Feb. 13, 2018), into the routine uses sections Start Printed Page 3437 of the system of records notices (SORNs) 17 and 28. PBGC will merge General Routine Uses G1, G2, G4, G5, G7, and G9 through G14 (see Prefatory Statement of General Routine Uses at 83 FR 6247 (Feb. 13, 2018)) into the routine uses section of PBGC–17, Office of Inspector General Investigative File System, thereby adding them as routine uses. PBGC will merge General Routine Uses G1 through G5 and G7 through G12 (See Prefatory Statement of General Routine Uses at 83 FR 6247 (Feb. 13, 2018)) into the routine uses section of PBGC–28, Physical Security and Facility Access.
Additionally, as it merges General Routine Uses 4 and 5 into the SORNs, PBGC is incorporating OIRA's suggested language to clarify that any disclosures must be relevant and necessary to litigation. As it merges General Routine Use 14 into the SORNs, PBGC is rewriting the language to conform to OMB Memorandum A–130. All additional revisions will be incorporated into the merger of routine uses and renumbered accordingly.
(2) PBGC is proposing, in all SORNs, to update the citations to the Contesting Records Procedures section and to the Privacy Act of 1974, and to update SORNs 17 and 28, to remove the citation to the Prefatory Statement of General Routine Uses and to update the Official Addresses and system locations.
When PBGC reviewed and revised its SORNs in 2018, it omitted the citation to its regulations explaining the process to contest information contained in records maintained by PBGC. PBGC is adding the citation to 29 CFR 4902.5 to the Contesting Records Procedures section of all its SORNs. Additionally, upon review, it was noticed that the Routine Uses section of all SORNs contained a citation error. PBGC is amending the Privacy Act citation in the Routine Uses section of all its SORNs, changing it from 5 U.S.C. 522a(b) to 5 U.S.C. 552a(b). Additionally, PBGC is removing all citations to PBGC's Prefatory Statement of General Routine Uses in SORNs 17 and 28 to reflect that General Routine Uses were merged at the direction of OIRA. Lastly, PBGC is updating the Official Addresses of SORNs 17 and 28 to reflect PBGC's new Headquarters location and/or system locations where applicable.
(3) PBGC is proposing to add one routine use to PBGC–17, Office of Inspector General Investigative File System.
PBGC is proposing the addition of one routine use to PBGC–17 for disclosure to compare records maintained by the Office of Inspector General (OIG) against other records maintained in another Federal system of records or with non-Federal records. Pursuant to the Inspector General Empowerment Act of 2016, an Inspector General or an agency, in coordination with an Inspector General, may conduct a computerized comparison of two or more automated system of records or a comparison of a Federal system of records with other records or non-Federal records without it creating a matching program as defined by the Computer Matching and Privacy Protection Act, as amended. This routine use is necessary to allow the OIG to investigate fraud and other matters under its jurisdiction more efficiently. New Routine Use 27 will read, “A record to compare such records in other Federal agencies' systems of records or to non-Federal records.”
(4) PBGC is proposing to add two routine uses to PBGC–28, Physical Security and Facility Access.
PBGC is also proposing to add to PBGC–28, a Routine Use 12 to read: “12. Records from this system may be disclosed to a third party for purposes of providing access to facilities leased by PBGC or on PBGC's behalf.” This is to allow PBGC to provide physical access security and facility access via its landlord's facilities management provider.
Additionally, PBGC is adding a new routine use that will read: “13. To Another Agency or Non-Federal Entity in Connection with an OIG Audit, Investigation, or Inspection: To another Federal agency or non-Federal entity to compare such records in the agency's system of records or to non-Federal records in coordination with the Office of Inspector General (OIG) conducting an audit, investigation, inspection, or some other review as authorized by the Inspector General Act, as amended.” Pursuant to the Inspector General Empowerment Act of 2016, an Inspector General or an agency, in coordination with an Inspector General, may conduct a computerized comparison of two or more automated system of records or a comparison of a Federal system of records with other records or non-Federal records without it creating a matching program as defined by the Computer Matching and Privacy Protection Act, as amended. PBGC's Inspector General requested that PBGC create a new routine use to reflect that information contained in a PBGC system of records may be used in a computerized comparison of two or more system of records or with non-Federal records in coordination with the OIG conducting an audit, investigation, inspection, or some other review as authorized by the Inspector General Act, as amended.
(5) PBGC is proposing to establish a new SORN “PBGC–30: Surveys and Complaints—PBGC” to reflect its current practice of using surveys.
PBGC is proposing to establish a new SORN—“PBGC–30: Surveys and Complaints—PBGC”—to reflect its current practice of using surveys to obtain internal agency feedback and for responding to complaints received by the PBGC departments that leverage PBGC's survey tool or other complaint procedures. PBGC previously relied upon a SORN published by the Department of the Interior (DOI), as PBGC utilized DOI's survey system and leveraged the applicable SORN. As PBGC is transitioning to a different system at DOI's direction, PBGC is seeking to establish its own system of records.
Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to submit written comments on the proposed changes described in this notice. A report has been sent to Congress and the Office of Management and Budget for their evaluation.
For the convenience of the public the amended and new systems of records are published in full below with changes italicized.
Start SignatureIssued in Washington, DC.
Gordon Hartogensis,
Director, Pension Benefit Guaranty Corporation.
SYSTEM NAME AND NUMBER:
PBGC–17: Office of Inspector General Investigative File System—PBGC.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Office of Inspector General, Pension Benefit Guaranty Corporation (PBGC), 445 12th Street SW, Washington, DC, 20024–2101.
SYSTEM MANAGER(S):
Office of the Inspector General, PBGC, 445 12th Street SW, Washington, DC, 20024–2101.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. App. 3, sections 2 and 4.
PURPOSE(S) OF THE SYSTEM:
This system of records is used to supervise and conduct investigations relating to programs and operations of PBGC by the Inspector General.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals named in investigations conducted by the Office of Inspector General (OIG); complainants and subjects of complaints collected through Start Printed Page 3438 the operation of the OIG Hotline; other individuals, including witnesses, sources, and members of the general public who are named individuals in connection with investigations conducted by OIG.
CATEGORIES OF RECORDS IN THE SYSTEM:
Information within this system relates to OIG investigations carried out under applicable statutes, regulations, policies, and procedures. The investigations may relate to criminal, civil, or administrative matters. These OIG files may contain investigative reports; transcripts; internal staff memoranda; working drafts of papers to PBGC employees; investigative plans; litigation strategies; copies of personnel, financial, contractual, and property management records maintained by PBGC; information submitted by or about pension plan sponsors or plan participants; background data including arrest records, statements of informants and witnesses, and laboratory reports of evidence analysis; information and documentation received from other government agencies; search warrants, summonses and subpoenas; and other information related to investigations. Personal data in the system may consist of names, social security numbers, addresses, dates of birth and death, fingerprints, handwriting samples, reports of confidential informants, physical identifying data, voiceprints, polygraph tests, photographs, and individual personnel and payroll information.
RECORD SOURCE CATEGORIES:
Subject individuals; individual complainants; witnesses; interviews conducted during investigations; Federal, state, tribal, and local government records; individual or company records; claim and payment files; employer medical records; insurance records; court records; articles from publications; financial data; bank information; telephone data; service providers; other law enforcement organizations; grantees and sub-grantees; contractors and subcontractors; pension plan sponsors and participants; and other sources.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
Information about covered individuals may be disclosed without consent as permitted by the Privacy Act of 1974, 5 U.S.C. 5 5 2a(b) and:
1. A record from this system may be disclosed to law enforcement in the event the record is connected to a violation or potential violation of law, whether civil, criminal, or regulatory in nature, and whether arising by general statute, regulation, rule, or order issued pursuant thereto. Such disclosure may be made to the appropriate agency, whether Federal, state, local, or tribal, or other public authority responsible for enforcing, investigating or prosecuting such violation or charged with enforcing or implementing the statute, or rule, regulation, or order issued pursuant thereto, if PBGC determines that the records are both relevant and necessary to any enforcement, regulatory, investigative or prospective responsibility of the receiving entity.
2. A record from this system of records may be disclosed to a Federal, state, tribal or local agency or to another public or private source maintaining civil, criminal, or other relevant enforcement information or other pertinent information if, and to the extent necessary, to obtain information relevant to a PBGC decision concerning the hiring or retention of an employee, the retention of a security clearance, or the letting of a contract.
3. A record from this system of records may be disclosed in a proceeding before a court or other adjudicative body in which PBGC, an employee of PBGC in his or her official capacity, an employee of PBGC in his or her individual capacity whom PBGC (or the Department of Justice (DOJ)) has agreed to represent is a party, or the United States or any other Federal agency is a party and PBGC determines that it has an interest in the proceeding, and if PBGC determines that the record is relevant and necessary to the litigation and that the use of the record is compatible with the purpose for which PBGC collected the information.
4. When PBGC, an employee of PBGC in his or her official capacity, or an employee of PBGC in his or her individual capacity whom PBGC (or DOJ) has agreed to represent is a party to a proceeding before a court or other adjudicative body, or the United States or any other Federal agency is a party and PBGC determines that it has an interest in the proceeding, a record from this system of records may be disclosed to DOJ if PBGC is consulting with DOJ regarding the proceeding or has decided that DOJ will represent PBGC, or its interest, in the proceeding and PBGC determines that the record is relevant and necessary to the litigation and that the use of the record is compatible with the purpose for which PBGC collected the information.
5. A record from this system of records may be disclosed to a congressional office in response to an inquiry from the congressional office made at the request of the individual.
6. A record from this system of records may be disclosed to appropriate agencies, entities, and persons when (1) PBGC suspects or has confirmed that there has been a breach of the system of records; (2) PBGC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, PBGC (including its information systems, programs and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with PBGC's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
7. To contractors, experts, consultants, and the agents thereof, and others performing or working on a contract, service, cooperative agreement, or other assignment for PBGC when necessary to accomplish an agency function. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to PBGC employees.
8. To the National Archives and Records Administration or to the General Services Administration for records management inspections conducted under 44 U.S.C. 2904 and 2906.
9. To any source from which information is requested in the course of processing a grievance, investigation, arbitration, or other litigation, to the extent necessary to identify the individual, inform the source of the purpose(s) of the request, and identify the type of information requested.
10. To disclose information to a Federal agency, in response to its request, in connection with hiring or retaining an employee, issuing a security clearance, conducting a security or suitability investigation of an individual, or classifying jobs, to the extent that the information is relevant and necessary to the requesting agency's decision on the matter.
11. To another federal agency or federal entity, when information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the agency (including its information systems, programs, and operations), the Federal Government, or national security. Start Printed Page 3439
12. A record relating to a person held in custody pending or during arraignment, trial, sentence, or extradition proceedings or after conviction may be disclosed to a Federal, state, local, tribal or foreign prison; probation, parole, or pardon authority; or any other agency or individual involved with the maintenance, transportation, or release of such a person.
13. A record relating to a case or matter may be disclosed to an actual or potential party or his or her attorney for the purpose of negotiation or discussion on such matters as settlement of the case or matter, plea bargaining, or informal discovery proceedings.
14. A record may be disclosed to any source, either private or governmental, when reasonably necessary to elicit information or obtain the cooperation of a witness or informant when conducting any official investigation or during a trial or hearing or when preparing for a trial or hearing.
15. A record relating to a case or matter may be disclosed to a foreign country, through the United States Department of State or directly to the representative of such country, under an international treaty, convention, or executive agreement; or to the extent necessary to assist the U.S. Department of State, law enforcement officials, and such country in apprehending or returning a fugitive to a jurisdiction that seeks that individual's return.
16. A record originating exclusively within this system of records may be disclosed to other Federal offices of inspectors general and councils comprising officials from other Federal offices of inspectors general, as required by the Inspector General Act of 1978, as amended. The purpose is to ensure that OIG investigative operations can be subject to integrity and efficiency peer reviews, and to permit other offices of inspectors general to investigate and report on allegations of misconduct by senior OIG officials as directed by a council, the President, or Congress. Records originating from any other PBGC systems of records, which may be duplicated in or incorporated into this system, also may be disclosed with all identifiable information redacted.
17. A record may be disclosed to the Department of the Treasury and the Department of Justice when the OIG seeks an ex parte court order to obtain taxpayer information from the Internal Revenue Service.
18. A record may be disclosed to any governmental, professional, or licensing authority when such record reflects on qualifications, either moral, educational or vocational, of an individual seeking to be licensed or to maintain a license.
19. A record may be disclosed to any direct or indirect recipient of Federal funds, e.g., a contractor, where such record reflects problems with the personnel working for a recipient, and disclosure of the record is made to permit a recipient to take corrective action beneficial to the Government.
20. A record may be disclosed where there is an indication of a violation or a potential violation of law, rule, regulation, or order whether civil, criminal, administrative or regulatory in nature, to the appropriate agency, whether Federal, state, tribal or local, or to a securities self-regulatory organization, charged with enforcing or implementing the statute, or rule, regulation, or order.
21. A record may be disclosed to Federal, state, tribal or local authorities in order to obtain information or records relevant to an Office of Inspector General investigation or inquiry.
22. A record may be disclosed to a bar association, state accountancy board, or other Federal, state, tribal, local, or foreign licensing or oversight authority; or professional association or self-regulatory authority to the extent that it performs similar functions (including the Public Company Accounting Oversight Board) for investigations or possible disciplinary action.
23. A record may be disclosed to inform complainants, victims, and witnesses of the results of an investigation or inquiry.
24. A record may be disclosed to the Department of Justice for the purpose of obtaining advice on investigatory matters or to refer information for the purpose of prosecution.
25. A record may be disclosed to contractors, interns and experts who have been engaged to assist in an OIG investigation or in the performance of a service related to this system of records and require access to these records for the purpose of assisting the OIG in the efficient administration of its duties. All recipients of these records will be required to comply with the requirements of the Privacy Act of 1974, as amended.
26. A record may be disclosed to the public when the matter under investigation has become public knowledge, or when the Inspector General determines that such disclosure is necessary to preserve confidence in the integrity of the OIG investigative process, to demonstrate the accountability of PBGC employees, or other individuals covered by this system, or when there exists a legitimate public interest, unless the Inspector General has determined that disclosure of specific information would constitute an unwarranted invasion of personal privacy.
27. A record to compare such records in other Federal agencies' systems of records or to non-Federal records.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained manually in paper and/or electronic form (including computer databases or discs). Records may also be maintained on back-up tapes, or on a PBGC or a contractor-hosted network.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records may be retrieved by any one or more of the following: name; social security number; subject category; or assigned case number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are maintained and destroyed in accordance with the National Archives and Record Administration's (NARA) Basic Laws and Authorities (44 U.S.C. 3301, et seq.) or a PBGC records disposition schedule approved by NARA. See General Record Schedule 4.2 Inspector General Item: 080. Records existing on paper are destroyed beyond recognition.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
PBGC has established security and privacy protocols that meet the required security and privacy standards issued by the National Institute of Standards and Technology (NIST). Records are maintained in a secure, password protected electronic system that utilizes security hardware and software to include multiple firewalls, active intruder detection, and role-based access controls. PBGC has adopted appropriate administrative, technical, and physical controls in accordance with PBGC's security program to protect the confidentiality, integrity, and availability of the information, and to ensure that records are not disclosed to or accessed by unauthorized individuals.
Electronic records are stored on computer networks, which may include cloud-based systems, and protected by controlled access with Personal Identity Verification (PIV) cards, assigning user accounts to individuals needing access to the records and by passwords set by authorized users that must be changed periodically.
RECORD ACCESS PROCEDURES:
This system is exempt from the notification and record access Start Printed Page 3440 requirements. However, consideration will be given to requests made in compliance with 29 CFR 4902.3 and 4902.4.
CONTESTING RECORD PROCEDURES:
This system is exempt from amendment requirements. However, consideration will be given to requests made in compliance with 29 CFR 4902.3 and 4902.5.
NOTIFICATION PROCEDURES:
This system is exempt from the notification requirements. However, consideration will be given to inquiries made in compliance with 29 CFR 4902.3.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
Pursuant to 5 U.S.C. 552a(j) and (k), PBGC has established regulations at 29 CFR 4902.11 that exempt records in this system depending on their purpose.
HISTORY:
PBGC—17, Inspector General Investigative File System (last published at 83 FR 6268 ( February 13, 2018)).
SYSTEM NAME AND NUMBER:
PBGC—28: Physical Security and Facility Access
SECURITY CLASSIFICATION:
Unclassified
SYSTEM LOCATION:
Pension Benefit Guaranty Corporation (PBGC), 445 12th Street SW, Washington, DC, 20024–2101.
SYSTEM MANAGER(S):
Director, Workplace Solutions Department, PBGC, 445 12th Street SW, Washington, DC, 20024–2101.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Executive Order 12977; 6 CFR part 37; Homeland Security Presidential Directive (HSPD) 12: Policy for a Common Identification Standard for Federal Employees and Contractors.
PURPOSE(S) OF THE SYSTEM:
The purpose of this system is to maintain information to allow PBGC to provide for its facilities: control of visitor, employee, and government contractor access; physical and operational security; and video surveillance. It can also be used to maintain information from issuing temporary facility access for employees and contractors who are not in possession of their Personal Identity Verification (PIV) card or office key.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Current PBGC employees, students, interns, government contractors, employees of other agencies, vendors, and other authorized visitors who access PBGC facilities.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system contains records relating to employee and government contractor access, visitor access, and facility security. This includes government Personal Identity Verification (PIV) cards, visitor, contractor, and employee access records, temporary access cards, biometric data, and video surveillance recordings. PIV card records include the following information: name, photo, type of access, employee affiliation, expiration date, activation date, credential serial number to include the full Card Holder Unique Identifier (CHUID), height, eye color, and hair color. Visitor access records include the following information: name, phone number, email address, digital photo, scan of government-issued photo identification, reason for visit, organization name, date and time of visit, floor visited, and temporary visitor badge number or barcode. Employee access records include date and time of room or facility access and fingerprint or other biometric data.
RECORD SOURCE CATEGORIES:
Subject individuals, employees, visitors, contractors, vendors, and others visiting PBGC facilities.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
Information about covered individuals may be disclosed without consent as permitted by the Privacy Act of 1974, 5 U.S.C. 5 5 2a(b), and:
1. A record from this system may be disclosed to law enforcement in the event the record is connected to a violation or potential violation of law, whether civil, criminal or regulatory in nature, and whether arising by general statute, regulation, rule, or order issued pursuant thereto. Such disclosure may be made to the appropriate agency, whether Federal, state, local, or tribal, or other public authority responsible for enforcing, investigating or prosecuting such violation or charged with enforcing or implementing the statute, or rule, regulation, or order issued pursuant thereto, if PBGC determines that the records are both relevant and necessary to any enforcement, regulatory, investigative or prospective responsibility of the receiving entity.
2. A record from this system of records may be disclosed to a Federal, state, tribal or local agency or to another public or private source maintaining civil, criminal, or other relevant enforcement information or other pertinent information if, and to the extent necessary, to obtain information relevant to a PBGC decision concerning the hiring or retention of an employee, the retention of a security clearance, or the letting of a contract.
3. With the approval of the Director, Human Resources Department (or his or her designee), the fact that this system of records includes information relevant to a Federal agency's decision in connection with the hiring or retention of an employee, the retention of a security clearance, the letting of a contract, or the issuance of a license, grant, or other benefit may be disclosed to that Federal agency.
4. A record from this system of records may be disclosed in a proceeding before a court or other adjudicative body in which PBGC, an employee of PBGC in his or her official capacity, an employee of PBGC in his or her individual capacity whom PBGC (or the Department of Justice (DOJ)) has agreed to represent is a party, or the United States or any other Federal agency is a party and PBGC determines that it has an interest in the proceeding, and if PBGC determines that the record is relevant and necessary to the litigation and that the use of the record is compatible with the purpose for which PBGC collected the information.
5. When PBGC, an employee of PBGC in his or her official capacity, or an employee of PBGC in his or her individual capacity whom PBGC (or DOJ) has agreed to represent is a party to a proceeding before a court or other adjudicative body, or the United States or any other Federal agency is a party and PBGC determines that it has an interest in the proceeding, a record from this system of records may be disclosed to DOJ if PBGC is consulting with DOJ regarding the proceeding or has decided that DOJ will represent PBGC, or its interest, in the proceeding and PBGC determines that the record is relevant and necessary to the litigation and that the use of the record is compatible with the purpose for which PBGC collected the information.
6. A record from this system of records may be disclosed to a congressional office in response to an inquiry from the congressional office made at the request of the individual.
7. A record from this system of records may be disclosed to an official of a labor organization recognized under 5 U.S.C. ch. 71 when necessary for the labor organization to properly perform its duties as the collective bargaining representative of PBGC employees in the bargaining unit. Start Printed Page 3441
8. A record from this system of records may be disclosed to appropriate agencies, entities, and persons when (1) PBGC suspects or has confirmed that there has been a breach of the system of records; (2) PBGC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, PBGC (including its information systems, programs and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with PBGC's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
9. To contractors, experts, consultants, and the agents thereof, and others performing or working on a contract, service, cooperative agreement, or other assignment for PBGC when necessary to accomplish an agency function. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to PBGC employees.
10. To the National Archives and Records Administration or to the General Services Administration for records management inspections conducted under 44 U.S.C. 2904 and 2906.
11. To any source from which information is requested in the course of processing a grievance, investigation, arbitration, or other litigation, to the extent necessary to identify the individual, inform the source of the purpose(s) of the request, and identify the type of information requested.
12. Records from this system may be disclosed to a third party for purposes of providing access to facilities leased by PBGC or on PBGC's behalf.
13. To another Federal agency or non-Federal entity to compare such records in the agency's system of records or to non-Federal records in coordination with the Office of Inspector General conducting an audit, investigation, inspection, or some other review as authorized by the Inspector General Act, as amended.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained manually in paper and/or electronic form (including computer databases or discs). Records may also be maintained on back-up tapes, or on a PBGC or a third-party physical access control system.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrieved by any one of the following: employee or contractor name, PIV card number, temporary access card number, access clearance, key number, key removal date and time, visitor name, date and time of visit, organization, name of PBGC personnel escorting the visitor, visitor badge number, and reason for visit.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are maintained and destroyed in accordance with the National Archives and Record Administration's (NARA) Basic Laws and Authorities (44 U.S.C. 3301, et seq.) or a PBGC records disposition schedule approved by NARA. Records existing on paper are destroyed beyond recognition. Records existing on computer storage media are destroyed according to the applicable PBGC media practice for physical security and access control systems and will be maintained in accordance with General Records Schedule 5.6 Security Records Items: 010, 021, 100, 111, 120, 121, 130, and 240.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
PBGC has established security and privacy protocols that meet the required security and privacy standards issued by the National Institute of Standards and Technology (NIST). Records are maintained in a secure, password protected electronic system that utilizes security hardware and software to include multiple firewalls, active intruder detection, and role-based access controls. PBGC has adopted appropriate administrative, technical, and physical controls in accordance with PBGC's security program to protect the confidentiality, integrity, and availability of the information, and to ensure that records are not disclosed to or accessed by unauthorized individuals.
Electronic records are stored on computer networks, which may include cloud-based systems, and protected by controlled access with PIV cards, assigning user accounts to individuals needing access to the records and by passwords set by authorized users that must be changed periodically.
RECORD ACCESS PROCEDURES:
Individuals, or third parties with written authorization from the individual, wishing to request access to their records in accordance with 29 CFR 4902.4, should submit a written request to the Disclosure Officer, PBGC, 445 12th Street SW, Washington, DC, 20024–2101, or by emailing disclosure@pbgc.gov, providing their name, address, date of birth, and verification of their identity in accordance with 29 CFR 4902.3(c).
CONTESTING RECORD PROCEDURES:
Individuals, or third parties with written authorization from the individual, wishing to amend their records must submit a written request, in accordance with 29 CFR 4902.5, identifying the information they wish to correct in their file, following the requirements of Record Access Procedure above.
NOTIFICATION PROCEDURES:
Individuals, or third parties with written authorization from the individual, wishing to learn whether this system of records contains information about them should submit a written request to the Disclosure Officer, PBGC, 445 12th Street SW, Washington, DC, 20024–2101, or by emailing disclosure@pbgc.gov, providing their name, address, date of birth, and verification of their identity in accordance with 29 CFR 4902.3(c).
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
PBGC—28, Physical Security and Facility Access (last published at 87 FR 4668 (Jan. 28,2022)).
SYSTEM NAME AND NUMBER:
PBGC–30: Surveys and Complaints—PBGC
SECURITY CLASSIFICATION:
Unclassified
SYSTEM LOCATION:
Pension Benefit Guaranty Corporation (PBGC), 445 12th Street SW, Washington, DC 20024–2101. (Records may be kept at an additional location of the commercial service provider of Qualtrics, 333 W. River Park Drive Provo, UT 84604, in the Amazon Web Services Government Commercial Cloud).
SYSTEM MANAGER(S):
Office of the General Counsel (OGC), PBGC, 445 12th Street SW, Washington, DC, 20024–2101.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
29 U.S.C. 1055, 1056(d)(3), 1302, 1303, 1310, 1321, 1322a, 1341, 1342, 1343, 1350; 1431, and 1432; 5 U.S.C. 301; 44 U.S.C. 3101 et seq.
PURPOSE(S) OF THE SYSTEM:
The purpose of this system of records is for all departments at PBGC to elicit Start Printed Page 3442 feedback through surveys and respond to complaints PBGC receives from communications contained within them. This includes a process for tracking, receiving, and responding to surveys, complaints, concerns, or questions from individuals about the organizational security and privacy practices. Names, addresses, and telephone numbers are used to survey customers to measure their satisfaction with PBGC's services and to track (for follow-up) those who do not respond to surveys. De-identified, aggregated information from this system may be used for research and statistical purposes.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals who access a website operated by or on behalf of PBGC; and individuals who are the subject of or are otherwise connected to an inquiry, investigation, or complaint concerning PBGC's privacy or cybersecurity programs.
CATEGORIES OF RECORDS IN THE SYSTEM:
Responses to individual survey questions or complaint forms; IP addresses; cookies (session and persistent); email communications; and information pertaining to the individual's complaint such as their name, email address, phone number, and details about their experience using a PBGC website or their complaint.
RECORD SOURCE CATEGORIES:
Subject individuals; pension plan participants, sponsors, administrators and third parties; current and former employees or contractors.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
Information about covered individuals may be disclosed without consent as permitted by the Privacy Act of 1974, 5 U.S.C. 552a(b), and:
1. A record from this system may be disclosed to law enforcement in the event the record is connected to a violation or potential violation of law, whether civil, criminal, or regulatory in nature, and whether arising by general statute, regulation, rule, or order issued pursuant thereto. Such disclosure may be made to the appropriate agency, whether Federal, state, local, or tribal, or other public authority responsible for enforcing, investigating or prosecuting such violation or charged with enforcing or implementing the statute, or rule, regulation, or order issued pursuant thereto, if PBGC determines that the records are both relevant and necessary to any enforcement, regulatory, investigative or prospective responsibility of the receiving entity.
2. A record from this system of records may be disclosed to a Federal, state, tribal or local agency or to another public or private source maintaining civil, criminal, or other relevant enforcement information or other pertinent information if, and to the extent necessary, to obtain information relevant to a PBGC decision concerning the hiring or retention of an employee, the retention of a security clearance, or the letting of a contract.
3. A record from this system of records may be disclosed in a proceeding before a court or other adjudicative body in which PBGC, an employee of PBGC in his or her official capacity, an employee of PBGC in his or her individual capacity whom PBGC (or the Department of Justice (DOJ)) has agreed to represent is a party, or the United States or any other Federal agency is a party and PBGC determines that it has an interest in the proceeding, and if PBGC determines that the record is relevant and necessary to the litigation and that the use of the record is compatible with the purpose for which PBGC collected the information.
4. When PBGC, an employee of PBGC in his or her official capacity, or an employee of PBGC in his or her individual capacity whom PBGC (or DOJ) has agreed to represent is a party to a proceeding before a court or other adjudicative body, or the United States or any other Federal agency is a party and PBGC determines that it has an interest in the proceeding, a record from this system of records may be disclosed to DOJ if PBGC is consulting with DOJ regarding the proceeding or has decided that DOJ will represent PBGC, or its interest, in the proceeding and PBGC determines that the record is relevant and necessary to the litigation and that the use of the record is compatible with the purpose for which PBGC collected the information.
5. A record from this system of records may be disclosed to OMB in connection with the review of private relief legislation as set forth in OMB Circular No. A–19 at any stage of the legislative coordination and clearance process as set forth in that Circular.
6. A record from this system of records may be disclosed to a congressional office in response to an inquiry from the congressional office made at the request of the individual.
7. A record from this system of records may be disclosed to an official of a labor organization recognized under 5 U.S.C. ch. 71 when necessary for the labor organization to properly perform its duties as the collective bargaining representative of PBGC employees in the bargaining unit.
8. A record from this system of records may be disclosed to appropriate agencies, entities, and persons when (1) PBGC suspects or has confirmed that there has been a breach of the system of records; (2) PBGC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, PBGC (including its information systems, programs and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with PBGC's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
9. To contractors, experts, consultants, and the agents thereof, and others performing or working on a contract, service, cooperative agreement, or other assignment for PBGC when necessary to accomplish an agency function. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to PBGC employees.
10. To the National Archives and Records Administration or to the General Services Administration for records management inspections conducted under 44 U.S.C. 2904 and 2906.
11. To any source from which information is requested in the course of processing a grievance, investigation, arbitration, or other litigation, to the extent necessary to identify the individual, inform the source of the purpose(s) of the request, and identify the type of information requested.
12. To Another Agency or Non-Federal Entity in Connection with an OIG Audit, Investigation, or Inspection: To another Federal agency or non-Federal entity to compare such records in the agency's system of records or to non-Federal records in coordination with the Office of Inspector General conducting an audit, investigation, inspection, or some other review as authorized by the Inspector General Act, as amended.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained in electronic databases. Records may also be maintained on back-up tapes, or on a PBGC or a contractor-hosted network.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Indexing surveys and complaints will be determined by individual system Start Printed Page 3443 implementations, but records are generally indexed by a generic, sequential survey or complaint record identifier. Records may be indexed by a combination of survey responses and contact information that is voluntarily provided through the survey or complaint form.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are maintained and destroyed in accordance with the National Archives and Record Administration's (NARA) Basic Laws and Authorities (44 U.S.C. 3301, et seq.) or a PBGC records disposition schedule approved by NARA. Records existing on paper are destroyed beyond recognition. Records existing on computer storage media are destroyed according to the applicable PBGC media practice for systems that leverage this SORN and will be maintained in accordance with PBGC Records Schedule. See General Records Schedule (GRS) Items 6.5.010 and 6.5.020: Public Customer Service Records; See also GRS 6.5.010: Complaints-Customer Service; see also GRS Items 4.2.06; Privacy complaint files. See also PBGC Records Schedule Item 1.2: Administrative Records—Privacy Act.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
PBGC has established security and privacy protocols that meet the required security and privacy standards issued by the National Institute of Standards and Technology (NIST). Records are maintained in a secure, password protected electronic system that utilizes security hardware and software to include multiple firewalls, active intruder detection, and role-based access controls. PBGC has adopted appropriate administrative, technical, and physical controls in accordance with PBGC's security program to protect the confidentiality, integrity, and availability of the information, and to ensure that records are not disclosed to or accessed by unauthorized individuals. Paper records are kept in file folders in areas of restricted access that are locked after office hours.
Electronic records are stored on computer networks, which may include cloud-based systems, and protected by controlled access with Personal Identity Verification (PIV) cards, assigning user accounts to individuals needing access to the records and by passwords set by authorized users that must be changed periodically. Further, for certain systems covered by this notice, heightened security access is required. Such access is granted by the specific permissions group assigned to monitor that particular system and only authorized employees of the agency may retrieve, review or modify those records.
RECORD ACCESS PROCEDURES:
Individuals, or third parties with written authorization from the individual, wishing to request access to their records in accordance with 29 CFR 4902.4, should submit a written request to the Disclosure Officer, PBGC, 445 12th Street SW, Washington, DC 20024–2101, or by emailing disclosure@pbgc.gov, providing their name, address, date of birth, and verification of their identity in accordance with 29 CFR 4902.3(c).
CONTESTING RECORD PROCEDURES:
Individuals, or third parties with written authorization from the individual, wishing to amend their records must submit a written request, in accordance with 29 CFR 4902.5, identifying the information they wish to correct in their file, in addition to following the requirements of the Record Access Procedure above.
NOTIFICATION PROCEDURES:
Individuals, or third parties with written authorization from the individual, wishing to learn whether this system of records contains information about them should submit a written request to the Disclosure Officer, PBGC, 445 12th Street SW, Washington, DC 20024–2101, or by emailing disclosure@pbgc.gov, providing their name, address, date of birth, and verification of their identity in accordance with 29 CFR 4902.3(c).
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
End Supplemental Information[FR Doc. 2024–00859 Filed 1–17–24; 8:45 am]
BILLING CODE 7709–02–P
Document Information
- Effective Date:
- 2/20/2024
- Published:
- 01/18/2024
- Department:
- Pension Benefit Guaranty Corporation
- Entry Type:
- Notice
- Action:
- Notice of modified systems of records; notice of a new system of records.
- Document Number:
- 2024-00859
- Dates:
- Comments must be received on or before February 20, 2024 to be assured of consideration. The new systems of records described herein will become effective February 20, 2024, without further notice, unless comments result in a contrary determination and a notice is published to that effect.
- Pages:
- 3436-3443 (8 pages)
- PDF File:
- 2024-00859.pdf