[Federal Register Volume 85, Number 101 (Tuesday, May 26, 2020)]
[Notices]
[Pages 31495-31497]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-11199]


=======================================================================
-----------------------------------------------------------------------

FARM CREDIT ADMINISTRATION


Privacy Act of 1974; System of Records

AGENCY: Farm Credit Administration.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as 
amended, notice is given that the Farm Credit Administration (FCA or 
Agency) is amending the General Statement of Routine Uses applicable to 
and incorporated by reference in each of the Agency's Systems of 
Records.

DATES: You may send written comments on or before June 25, 2020. The 
FCA filed an amended System Report with Congress and the Office of 
Management and Budget on April 20, 2020. The revised Systems of Records 
Notices and Statement of General Routine Uses will become effective 
without further publication on July 6, 2020 unless modified by a 
subsequent notice to incorporate comments received from the public.

ADDRESSES: We offer a variety of methods for you to submit your 
comments. For accuracy and efficiency reasons, commenters are 
encouraged to submit comments by email or through FCA's website. As 
facsimiles (fax) are difficult for us to process and achieve compliance 
with section 508 of the Rehabilitation Act, we are no longer accepting 
comments submitted by fax. Regardless of the method of use, please do 
not submit your comment multiple times via different methods. You may 
submit comments by any of the following methods:
     Email: Send us an email at [email protected].
     FCA website: http://www.fca.gov. Click inside the ``I want 
to . . .'' field, near the top of the page; select ``comment on a 
pending regulation'' from the dropdown menu; and click ``Go.'' This 
takes you to an electronic public comment form.
     Mail: David Grahn, Director, Office of Regulatory Policy, 
Farm Credit Administration, 1501 Farm Credit Drive, McLean, VA 22102-
5090.
    You may review copies of comments we receive at our office in 
McLean, Virginia, or from our website at http://www.fca.gov. Once you 
are in the website, click inside the ``I want to . . .'' field, near 
the top of the page; select ``find comments on a pending regulation'' 
from the dropdown menu; and click ``Go.'' This will take you to the 
Comment Letters page, where you can select the SORN for which you would 
like to read public comments. The comments will be posted as submitted 
but, for technical reasons, items such as logos and special characters 
may be omitted. Identifying information that you provide, such as phone 
numbers and addresses, will be publicly available. However, we will 
attempt to remove email addresses to help reduce internet spam.

FOR FURTHER INFORMATION CONTACT: Autumn R. Agans, Privacy Act Officer, 
Farm Credit Administration, McLean, Virginia 22102-5090, (703) 883-
4019, TTY (703) 883-4020.

SUPPLEMENTARY INFORMATION: In accordance with the Privacy Act of 1974, 
as amended, 5 U.S.C. 552a(r), a report of these systems of records is 
being filed with the Chair of the House Committee on Oversight and 
Government Reform, the Chair of the Senate Committee on Homeland 
Security and Governmental Affairs, and the Administrator of the Office 
of Information and Regulatory Affairs of the Office of Management and 
Budget.
    The Agency is adding four new routine uses and making non-
substantive changes to two existing routine uses.
    The Privacy Act governs the means by which the United States 
Government collects, maintains, and uses personally identifiable 
information (PII) in a system of records. A ``system of records'' is a 
group of any records under the control of a Federal agency from which 
information about individuals is retrieved by name or other personal 
identifier. The Privacy Act requires each agency to publish in the 
Federal Register, for public notice and comment, a system of records 
notice (SORN) identifying and describing each system of records the 
agency maintains, including the purposes for which the agency uses PII 
in the system and the routine uses for which the agency discloses such 
information outside the agency. As provided in ``Privacy Act 
Guidelines'' issued by the Office of Management and Budget (OMB) on 
July 1, 1975 (see 40 FR 28966), once an agency has published a routine 
use that will apply to all of its systems of record (i.e., a general 
routine use) in the

[[Page 31496]]

Federal Register for public notice and comment, the agency may 
thereafter incorporate the publication by reference in each system's 
SORN without inviting further public comment on that use. To date, FCA 
has published eight general routine uses (see 64 FR 8175 published 
February 18, 1999). The amended general routine uses reflect non-
substantive changes to two existing FCA general routine uses (see 64 FR 
8175, published February 18, 1999).
    The four new general routine uses implemented by this Notice allow 
for (i) disclosure of records in response to a breach or suspected 
breach of an FCA system of records; (ii) disclosure of records in 
response to a breach or suspected breach of or in response to another 
agency's system of records; (iii) disclosure of records to contractors 
or other authorized agents performing work on behalf of the Agency; and 
(iv) a routine use allowing disclosure to other federal and state 
agencies to facilitate access to, amendment or correction of records, 
or to verify the identity of individuals making such requests.
    The new general routine uses are compatible with the purposes for 
which the information to be disclosed was originally collected. 
Individuals whose personally identifiable information is in FCA systems 
expect their information to be secured. Sharing their information with 
appropriate parties in responding to a confirmed or suspected breach of 
an FCA system, or another agency's system, will help FCA and all 
Federal agencies protect them against potential misuse of their 
information by unauthorized persons. Moreover, these new routine uses 
are necessary to comply with OMB Memorandum M-17-12, ``Preparing for 
and Responding to a Breach of Personally Identifiable Information'' 
(January 3, 2017).
    Sharing information with contractors or other authorized agents 
performing work on behalf of the Agency facilitates efficient use of 
government resources by leveraging contract support in developing and 
deploying capabilities or enhancing services. Disclosure requirements 
are limited to only those data elements considered relevant to 
accomplishing a specific agency function as it relates to the system of 
records from which the records are disclosed. Sharing information with 
other federal and state agencies to facilitate access to, amendment or 
correction of records, or to verify the identity of individuals making 
requests for access to, amendment or correction of records facilitates 
transparency efforts while simultaneously ensuring the privacy of 
individuals to whom the information being requested applies.
    In order that the Agency's Statement of General Routine Uses, 
including those new uses described above, will be contained in a single 
notice readily accessible by the public, the FCA is republishing the 
General Statement of Routine Uses previously published on February 18, 
1999 (64 FR 8175), which were not revised under this notice.

SYSTEM NAME AND NUMBER:
    FCA-1--Employee Attendance, Leave, and Payroll Records--FCA.
    FCA-2--Financial Management Records--FCA.
    FCA-3--Property Accountability Records--FCA.
    FCA-4--Biographical Files--FCA.
    FCA-5--Assignments and Communication Tracking System--FCA.
    FCA-6--Freedom of Information and Privacy Act Requests--FCA.
    FCA-7--Inspector General Investigative Files--FCA.
    FCA-8--FCA internet Access System--FCA.
    FCA-9--Personnel Security Files--FCA.
    FCA-10--Farm Credit System Institution Criminal Referrals--FCA.
    FCA-11--Litigation and Administrative Adjudication Files--FCA.
    FCA-12--Health and Life Insurance Records--FCA.
    FCA-13--Correspondence Files--FCA.
    FCA-14--Employee Travel Records--FCA.
    FCA-15--Employee Training--FCA.
    FCA-16--Examiner Training and Education Records--FCA.
    FCA-17--Organization Locator and Personnel Roster System--FCA.
    FCA-18--Inspector General Investigative Files--FCA.

Security Classification:
    Unclassified.

SYSTEM LOCATION:
    Farm Credit Administration, 1501 Farm Credit Drive, McLean, VA 
22102-5090.

SYSTEM MANAGER(S):
    The system manager for each system is described in the system's 
corresponding SORN located here: https://www.fca.gov/required-notices/privacy-program/.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The authority for each system is described in the system's 
corresponding SORN located here: https://www.fca.gov/required-notices/privacy-program/.

PURPOSE(S) OF THE SYSTEM:
    The purpose for each system is described in the system's 
corresponding SORN located here: https://www.fca.gov/required-notices/privacy-program/.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The categories of individuals covered by each system are described 
in the system's corresponding SORN located here: https://www.fca.gov/required-notices/privacy-program/.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The categories of individuals covered by each system are described 
in the system's corresponding SORN located here: https://www.fca.gov/required-notices/privacy-program/.

Record Source Categories:
    The categories of sources of records for each system is described 
in the system's corresponding SORN located here: https://www.fca.gov/required-notices/privacy-program/.

Routine Uses of Records Maintained in the System, Including Categories 
of Users and Purposes of Such Uses:
    FCA is amending its General Statement of Routine Uses by making 
non-substantive changes to routine uses 1 and 5, and adding routine 
uses 9, 10, 11, and 12.

    General Statement of Routine Uses

    In addition to the disclosures permitted under 5 U.S.C. 552a(b), we 
may disclose these records or information in the record systems under 5 
U.S.C. 552a(b)(3), as provided below. The following routine uses apply 
to and are incorporated by reference into each system of records set 
forth below unless otherwise indicated.
    (1) We may disclose a record or information in the record system 
when it indicates a violation or potential violation of law. Violations 
may be civil, criminal, or regulatory, arising by statute, regulation, 
rule, or related order. Disclosure will be made to the appropriate 
federal, state, local, or foreign authority responsible for 
investigating or prosecuting relevant violations or charged with 
enforcing compliance with the law.
    (2) We may disclose a record or information in the record system to 
a responsible licensing authority if the records are relevant and 
necessary in the particular licensing decision.
    (3) We may disclose a record or information in the record system to 
an agency, office, or establishment of the executive, legislative, or 
judicial branch of the federal or state government, in

[[Page 31497]]

response to its request, in connection with hiring or retaining an 
employee, issuing a security clearance, reporting on an investigation 
of an employee, letting a contract, or issuing a license, grant, or 
other benefit to the subject of the record.
    (4) We may disclose a record or information in the record system to 
a Federal congressional office to respond to an inquiry from that 
office made at the request of the person who is the subject of the 
record.
    (5) We may disclose a record or information in the record system to 
the U.S. Department of Justice (``DOJ'') for its use in providing legal 
advice to the FCA or in representing the FCA in a proceeding before a 
court, adjudicative body, or other administrative body, where the use 
of such information by the DOJ is deemed by the FCA to be relevant and 
necessary to the advice or proceeding, and in the case of a proceeding, 
such proceeding names as a party in interest:
    (a) The FCA;
    (b) Any employee of the FCA in his or her official capacity;
    (c) Any employee of the FCA in his or her individual capacity where 
DOJ has agreed to represent the employee; or
    (d) The United States, where the FCA determines that litigation is 
likely to affect the FCA;
    (6) We may disclose a record or information in the record system to 
a court, magistrate, or administrative tribunal in presenting evidence, 
including disclosures to counsel or witnesses during civil discovery, 
litigation, administrative proceedings, settlement negotiations, or in 
connection with criminal proceedings, when FCA is a party to the 
litigation or proceeding.
    (7) We may disclose a record or information in the record system to 
a court or other adjudicative body before which FCA is authorized to 
appear when,
    (i) FCA, or
    (ii) Any FCA employee in his or her individual capacity, is a party 
or has an interest in the litigation or proceeding and FCA deems the 
use of such records to be relevant and necessary.
    (8) We may disclose a record or information in the record system to 
the National Archives and Records Administration for records management 
inspections conducted under 44 U.S.C. 2904 and 2906.
    (9) We may disclose a record or information in the record system to 
another federal agency or entity, when FCA determines that information 
from the record system is reasonably necessary to assist the recipient 
agency or entity in (a) responding to a suspected or confirmed breach 
or (b) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the federal government, or national 
security, resulting from a suspected or confirmed breach.
    (10) We may disclose a record or information in the record system 
to appropriate agencies, entities, and persons when (a) the FCA 
suspects or has confirmed that there has been a breach of the system of 
records; (b) the FCA has determined that as a result of the suspected 
or confirmed breach there is a risk of harm to individuals, the FCA 
(including its information systems, programs, and operations), the 
federal government, or national security; and (c) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with FCA's efforts to respond to the suspected or 
confirmed breach or to prevent, minimize, or remedy such harm.
    (11) We may disclose a record or information in the record system 
to entities and persons performing work on a contract, service, 
cooperative agreement, or other activity on behalf of the FCA or 
federal government and who have a need to access the record or 
information in the performance of their duties or activities.
    (12) We may disclose a record or information in the record system 
to another federal or state agency to (a) make a decision on the 
access, amendment or correction of records to be made in consultation 
with or by that agency, or (b) verify an individual's identity or the 
accuracy of information submitted by an individual who has requested 
access to or amendment or correction of records.

Policies and Practices for Storage of Records:
    The storage practices for each system are set out in the 
corresponding SORN located here: https://www.fca.gov/required-notices/privacy-program/.

Policies and Practices for Retrieval of Records:
    Depending on the particular system, paper and electronic records 
may be retrieved by name or other identifying aspects.

Policies and Procedures for Retention and Disposal of Records:
    The retention period for each system is set out in the 
corresponding SORN located here: https://www.fca.gov/required-notices/privacy-program/.

Adminsitrative, Technical, and Physical Safeguards:
    FCA implements multiple layers of security to ensure access to 
records is limited to those with need-to-know in support of their 
official duties. Records are physically safeguarded in a secured 
environment using locked file rooms, file cabinets, or locked offices 
and other physical safeguards. Computerized records are safeguarded 
through use of user roles, passwords, firewalls, encryption, and other 
information technology security measures.

Record Access Procedures:
    To obtain a record, contact: Privacy Act Officer, Farm Credit 
Administration, 1501 Farm Credit Drive, McLean, VA 22102-5090, as 
provided in 12 CFR part 603.

Contesting Record Procedures:
    Direct requests for amendments to a record to: Privacy Act Officer, 
Farm Credit Administration, 1501 Farm Credit Drive, McLean, VA 22102-
5090, as provided in 12 CFR part 603.

Notification Procedure:
    Direct all inquiries about this system of records to: Privacy Act 
Officer, Farm Credit Administration, McLean, VA 22102-5090.

Exemptions Claimed for the System:
    Any exemptions claimed for each specific system is described in the 
system's corresponding SORN located here: https://www.fca.gov/required-notices/privacy-program/.

History:
    The history of the FCA's various systems can be located at: https://www.fca.gov/required-notices/privacy-program/. In order that the 
Agency's general routine uses will be contained in a single notice 
readily accessible by the public, the FCA is taking the opportunity to 
republish the Statement of General Routine Uses previously published in 
Federal Register Vol. 64, No. 100/Tuesday, May 25, 1999, page 21875.

    Dated: May 19, 2020.
Dale Aultman,
Secretary, Farm Credit Administration Board.
[FR Doc. 2020-11199 Filed 5-22-20; 8:45 am]
BILLING CODE 6705-01-P