[Federal Register Volume 71, Number 200 (Tuesday, October 17, 2006)]
[Rules and Regulations]
[Pages 60810-60814]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E6-17298]


=======================================================================
-----------------------------------------------------------------------

FEDERAL HOUSING FINANCE BOARD

12 CFR Parts 910 and 913

[No. 2006-19]
RIN 3069-AB32


Privacy Act and Freedom of Information Act; Implementation

AGENCY: Federal Housing Finance Board.

ACTION: Interim final rule with request for comments.

-----------------------------------------------------------------------

SUMMARY: As part of a comprehensive review of agency practices related 
to the collection, use, and protection of personally identifiable 
information, the Federal Housing Finance Board

[[Page 60811]]

(Finance Board) is updating both its systems of records and 
implementing rule under the Privacy Act of 1974 (Privacy Act). This 
interim final rule revises the agency's Privacy Act regulation to 
include new sections concerning security of systems of records, use and 
collection of social security numbers, and employee responsibilities 
under the Privacy Act. Elsewhere in this issue of the Federal Register, 
the Finance Board is publishing a notice concerning updates to the 
Finance Board's Privacy Act systems of records.
    The Finance Board also is amending the fee schedule in its Freedom 
of Information Act (FOIA) regulation to take into account increased 
salary and operating costs. The Finance Board determines the amount of 
the fee it charges to duplicate records under the Privacy Act in 
accordance with the FOIA fee schedule.

DATES: The interim final rule will become effective on October 17, 
2006. The Finance Board will accept comments on the interim final rule 
in writing on or before November 16, 2006.
    Comments: Submit comments to the Finance Board only once, using any 
one of the following methods:
    E-mail: [email protected].
    Fax: 202-408-2580.
    Mail/Hand Delivery: Federal Housing Finance Board, 1625 Eye Street 
NW., Washington DC 20006, Attention: Public Comments.
    Federal eRulemaking Portal: http://www.regulations.gov. Follow the 
instructions for submitting comments. If you submit your comment to the 
Federal eRulemaking Portal, please also send it by e-mail to the 
Finance Board at [email protected] to ensure timely receipt by the 
agency. Include the following information in the subject line of your 
submission: Federal Housing Finance Board. Interim Final Rule: Privacy 
Act and Freedom of Information Act; Implementation. RIN Number 3069-
AB32. Docket Number 2006-19.
    We will post all public comments we receive without change, 
including any personal information you provide, such as your name and 
address, on the Finance Board Web site at http://www.fhfb.gov/Default.aspx?Page=93&Top=93.

FOR FURTHER INFORMATION CONTACT: Janice A. Kaye, Privacy Act Official 
and Senior Attorney-Advisor, Office of General Counsel, [email protected] 
or 202-408-2505; or David A. Lee, Chief Privacy Officer and Deputy 
Director, Office of Management, [email protected] or 202-408-2514. You can 
send regular mail to the Federal Housing Finance Board, 1625 Eye Street 
NW., Washington DC 20006.

SUPPLEMENTARY INFORMATION: 

I. Background and Analysis of the Interim Final Rule

    In light of the recent theft of sensitive personal information from 
various federal agencies and in response to the Office of Management 
and Budget's memorandum (M-06-15 (May 22, 2006)) directing agencies to 
review privacy policies and processes, the Finance Board has undertaken 
a comprehensive review of agency practices related to the collection, 
use, and protection of personally identifiable information. As a result 
of that review, the Finance Board has enhanced the safeguards for 
sensitive information by adding two-factor authentication and data 
encryption to the agency's network infrastructure and is beginning to 
implement government-wide personal identity verification management 
standards that will result in issuance of new ID cards for all 
employees and contractors that may include full name, date of birth, 
image (photograph), fingerprints, organization affiliation (e.g., 
employee or contractor), organization/office of assignment, grade, e-
mail address, United States citizenship status, and results of 
background investigation. The Finance Board also is updating both its 
Privacy Act systems of records and implementing rule.
    The current Privacy Act rule, codified at 12 CFR part 913, was last 
revised in 2003. See Resolution Number 2003-08, published at 68 FR 
39810 (July 3, 2003) (interim final rule), and Resolution Number 2003-
25, published at 68 FR 59309 (Oct. 15, 2003) (final rule) (available 
electronically in the FOIA Reading Room on the Finance Board Web site 
at: http://www.fhfb.gov/Default.aspx?Page=59&Top=4). The substantive 
amendments this interim final rule makes include the addition of new 
sections concerning security of systems of records, use and collection 
of social security numbers, and employee responsibilities under the 
Privacy Act. These amendments are modeled after the U.S. Department of 
Justice Privacy Act implementing rule, and are intended to enhance the 
agency's ability to protect personally identifiable information.
    Elsewhere in this issue of the Federal Register, the Finance Board 
is publishing a notice updating the agency's Privacy Act systems of 
records to reflect the new office address, changes to certain records 
retention periods, and the shift in responsibility for records related 
to appointed Federal Home Loan Bank directors from the Office of the 
Chairman to the Office of Supervision. We are revising the system of 
records concerning Office of Inspector General (OIG) records to cover 
both audit and investigative files and, at the request of the OIG, 
adding several routine uses. We also are adding two new systems of 
records. The first covers examination work papers a Finance Board 
examiner uses to determine whether a Federal Home Loan Bank's 
Affordable Housing Program (AHP) complies with applicable laws and 
regulations. The second covers a Personal Identity Verification (PIV) 
Management System as a result of new, government-wide identification 
requirements for all federal employees.
    The Finance Board also is amending the fee schedule in its FOIA 
regulation to take into account increased salary and operating costs. 
The Finance Board determines the amount of the fee it charges to 
duplicate records under the Privacy Act in accordance with the FOIA fee 
schedule. More specifically, the Finance Board is increasing the hourly 
search charge for clerical staff from $28.00 to $31.00, for 
supervisory/professional staff from $53.00 to $72.00, and for computer 
operators from $48.00 to $59.00. The hourly charge to review records 
increases from $53.00 to $72.00.

II. Notice and Public Participation

    The Finance Board is promulgating these changes as an interim final 
rule because it is in the public interest to enhance the agency's 
ability to protect personally identifiable information. Accordingly, 
the Finance Board for good cause finds that the notice and publication 
requirements of the Administrative Procedure Act are unnecessary. See 5 
U.S.C. 553(b)(3)(B). However, because this type of rulemaking generally 
requires notice and receipt of public comment, the Finance Board will 
accept written comments on the interim final rule on or before November 
16, 2006.

III. Effective Date

    For the reasons stated in part II above, the Finance Board for good 
cause finds that the interim final rule should become effective on 
October 17, 2006. See 5 U.S.C. 553(d)(3).

IV. Regulatory Flexibility Act

    The Finance Board is adopting the amendments to parts 910 and 913 
in the form of an interim final rule and not as a proposed rule. 
Therefore, the provisions of the Regulatory Flexibility Act do not 
apply. See 5 U.S.C. 601(2), 603(a).

[[Page 60812]]

V. Paperwork Reduction Act

    The interim final rule does not contain any collections of 
information under the Paperwork Reduction Act of 1995. See 44 U.S.C. 
3501 et seq. Consequently, the Finance Board has not submitted any 
information to the Office of Management and Budget for review.

List of Subjects

12 CFR Part 910

    Administrative practice and procedure, Archives and records, 
Confidential business information, Federal home loan banks, Freedom of 
information.

12 CFR Part 913

    Administrative practice and procedure, Archives and records, 
Freedom of information, Privacy.


0
For the reasons stated in the preamble, the Finance Board revises 12 
CFR parts 910 and 913 to read as follows:

PART 910--FREEDOM OF INFORMATION ACT REGULATION

0
1. The authority citation for part 910 continues to read as follows:

    Authority: 5 U.S.C. 552; 52 FR 10012 (Mar. 27, 1987).


0
2. Revise the definition of the terms ``FOIA Officer'' in Sec.  910.1 
to read as follows:


Sec.  910.1  Definitions.

* * * * *
    FOIA Officer means the Finance Board employee who is authorized to 
make determinations as provided in this part. The mailing address for 
the FOIA Officer is: Freedom of Information Act Office, Federal Housing 
Finance Board, 1625 Eye Street NW., Washington DC 20006.
* * * * *

0
3. Revise Sec. Sec.  910.9(f)(2) and (g) to read as follows:


Sec.  910.9  Fees.

* * * * *
    (f) * * *
    (2) To pay fees and interest assessed under this section, a 
requester shall deliver to the Office of Management, located at the 
Federal Housing Finance Board, 1625 Eye Street NW., Washington DC 
20006, a check or money order made payable to the ``Federal Housing 
Finance Board.''
* * * * *
    (g) Fee schedule. The Finance Board shall assess fees in accordance 
with the following schedule:
    Search:
    Supervisory/Professional Staff--$72.00 per hour.
    Clerical Staff--$31.00 per hour.
    Computer Operator--$59.00 per hour.
    Review--$72.00 per hour.
    Duplication:
    Photocopies--$.10 per page.
    Diskettes--$.50 per diskette.
    CD-ROMs--$1.00 per CD.
    Transcription of audio tape--$4.50 per page.
    Certification, seal and attestation--$5.00 per document.
    Delivery:
    Facsimile transmission (long distance)--long distance charges plus 
$.25 per page.
    Facsimile transmission (local)--$.25 per call plus $.25 per page.
    Express delivery service--actual cost.

PART 913--PRIVACY ACT REGULATION

0
4. The authority citation for part 913 continues to read as follows:

    Authority: 5 U.S.C. 552a.


0
5. Revise the definition of the terms ``Privacy Act Official'' and 
``system of records'' in Sec.  913.1 to read as follows:


Sec.  913.1  Definitions.

* * * * *
    Privacy Act Official means the Finance Board employee who is 
authorized to make determinations as provided in this part. The mailing 
address for the Privacy Act Official is: Privacy Act Office, Federal 
Housing Finance Board, 1625 Eye Street, NW., Washington DC 20006.
* * * * *
    System of records means a group of records the Finance Board 
maintains or controls from which information is retrieved by the name 
of an individual or by some identifying number, symbol, or other 
identifying particular assigned to the individual. You can find a 
description of the Finance Board's systems of records as part of the 
``Privacy Act Compilation'' published by the Federal Register. You can 
access the ``Privacy Act Compilation'' in most large reference and 
university libraries or electronically at the Government Printing 
Office's Web site at http://www.gpoaccess.gov/privacyact/index.html. 
You also can request a copy of the Finance Board's systems of records 
from the Privacy Act Official.
* * * * *

0
6. Revise Sec.  913.2(a) to read as follows:


Sec.  913.2  Purpose and scope.

    (a) This part 913 contains the rules the Finance Board follows 
under the Privacy Act. You should read these rules together with the 
Privacy Act, which provides additional information about records 
maintained on individuals. The rules apply to all records in systems of 
records the Finance Board maintains that are retrieved by an 
individual's name or personal identifier. They describe the procedures 
by which individuals may request access to records, request amendment 
or correction of those records, and request an accounting of 
disclosures of those records by the Finance Board. Whenever it is 
appropriate to do so, the Finance Board automatically processes a 
Privacy Act request for access to records under both the Privacy Act 
and the FOIA, following the rules contained in part 910 of this chapter 
and this part 913. The Finance Board processes a request under both the 
Privacy Act and the FOIA so you will receive the maximum amount of 
information available to you by law.
* * * * *

0
7. Revise Sec.  913.3(e)(1) and (2)(i) to read as follows:


Sec.  913.3  How do I make a request under the Privacy Act?

* * * * *
    (e) Verification of identity. * * *
    (1) Verifying your own identity. You must state your full name, 
current address, and date and place of birth. In order to help identify 
and locate the records you request, you also may, at your option, 
include your social security number. If you make your request in person 
and your identity is not known to the Privacy Act Official, you must 
provide either 2 forms of identification with photographs, or 1 form of 
identification with a photograph and a properly authenticated birth 
certificate. If you make your request by mail, your signature either 
must be notarized or submitted under 28 U.S.C. 1746, a law that permits 
statements to be made under penalty of perjury as a substitute for 
notarization. You may fulfill this requirement by having your signature 
on your request letter witnessed by a notary, or including the 
following statement just before the signature on your request letter: 
``I declare under penalty of perjury that the foregoing is true and 
correct. Executed on [date].''
    (2) Verification of guardianship. * * *
    (i) The identity of the individual who is the subject of the 
record, by stating the individual's name, current address and date and 
place of birth, and, at your option, the social security number of the 
individual;
* * * * *

[[Page 60813]]


0
8. Revise Sec.  913.4(a) and (b) to read as follows:


Sec.  913.4  How will the Finance Board respond to your Privacy Act 
request?

    (a) When will the Finance Board respond to my request? The Privacy 
Act Official generally will respond to you in writing within 10 working 
days of receipt of a request that meets the requirements of Sec.  
913.3. The Privacy Act Official may extend the response time in unusual 
circumstances, such as the need to consult with another agency about a 
record or to retrieve a record shipped offsite for storage. If you make 
your request in person, the Privacy Act Official may disclose records 
to you directly with a written record made of the grant of the request. 
If you are accompanied by another person, we will require your written 
authorization before discussing the records in the presence of the 
other person.
    (b) What will the Finance Board's response include? The written 
response will include the Privacy Act Official's determination whether 
to grant or deny your request in whole or in part, a brief explanation 
of the reasons for the determination, and the amount of the fee 
charged, if any, under Sec.  913.6. If you requested access to records, 
the Privacy Act Official will make the records, if any, available to 
you. If you requested amendment or correction of a record, the response 
will describe any amendments or corrections made and advise you of your 
right to obtain a copy of the amended or corrected record, in 
disclosable form, under this part.
* * * * *

0
9. Revise Sec.  913.5(e)(1) and (3) to read as follows:


Sec.  913.5  What can I do if I am dissatisfied with the Finance 
Board's response to my Privacy Act request?

* * * * *
    (e) Statements of Disagreement. (1) What is a Statement of 
Disagreement? A Statement of Disagreement is a concise written 
statement in which you clearly identify each part of any record that 
you dispute and explain your reason(s) for disagreeing with the Finance 
Board's denial in whole or in part of your appeal requesting amendment 
or correction.
* * * * *
    (3) What will the Finance Board do with my Statement of 
Disagreement? The Finance Board will place your Statement of 
Disagreement in the system(s) of records in which the disputed record 
is maintained. The Finance Board also may append a concise statement of 
its reason(s) for denying the request to amend or correct the record. 
The Finance Board will notify all persons, organizations, or agencies 
to which it previously disclosed the record, if an accounting of that 
disclosure was made, that the record has been amended or corrected. We 
will provide a copy of your Statement of Disagreement and its 
explanation, if any, along with the record whenever the record is 
disclosed.

0
10. Revise Sec.  913.7(b)(1) introductory text to read as follows:


Sec.  913.7  Exemptions.

* * * * *
    (b) Which records are exempt? (1) Office of Inspector General Audit 
and Investigative Records. Pursuant to 5 U.S.C. 552a(k)(2) and (5), a 
record contained in the system of records titled ``Office of Inspector 
General Audit and Investigative Records'' (FHFB-6) is exempt from 5 
U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (e)(4)(H), (e)(4)(I), and 
(f), to the extent that the record consists of audit or investigatory 
material compiled:
* * * * *

0
11. Add a new Sec.  913.8 to read as follows:


Sec.  913.8  Security of systems of records.

    (a) Controls. Each Finance Board office must establish 
administrative and physical controls to prevent unauthorized access to 
its systems of records, unauthorized or inadvertent disclosure of 
records, and physical damage to or destruction of records. The 
stringency of these controls should correspond to the sensitivity of 
the records that the controls protect. At a minimum, the administrative 
and physical controls must ensure that:
    (1) Records are protected from public view;
    (2) The area in which records are kept is supervised during 
business hours to prevent unauthorized persons from having access to 
them;
    (3) Records are inaccessible to unauthorized persons outside of 
business hours; and
    (4) Records are not disclosed to unauthorized persons or under 
unauthorized circumstances in either oral or written form.
    (b) Limited access. Access to records is restricted only to 
individuals who require access in order to perform their official 
duties.

0
12. Add a new Sec.  913.9 to read as follows:


Sec.  913.9  Use and collection of social security numbers.

    At least annually, the Privacy Act Official and/or Chief Privacy 
Officer will inform employees who are authorized to collect information 
that:
    (a) Individuals may not be denied any right, benefit, or privilege 
as a result of refusing to provide their social security numbers, 
unless the collection is authorized either by a statute or by a 
regulation issued prior to 1975; and
    (b) They must inform individuals who are asked to provide their 
social security numbers:
    (1) If providing a social security number is mandatory or 
voluntary;
    (2) If any statutory or regulatory authority authorizes collection 
of a social security number; and
    (3) The uses that will be made of the social security number.

0
13. Add a new Sec.  913.10 to read as follows:


Sec.  913.10  Employee responsibilities under the Privacy Act.

    At least annually, the Privacy Act Official and/or Chief Privacy 
Officer will inform employees about the provisions of the Privacy Act, 
including the Act's civil liability and criminal penalty provisions. 
Unless otherwise permitted by law, a Finance Board employee shall:
    (a) Collect from individuals only information that is relevant and 
necessary to discharge the Finance Board's responsibilities.
    (b) Collect information about an individual directly from that 
individual whenever practicable.
    (c) Inform each individual from whom information is collected of:
    (1) The legal authority to collect the information and whether 
providing it is mandatory or voluntary;
    (2) The principal purpose for which the Finance Board intends to 
use the information;
    (3) The routine uses the Finance Board may make of the information; 
and
    (4) The effects on the individual, if any, of not providing the 
information.
    (d) Ensure that the employee's office does not maintain a system of 
records without public notice and notify appropriate officials of the 
existence or development of any system of records that is not the 
subject of a current or planned public notice.
    (e) Maintain all records that are used in making any determination 
about an individual with such accuracy, relevance, timeliness, and 
completeness as is reasonably necessary to ensure fairness to the 
individual in the determination.
    (f) Except as to disclosures made to an agency or made under the 
FOIA, make reasonable efforts, prior to disseminating any record about 
an individual, to ensure that the record is accurate, relevant, timely, 
and complete.
    (g) When required by the Privacy Act, maintain an accounting in the 
specified

[[Page 60814]]

form of all disclosures of records by the Finance Board to persons, 
organizations, or agencies.
    (h) Maintain and use records with care to prevent the unauthorized 
or inadvertent disclosure of a record to anyone.
    (i) Notify the appropriate official of any record that contains 
information that the Privacy Act does not permit the Finance Board to 
maintain.

    Dated: October 11, 2006.

    By the Board of Directors of the Federal Housing Finance Board.
Ronald A. Rosenfeld,
Chairman.
 [FR Doc. E6-17298 Filed 10-16-06; 8:45 am]
BILLING CODE 6725-01-P