[Federal Register Volume 64, Number 207 (Wednesday, October 27, 1999)]
[Proposed Rules]
[Pages 57825-57826]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 99-28006]


=======================================================================
-----------------------------------------------------------------------

FEDERAL TRADE COMMISSION

16 CFR Part 4


Privacy Act of 1974; Implementation

AGENCY: Federal Trade Commission (FTC).

ACTION: Proposed rule amendment and request for comment.

-----------------------------------------------------------------------

SUMMARY: The FTC proposes to amend its Privacy Act rules to add a new 
system of records that will be used to compile and maintain identity 
theft complaint data. This new exempt system of records is necessary to 
implement the requirements of the Identity Theft and Assumption 
Deterrence Act of 1998. The exemption will help prevent individuals 
suspected of engaging in identity theft from obtaining access to 
complaint data.

DATES: Comments must be received by November 26, 1999.

ADDRESSES: Submit comments in writing to the Office of the Secretary, 
Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 
20580, ``FTC File No. P994320, Identity Theft Program--Comment.''

FOR FURTHER INFORMATION CONTACT: Alex Tang, Attorney, Office of the 
General Counsel, FTC, 600 Pennsylvania Avenue, NW, Washington, DC 
20580, (202) 326-2447. For more information about the Commission's 
identity theft program, contact Beth Grossman, (202) 326-3019, or 
Joanna Crane, (202) 326-3258, Attorneys, Division of Planning & 
Information, Bureau of Consumer Protection, FTC, 600 Pennsylvania 
Avenue, NW, Washington, DC 20580.

SUPPLEMENTARY INFORMATION: Elsewhere in today's Federal Register, the 
FTC, in accordance with the Privacy Act of 1974, as amended, 5 U.S.C. 
552a, is publishing a notice of a new agency system of records, to be 
designated as FTC-IV-2, ``Identity Theft Complaint Management System--
FTC.'' This system will enable the FTC to fulfill its statutory 
responsibilities under section 5 of the Identity Theft and Assumption 
Deterrence Act of 1998, Public Law 105-318, 112 Stat. 3007, 3010, 18 
U.S.C. 1028 note (``ITADA''), which designates the FTC as a 
clearinghouse for the receipt and referral of identity theft

[[Page 57826]]

complaints and requires that the FTC establish procedures: (1) To log 
and acknowledge receipt of complaints from individuals who certify that 
they have a reasonable belief that one or more of their means of 
identification have been assumed, stolen, or otherwise unlawfully 
acquired in violation of the statute; (2) to provide informational 
materials to such individuals; and (3) to refer such complaints to 
``appropriate entities.'' Under the statute, these entities include, 
but are not limited to, the three major national consumer reporting 
agencies (currently Equifax, Experian and Trans Union), and appropriate 
law enforcement agencies for potential law enforcement action.
    The Commission believes that the identity theft complaint data 
contained in this system must be exempted under the Privacy Act to 
prevent certain categories of individuals who will be covered by the 
system (i.e., targets of complaints) from invoking the Act to obtain 
access to complaint files that may pertain to their activities. A 
principal purpose for compiling these complaint files is for law 
enforcement, since these complaints focus on specific instances of 
suspected illegal identity theft. In many cases, these complaints will 
be referred to other law enforcement authorities, as required by the 
ITADA, and in certain cases, may also be relevant to Commission 
investigations. Under these circumstances, disclosure of the complaint 
file to a target would harm or otherwise interfere with law enforcement 
efforts. For example, if the complaint data were not exempted from 
access, a target could anticipate and evade prosecution by learning 
about actual or potential law enforcement referrals, investigations, or 
other actions from information maintained in the complaint file. Such 
access to the file could also inadvertently facilitate further identity 
theft or retaliation by enabling the target to ascertain or confirm 
sensitive personal information submitted by and being maintained about 
the identity theft victim or about other informants. Thus, the 
Commission proposes to exempt this system of records under 5 U.S.C. 
552a(k)(2), and to amend Commission Rule 4.13(m), 16 CFR 4.13(m), to 
include this system in its inventory of exempt systems. The Commission, 
however, reserves the sole discretion to permit access to categories of 
individuals covered by the system other than targets (e.g., 
complainants or other individual informants) with respect to 
information that was provided by such individuals in order to correct, 
update or verify the accuracy of the information or for other related 
purposes.
    Pursuant to 5 U.S.C. 552a(r), the Commission is providing notice of 
this proposal to the appropriate committees of the House of 
Representatives and the Senate, and to the Office of Management and 
Budget.

List of Subjects in 16 CFR Part 4

    Administrative practice and procedure, Freedom of Information, 
Privacy, Records, Sunshine Act.

PART 4--MISCELLANEOUS RULES

    1. The authority for part 4 continues to read:

    Authority: 15 U.S.C. 46, unless otherwise noted.

    2. Amend Sec. 4.13 by revising paragraph (m)(2) to read as follows:


Sec. 4.13  Privacy Act rules.

* * * * *
    (m) * * *
    (2) Pursuant to 5 U.S.C. 552a(k)(2), investigatory materials 
compiled for law enforcement purposes in the following systems of 
records are exempt from subsections (c)(3), (d), (e)(1), (e)(4)(G), 
(H), and (I), and (f) of 5 U.S.C. 552a, and from the provisions of this 
section, except as otherwise provided in 5 U.S.C. 552a(k)(2):

Investigational, Legal, and Public Records--FTC
Disciplinary Action Investigatory Files--FTC
Clearance to Participate Applications and the Commission's Responses 
Thereto, and Related Documents--FTC
Management Information System--FTC
Office of the Secretary Control and Reporting System--FTC
Office of Inspector General Investigative Files--FTC
Stenographic Reporting Service Requests--FTC
Identity Theft Complaint Management System--FTC
Freedom of Information Act Requests and Appeals--FTC
Privacy Act Requests and Appeals--FTC
Information Retrieval and Indexing System--FTC
* * * * *
    By direction of the Commission.
Donald S. Clark,
Secretary.
[FR Doc 99-28006 Filed 10-25-99; 10:38 am]
BILLING CODE 6750-01-P