[Federal Register Volume 64, Number 238 (Monday, December 13, 1999)]
[Rules and Regulations]
[Page 69397]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 99-32036]



[[Page 69397]]

=======================================================================
-----------------------------------------------------------------------

FEDERAL TRADE COMMISSION

16 CFR Part 4


Privacy Act of 1974; Implementation

AGENCY: Federal Trade Commission (FTC).

ACTION: Final rule amendment.

-----------------------------------------------------------------------

SUMMARY: The FTC amends its Privacy Act rules to include a new exempt 
system of records that will be used to compile and maintain identity 
theft complaint data. This system implements the requirements of the 
Identity Theft and Assumption Deterrence Act of 1998. The exemption 
will help prevent individuals suspected of engaging in identity theft 
from obtaining access to complaint data.

DATES: This amendment is final and effective on December 13, 1999.

FOR FURTHER INFORMATION CONTACT: Alex Tang, Attorney, Office of the 
General Counsel, FTC, 600 Pennsylvania Avenue, NW, Washington, DC 
20580, (202) 326-2447. For more information about the Commission's 
identity theft program, contact Beth Grossman, (202) 326-3019, or 
Joanna Crane, (202) 326-3258, Attorneys, Division of Planning & 
Information, Bureau of Consumer Protection, FTC, 600 Pennsylvania 
Avenue, NW, Washington, DC 20580.

SUPPLEMENTARY INFORMATION: On October 27, 1999, in accordance with the 
Privacy Act of 1974, as amended, 5 U.S.C. 552a, the Commission 
published notice of its intent to establish a new agency system of 
records, entitled FTC-IV-2, ``Identity Theft Complaint Management 
System'FTC,'' and sought public comment on a proposed amendment of the 
Commission's rules to exempt the system from certain provisions of the 
Act. See 64 FR 57887 (system notice), 57825 (notice of proposed 
rulemaking to amend Commission Rule 4.13(m), 16 CFR 4.13(m)). The 
system of records will enable the FTC to fulfill its statutory 
responsibilities under section 5 of the Identity Theft and Assumption 
Deterrence Act of 1998, Public Law 105-318, 112 Stat. 3007, 3010, 18 
U.S.C. 1028 note (``ITADA''). The ITADA designates the FTC to serve as 
a clearinghouse for the receipt and referral of identity theft 
complaints and requires that the FTC establish procedures: (1) To log 
and acknowledge receipt of complaints from individuals who certify that 
they have a reasonable belief that one or more of their means of 
identification have been assumed, stolen, or otherwise unlawfully 
acquired in violation of the statute; (2) to provide informational 
materials to such individuals; and (3) to refer such complaints to 
``appropriate entities.'' Under the statute, these entities include, 
but are not limited to, the three major national consumer reporting 
agencies (i.e., currently Equifax, Experian and Trans Union) and 
appropriate law enforcement agencies for potential law enforcement 
action.
    As explained in the Commission's notice of the proposed rulemaking, 
the Commission believes that the identity theft complaint data 
contained in the system must be exempted under the Privacy Act to 
prevent certain categories of individuals (e.g., targets of identity 
theft complaints or investigations), to the extent they are covered by 
the system, from invoking the Act to obtain access to complaint files 
that may pertain to their activities. A principal purpose for compiling 
these complaint files is for law enforcement, since these complaints 
focus on specific instances of suspected illegal identity theft. In 
many cases, these complaints will be referred to other law enforcement 
authorities, as contemplated by the ITADA, and in certain cases, may 
also be relevant to Commission investigations. Under these 
circumstances, disclosure of the complaint file to a target would harm 
or otherwise interfere with law enforcement efforts. For example, if 
the complaint data were not exempted from access, a target could 
anticipate and evade prosecution by learning about actual or potential 
law enforcement referrals, investigations, or other actions from 
information maintained in the complaint file. Such access to the file 
could also inadvertently facilitate further identity theft or 
retaliation by enabling the target to ascertain or confirm sensitive 
personal information submitted by and being maintained about the 
identity theft victim or about other informants.
    The Commission received no comments in response to its proposed 
exemption of the system. Accordingly, for the reasons set forth above, 
the Commission is amending Commission Rule 4.13(m), 16 CFR 4.13(m), to 
add the system to its inventory of systems that are exempt under 
subsection (k)(2) of the Privacy Act, 5 U.S.C. 552a(k)(2). The 
Commission, however, reserves the sole discretion to permit certain 
categories of individuals (e.g., complainants or other individual 
informants) whose records are covered by the system to obtain access to 
information that was provided by such individuals in order to correct, 
update or verify the accuracy of that information or for other related 
purposes.
    The Commission certifies that this rule amendment does not have a 
significant economic impact on a substantial number of small entities 
within the meaning of the Regulatory Flexibility Act, 5 U.S.C. 601 et 
seq.

List of Subjects in 16 CFR Part 4

    Administrative practice and procedure, Freedom of Information, 
Privacy, Records, Sunshine Act.

    For the reasons stated in the preamble, the Federal Trade 
Commission amends 16 CFR chapter I as follows:

PART 4--MISCELLANEOUS RULES

    1. The authority for part 4 continues to read:

    Authority: 15 U.S.C. 46, unless otherwise noted.

    2. Amend Sec. 4.13 by revising paragraph (m)(2) to read as follows:


Sec. 4.13  Privacy Act rules.

* * * * *
    (m) * * *
    (2) Pursuant to 5 U.S.C. 552a(k)(2), investigatory materials 
compiled for law enforcement purposes in the following systems of 
records are exempt from subsections (c)(3), (d), (e)(1), (e)(4)(G), 
(H), and (I), and (f) of 5 U.S.C. 552a, and from the provisions of this 
section, except as otherwise provided in 5 U.S.C. 552a(k)(2):

Investigational, Legal, and Public Records--FTC
Disciplinary Action Investigatory Files--FTC
Clearance to Participate Applications and the Commission's Responses 
Thereto, and Related Documents--FTC
Management Information System--FTC
Office of the Secretary Control and Reporting System--FTC
Office of Inspector General Investigative Files--FTC
Stenographic Reporting Service Requests--FTC
Identity Theft Complaint Management System--FTC
Freedom of Information Act Requests and Appeals--FTC
Privacy Act Requests and Appeals--FTC
Information Retrieval and Indexing System--FTC
* * * * *
    By direction of the Commission.
Donald S. Clark,
Secretary.
[FR Doc. 99-32036 Filed 12-10-99; 8:45 am]
BILLING CODE 6750-01-P