[Federal Register Volume 74, Number 73 (Friday, April 17, 2009)]
[Notices]
[Pages 17863-17866]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E9-8859]


=======================================================================
-----------------------------------------------------------------------

FEDERAL TRADE COMMISSION


Privacy Act of 1974; System of Records Notices

AGENCY: Federal Trade Commission (FTC).

ACTION: Notice of revised Privacy Act system notices.

-----------------------------------------------------------------------

SUMMARY: The FTC is revising several of the notices that it is required 
to publish under the Privacy Act of 1974 to describe its systems of 
records about individuals. This action is intended to make these 
notices clearer, more accurate, and up-to-date.

DATES: This notice shall become final and effective on April 17, 2009.

FOR FURTHER INFORMATION CONTACT: Alex Tang, G. Richard Gold, or 
Lorielle L. Pankey, Attorneys, Office of the General Counsel, FTC, 600 
Pennsylvania Avenue, NW., Washington, DC 20580, (202) 326-2424.

SUPPLEMENTARY INFORMATION: To inform the public, the FTC publishes in 
the FEDERAL REGISTER and posts on its Web site a ``system of records 
notice'' (SORN) for each system of records about individuals that the 
FTC currently maintains within the meaning of the Privacy Act of 1974, 
as amended, 5 U.S.C. 552a. See (http://www.ftc.gov/foia/listofpaysystems.shtm). Each SORN describes the records maintained in 
that particular system, including the categories of individuals that 
the records in the system are about (e.g., FTC employees or consumers). 
Each system notice also contains information about how to find out if 
that particular system contains any records about you.
    On June 12, 2008, the FTC republished and updated all of the FTC's 
SORNs, describing all of the agency's systems of records covered by the 
Privacy Act in a single document for ease of use and reference. 73 FR 
33592. To ensure the SORNs remain accurate, FTC staff engages in a 
comprehensive review of each SORN on a periodic basis. As a result of 
this systematic review, the FTC is making the following revisions to 
several of its SORNs.\1\
---------------------------------------------------------------------------

    \1\ The FTC is not adding or changing any routine uses of its 
system records or making other significant system changes that would 
require prior public comment or notice to the Office of Management & 
Budget (OMB) and Congress. See U.S.C. 552a(e)(11), (r); OMB Circular 
A-130, Appendix I.
---------------------------------------------------------------------------

I. FTC Law Enforcement Systems of Records

    FTC-I-1 (Nonpublic Investigational and Other Nonpublic Legal 
Program Records--FTC). This SORN includes nonpublic investigational and 
other nonpublic program records. We have added language that clarifies 
the categories of individuals and types of records covered by the 
system.
    FTC-I-7 (Office of Inspector General Investigative Files--FTC). 
This SORN covers investigatory records in the FTC's Office of Inspector 
General (OIG). The FTC is revising the retention and disposal section 
of this SORN to reflect that these records are retained indefinitely, 
pending approval of an applicable retention and disposal schedule by 
the National Archives and Records Administration.

II. FTC Personnel Systems of Records

    FTC-II-1 (General Personnel Records--FTC). This SORN covers 
Official Personnel Folders (OPFs) and other personnel records that the 
FTC's Human Resources Management Office (HRMO) maintains about FTC 
employees. We are including additional authorities for the system.
    FTC-II-2 (Unofficial Personnel Records--FTC). This SORN covers 
personnel records maintained outside of the FTC's HRMO by FTC managers 
about their employees, including employee performance files. We are 
including additional authorities for the system.
    FTC-II-7 (Ethics Program Records--FTC). This SORN covers annual 
financial statements and other filings or requests made by FTC 
officials and employees under the FTC's ethics program. The FTC is 
making a technical revision to reflect the appropriate title of

[[Page 17864]]

the system manager (``Designated Agency Ethics Official'' as opposed to 
``Designated Agency Ethics Officer'').
    FTC-II-10 (Employee Health Care Records--FTC). This SORN covers 
records maintained by the FTC's employee health unit, which relies upon 
a U.S. Department of Health and Human Services Program Support Center 
(PSC) contractor to provide on-site health services to our employees at 
certain FTC facilities. The FTC is revising this SORN to clarify that 
this system excludes medical records pertaining to requests for 
reasonable accommodation, see Sections 501 and 505 of the 
Rehabilitation Act of 1973 as amended (Pub. L. 93-112), which would be 
covered by the applicable OPM Government-wide SORN, OPM/GOVT-10 
(Employee Medical File System Records). See 71 FR 35342, 35360 (June 
19, 2006).

III. FTC Financial Systems of Records

    FTC-III-1 (Personnel Payroll System--FTC). This SORN covers payroll 
processing records for FTC employees and retirement records. The FTC is 
removing the reference to the Director of the Division of Finance and 
Budget as a system manager and leaving the Director of the Human 
Resources Management Office as now the sole FTC manager of this system.

IV. FTC Correspondence Systems of Records

    FTC-IV-1 (Consumer Information System--FTC). This SORN covers 
complaints and information requests received from consumers. We are 
including additional details about the safeguards employed to protect 
this information.
    FTC-IV-3 (National Do Not Call Registry--FTC). This SORN covers 
records of individuals who wish to be placed on the FTC's telemarketing 
do-not-call list. It also covers information collected from 
telemarketers, sellers, or agents who are required to comply with the 
list, but only to the extent, if any, that such telemarketers, sellers, 
or agents are also ``individuals'' within the meaning of the Privacy 
Act. The FTC is revising the Authority for Maintenance of the System 
section to include references to the Do-Not-Call Improvement Act of 
2007 (Pub. L. No. 110-187 (2008)) (eliminating the automatic removal of 
numbers from the registry) and the Do-Not-Call Registry Fee Extension 
Act of 2007 (Pub. L. No. 110-188 (2008)) (modifying the fees that 
organizations accessing the registry must pay).

VII. FTC Miscellaneous Systems of Records

    FTC-VII-3 (Computer Systems User Identification and Access 
Records--FTC). This SORN covers records that the FTC maintains on those 
who have access to FTC computer systems in order to monitor and control 
the usage of such systems. The FTC is revising this SORN to make 
further clarifications in the system's scope, purpose and safeguards. 
We are also adding the Assistant Chief Information Officer, Operations 
Assurance, Office of Information and Technology Management as a system 
manager.
    FTC-VII-4 (Call Detail Records--FTC). This SORN covers records that 
the FTC maintains on telephone usage by employees, contractors and 
other individuals. The FTC is revising this SORN to add the Assistant 
Chief Information Officer for Customer Services as a system manager.
---------------------------------------------------------------------------

    \2\ This SORN was incorrectly identified as FTC-VII-8 in the 
``System-by-System SORN Summary'' section of the FTC's June 12, 2008 
Notice. 73 FR 33592, 33596.
---------------------------------------------------------------------------

FTC Systems of Records Notices

    Accordingly, the FTC revises and updates the Privacy Act systems of 
records below as follows:
I. FTC Law Enforcement Systems of Records

FTC-I-1

SYSTEM NAME:
    Nonpublic Investigational and Other Nonpublic Legal Program 
Records--FTC.
* * * * *

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system consists of case or matter files and other nonpublic 
records created, collected and maintained by the FTC's Bureaus and 
other offices in the course of law enforcement investigations, 
administrative or court litigation, and other agency legal proceedings 
and matters (e.g., rulemakings, requests for formal advisory opinions). 
The system covers investigatory targets, witnesses, consumers, redress 
claimants, commenters, requesters, and other individuals whose 
information the FTC ``retrieves'' from these nonpublic records, as 
explained below. (Entities that are not ``individuals,'' such as 
businesses, sole proprietorships, or corporations, are not covered by 
this system.) Parties requesting informal advisory opinions are covered 
by FTC-I-3, Informal Advisory Opinion Request and Response Files--FTC.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records maintained in this system include information about 
individuals such as name, address, employment status, age, date of 
birth, financial information, credit information, social security 
number and personal history. Records in this system are collected and 
generated during law enforcement investigations and litigation and may 
include: copies of subpoenas and other compulsory process issued during 
the investigation; documents and records (including copies) obtained 
during the investigation in response to subpoenas and other compulsory 
process, or otherwise provided to the Commission; affidavits and other 
statements from witnesses; transcripts of testimony taken in the 
investigation and accompanying exhibits; internal staff memoranda; 
interview notes, investigative notes, staff working papers, draft 
materials, and other documents and records relating to the 
investigation; correspondence; and internal status reports including 
matter initiation reports, progress reports, and closing reports. 
Records in this system may also include other investigatory information 
or data relating to any of the following: docketed and consent matters; 
redress distribution proceedings; rulemakings, workshops, and other 
public proceedings, including comments or other materials submitted in 
such proceedings; assurances of voluntary compliance; and advisory 
opinions.
    This system is limited to files and records that are about an 
individual, and only when the file or record is pulled (``retrieved'') 
by the name of that individual or other personal identifier (e.g., 
number, symbol, fingerprint, etc.). As described below, records in this 
system may become public if they are subject to such disclosure under 
the FTC's Rules of Practice.
* * * * *
FTC-I-7

SYSTEM NAME:
    Office of Inspector General Investigative Files--FTC.
* * * * *

RETENTION AND DISPOSAL:
    Records are retained indefinitely, pending approval of an 
applicable retention and disposal schedule by the National Archives and 
Records Administration.
* * * * *


[[Page 17865]]

II. FTC Personnel Systems of Records

FTC-II-1

SYSTEM NAME:
    General Personnel Records--FTC.
* * * * *

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301, 1302, 2951, 3301, 3372, 4118, 8347; Executive Orders 
9397, 9830, and 12107; and 5 CFR 293.
* * * * *
FTC-II-2

SYSTEM NAME:
    Unofficial Personnel Records--FTC.
* * * * *

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301, 1104, 3321, 4301-4305; 4311-4315; 5405, 6101-6106; 
6301-6326; 6331-6340; 6361-6373; 6381-6387; 6391; 7301-7353; 5 U.S.C. 
Chapter 75; Executive Order 12107; and 5 CFR 293.
* * * * *
FTC-II-7

SYSTEM NAME:
    Ethics Program Records--FTC.
* * * * *

SYSTEM MANAGER(S) AND ADDRESS:
    Designated Agency Ethics Official, Office of General Counsel, 
Federal Trade Commission, 600 Pennsylvania Avenue, NW., Washington, DC 
20580.
* * * * *
FTC-II-10

SYSTEM NAME:
    Employee Health Care Records--FTC.
* * * * *

CATEGORIES OF RECORDS IN THE SYSTEM:
    Names, medical reports, opinions, evaluations, diagnoses and 
treatment information; and other records of the type described in the 
Privacy Act system of records notice published by the Health and Human 
Services' Program Support Center (HHS/PSC) for System No. 09-40-0005 
(Public Health Service (PHS) Beneficiary-Contract Medical/Health Care 
Records), or any successor system notice for that system. The FTC 
currently has an interagency contract with HHS/PSC, which, in turn, 
uses private contractors to provide nursing, vaccination, and other 
miscellaneous on-site health care services to FTC employees.
    This system (FTC-II-10) excludes other medical records, if any, 
that may be compiled or maintained by the FTC or a contractor on the 
FTC's behalf about FTC employees resulting from: (1) a request for 
reasonable accommodation under Sections 501 and 505 of the 
Rehabilitation Act of 1973, as amended (Pub. L. 93-112); (2) a 
condition of the individual's employment (e.g., fitness-for-duty 
examination, drug testing); or (3) an on-the-job occurrence (e.g., 
medical injury report). Those records, if any, are described in and 
covered by the Office of Personnel Management (OPM) Privacy Act system 
of records notice for such records, OPM/GOVT-10 (Employee Medical File 
System Records), or any successor system notice for that system.
* * * * *
III. FTC Financial Systems of Records

FTC-III-1

SYSTEM NAME:
    Personnel Payroll System--FTC.
* * * * *

SYSTEM MANAGER(S) AND ADDRESS:
    Director, Human Resources Management Office, Federal Trade 
Commission, 600 Pennsylvania Avenue, NW., Washington, DC 20580.
    See DOI-85 for the FPPS system manager and address.
* * * * *
IV. FTC Correspondence Systems of Records

FTC-IV-1

SYSTEM NAME:
    Consumer Information System--FTC.
* * * * *

SAFEGUARDS:
    The system can currently be accessed by FTC staff, contractors, and 
other system users, such as authorized law enforcement agency 
personnel. This access occurs via a Web-based interface and is 
authorized only on a need-to-know basis to those individuals and 
organizations requiring access. Contractors and other non-FTC users 
must sign confidentiality and nondisclosure agreements, and, in some 
cases, are required to undergo additional security clearance 
procedures. Letters or other system records in paper format are 
maintained in lockable rooms and cabinets. Access to the electronic 
database requires users to have the correct ``user ID'' and password 
combination, individual security token code, and Internet protocol 
(``IP'') address for the user's law enforcement agency. The system 
database is maintained on secure servers, protected by firewalls, 
access and usage logs, and other security controls. Servers are 
maintained in a secure physical environment, including building locks, 
security guards, and cameras.
* * * * *
FTC-IV-3

SYSTEM NAME:
    National Do Not Call Registry System--FTC.
* * * * *

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Federal Trade Commission Act, 15 U.S.C. 41 et seq., Telemarketing 
and Consumer Fraud and Abuse Prevention Act, 15 U.S.C. 6101-6108; Do-
Not-Call Implementation Act, Pub. L. No. 108-10 (2003); Do-Not-Call 
Improvement Act of 2007, Pub. L. No. 110-187 (2008); Do-Not-Call 
Registry Fee Extension Act of 2007, Pub. L. No. 110188 (2008).
* * * * *
VII. FTC Miscellaneous Systems of Records

FTC-VII-3

SYSTEM NAME:
    Computer Systems User Identification and Access Records--FTC.
* * * * *

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Commission employees and others (e.g., contractors) with access to 
FTC computer systems, including various system platforms, applications, 
and databases (e.g., Outlook, Business Objects, Oracle, Redress, 
STAFFID, CIS, etc.), operated by the FTC or by a contractor for the 
FTC.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This Privacy Act system consists of the login and other user 
identification and access records that FTC computer systems routinely 
compile and maintain about users of those systems. These records 
include user data such as: user name; e-mail address; employee or other 
user identification number; organization code; systems or services to 
which the individual has access; systems and services used; amount of 
time spent using each system; number of usage sessions; and user 
profile. These system records include log-in, passphrase, and other 
system usage files and directories when they contain data on specific 
users. Many FTC computer systems collect and maintain additional 
information, other than system use data, about individuals inside and 
outside the FTC. See a complete list of FTC Privacy Act systems on the 
FTC's Web site, (http://www.ftc.gov/foia/listofpaysystems.shtm), to 
learn about

[[Page 17866]]

other categories of information collected and maintained about 
individuals in the FTC's computer systems.
* * * * *

PURPOSE(S):
    To monitor usage of computer systems; to support server and desktop 
hardware and software; to ensure the availability and reliability of 
the agency computer facilities; to help document and/or control access 
to various computer systems; to audit, log, and alert responsible FTC 
personnel when certain personally identifying information is accessed 
in specified systems; to prepare budget requests for automated 
services; to identify the need for and to conduct training programs, 
which can include the topics of information security, acceptable 
computer practices, and FTC information security policies and 
procedures; to monitor security on computer systems; to add and delete 
users; to investigate and make referrals for disciplinary or other 
action if improper or unauthorized use is suspected or detected.
* * * * *

SAFEGUARDS:
    Access is restricted to agency personnel and contractors whose 
responsibilities require access. Paper records, if any, maintained in 
lockable rooms or file cabinets. Access to electronic records is 
controlled by ``user ID'' and passphrase combination and/or other 
appropriate electronic access or network controls (e.g., firewalls). 
FTC buildings are guarded and monitored by security personnel, cameras, 
ID checks, and other physical security measures.
* * * * *

SYSTEM MANAGER(S) AND ADDRESS:
    Assistant Chief Information Officer, Infrastructure Operations, 
Office of Information and Technology Management, Federal Trade 
Commission, 600 Pennsylvania Avenue, NW., Washington, DC 20580.
    Assistant Chief Information Officer, Operations Assurance, Office 
of Information and Technology Management, Federal Trade Commission, 600 
Pennsylvania Avenue, NW., Washington, DC 20580.
* * * * *

FTC-VII-4

SYSTEM NAME:

    Call Detail Records--FTC.
* * * * *

SYSTEM MANAGER(S) AND ADDRESS:

    Assistant Chief Information Officer, Customer Services, Office of 
Information and Technology Management, Federal Trade Commission, 600 
Pennsylvania Avenue, NW., Washington, DC 20580.
    Assistant Chief Information Officer, Infrastructure Operations, 
Office of Information and Technology Management, Federal Trade 
Commission, 600 Pennsylvania Avenue, NW., Washington, DC 20580.
* * * * *

David C. Shonka,
Acting General Counsel.
[FR Doc. E9-8859 Filed 4-16-09: 8:45 am]
BILLING CODE 6750-01-S