2024-11249. Privacy Act of 1974; System of Records  

  • Start Preamble

    AGENCY:

    Federal Energy Regulatory Commission (FERC), DOE.

    ACTION:

    Notice of a modified system of records.

    SUMMARY:

    In accordance with the Privacy Act of 1974, all agencies are required to publish in the Federal Register a notice of their systems of records. Notice is hereby given that the Federal Energy Regulatory Commission (FERC) is publishing a notice of modifications to an existing FERC system of records titled “Financial Management Records (FERC-56)” previously titled “PeopleSoft Financials (FERC-56)”.

    DATES:

    Comments on this modified system of records must be received no later than 30 days after date of publication in the Federal Register . If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by FERC, the modified system of records will become effective a minimum of 30 days after date of publication in the Federal Register . If FERC receives public comments, FERC shall review the comments to determine whether any changes to the notice are necessary.

    ADDRESSES:

    Comments may be submitted in writing to Federal Energy Regulatory Commission, 888 First Street NE, Washington, DC 20426, or electronically to privacy@ferc.gov. Comments should indicate that they are submitted in response to “Financial Management Records (FERC-56).”

    Start Further Info

    FOR FURTHER INFORMATION CONTACT:

    Mittal Desai, Chief Information Officer & Senior Agency Official for Privacy, Office of the Executive Director, Federal Energy Regulatory Commission, 888 First Street NE, Washington, DC 20426, (202) 502-6432.

    End Further Info End Preamble Start Supplemental Information

    SUPPLEMENTARY INFORMATION:

    In accordance with the Privacy Act of 1974, and to comply with the Office of Start Printed Page 44971 Management and Budget (OMB) Memorandum M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information, January 3, 2017, this notice has fourteen (14) routine uses, including two new routine uses that will permit FERC to disclose information as necessary in response to an actual or suspected breach that pertains to a breach of its own records or to assist another agency in its efforts to respond to a breach that was previously published separately at 87 FR 35543 (June 10, 2022).

    The following sections have been updated to reflect changes made since the publication of the last notice in the Federal Register : dates; addresses; system name; system location; authority for maintenance of the system; purpose of the system; categories of individuals covered by the system; categories of records in the system; record source categories; routine uses of records maintained in the system, including categories of users and the purpose of such; policies and practices for storage of records; policies and practices for retrieval of records; policies and practices for retention and disposal of records; administrative, technical, and physical safeguards; records access procedures; contesting records procedures; notification procedures; and history.

    SYSTEM NAME AND NUMBER:

    Financial Management Records (FERC-56).

    SECURITY CLASSIFICATION:

    Unclassified.

    SYSTEM LOCATION:

    Federal Energy Regulatory Commission, Office of the Executive Director, Financial Information Technology and Travel Division, 888 First Street NE, Washington, DC 20426.

    Third-Party Service Provider: Accenture Federal Services, 800 N Glebe Rd., #300, Arlington, VA 22203.

    SYSTEM MANAGER(S):

    System Manager/Project Manager, Federal Energy Regulatory Commission, Office of the Executive Director, Financial Information Technology and Travel Division, 888 First Street NE, Washington, DC 20426.

    AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

    31 U.S.C. 3511, 31 U.S.C. 3512(b).

    PURPOSE(S) OF THE SYSTEM:

    The main purpose of the system is to provide the official financial management capability for FERC to account for and control appropriated resources and to maintain accounting and financial information associated with the normal operation of a U.S. government organization. The purposes of the system include, but are not limited to: (1) to make authorized payments for goods and services to companies or individuals doing business with FERC; (2) to make authorized reimbursement payments to an employee; (3) to prepare Internal Revenue Service tax reports; and (4) to account for regulatory fees owed to FERC. The system is also used to provide the Commission with advanced analytics and dashboard reports for financial, Human Resource, and payroll data.

    CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

    The categories of individuals on whom records are maintained in the system of records are salaried employees, non-salaried employees, current employees, former employees, vendors, consultants, legal representatives, and representatives of regulated entities.

    CATEGORIES OF RECORDS IN THE SYSTEM:

    The categories of records maintained in the system of records include: financial and payroll records on current and former employees, such as name, Social Security Numbers (SSNs)/Taxpayer Identification Numbers (TINs), home addresses, bank account number, credit card numbers, invoices, travel request and reimbursement forms, claims for reimbursement, claims based on a legal settlement, and employee identifier. The system of records also contains financial records on vendors, consultants, legal representatives, as part of a contract or reimbursement claim, which include names, home or business addresses, vendor IDs, SSNs/TINs, bank account numbers for electronic fund transfer of payments, invoices, supplier or vendor ID, and claims for reimbursement.

    RECORD SOURCE CATEGORIES:

    Information is obtained from current and former employees seeking reimbursement from FERC for expenses incurred while on official travel or for training; current and former employees for the payment of legal settlements; vendors and individual points of contact for a vendor seeking reimbursement for goods or services provided to FERC; and from assessment performed related to collecting receivables for FERC. Information is obtained through an integration with FERC's payroll provider that transmits payroll records for the purpose of generating a financial payroll journal entry.

    ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

    In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, information maintained in this system may be disclosed to authorized entities outside FERC for purposes determined to be relevant and necessary as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

    1. To appropriate agencies, entities, and persons when (1) FERC suspects or has confirmed that there has been a breach of the system of records; (2) FERC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Commission (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Commission's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

    2. To another Federal agency or Federal entity, when FERC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach; or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

    3. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of that individual.

    4. To the Equal Employment Opportunity Commission (EEOC) when requested in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or other functions of the Commission as authorized by law or regulation.

    5. To the Federal Labor Relations Authority or its General Counsel when requested in connection with investigations of allegations of unfair labor practices or matters before the Federal Service Impasses Panel.

    6. To disclose information to another Federal agency, to a court, or a party in litigation before a court or in an administrative proceeding being Start Printed Page 44972 conducted by a Federal agency, when the Government is a party to the judicial or administrative proceeding. In those cases where the Government is not a party to the proceeding, records may be disclosed if a subpoena has been signed by a judge.

    7. To the Department of Justice (DOJ) for its use in providing legal advice to FERC or in representing FERC in a proceeding before a court, adjudicative body, or other administrative body, where the use of such information by the DOJ is deemed by FERC to be relevant and necessary to the advice or proceeding, and such proceeding names as a party in interest: (a) FERC; (b) any employee of FERC in his or her official capacity; (c) any employee of FERC in his or her individual capacity where DOJ has agreed to represent the employee; or (d) the United States, where FERC determines that litigation is likely to affect FERC or any of its components.

    8. To non-Federal Personnel, such as contractors, agents, or other authorized individuals performing work on a contract, service, cooperative agreement, job, or other activity on behalf of FERC or Federal Government and who have a need to access the information in the performance of their duties or activities.

    9. To the National Archives and Records Administration in records management inspections and its role as Archivist.

    10. To the Merit Systems Protection Board or the Board's Office of the Special Counsel, when relevant information is requested in connection with appeals, special studies of the civil service and other merit systems, review of OPM rules and regulations, and investigations of alleged or possible prohibited personnel practices.

    11. To appropriate Federal, State, or local agency responsible for investigating, prosecuting, enforcing, or implementing a statute, rule, regulation, or order, if the information may be relevant to a potential violation of civil or criminal law, rule, regulation, order.

    12. To appropriate agencies, entities, and person(s) that are a party to a dispute, when FERC determines that information from this system of records is reasonably necessary for the recipient to assist with the resolution of the dispute; the name, address, telephone number, email address, and affiliation; of the agency, entity, and/or person(s) seeking and/or participating in dispute resolution services, where appropriate.

    13. To the Department of Treasury to issue authorized payments to companies and individuals or to issue authorized reimbursement payments to employees.

    14. To the Internal Revenue Service (IRS) and companies or individuals who have received qualifying payments during the tax year as recipients of IRS-1099 reporting.

    POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

    Records are stored electronically on a FedRAMP-authorized cloud service provider, and on a FedRAMP-authorized SharePoint site and shared drive. Files are zipped and encrypted after processing. In addition, all FERC employees and contractors with authorized access have undergone a thorough background security investigation. Data access is restricted to agency personnel or contractors whose responsibilities require access. Access to electronic records is controlled by the organization's Single Sign-On and Multi-Factor Authentication Solution. Role based access is used to restrict electronic data access and the organization employs the principle of least privilege, allowing only authorized users with access (or processes acting on behalf of users) necessary to accomplish assigned tasks in accordance with organizational missions and business functions.

    POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

    Records may be retrieved by name of employee or name of vendor, and vendor or supplier ID (system unique) for both employees and vendors.

    POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

    Records are retained in accordance with the applicable National Archives and Records Administration (NARA) schedules, General Records Schedules as follows:

    General Records Schedule (GRS) 1.1: Financial Management and Reporting Records. Item 010: Disposition Authority: DAA-GRS-2016-0013-0001. Temporary. Destroy when 3 years old, but longer retention is authorized if needed for business use.

    General Records Schedule (GRS) 1.1: Financial Management and Reporting Records. Item 011: Disposition Authority: DAA-GRS-2013-0003-0002. Temporary. Destroy when business use ceases, but longer retention is authorized if needed for business use.

    General Records Schedule (GRS) 5.2: Transitory and Intermediary Records. Item 020: Disposition Authority: DAA-GRS-2022-0009-0002. Temporary. Destroy upon creation or update of the final record, or when no longer needed for business use, whichever is later.

    ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

    See Policies and Practices for Storage of Records.

    RECORD ACCESS PROCEDURES:

    Individuals requesting access to the contents of records must submit a request through the Freedom of Information Act (FOIA) office. The FOIA website is located at: https://www.ferc.gov/​foia. Requests may be submitted through the following portal: https://www.ferc.gov/​enforcement-legal/​foia/​electronic-foia-privacy-act-request-form. Written requests for access to records should be directed to: Director, Office of External Affair, Federal Energy Regulatory Commission, 888 First Street NE, Washington, DC 20426.

    CONTESTING RECORD PROCEDURES:

    See Records Access Procedures.

    NOTIFICATION PROCEDURES:

    Generalized notice is provided by the publication of this notice. For specific notice, see Records Access Procedures, above.

    EXEMPTIONS PROMULGATED FOR THE SYSTEM:

    None.

    HISTORY:

    74 FR 48530 (September 23, 2009), 87 FR 2777 (January 19, 2022)

    Start Signature

    Dated: May 16, 2024.

    Debbie-Anne A. Reese,

    Acting Secretary.

    End Signature End Supplemental Information

    [FR Doc. 2024-11249 Filed 5-21-24; 8:45 am]

    BILLING CODE 6717-01-P