2021-06152. Implementing the Privacy Act of 1974  

  • Start Preamble

    AGENCY:

    Federal Communications Commission.

    ACTION:

    Proposed rule.

    SUMMARY:

    In this document, the Federal Communications Commission (Commission) seeks comment on revisions to the Commission's rules implementing the Privacy Act of 1974. To evolve with developments in the law and the directives from governmental bodies, the Commission proposes to update and improve its privacy rules.

    DATES:

    Comments due on May 5, 2021; reply comments due on June 4, 2021.

    ADDRESSES:

    You may submit comments, identified by GN Docket No 21-79, by any of the following methods:

    Federal Communications Commission's Website: https://www.fcc.gov/​ecfs/​. Follow the instructions for submitting comments.

    People With Disabilities: Contact the FCC to request reasonable accommodations (accessible format documents, sign language interpreters, CART, etc.) by email: FCC504@fcc.gov or phone: 202-418-0530 or TTY: 202-418-0432.

    Start Further Info

    FOR FURTHER INFORMATION CONTACT:

    Bahareh Moradi, Office of General Counsel, at Bahareh.Moradi@fcc.gov or 202-418-1700.

    End Further Info End Preamble Start Supplemental Information

    SUPPLEMENTARY INFORMATION:

    This is a summary of the Commission's Notice of Proposed Rulemaking in GN Docket No. 21-79; FCC 21-30, adopted on March 3, 2021, and released on March 4, 2021. The complete text of this document can be located on the FCC website at https://docs.fcc.gov/​public/​attachments/​FCC-21-30A1.pdf.

    Synopsis

    1. We propose revisions to the current rules to reflect amendments to the Privacy Act, Federal case law, OMB guidance, and the FCC's current practices. Most notably, we propose amendments to our rules that will update them to account for the developments described above. Because these changes are scattered throughout our current Privacy Act rules, we proceed to discuss each change in this section in the order that the change appears in our revised rules.

    A. Section 0.551—Purpose and Scope: Definitions

    2. We first propose several updates to the purpose and definition provisions of the Commission's Privacy Act Rules, which are currently codified in § 0.551. The current text states, in part, that the purpose of the subpart is to implement the Privacy Act, and “to protect the rights of the individual in the accuracy and privacy of information concerning him which is contained in Commission records.” To clarify our rules, we propose a more concrete and descriptive statement of purpose. Our proposed amendment would explain that the purpose of the subpart is to establish procedures that individuals may follow to exercise their right to access and request amendment of their records under the Privacy Act.

    3. We also propose several updates to § 0.551(b), which defines the terms “Individual,” “Record,” “System of Records,” “Routine Use,” and “System Manager.” We propose to amend the definition of “System of Records,” which is currently defined as “a group of records under the control of the Commission from which information is retrievable by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual,” to add the word “any” before “records under the control of the Commission.” In addition to more closely matching the statutory language, we believe that this change may better signal to the public the broad category of records that requesters may seek.

    4. Current rules define “System Manager” as “the Commission official responsible for the storage, maintenance, safekeeping, and disposal of a system of records.” To conform this definition with the Commission's current practices and terminology, we Start Printed Page 17576propose to replace the term with “Privacy Analyst.” Under current practices, all Privacy Act requests submitted to the FCC are handled in the first instance by a Privacy Analyst in the Office of General Counsel, rather than by the managers or owners of any particular system of records. A Privacy Analyst coordinates with the system owner to search for, collect, and then produce responsive records. The Privacy Analyst serves as the interface between Privacy Act requesters and the Commission, and generally signs correspondence related to Privacy Act requests. Our proposed amendment would formalize that role in our rules, defining the “Privacy Analyst” as a Commission official responsible for processing and responding to requests by individuals to be notified of, to access, or to amend records pertaining to them that are maintained in the FCC's systems of records.

    5. Finally, we propose adding a new paragraph defining the position of the Commission's Senior Agency Official for Privacy. Following a requirement that became law as part of the Consolidated Appropriations Act of 2005, OMB required agencies to identify to OMB “the senior official who has the overall agency-wide responsibility for information privacy issues.” Following Executive Order 13719, OMB updated and broadened the responsibilities of the Senior Agency Official for Privacy in 2016 guidance. Consistent with this requirement, the FCC has designated a Senior Agency Official for Privacy since 2005. We seek comment on these definitional changes.

    B. Sections 0.552—Notices Identifying Commission Systems of Records and 0.553—New Uses of Information

    6. We next propose to update and streamline the Commission's rule requiring the publication of a “system of records notice” and the Commission's rule about the publication of each new routine use of an existing system of records. Our proposals reflect guidance issued by OMB following the passage of the Privacy Act, and streamline the rules in a manner that provides the Commission greater flexibility to adjust its practices consistent with evolving governmentwide practice, while still ensuring that the Commission adheres to the Privacy Act's requirement that the Commission notify the public of the establishment of and updates to its systems of records.

    7. The current rule under § 0.552 explains how the Commission complies with the Privacy Act's requirement that agencies publish “a notice of the existence and character” of their systems of records. The rule recites the statutorily required elements of such a notice, including the routine uses for the information within the system of records, as well as the Act's requirement that an agency publish notices in the Federal Register. We note that the Act does not require agencies to issue rules parroting the statutory requirement, as the Commission's current rule does, and that OMB has since updated guidance further clarifying the elements required in a system of records notice, including the enumerated routine uses. For example, OMB guidance requires federal agencies to follow specific templates for new, modified, or rescinded systems of records notices that our outdated rules do not describe.

    8. Section 0.553 of the rules describes the procedure the Commission follows to publish a new routine use of an existing system of records. Under the Act, an agency can define certain “routine use[s]” of information such that disclosure of a record may be made without the consent of the data subject. To be permissible, a routine use must be compatible with the purpose for which a record was collected, and must be published in a system of records notice with a 30-day comment period. The current Commission rule contemplates publishing a standalone notice of only the new routine use, rather than republishing the entire notice along with a description of the routine use. In current practice, however, when the Commission makes significant changes to its published system of records notices (such as adding one or more routine uses), it re-publishes for comment the entire notice, not just the revised portion containing the changes, and highlights the changes so that they may easily be recognized by the public. This makes it easier for the public to understand what changes the Commission is taking. This approach is also consistent with current OMB guidance; in Circular A-108, agencies are “strongly encouraged to publish all routine uses applicable to a system of records in a single Federal Register notice for that system.”

    9. Because OMB's updated guidance seems to make stale the procedures recited in our rules, and because it is unnecessary for the Commission to codify these statutory requirements, we propose to combine these two sections into a single rule stating simply that upon establishment, rescission, or revision of a system of records, including the establishment of a new routine use of a system of records, the Commission will publish in the Federal Register the notice required by 5 U.S.C. 552a(e). The proposed rule would therefore alert the public to the existence of system of records notices but would not prescribe the elements of a notice. At best, codifying a description of the requirements of a notice that may become outdated or incomplete seems to be unnecessary under the Privacy Act, and to otherwise serve little purpose, given that the obligation to publish these notices rests on the Commission, and not the public. At worst, codifying these requirements is misleading, insofar as governmentwide guidance on the required elements of a system of records notice may evolve more quickly than the Commission's rules reciting these requirements. We seek comment on this proposal. Is there any utility to retaining the detail regarding system of records notices included in the current text of our rules that outweigh the arguments for streamlining? Alternatively, would a better approach be to delete and reserve §§ 0.552 and 0.553 entirely?

    C. Section 0.554—Requests for Notification of and Access to Records

    10. We propose several changes to the Commission's Privacy Act rules describing the process individuals should follow to determine whether the Commission is holding information about them in its systems of records. To begin with, we propose to amend the title of this section from the current “Procedures for requests pertaining to individual records in a system of records,” to “Requests for notification of and access to records.” The proposed amended title of the section would more clearly signify that the procedures in this subsection effectuate individuals' ability to ascertain what information the Commission possesses about themselves, a right they are given in subsection (d)(1) of the Act. We also propose deleting obsolete references to the annual report agencies were required to publish under the original Privacy Act law and to an alphabetical listing of agency system of records notices.

    11. Under current Commission practice, all requests are routed to a Privacy Analyst, who directs requesters to the list of system of records notices on the Commission's website in the event that the request does not identify the relevant system(s) of records.[1] We propose adding a sentence clarifying that a proper request must identify the system(s) of records to be searched.

    Start Printed Page 17577

    12. We also propose modifying how an individual may verify their identity when requesting access to records. Currently, paragraph (b)(1) requires an individual requesting access to records to verify their identity by submitting two of the following forms of identification: Social Security card; driver's license; employee identification card; Medicare card; birth certificate; bank credit card; or similar form of identification. This requirement seems inconsistent with recent OMB guidance explaining that while “agencies may customize the [personally identifiable information (PII)] required by their access and consent forms [to verify identity for access to or consent to disclose records] in accordance with applicable law and policy requirements and assessment of privacy risks,” “agencies shall accept [access or consent forms [developed by OMB] from individuals,” and “limit the collection of PII to the minimum that is directly relevant and necessary.” Therefore, we seek comment on deleting the requirement for requesters to provide two forms of identification and allowing individuals to verify their identity by submitting an Identity Affirmation form, based on the template provided by OMB. The Privacy Analyst reviewing the request would be responsible for determining whether the form has been properly completed before any disclosure is made. Would relying on an Identity Affirmation form increase the risk of fraudulent requests? We note that the Commission could safeguard against such fraud, while minimizing the Commission's collection of PII, by requiring that the Identify Affirmation form be notarized. We request comment on requiring that the Identity Affirmation form be notarized in lieu of the Commission collecting identification documentation from requesters.

    13. We also propose making the Privacy Act request submission process consistent with the submission process established in the Commission's most recent revision of the Freedom of Information Act (FOIA) rules. In current practice, the Commission receives almost all of its Privacy Act requests through its FOIAOnline web portal. Both Congress and Federal courts have acknowledged that the access provisions of the FOIA and the Privacy Act are somewhat overlapping. Congress amended subsection (t) of the Privacy Act in 1984 to clarify that agencies cannot use FOIA exemptions to deny access to records requesters have access to under the Privacy Act, or vice versa. Likewise, DOJ published a comprehensive analysis of the legislative history and judicial precedent on this question, which concluded that “[a]n individual's access request for his own record maintained in a system of records should be processed under both the Privacy Act and the FOIA, regardless of the statute(s) cited.” We find persuasive DOJ's Privacy Act analysis, and believe that a best practice would be to structure our process to ensure that any requester can efficiently get the benefits of both statutes. For example, it may be appropriate to process parts of a request under the Privacy Act and parts of it under the FOIA. We seek comment on this interpretation.

    14. Finally, we propose updates to paragraphs (c) and (d) of this section. Paragraph (c) currently requires individuals to deliver their requests for notification and access to a specific system manager or to the Associate Managing Director. Our proposed amendments to paragraph (a) would make this requirement obsolete by permitting individuals to submit requests via the Commission's website, by email, or by mail to the Commission. We propose removing the option to hand deliver requests for access to the Commission because the Commission's new headquarters building does not have a public filing window and cannot accept hand deliveries. Therefore, we propose combining current paragraphs (c) and (d) and removing reference to the method through which individuals submit requests.

    D. Section 0.555—Disclosure of Record Information to Individuals

    15. We propose making changes to § 0.555 to reflect current Commission practices. The current rule describes how individuals can access the records that the Commission maintains about them in its systems of records. It also lists reasons why the Commission might limit this access and describes how individuals may contest a Commission decision to deny their access to records.

    16. While most individuals currently seek to access their records remotely through correspondence—whether electronically or via first-class mail—they still have a right to review records in person. The current rules urge individuals to make an appointment with the specific system manager responsible for the system of records they are interested in reviewing. The proposed new rules would create a single point of contact for requesters who would like to inspect their records in person by stating that individuals who wish to review their records should contact the Privacy Analyst. The proposed changes also include modifying paragraph (a)(1) to correct a grammatical error and conform the language to subsection (d)(1) of the Privacy Act, which specifies who may accompany individuals to view records. Specifically, the proposed language, “However, in such cases, the individual must provide written consent authorizing discussion of their record in the accompanying person's presence,” would replace the seemingly incomplete sentence currently in (a)(1), “However, in such cases, a written statement authorizing discussion of their record in the presence of a Commission representative having physical custody of the records.”

    17. Paragraph (b)(1) provides the Commission discretion to limit access to medical records where the Commission staff, in consultation with a medical professional, has determined that access to the records could have an adverse impact on the individual. But with very limited exceptions, FCC systems of records do not contain personal health information. Therefore, we propose deleting the medical records provision (paragraph (b)(1)). In addition, a 1993 D.C. Circuit case invalidated a similar provision on the ground that it effectively created a new substantive exemption to an individual's Privacy Act right of access.

    18. Paragraph (b)(2) discusses exempting classified material, investigative material compiled for law enforcement purposes, investigatory material compiled solely for determining suitability for Federal employment or access to classified information, and certain testing or examination material from disclosure and refers to § 0.561, which lists the Commission's exempt systems of records. Here, we propose a limited edit that would replace the current general reference to the Privacy Act with a specific cite to subsections (j) and (k) of the Privacy Act, upon which the Commission's authority to make “specific” or “general” exemptions for certain types of sensitive information is based.[2] We also propose to strike some Start Printed Page 17578seemingly extraneous phrases from the final sentence of this paragraph—for example, by removing the unnecessary phrase “totally or partially.”

    19. Paragraph (c) states that “requests involving more than 25 pages shall be submitted to the duplicating contractor.” While the Commission has never charged a fee for the search and review time for responsive records, the Commission has charged fees for copying responsive records that exceeded 25 pages. Because the Commission no longer employs a copying contractor, we propose eliminating the reference in paragraph (c). At the same time, we propose to make clear, consistent with the Privacy Act's prohibition on charging fees for searching for and reviewing records in response to a Privacy Act request, that we will not charge a fee for such activities in connection with records requested pursuant to § 0.554. However, we seek comment on whether the Commission should charge fees for producing copies of records. What is a reasonable fee structure for producing copies of records in response to a Privacy Act request?

    20. Finally, we propose amending paragraph (e) to modify the procedures under which requesters may contest an initial staff decision denying them access to records. The Privacy Act does not specify an administrative appeal process in the case of a denial of access. The Commission addressed this silence in 1975 with a rule (paragraph 0.555(e)) that gave unsatisfied requesters the option of (1) seeking an administrative review from the system manager who denied the initial access request, or (2) immediately seeking judicial relief under the Privacy Act. This rule appears to be inconsistent with court rulings holding that requesters should exhaust their administrative remedies before filing suit under the Act. Further, it appears to conflict with the Communications Act's requirement that the filing of an application for review to the Commission is “a condition precedent for judicial review” of any decision made by staff.

    21. To address these problems, we propose an administrative review process that would treat denials of requests to access or amend a record under the Privacy Act in the same way the Commission treats other appeals of decisions made under delegated authority. Specifically, the proposed rules would explain that an aggrieved requester may file a petition for reconsideration to the Senior Agency Official for Privacy or file an application for review before the Commission pursuant to the procedures specified in § 0.557. While a requester would retain the option of seeking further review by Commission staff (in the form of a petition for reconsideration), the alternative would be to file an application for review under the Commission's existing procedures.

    22. Our proposal would strike what is now paragraph (e)(2) from § 0.555, which currently provides that an individual whose request for access has been denied may “[s]eek judicial relief in the district courts of the United States pursuant to paragraph (g)(1)(B) of the Act.” Instead of suggesting that an aggrieved requester could immediately seek judicial review, the proposed revisions make clear that a requester has two options: Seek further review by Commission staff (in the form of a petition for reconsideration), or file an application for review under the Commission's existing procedures. Only after the Commission has been given the opportunity to review a staff decision—through the filing of an application for review pursuant to our proposed revision to § 0.557, discussed below—would judicial review become available. We seek comment on whether this approach to managing appeals to denials of access is both practical and consistent with the rights individuals have under the Privacy Act.

    E. Section 0.556—Request To Correct or Amend Records

    23. We propose to amend § 0.556 of the Commission's rules to clarify the requester's procedural rights when a request to amend a record is denied. This section of the rules implements the Act's requirement that individuals be able to request amendments or corrections to records an agency maintains about them in a system of records. The Act requires agencies to promptly respond to such requests and to give individuals the ability to appeal a denial of an amendment request. Individuals may place statements of disagreement with such decisions in their records, and the statements must be included in subsequent agency disclosures of the records.

    24. Throughout § 0.556, the system manager is referred to as the decision maker on requests to correct or amend records and requests to amend certain types of records (e.g., official personnel records of current or former employees) are required to be submitted to an Associate Managing Director and the Assistant Director for Work Force Information, Compliance and Investigations at the Office of Personnel Management. The amendments we propose to this subsection would streamline the process for requesters by directing all requests to correct or amend to the Privacy Analyst and centralizing the decision making process. Just as in the case of access requests, this would reflect current practice, in which these requests are received and processed by the Privacy Analyst, who works with relevant Commission staff to locate the disputed records and consider the requests.

    25. Paragraph (a) permits individuals to request an amendment of information contained in their record by submitting (1) identity verification, (2) a brief description of the information to be amended, and (3) “the reason for the requested change.” We propose to more closely mirror the statutory language, which permits requests to correct or amend information that “the individual believes is not accurate, relevant, timely, or complete.” We tentatively find that the statutory language more precisely explains the reasons for which individuals may request correction or amendment of records and therefore propose adding this language to paragraphs (a) and (b). Additionally, we propose removing the option to hand deliver requests to correct or amend records to the Commission for the reason stated above—the Commission's new headquarters building does not have a public filing window and cannot accept hand deliveries.

    26. Finally, the current paragraph (c)(2) provides, among other things, that the “system manager” advise an individual whose request to correct or amend a record has been denied that “review of the initial decision by the full Commission may be sought pursuant to the procedures set forth in § 0.557.” These rules could be read to suggest that an aggrieved requester must appeal directly to the Commission, rather than seeking reconsideration of the denial at the staff level under the Commission's ordinary procedures. In order to clarify the procedural rights the requester has under the FCC's rules, we propose adding language in a new paragraph (d)(2) that requires the Privacy Analyst to inform requesters that they have the right to seek reconsideration by the Senior Agency Official for Privacy or file an application with the Commission for review of a denial of a request to amend a record. This addition would match the description of the appeals process proposed for § 0.555(e), harmonizing both processes and making each more clearly consistent with the ordinary process for seeking review of staff-level actions under the Commission's rules.Start Printed Page 17579

    F. Section 0.557—Administrative Review of an Initial Decision Not To Provide Access or Amend a Record

    27. In the preceding two sections, we have proposed additions to both § 0.555, regarding denials of access, and § 0.556, regarding denials of amendment or correction, providing that an aggrieved requester under the Privacy Act may either seek (1) staff-level review by filing a petition for reconsideration under § 1.106, or (2) review from the full Commission by filing an application for review under § 1.115 and consistent with the procedures in § 0.557. Section 0.557 currently establishes the process for seeking review of the denial of a request to amend or correct Commission records. We now propose updates to this section to harmonize it with our proposals for §§ 0.555 and 0.556, and establish a process for seeking Commission-level review of denials both of requests to amend or correct records, as well as requests to access them.

    28. Subsection (d)(3) of the Privacy Act provides requesters who are dissatisfied with an agency response to their amendment requests the right to file an administrative appeal, but it is silent on the availability of administrative appeals of denial of access requests made under subsection (d)(1) of the Act. When it published its Privacy Act rules in 1975, the Commission created two separate appeals processes—one for denied access requests, and another for denied amendment or correction requests. Section 0.555(e) establishes the procedure for challenging a denial of a request to access records. That section currently provides that individuals may either submit their request for administrative review to the system manager, who under the current rules makes the determination on whether to grant access to the records, or “seek judicial relief pursuant to paragraph (g)(1)(B) of the [Privacy] Act.” Meanwhile, § 0.557 establishes a separate procedure for challenging a denial of a request to amend or correct records. Among other requirements, § 0.557 of the current rules requires individuals to file their appeal to the full Commission within 30 days of the denial and “specify with particularity why the decision reached by the system manager is erroneous or inequitable.” Section 0.557 explicitly states that such a review is a prerequisite to seeking judicial review in a district court of the United States.

    29. These procedures differ in two important respects: The 30-day deadline to file an appeal and the requirement to appeal to the full Commission. Both are explicit requirements for an appeal made under § 0.557, but are not mentioned in § 0.555. We see no clear reason for the differences in these processes. We further note that both current sections seem to depart from yet another process for challenging staff-level action—namely, the familiar procedures for review established under §§ 1.106 and 1.115 of our rules, which provide for petitions for reconsideration and applications for review, respectively. The current dual tracks for review seem to serve only to confound those aggrieved by denials of Privacy Act requests. We seek comment on these tentative conclusions.

    30. Our proposed edits would, along with the edits discussed above, harmonize the process for seeking review under these two sections. Specifically, we propose to repurpose § 0.557: Instead of establishing only the process for Commission-level review of denials of a decision to amend or correct a record, our proposed edits would establish the process for Commission-level review of all Privacy Act requests—whether requests for access or requests for amendment or correction. The proposed edits to §§ 0.555 and 0.556, discussed above, would point requesters aggrieved under either section to § 0.557 for Commission-level review. To reflect the proposed change in the purpose of this section, we propose changing the title from the current “Administrative review of an initial decision not to amend a record” to “Commission review of a staff decision.” We believe that this change would more accurately reflect the broader scope of this section and seek comment on this proposal.

    31. We also propose edits to certain paragraphs in § 0.557, to reflect that this section would serve as the procedure for seeking Commission level review of all Privacy Act-related appeals. In addition to the proposed amendments to § 0.555(e) regarding denials of requests for access discussed above, we propose simplifying the appeals process by requiring an application for review to the full Commission for denials of requests for both access and amendment or correction as a condition precedent to judicial review. This would harmonize the process for challenging denials of Privacy Act requests with the procedure for challenging other Commission decisions—reducing confusion and inconsistency. Specifically, we propose updating § 0.557(a) by removing the text regarding the 30-day deadline and the requirement that the appeal be addressed to the system manager or an official at the Office of Personnel Management, and instead simply citing to § 1.115 of the Commission's rules, which sets forth standard procedures for applications for review. We also propose moving paragraphs (a)(1)-(3), which discuss additional requirements for an appeal of a denial of amendment or correction, to a new paragraph (b) and updating them to include denials of access. For example, paragraph (a)(1) would no longer ask whether the information at issue is accurate and instead require an application for review to “clearly identify the adverse decision that is the subject of the review request.”

    32. Current paragraph (b) of § 0.557 states that the Commission “final administrative review shall be completed not later than 30 days . . . from the date on which the individual requests such review unless the Chairman determines that a fair and equitable review cannot be made within the 30 day period” and requires that the Commission inform the individual in writing of the reasons for the delay and an approximate date on which the review is expected to be completed. We propose to modify this language to conform with current practice and the statutory requirements of the Privacy Act, which allows the head of an agency to extend the 30-day period, “for good cause shown,” and does not require notification in writing of a delay or an anticipated date of completion for a decision on appeal. Our proposal would be reflected in an updated paragraph (c) stating that the Commission will make every effort to act on an application for review within 30 business days after it is filed. We believe this would be consistent with § 1.115 of the Commission's rules and the Commission's obligations under the Privacy Act.

    33. Next, we propose updating paragraph (d) and adding a new paragraph (e) to describe the potential outcomes for an application for review. The current paragraph (d) only discusses Commission actions regarding an application for review of a denial of amendment; however, as discussed, we propose to expand § 0.557 to be inclusive of both types of appeals under the Privacy Act: Appeals of denials of access and denials of amendment or correction. Under both proposed subsections, the Commission would notify individuals of their right to pursue judicial review of the Commission's decision. Additionally, proposed paragraph (e) would retain the notice requirements listed under current paragraph (d) regarding an individual's right to provide a signed statement disagreeing with the Commission's Start Printed Page 17580decision, but update the addressee of the statement from the “system manager,” to the Privacy Analyst. Finally, proposed paragraph (e)(3) would reflect the requirement under the Privacy Act that the statement of disagreement be annotated so that the disputed portion of a record becomes apparent to anyone who may subsequently have access to, use, or disclose the record and that a copy of the statement accompany any subsequent disclosure of the record. We seek comment on these proposals, which we believe would simplify the process for seeking review.

    34. Furthermore, we propose delegating to the General Counsel authority to dismiss Privacy Act applications for review that do not contain any statement required under § 1.115(a) or (b), or does not comply with the filing requirements of § 1.115(d) or (f) of this chapter. We seek comment on whether this proposal to create a single administrative review process is practical and consistent with individuals' rights under the Privacy Act.

    35. Because part of this section addresses the disposition of appeals of requests to amend records, we propose to move the contents of § 0.559, which pertains to an individual's right to file a statement of disagreement with the Commission's decision not to amend a record, to § 0.557, the rule that describes the administrative review process. As a result, we additionally propose deleting and reserving § 0.559 to avoid repetition in our rules.

    G. Section 0.558—Advice and Assistance

    36. Section 0.558 directs individuals who have questions about or need assistance with the procedures set forth in this subpart or the notices described in § 0.552 to contact the Privacy Liaison Officer, a position that no longer exists.

    37. We propose to amend § 0.558 to update the rules' description of where to find contact information when an individual needs advice or assistance on their rights under the Privacy Act with respect to records held by the Commission. The proposed revision would refer individuals to the Privacy Analyst, the Senior Agency Official for Privacy, and the Privacy Act Information page on the FCC website. We believe that providing this updated information will make clear the avenues available to the public to exercise fully their rights under the Privacy Act.

    H. Section 0.560—Penalty for False Representation of Identity

    38. This section restates the Privacy Act's criminal penalty for an individual who fraudulently requests or obtains information from an agency about an individual. The section provides, “any individual who knowingly and willfully requests or obtains under false pretenses any record concerning an individual from any system of records maintained by the Commission shall be guilty of a misdemeanor and subject to a fine of not more than $5,000.”

    39. Following OMB guidance, we propose adding language restating the criminal penalty under 18 U.S.C. 1001 for providing false information to the federal government. Notably, this statute provides more serious consequences than those recited in the current rules—including a fine of not more than $10,000, imprisonment of not more than five years, or both. We believe that this proposed edit should, among other things, serve as a greater deterrent to fraudulent requests by making clear the serious criminal penalties for doing so.

    I. Section 0.561—Exemptions

    40. Section 0.561 currently asserts exemptions for seven separate systems of records. The listed systems of records include: FCC/FOB-1, Radio Operator Records; FCC/FOB-2, Violators File; FCC/OGC-2, Attorney Misconduct Files; FCC/Central-6, Personnel Investigation Records; FCC/OIG-1, Criminal Investigative Files; FCC/OIG-2, General Investigative Files; and an unnumbered system called Licensees or Unlicensed Persons Operating Radio Equipment Improperly. The listed systems, however, no longer correspond to systems of records that the Commission maintains.

    41. After reviewing the Commission's current systems of records, it appears that there are only five systems of records that contain exemptible information. These systems of records include: FCC/EB-5, Enforcement Bureau Activity Tracking System; FCC/OMD-16, Personnel Security Files; FCC/WTB-5, Application Review List for Present or Former Licensees, Operators, or Unlicensed Persons Operating Radio Equipment Improperly; FCC/WTB-6, Archival Radio Operator Records; and FCC/OIG-3, Investigative Files. We propose updating this section to strike the seven outdated lists from this section and list and describe the five current systems, which contain exemptible information. In order to comply with the requirement that agencies explicitly explain “the reasons why the system of records is to be exempted from a provision of [the Privacy Act],” we also propose rules that more fully justify each exemption we propose to claim. We seek comment on these proposals.

    42. Four systems contain information that is exemptible under certain “specific exemptions” listed in subsection (k) of the Privacy Act. The Enforcement Bureau Activity Tracking System (EBATS) (FCC/EB-5) and the other supportive platforms to the EBATS boundary contain investigatory material compiled for law enforcement purposes, which is covered by exemption (k)(2).[3] The Security Operations Center's Personnel Security Files (FCC/OMD-16) contains information covered by exemption (k)(5) including investigatory material related to suitability determinations for Federal employment.[4] The Commission also maintains WTB-5, Application Review List for Present or Former Licensees, Operators, or Unlicensed Persons Operating Radio Equipment Improperly and WTB-6, Archival Radio Operator Records, both of which contain investigatory material compiled for law enforcement purposes covered by exemption (k)(2).

    43. Finally, the Office of Inspector General's investigative files (OIG-3) contains information that is exemptible under both subsections (j) and (k). Following the guidance of courts that Inspector General offices can be viewed as agency components whose principal function is to perform an activity Start Printed Page 17581pertaining to the enforcement of criminal laws, we propose that this system is exempt under both general exemption (j)(2) and the specific exemption (k)(2), which exempts investigatory material compiled for law enforcement purposes. Additionally, FCC/OIG-3 supersedes FCC/OIG-1 and FCC/OIG-2 referenced in the current section 0.561 of the Commission's rules. We seek comment on these exemptions.

    Procedural Matters

    44. People With Disabilities. To request materials in accessible formats for people with disabilities (braille, large print, electronic files, audio format), send an email to fcc504@fcc.gov or call the Consumer & Governmental Affairs Bureau at 202-418-0530 (voice), 202-418-0432 (TTY).

    45. Ex Parte Presentations. The proceeding this Notice initiates shall be treated as a “permit-but-disclose” proceeding in accordance with the Commission's ex parte rules. Persons making ex parte presentations must file a copy of any written presentation or a memorandum summarizing any oral presentation within two business days after the presentation (unless a different deadline applicable to the Sunshine period applies). Persons making oral ex parte presentations are reminded that memoranda summarizing the presentation must (1) list all persons attending or otherwise participating in the meeting at which the ex parte presentation was made, and (2) summarize all data presented and arguments made during the presentation. If the presentation consisted in whole or in part of the presentation of data or arguments already reflected in the presenter's written comments, memoranda or other filings in the proceeding, the presenter may provide citations to such data or arguments in his or her prior comments, memoranda, or other filings (specifying the relevant page and/or paragraph numbers where such data or arguments can be found) in lieu of summarizing them in the memorandum. Documents shown or given to Commission staff during ex parte meetings are deemed to be written ex parte presentations and must be filed consistent with rule 1.1206(b). In proceedings governed by rule 1.49(f) or for which the Commission has made available a method of electronic filing, written ex parte presentations and memoranda summarizing oral ex parte presentations, and all attachments thereto, must be filed through the electronic comment filing system available for that proceeding, and must be filed in their native format (e.g., .docx, .xml, .ppt, searchable .pdf). Participants in this proceeding should familiarize themselves with the Commission's ex parte rules.

    46. Initial Regulatory Flexibility Certification. The Regulatory Flexibility Act of 1980 (RFA), as amended, requires agencies to prepare a regulatory flexibility analysis for rulemaking proceedings, unless the agency certifies that “the rule will not have a significant economic impact on a substantial number of small entities.” 5 U.S.C. 605(b).

    47. In this NPRM, we propose to amend the Commission's Privacy Act rules in order to modernize them and conform them to current Commission practice. The process of seeking to access or amend records under the Privacy Act is generally undertaken by individuals, who are not categorized as “small entities” under the Regulatory Flexibility Act. Furthermore, the rule changes proposed herein consist primarily of minor procedural adjustments to how the Commission handles and responds to Privacy Act matters. Such changes are unlikely to have any significant economic impact. Therefore, we certify that the proposals in this NPRM, if adopted, will not have a significant economic impact on a substantial number of small entities.

    48. Paperwork Reduction Act. This document does not contain new or revised information collection requirements subject to the Paperwork Reduction Act of 1995 (PRA), Public Law 104-13.[5] In addition, therefore, it does not contain any new or modified “information burden for small business concerns with fewer than 25 employees” pursuant to the Small Business Paperwork Relief Act of 2002.[6]

    Start List of Subjects

    List of Subjects in 47 CFR Part 0

    • Administrative practice and procedure
    • Classified Information
    • Health records
    • Information
    • Personally identifiable information
    • Privacy
    • Reporting and recordkeeping requirements
    End List of Subjects Start Signature

    Federal Communications Commission.

    Marlene Dortch,

    Secretary.

    End Signature

    Proposed Rules

    For the reasons discussed in the preamble, the Federal Communications Commission proposes to amend 47 part 0 as follows:

    Start Part

    PART 0—COMMISSION ORGANIZATION

    End Part Start Amendment Part

    1. The authority citation for part 0 continues to read as follows:

    End Amendment Part Start Authority

    Authority: 47 U.S.C. 151, 154(i), 154(j), 155, 225, and 409, unless otherwise noted.

    End Authority Start Amendment Part

    2. Section 0.251 is amended by adding paragraph (k) to read as follows:

    End Amendment Part
    Authority delegated.
    * * * * *

    (k) The General Counsel is delegated authority to dismiss Privacy Act applications for review that do not contain any statement required under § 1.115(a) or (b), or do not comply with the filing requirements of § 1.115(d) or (f) of this chapter.

    Start Amendment Part

    3. Revise Subpart E, consisting of §§ 0.551 through 0.561, to read as follows:

    End Amendment Part

    Subpart E—Privacy Act Regulations

    0.551
    Purpose and scope; definitions.
    0.552
    Notice.
    0.553
    [Removed and Reserved]
    0.554
    Requests for notification of and access to records.
    0.555
    Disclosure of record information to individuals.
    0.556
    Request to correct or amend records.
    0.557
    Administrative review of an initial decision not to amend a record.
    0.558
    Privacy Act assistance.
    0.559
    [Removed and Reserved]
    0.560
    Penalty for false representation of identity.
    0.561
    Exemptions.
    Start Authority

    Authority: 47 U.S.C. 154, 303; 5 U.S.C. 552a(f).

    End Authority
    Purpose and scope; definitions.

    (a) The purpose of this subpart is to implement the Privacy Act of 1974, 5 U.S.C. 552a, which regulates the collection, maintenance, use, and dissemination of information about individuals identified in Federal agencies' information systems. As required by subsection (f) of the Privacy Act, these rules establish procedures individuals may follow to be notified of and gain access to records pertaining to themselves that are maintained in the FCC's systems of records, and to request amendment of any portion of these records that they believe are not accurate, relevant, timely, or complete. The rules in this subpart should be read together with the Privacy Act, which provides additional information about records maintained on individuals.

    (b) In this subpart:

    Individual means a citizen of the United States or an alien lawfully admitted for permanent residence. Privacy Analyst means a Commission Start Printed Page 17582official responsible for processing and responding to requests by individuals to be notified of, to access, or to amend records pertaining to them that are maintained in the FCC's systems of records.

    Record means any item, collection, or grouping of information about an individual that is maintained by the Commission, including but not limited to, such individual's education, financial transactions, medical history, and criminal or employment history, and that contains such individual's name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a finger or voice print or a photograph.

    Routine Use means, with respect to the disclosure of a record, the use of such record for a purpose which is compatible with the purpose for which it was collected.

    Senior Agency Official for Privacy means the senior Commission official who has agency-wide responsibility and accountability for the Commission's privacy program.

    System of Records means a group of any records under the control of the Commission from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.

    Notice.

    Upon establishment, rescission, or revision of a system of records, including the establishment of a new routine use of a system of records, the Commission publishes in the Federal Register the notice required by 5 U.S.C. 552a(e).

    [Removed and Reserved]
    Requests for notification of and access to records.

    (a) Individuals may ask the Commission if it maintains any records pertaining to them in the Commission's Systems of Records, and, subject to the provisions of § 0.555(b), the Commission will notify the requesting individuals of any responsive records and permit them to gain access to such records. A proper request must identify the System(s) of Records the individual wants searched. All requests for notification and access made under this subsection shall be:

    Filed electronically using the web portal identified on the FOIA page of the Federal Communications Commission's website (www.fcc.gov) or by email to privacy@fcc.gov; or

    Mailed to the Privacy Analyst, Office of the General Counsel, at the appropriate address listed in § 0.401(a).

    Note 1 to paragraph (a):

    Regardless of the statute cited in the request, an individual's request for access to records pertaining to him or her will be processed under both the Privacy Act, following the rules contained in this subpart, and the Freedom of Information Act (5 U.S.C. 552), following the rules contained in §§ 0.441-0.470 of this part, as appropriate.

    (b) Reasonable identification is required of all individuals making requests pursuant to paragraph (a) of this section in order to assure that disclosure of any information is made to the proper person.

    (1) Individuals may verify their identity by submitting the Identity Affirmation form found on the Commission privacy web page.

    (2) If positive identification cannot be made on the basis of the information submitted, and if data in the record is so sensitive that unauthorized access could cause harm or embarrassment to the individual to whom the record pertains, the Commission reserves the right to deny access to the record pending the production of additional more satisfactory evidence of identity.

    Note 2 to paragraph (b):

    The Commission will require verification of identity only where it has determined that knowledge of the existence of record information or its substance is not subject to the public disclosure requirements of the Freedom of Information Act, 5 U.S.C. 552, as amended.

    (c) A written acknowledgement of receipt of a request for notification and/or access will be provided within 10 days (excluding Saturdays, Sundays, and federal holidays) to the individual making the request. Such an acknowledgement may request that the individual specify the systems of records to be searched and, if necessary, any additional information needed to locate a record. A search of all systems of records identified in the individual's request will be made to determine if any records pertaining to the individual are contained therein, and the individual will be notified of the search results as soon as the search has been completed. Normally, a request will be processed and the individual notified of the search results within 30 days (excluding Saturdays, Sundays, and legal holidays) from the date the inquiry is received. However, in some cases, as where records have to be recalled from Federal Record Centers, notification may be delayed. If it is determined that a record pertaining to the individual making the request does exist, the notification will include the responsive record(s) or state approximately when the record(s) will be available for review. No separate acknowledgement is required if the request can be processed and the individual notified of the search results within the ten-day period.

    Disclosure of record information to individuals.

    (a) Individuals having been notified that the Commission maintains a record pertaining to them in a system of records may access such record either by in-person inspection at Commission headquarters in Washington, DC, or by correspondence with the Privacy Analyst by postal or electronic mail.

    (1) Individuals who wish to review their records at Commission headquarters should contact the Privacy Analyst to arrange a time during regular Commission business hours when they can review and request copies of such records. Verification of identity is required as in § 0.554(b) before access will be granted to an individual appearing in person. Individuals may be accompanied by a person of their own choosing when reviewing a record. However, in such cases, the individual must provide written consent authorizing discussion of their record in the accompanying person's presence.

    (2) Individuals may request that copies of records be sent directly to them. In such cases, individuals must verify their identity as described in § 0.554(b) and provide an accurate return postal or electronic mail address. Records shall be sent only to that address.

    (b) Records pertaining to the enforcement of criminal laws, classified material, investigative material compiled for law enforcement purposes, investigatory material compiled solely for determining suitability for Federal employment or access to classified information, and certain testing or examination material may be removed from the records to the extent permitted by subsections (j) and (k) of the Privacy Act of 1974, 5 U.S.C. 552a(j), (k). Section 0.561 of this subpart sets forth the systems of records which the Commission has exempted from disclosure.

    (c) The Commission will not charge a fee for searching for and reviewing records requested pursuant to § 0.554.

    Note 3 to paragraph (c):

    Requests processed under the Freedom of Information Act will be subject to the fee provisions detailed in § 0.467 of this part.

    (d) The provisions of this section in no way give an individual the right to access any information compiled in reasonable anticipation of a civil action or proceeding.

    (e) In the event that a determination is made denying an individual access to records pertaining to that individual for any reason, such individual may file a Start Printed Page 17583petition for reconsideration to the Senior Agency Official for Privacy under § 1.106 of this chapter, or an application for review by the Commission following the procedures set forth in § 0.557 of this subpart and in § 1.115 of this chapter.

    Request to correct or amend records.

    (a) An individual may request the amendment of information contained in a record pertaining to that individual if the individual believes the information is not accurate, relevant, timely, or complete. Amendment requests should be submitted in writing to the FCC's Privacy Analyst either:

    Via postal mail to the appropriate address listed in § 0.401(a), or

    Via electronic mail to the email address listed on the Privacy Act Information section of the Commission's public website (fcc.gov).

    (b) Any request to amend should contain at a minimum:

    (1) The identity verification information required by § 0.554(b);

    (2) A brief description of the item or items of information to be amended; and

    (3) A brief statement explaining why the individual believes the information is not accurate, relevant, timely, or complete.

    (c) A written acknowledgement of the receipt of a request to amend a record will be provided within 10 days (excluding Saturdays, Sundays, and federal holidays) to the individual requesting the amendment. Such an acknowledgement may, if necessary, request any additional information needed to make a determination. There will be no acknowledgement if the request can be reviewed, processed, and the individual notified of compliance or denial within the 10-day period.

    (d) A Privacy Analyst will (normally within 30 days) take one of the following actions regarding a request to amend:

    (1) If the FCC agrees that an amendment to the record is warranted, the Privacy Analyst will:

    (i) So advise the individual in writing;

    (ii) Verify with the system manager that the record has been corrected in compliance with the individual's request; and

    (iii) If an accounting of disclosures has been made, advise all previous recipients of the fact that the record has been corrected and of the substance of the correction.

    (2) If the FCC does not agree that all or any portion of the record merits amendment, the Privacy Analyst will:

    (i) Notify the individual in writing of such refusal to amend and the reasons therefor;

    (ii) Advise the individual of the right to file a petition for reconsideration to the Senior Agency Official for Privacy under § 1.106 of this chapter, or an application for review by the Commission following the procedures set forth in § 0.557 of this subpart and § 1.115 of this chapter.

    (e) In reviewing a record in response to a request to amend, the FCC will assess the accuracy, relevance, timeliness, or completeness of the record in light of each data element placed into controversy and the use of the record in making decisions that could possibly affect the individual. Moreover, the FCC will adjudge the merits of any request to delete information based on whether or not the information in controversy is both relevant and necessary to accomplish a statutory purpose required of the Commission by law or executive order of the President.

    Commission review of a staff decision.

    (a) Upon the FCC's determination not to grant an individual access to a record under § 0.555 of this subpart or a determination not to grant an individual's request to amend a record under § 0.556 of this subpart, the individual may file an application for review by the Commission following the procedures described in § 1.115 of this chapter.

    (b) In addition to the requirements contained in § 1.115 of this chapter, any application for review must:

    (1) Clearly identify the adverse decision that is the subject of the review request;

    (2) Specify with particularity why the decision reached by the FCC is erroneous or inequitable; and

    (3) In the case of an amendment request made under § 0.556 of this subpart, clearly state how the record should be amended or corrected.

    (c) The Commission will make every effort to act on an application for review within 30 business days after it is filed. The Commission may seek such additional information as is necessary to make a determination.

    (d) In the case of a request for access to a record under § 0.554 of this subpart:

    (1) If upon review of the application, the Commission agrees that the individual is entitled to access to the requested record, the Commission will provide the individual access to the requested record;

    (2) If instead the Commission finds that the individual is not entitled to access to the requested record, it will notify the individual in writing of its determination and the reasons therefor; the Commission will also advise the individual that judicial review of this determination is available in a district court of the United States.

    (e) In the case of a request to amend a record under § 0.556 of this subpart:

    (1) If upon review of the application, the Commission agrees with the individual that the requested amendment is warranted, it will proceed in accordance with § 0.556(d)(1)(i) through (iii).

    (2) If after reviewing the application, the Commission refuses to amend the record as requested, it shall:

    (i) Notify the individual in writing of this determination and the reasons therefor;

    (ii) Advise the individual that a concise statement of the reasons for disagreeing with the determination of the Commission may be filed;

    (iii) Inform the individual:

    (A) That such a statement should be signed and addressed to the Privacy Analyst;

    (B) That the statement will be made available to anyone to whom the record is subsequently disclosed together with, at the Commission's discretion, a summary of the Commission's reasons for refusing to amend the record; and

    (C) That prior recipients of the record will be provided a copy of the statement of dispute to the extent that an accounting of such disclosures is maintained;

    (iv) Advise the individual that judicial review of the Commission's determination not to amend the record is available in a district court of the United States.

    (3) If the Commission determines not to amend a record consistent with an individual's request, and if the individual files a statement of disagreement pursuant to § 0.557(e)(2) of this subpart, the record shall be clearly annotated so that the disputed portion becomes apparent to anyone who may subsequently have access to, use, or disclose the record. A copy of the individual's statement of disagreement shall accompany any subsequent disclosure of the record. If the Commission has chosen to include a written summary of its reasons for refusing to amend the record, it shall also accompany any subsequent disclosure. Such statements become part of the individual's record for granting access, but are not subject to the amendment procedures of § 0.556 of this subpart.

    Privacy Act assistance.

    (a) In order to assist individuals in exercising their rights under the Privacy Act, the Commission maintains a Start Printed Page 17584Privacy Act Information web page on its public website (fcc.gov). In addition, the Commission's privacy officials will endeavor to provide assistance to any individual who requests information about the Commission's systems of records or the procedures contained in this subpart for gaining access to a particular system of records or for contesting the content of a record, either administratively or judicially. Individuals can seek such advice:

    (1) Via postal mail to the appropriate address listed in § 0.401(a) of this chapter, or

    (2) Via the telephone numbers or electronic mail addresses of the Senior Agency Official for Privacy (SAOP) or the Privacy Analyst, which are listed on the Privacy Act Information page of the FCC's public website (fcc.gov).

    (b) [Reserved]

    [Removed and Reserved]
    Penalty for false representation of identity.

    Under subsection (i)(3) of the Privacy Act, any individual who knowingly and willfully requests or obtains under false pretenses any record concerning an individual from any system of records maintained by the Commission shall be guilty of a misdemeanor and subject to a fine of not more than $5,000. Under 18 U.S.C. 1001, an individual who knowingly and willfully provides false information to the United States Government shall be fined not more than $10,000 or imprisoned for not more than five years, or both.

    Exemptions.

    Because the Commission has determined that applying certain requirements of the Privacy Act to certain Commission records would have an undesirable and unacceptable effect on the conduct of its business, the Commission exempts the following systems of records from the listed requirements of the Act.

    (a) FCC/EB-5, Enforcement Bureau Activity Tracking System (EBATS). Pursuant to subsection (k)(2) of the Privacy Act, this system of records is exempt from subsections (c)(3), (d), (e)(1), (e)(4) (G), (H), and (I), and (f) of the Privacy Act, and from §§ 0.554 through 0.557 of this subpart insofar as it contains investigatory material compiled for law enforcement purposes. These exemptions are justified for the following reasons:

    (1) From subsection (c)(3) because providing an accounting of disclosures to an individual could alert that person that he or she is the subject of an investigation by the Enforcement Bureau (EB) or by the recipient entity and allow that person to take actions to impede or compromise the investigation.

    (2) From subsection (e)(1) because in the early stages of an investigation it is not always possible to determine if specific information is relevant or necessary for the investigation. It is also possible that information collected during an investigation turns out not to be relevant or necessary for that investigation, but helps EB establish patterns of misconduct or suggests that other laws or rules have been violated.

    (3) From subsections (d), (e)(4)(G) and (H), and (f) because giving an individual access to information in this system could notify the individual that he or she is the subject of an EB investigation and provide information about the sources, witnesses, tactics, and procedures EB employs to conduct the investigation, which could allow that person to take actions to impede or compromise the investigation.

    (4) From subsection (e)(4)(I) because disclosing the categories of sources of records in the system would risk disclosing the methods EB uses to select investigation targets and the techniques and procedures EB uses to conduct investigations. It could also compromise the confidentiality of the EB's sources and witnesses.

    (b) FCC/OIG-3, Investigative Files. Pursuant to sections (j)(2) and (k)(2) of the Privacy Act, this system of records is exempt from subsections (c)(3)-(4), (d), (e)(1), (2), (3), (5), and (8), (e)(4)(G), (H), and (I), (f), and (g) of the Privacy Act, 5 U.S.C. 552a, and from §§ 0.554 through 0.557 of this subpart insofar as it contains information related to the enforcement of criminal laws, classified information, and investigatory material compiled for law enforcement purposes. These exemptions are justified for the following reasons:

    (1) From subsection (c)(3) because providing an accounting of disclosures to an individual could alert that person that he or she is the subject of an investigation by the Office of Inspector General (OIG) or that the OIG shared the individual's information with another law enforcement entity;

    (2) From subsections (d), (c)(4), (e)(4)(G) and (H), (f), and (g) because giving an individual access to and the right to amend information in this system could notify the individual that he or she is the subject of an OIG investigation and provide information about the sources, witnesses, tactics, and procedures OIG employs to conduct the investigation, which could allow that person to take actions to impede or compromise the investigation.

    (3) From subsections (e)(1) and (5) because in the early stages of an investigation it is not always possible to determine if specific information is relevant, accurate, timely, or complete. It is also possible that information collected during an investigation turns out not to be relevant or necessary for that investigation, but helps OIG establish patterns of misconduct or suggests that other laws or rules have been violated.

    (4) From subsections (e)(2) and (3) because collecting information directly from an individual and/or notifying the individual of the purposes of the collection could impair investigations by alerting the individual that he or she is the subject of an investigation. It may also be necessary to collect information from sources other than the individual to verify the accuracy of evidence. Furthermore, in some situations, the subject of an investigation cannot be required to provide information about him or herself.

    (5) From subsection (e)(8) because notifying an individual that a record has been made available to a person through compulsory process could prematurely reveal an ongoing investigation to the subject of the investigation.

    (6) From subsection (e)(4)(I) because disclosing the categories of sources of records in the system would risk disclosing the methods OIG uses to select investigation targets and the techniques and procedures OIG uses to conduct investigations.

    (c) FCC/OMD-16, Personnel Security Files. Pursuant to sections (k)(1), (k)(2), and (k)(5) of the Privacy Act, this system of records is exempt from subsections (c)(3), (d), (e)(1), (e)(4) (G), (H), and (I), and (f) of the Privacy Act, and from §§ 0.554 through 0.557 of this subpart insofar as it contains classified material or investigatory material compiled for the purpose of Federal employment eligibility to the extent that the disclosure of such material would reveal the identity of a source who furnished information to the Government under an express promise that the identity of the source would be held in confidence. These exemptions are justified for the following reasons:

    (1) From subsection (c)(3) because providing an accounting of disclosures to an individual could identify other individuals who received information about the subject individual to elicit information in connection with a personnel background investigation.

    (2) From subsections (d), (e)(4)(G) and (H), and (f) because giving an individual access to information in this system could reveal the identity of persons who confidentially provided information as Start Printed Page 17585part of a personnel background investigation, which could restrict the flow of information necessary to determine the suitability of an employee candidate.

    (3) From subsection (e)(4)(I) because disclosing the categories of sources of records in the system would risk disclosing the techniques and procedures used to conduct investigations.

    (4) From subsection (e)(1) because it is impossible to determine in advance what exact information may be necessary to collect in order to determine the suitability of an employee candidate.

    (d) FCC/WTB-5, Application Review List for Present or Former Licensees, Operators, or Unlicensed Persons Operating Radio Equipment Improperly. Pursuant to section (k)(2) of the Privacy Act, this system of records is exempt from subsections (c)(3), (d), (e)(4) (G), (H), and (I), and (f) of the Privacy Act, and from §§ 0.554 through 0.557 of this subpart insofar as it contains classified material or investigatory material compiled for the purpose of determining whether the license application for an individual who operated radio equipment improperly should be granted, denied, or set for a hearing. These exemptions are justified for the following reasons:

    (1) From subsection (c)(3) because providing an accounting of disclosure to an individual could identify other individuals who received information about the subject individual to elicit information in connection with an investigation into the improper operation of radio equipment.

    (2) From subsections (d), (e)(4)(G) and (H), and (f) because giving an individual access to information in this system could reveal the identity of persons who confidentially provided information as part of an investigation into the improper operation of radio equipment, which could restrict the flow of information necessary to determine whether a license should be granted.

    (3) From subsection (e)(4)(I) because disclosure of sources of records in the system would risk disclosing the techniques and procedures used to conduct investigations.

    (e) FCC/WTB-6, Archival Radio Operator Records. Pursuant to sections (k)(1) and (k)(2) of the Privacy Act, this system of records is exempt from subsections (c)(3), (d), (e)(4) (G), (H), and (I), and (f) of the Privacy Act, and from §§ 0.554 through 0.557 of this subpart insofar as it contains classified material or investigatory material compiled for the purpose of determining whether the license application for an individual who operated radio equipment improperly should be granted, denied, or set for a hearing and the referral of possible violations to the FCC's Enforcement Bureau, Office of General Counsel, or another agency. These exemptions are justified for the following reasons:

    (1) From subsection (c)(3) because providing an accounting of disclosure to an individual could identify other individuals who received information about the subject individual to elicit information in connection with an investigation into the violation of law.

    (2) From subsections (d), (e)(4)(G) and (H), and (f) because giving an individual access to information in this system could reveal the identity of persons who confidentially provided information as part of an investigation into a violation of law.

    (3) From subsection (e)(4)(I) because disclosure of sources of records in the system would risk disclosing the techniques and procedures used to conduct investigations.

    End Supplemental Information

    Footnotes

    1.  A complete listing of the systems of records the Commission currently maintains can be found on the FCC's Privacy Act Information web page, https://www.fcc.gov/​general/​privacy-act-information.

    Back to Citation

    2.  In order to promote accountability in agencies' use of these exemptions, the Act requires agencies claiming either subsection (j) or subsection (k) exemptions for a particular system of records to do so through notice-and-comment rulemaking. 5 U.S.C. 552a(j), (k) (requiring that exemption rules must be promulgated “in accordance with the requirements (including general notice) of section 553(b)(1), (2), and (3), (c), and (e) of this title”). Both subsections require agencies to explain, in their APA-required general statements, “the reasons why the system of records is to be exempted from a provision of this section.” Id.; see Office of Mgmt. & Budget, Privacy Act and Implementation, Guidelines and Responsibilities, 40 FR 28949, 28971 (July 9, 1975) (reviewing legislative history of the exemption provisions).

    Back to Citation

    3.  An agency head can exempt a system of records from certain portions of the Privacy Act by promulgating regulations when the system of records maintains “investigatory material compiled for law enforcement purposes, other than material within the scope of subsection (j)(2) of this section: Provided, however, That if any individual is denied any right, privilege, or benefit that he would otherwise be entitled by Federal law, or for which he would otherwise be eligible, as a result of the maintenance of such material, such material shall be provided to such individual, except to the extent that the disclosure of such material would reveal the identity of a source who furnished information to the Government under an express promise that the identity of the source would be held in confidence, or, prior to the effective date of this section, under an implied promise that the identity of the source would be held in confidence.” 5 U.S.C. 552a(k)(2).

    Back to Citation

    4.  An agency head can exempt a system of records from certain portions of the Privacy Act by promulgating regulations when the system of records maintains “investigatory material compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, military service, Federal contracts, or access to classified information, but only to the extent that the disclosure of such material would reveal the identity of a source who furnished information to the Government under an express promise that the identity of the source would be held in confidence, or, prior to the effective date of this section, under an implied promise that the identity of the source would be held in confidence.” 5 U.S.C. 552a(k)(5).

    Back to Citation

    [FR Doc. 2021-06152 Filed 4-2-21; 8:45 am]

    BILLING CODE 6712-01-P

Document Information

Published:
04/05/2021
Department:
Federal Communications Commission
Entry Type:
Proposed Rule
Action:
Proposed rule.
Document Number:
2021-06152
Dates:
Comments due on May 5, 2021; reply comments due on June 4, 2021.
Pages:
17575-17585 (11 pages)
Docket Numbers:
GN Docket No. 21-79, FCC 21-30, FRS 17571
Topics:
Administrative practice and procedure, Classified information, Health records, Information, Personally identifiable information, Privacy, Reporting and recordkeeping requirements
PDF File:
2021-06152.pdf
CFR: (12)
47 CFR 0.251
47 CFR 0.551
47 CFR 0.552
47 CFR 0.553
47 CFR 0.554
More ...