[Federal Register Volume 81, Number 190 (Friday, September 30, 2016)]
[Notices]
[Pages 67327-67331]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-23616]


=======================================================================
-----------------------------------------------------------------------

COMMODITY FUTURES TRADING COMMISSION


Privacy Act of 1974 System of Records Notice

AGENCY: Commodity Futures Trading Commission.

ACTION: Notice; alterations of Privacy Act systems of records.

-----------------------------------------------------------------------

SUMMARY: The Commodity Futures Trading Commission (CFTC) is 
consolidating and revising several notices of systems of records under 
the Privacy Act of 1974. It is consolidating two system of records 
notices, CFTC-5, ``Employee Personnel/Payroll Records,'' and CFTC-4, 
``Employee Leave, Time,

[[Page 67328]]

and Attendance,'' into one, CFTC-5, ``Employee Personnel, Payroll, Time 
and Attendance,'' to reflect more integrated business processes and 
applications, and to be more descriptive of its contents and 
enhancements. The Commission also is consolidating three system of 
records notices, CFTC-34, ``Telecommunications Services,'' CFTC-35, 
``Interoffice and Internet Email,'' and CFTC-36, ``Internet Security 
Gateway Systems,'' into one system of records notice, CFTC-35, entitled 
``General Information Technology Records'' to reflect more integrated 
business processes and applications, and to be more descriptive of its 
contents and enhancements. The revised CFTC-35, ``General Information 
Technology Records,'' broadly covers the information in identifiable 
form needed for the CFTC information technology network to provide 
communications and operate effectively and securely.

DATES: Comments must be received on or before October 31, 2016. This 
action will be effective without further notice on November 9, 2016, 
unless revised pursuant to comments received.

ADDRESSES: You may submit comments identified by ``Employee Personnel, 
Payroll, Time and Attendance Records'' or ``General Information 
Technology Records,'' as applicable, by any of the following methods:
     Agency Web site, via its Comments Online process: http://comments.cftc.gov. Follow the instructions for submitting comments 
through the Web site.
     Federal eRulemaking Portal: Comments may be submitted at 
http://www.regulations.gov. Follow the instructions for submitting 
comments.
     Mail: Christopher Kirkpatrick, Secretary of the 
Commission, Commodity Futures Trading Commission, Three Lafayette 
Centre, 1155 21st Street NW., Washington, DC 20581.
     Hand Delivery/Courier: Same as Mail, above.

Please submit your comments using only one method.
    All comments must be submitted in English, or if not, accompanied 
by an English translation. Comments will be posted as received to 
http://www.cftc.gov. You should submit only information that you wish 
to make available publicly. If you wish the Commission to consider 
information that you believe is exempt from disclosure under the 
Freedom of Information Act, a petition for confidential treatment of 
the exempt information may be submitted according to the procedures 
established in Sec.  145.9 of the Commission's regulations, 17 CFR 
145.9.
    The Commission reserves the right, but shall have no obligation, to 
review, pre-screen, filter, redact, refuse or remove any or all of a 
submission from http://www.cftc.gov that it may deem to be 
inappropriate for publication, such as obscene language. All 
submissions that have been redacted or removed that contain comments on 
the merits of the notice will be retained in the public comment file 
and will be considered as required under all applicable laws and may be 
accessible under the Freedom of Information Act.

FOR FURTHER INFORMATION CONTACT: Kathy Harman-Stokes, Chief Privacy 
Officer, [email protected], 202-418-6629, Office of the Executive 
Director, Commodity Futures Trading Commission, Three Lafayette Centre, 
1155 21st Street NW., Washington, DC 20581.

SUPPLEMENTARY INFORMATION:

I. The Privacy Act

    Under the Privacy Act of 1974, 5 U.S.C. 552a, a ``system of 
records'' is defined as any group of records under the control of a 
federal government agency from which information about individuals is 
retrieved by name or other personal identifier. The Privacy Act 
establishes the means by which government agencies must collect, 
maintain, and use personally identifiable information associated with 
an individual in a government system of records.
    Each government agency is required to publish a notice in the 
Federal Register of a system of records in which the agency identifies 
and describes each system of records it maintains, the reasons why the 
agency uses the personally identifying information therein, the routine 
uses for which the agency will disclose such information outside the 
agency, and how individuals may exercise their rights under the Privacy 
Act to determine if the system contains information about them.

II. Routine Uses

    Information in the systems of records covered by this Federal 
Register notice may be disclosed as specifically stated in the 
applicable notice and also in accordance with the blanket routine uses 
numbered 1 through 19 published at 76 FR 5974 (Feb. 2, 2011). These 
blanket routine uses apply to all CFTC systems of records, except as 
otherwise provided in a specific system of records notice.

III. Employee Personnel, Payroll, Time and Attendance

    The Employee Personnel, Payroll, Time and Attendance System is a 
collection of information concerning CFTC employees, including interns 
and volunteers. This System contains certain personnel records not 
covered by government-wide system of records notices, including records 
related to telework, requests for reasonable accommodation, student 
loan repayment program documentation, employee counseling, and 
grievances and other employee matters not appealed to the Merit Systems 
Protection Board (MSPB). This System also contains records related to 
payroll, pay deductions for taxes, benefits, garnishments, and other 
matters, all forms of leave and absences, and time and attendance. The 
System includes, but is not limited to: Name; business and personal 
contact information; social security number; date of birth; medical and 
other information provided for leave requests and requests for 
reasonable accommodation; pay and benefit information; and direct 
deposit information.

IV. CFTC's General Information Technology Records

    The General Information Technology Records system covers certain 
records that the CFTC computer systems routinely compile and maintain 
about users of those systems to enable the information technology 
(``IT'') network and its hardware, software, applications, databases, 
communications, and Internet access to function effectively, reliably 
and securely, and for activities to be logged for auditing, system 
improvement, and security purposes. While the CFTC IT network contains 
a broad array of hardware, software, applications, databases, 
communications tools, and means to access the Internet, this General 
Information Technology Records system of records notice (``SORN'') 
covers the personally identifiable information (``PII'') processed or 
generated by the IT network that would be covered by the Privacy Act of 
1974 and is not covered by another SORN, for individuals who currently 
or previously had access to the CFTC IT network, including current and 
former employees, volunteers, interns, contractors, and consultants. 
This system of records includes, but is not limited to: Network user 
information needed for the IT network and its components to function 
effectively and securely and for the CFTC to control access to 
software, applications, data and information; network activity

[[Page 67329]]

information including activity logs, audit trails, identification of 
devices used to access CFTC systems, Internet sites visited, and 
information input into sites visited, logs of calls to and from a CFTC 
network user on desk or mobile phones, and similar communication data 
traffic logs, and, if needed to locate a misplaced CFTC mobile device 
or for related purposes, the location of that device; and logs of calls 
placed using CFTC calling cards. Many CFTC computer systems collect and 
maintain additional information, other than system use data, about 
individuals inside and outside the CFTC. For a complete list of CFTC 
Privacy Act systems, please see http://www.cftc.gov/Transparency/PrivacyOffice/SORN/index.htm to learn about other categories of 
information collected and maintained about individuals in the CFTC's 
computer system.

    Issued in Washington, DC, on September 26, 2016, by the 
Commission.
Christopher J. Kirkpatrick,
Secretary of the Commission.
CFTC-5

SYSTEM NAME:
    Employee Personnel, Payroll, Time and Attendance.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    This system is located in the Office of the Executive Director, 
Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st 
Street NW., Washington, DC 20581 and on a computer system at the 
Commission's payroll processor, Department of Agriculture's National 
Finance Center, New Orleans, LA.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Former and current Commission employees, including volunteers and 
interns.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Categories of records include personnel records not covered by 
government-wide system of records notices, including records related to 
telework and requests for reasonable accommodation, which may include 
medical information; student loan repayment program application and 
information; and employee counseling, grievances and other employee 
matters not appealed to the MSPB. This System also contains records 
related to payroll, including salary information, awards and pay 
increases; benefits information needed for processing payment of 
benefits; direct deposit information; pay deductions, including tax and 
retirement deductions, life insurance, health and dental insurance 
deductions, flexible spending account deductions, savings allotments, 
transit and parking deductions, garnishments, debts owed to the 
Commission, and charity deductions; salary offset under part 141 of the 
Commission's rules; all forms of leave requests, balances and credits; 
all other absence types, including suspension; information necessary to 
administer the Commission's voluntary leave transfer program, including 
leave donated or used and any supporting documentation, which may 
include medical information; hours worked; and time and attendance 
records. The System includes identifying information, such as name; 
business and personal contact information; social security number; date 
of birth; citizenship; bank account information for direct deposit; and 
employee identification number.

    Note: The CFTC is the custodian of many employment-related 
records that are described in the system notices published by the 
Office of Personnel Management, MSPB, Equal Employment Opportunity 
Commission and other Federal agencies. For a complete list of 
government-wide Privacy Act systems, please see OMB Memo 99-05, 
Attachment C, ``Government-wide Systems of Records,'' at https://www.whitehouse.gov/omb/memoranda_m99-05-c/.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 6101-6133; 5 U.S.C. 6301-6326; 44 U.S.C. 3101.

PURPOSE(S):
    Information is collected to allow the Commission to handle 
personnel, payroll, time and attendance functions, including personnel 
functions involving records not covered by government-wide system of 
records notices, telework requests, requests for reasonable 
accommodation, student loan repayment program documentation, employee 
counseling, grievances and other employee matters not appealed to the 
Merit Systems Protection Board (MSPB), and payroll, pay deductions, 
leave requests, time and attendance.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    a. The information may be provided to the Department of Justice, 
the Office of Personnel Management or other Federal agencies, or used 
by the Commission in connection with any investigation or 
administrative or legal proceeding involving any violation of Federal 
law or regulation thereunder.
    b. Certain information will be provided, as required by law, to the 
Office of Child Support Enforcement, Administration for Children and 
Families, Department of Health and Human Services Federal Parent 
Locator System (FPLS) and Federal Tax Offset System to enable state 
jurisdictions to locate individuals and identify their income sources 
to establish paternity, establish and modify orders of support, and for 
enforcement action.
    c. Certain information will be provided, as required by law, to the 
Office of Child Support Enforcement for release to the Social Security 
Administration for verifying social security numbers in connection with 
the operation of the FPLS by the Office of Child Support Enforcement.
    d. Certain information will be provided, as required by law, to the 
Office of Child Support Enforcement for release to the Department of 
Treasury for purposes of administering the Earned Income Tax Credit 
Program (Section 32, Internal Revenue Code of 1986) and verifying a 
claim with respect to employment in a tax return.
    e. The information may be provided to insurance companies 
providing, or proposing to bid on a solicitation to provide, health 
benefits to Commission employees. This data may include, but is not 
limited to: Name, social security number, date of birth, age, gender, 
marital status, service computation date, date of initial appointment 
with the Commission, geographic location, standard metropolitan service 
area, home phone number, and home address of the Commission employee. 
For each enrolled dependent of the Commission employee, this 
information may include, but is not limited to: Dependent's name, 
relationship of the dependent to the Commission employee, date of 
birth, age, gender, social security number, home address, marital 
status, student status, and handicap status where applicable. This 
information may be used to verify eligibility, pay claims, or provide 
accurate bids.
    f. For employees who request repayment of student loans through the 
CFTC Student Loan Repayment Program, certain information will be 
provided to the organizations that hold the requesting employees' loan 
notes for the purpose of verifying outstanding loan amounts and 
administering such program.
    g. To provide information to officials of labor organizations 
recognized under 5 U.S.C. Chapter 71 when relevant and necessary to 
their duties of exclusive representation concerning personnel

[[Page 67330]]

policies, practices, and matters affecting work conditions.
    Information in this system also may be disclosed in accordance with 
the blanket routine uses that appear at the beginning of the 
Commission's compilation of its system of records notices, see, e.g., 
76 FR 5974 (Feb. 2, 2011), and the Commission's Web site, www.cftc.gov.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:
    None.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Paper records are stored in file folders, and electronic records, 
including computer files, are stored on the Commission's network, the 
National Finance Center Personnel/Payroll System, and other electronic 
media as needed.

RETRIEVABILITY:
    By the name, identification number, or other personally identifying 
information of the employee, volunteer or intern.

SAFEGUARDS:
    Records are protected from unauthorized access and improper use 
through administrative, technical and physical security measures. 
Technical security measures within CFTC include restrictions on 
computer access to authorized individuals who have a legitimate need to 
know the information; required use of strong passwords that are 
frequently changed; multi-factor authentication for remote access and 
access to many CFTC network components; use of encryption for certain 
data types and transfers; firewalls and intrusion detection 
applications; and regular review of security procedures and best 
practices to enhance security. Only specifically authorized individuals 
may access the National Finance Center computer system. Physical 
measures include restrictions on building access to authorized 
individuals, 24-hour security guard service, and maintenance of records 
in lockable offices and filing cabinets.

RETENTION AND DISPOSAL:
    These records are maintained according to retention schedules 
prescribed by the General Records Schedule for each type of workforce 
record.

SYSTEM MANAGER(S) AND ADDRESS:
    Executive Director, Commodity Futures Trading Commission, Three 
Lafayette Centre, 1155 21st Street NW., Washington, DC 20581.

NOTIFICATION PROCEDURE:
    Individuals seeking to determine whether this system of records 
contains information about themselves, seeking access to records about 
themselves in this system of records, or contesting the content of 
records about themselves contained in this system of records should 
address written inquiries to the Office of General Counsel, Paralegal 
Specialist, Commodity Futures Trading Commission, Three Lafayette 
Centre, 1155 21st Street NW., Washington, DC 20581. Telephone (202) 
418-5011.

RECORDS SOURCE CATEGORIES:
    Individual about whom the record is maintained; CFTC human 
resources office records; records from the National Finance Center; and 
information from third parties providing benefits or other services to 
covered individuals.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    None.
CFTC-35

SYSTEM NAME:
    General Information Technology Records.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    This system is located in the Commission's Office of Data and 
Technology at its principal office at Commodity Futures Trading 
Commission, Three Lafayette Centre, 1155 21st Street NW., Washington, 
DC 20581.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by the system include current and former CFTC 
network users, including current or former employees, interns, 
volunteers, contractors and consultants.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system of records covers certain records that the CFTC computer 
systems routinely compile and maintain about users of its systems to 
enable the information technology (``IT'') network and its hardware, 
software, applications, databases, communications and Internet access 
to function effectively, reliably and securely, and for activities to 
be logged for auditing, system improvement, and security purposes, to 
the extent such records are covered by the Privacy Act of 1974 and not 
included in another system of records. This system includes but is not 
limited to: Network user information needed for the IT network and its 
components to function effectively and securely and for the CFTC to 
control access to software, applications, data and information; network 
activity information including, for example, activity logs, audit 
trails, identification of devices used to access CFTC systems, Internet 
sites visited, and information input into sites visited, logs of calls 
to and from a CFTC network user on desk or mobile phones, and similar 
communication data traffic logs, and, if needed to locate a misplaced 
CFTC mobile device or for related purposes, the location of that 
device; and logs of calls placed using CFTC calling cards. Many CFTC 
computer systems collect and maintain additional information, other 
than system use data, about individuals inside and outside the CFTC. 
For a complete list of CFTC Privacy Act systems, please see http://www.cftc.gov/Transparency/PrivacyOffice/SORN/index.htm to learn about 
other categories of information collected and maintained about 
individuals in the CFTC's computer system.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301; Commodity Exchange Act, 7 U.S.C. 1 et seq. including 
Section 12 of the Commodity Exchange Act, at 7 U.S.C. 16, and the rules 
and regulations promulgated thereunder.

PURPOSE(S):
    The purpose of the system of records is to enable effective, 
reliable and secure operation of the information technology network and 
its hardware, software, applications, databases, communications and 
Internet access that CFTC staff members rely upon to perform their job 
duties and carry out the agency's mission. This includes: To monitor 
usage of computer systems; to ensure the availability and reliability 
of the agency computer facilities; to document and/or control access to 
various computer systems; to audit, log, and alert responsible CFTC 
personnel when certain personally identifying information is accessed 
in specified systems; to identify the need for and to conduct training 
programs, which can include the topics of information security, 
acceptable computer practices, and CFTC information security policies 
and procedures; to monitor security on computer systems; to add and 
delete users; to investigate and make referrals for disciplinary or 
other action if improper or unauthorized use is suspected or detected.

[[Page 67331]]

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    The information in this system will be routinely used by CFTC staff 
members in the Office of Data and Technology to: Facilitate authorized 
access to and use of CFTC email accounts and internal individual and 
shared electronic storage and collaboration platforms; enable 
appropriate access and controls over access to other CFTC systems, 
applications and information; implement privacy and security controls 
over CFTC resources and information; generate audit trails for review 
by staff to understand vulnerabilities and issues to improve system 
effectiveness and security; and support the communications, 
telecommunications and audiovisual services CFTC staff members need to 
fulfill their job duties. Information in this system also may be 
disclosed in accordance with the blanket routine uses that appear at 
the beginning of the Commission's compilation of its system of records 
notices, see, e.g., 76 FR 5974 (Feb. 2, 2011), and the Commission's Web 
site, http://www.cftc.gov.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:
    None.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESS CONTROLS, 
RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Paper records are stored in file folders and electronic records are 
stored on the Commission's network and other electronic media as 
needed, such as encrypted hard drives and back-up media.

RETRIEVABILITY:
    Certain information covered by this SORN may be retrieved by name, 
CFTC username, identification number, title, device identifier, 
Internet Protocol address assigned to CFTC IT network components, email 
address, and calling card or phone number of the CFTC network user.

SAFEGUARDS:
    Records are protected from unauthorized access and improper use 
through administrative, technical and physical security measures. 
Technical security measures within CFTC include restrictions on 
computer access to authorized individuals who have a legitimate need to 
know the information; required use of strong passwords that are 
frequently changed; multi-factor authentication for remote access and 
access to many CFTC network components; use of encryption for certain 
data types and transfers; firewalls and intrusion detection 
applications; and regular review of security procedures and best 
practices to enhance security. Physical measures include restrictions 
on building access to authorized individuals, 24-hour security guard 
service, and maintenance of records in lockable offices and filing 
cabinets.

RETENTION AND DISPOSAL:
    The records will be maintained in accordance with records 
disposition schedules approved by the National Archives and Records 
Administration. The schedules are available at www.cftc.gov.

SYSTEM MANAGER(S) AND ADDRESS:
    The Chief Information Officer, Office of Data and Technology, 
located at the Commodity Futures Trading Commission, Three Lafayette 
Centre, 1155 21st Street NW., Washington, DC 20581.

NOTIFICATION PROCEDURE:
    Individuals seeking to determine whether this system of records 
contains information about themselves, seeking access to records about 
themselves in this system of records, or contesting the content of 
records about themselves contained in this system of records should 
address written inquiries to the Office of General Counsel, Paralegal 
Specialist, Commodity Futures Trading Commission, Three Lafayette 
Centre, 1155 21st Street NW., Washington, DC 20581. Telephone (202) 
418-5011.

RECORD SOURCE CATEGORIES:
    Current and former CFTC IT network users, including current and 
former employees, interns, volunteers, contractors and consultants; 
individuals communicating with CFTC network users through CFTC 
communications platforms; and CFTC hardware, software and system 
components that generate information reflecting activity on the CFTC IT 
network.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    None.

[FR Doc. 2016-23616 Filed 9-29-16; 8:45 am]
BILLING CODE 6351-01-P