[Federal Register Volume 85, Number 189 (Tuesday, September 29, 2020)]
[Notices]
[Pages 60981-60984]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-21423]


-----------------------------------------------------------------------

COMMODITY FUTURES TRADING COMMISSION


Privacy Act of 1974; System of Records

AGENCY: Commodity Futures Trading Commission.

ACTION: Notice of a New System of Records.

-----------------------------------------------------------------------

SUMMARY: The Commodity Futures Trading Commission (``CFTC'' or 
``Commission'') is establishing CFTC-54, Ensuring Workplace Health and 
Safety in Response to a Public Health Emergency, a system of records 
under the Privacy Act of 1974. This system of records maintains 
information collected in response to a public health emergency, such as 
a pandemic or epidemic, from CFTC staff (including political 
appointees, employees, detailees, contractors, consultants, interns, 
and volunteers) and visitors to CFTC facilities that is necessary to 
ensure a safe and healthy work environment.

DATES: In accordance with 5 U.S.C. 552(e)(4) and (11), this System of 
Records will go in to effect without further notice on September 29, 
2020 unless otherwise revised pursuant to comments received. New 
routine uses will go in to effect on October 29, 2020. Comments must be 
received on or before October 29, 2020.

ADDRESSES: You may submit comments identified as pertaining to 
``Ensuring Workplace Health and Safety in Response to a Public Health 
Emergency'' by any of the following methods:
     CFTC Website: https://comments.cftc.gov. Follow the 
instructions for submitting comments through the Comments Online 
process on the website.
     Mail: Christopher Kirkpatrick, Secretary of the 
Commission, Commodity Futures Trading Commission, Three Lafayette 
Centre, 1155 21st Street NW, Washington, DC 20581.
     Hand Delivery/Courier: Same as Mail, above.

[[Page 60982]]

    Please submit your comments using only one method.
    All comments must be submitted in English, or if not, accompanied 
by an English translation. Comments will be posted as received to 
https://www.cftc.gov. You should submit only information that you wish 
to make available publicly.
    The Commission reserves the right, but shall have no obligation, to 
review, pre-screen, filter, redact, refuse, or remove any or all of a 
submission from https://www.cftc.gov that it may deem to be 
inappropriate for publication, such as obscene language. All 
submissions that have been redacted or removed that contain comments on 
the merits of the notice will be retained in the comment file and will 
be considered as required under all applicable laws, and may be 
accessible under the FOIA.

FOR FURTHER INFORMATION CONTACT: Charlie Cutshall, Chief Privacy 
Officer, [email protected], 202-418-5833, Office of the Executive 
Director, Commodity Futures Trading Commission, Three Lafayette Centre, 
1155 21st Street NW, Washington, DC 20581.

SUPPLEMENTARY INFORMATION:

I. CFTC-54, Ensuring Workplace Health and Safety in Response to a 
Public Health Emergency

    The Commodity Futures Trading Commission is establishing CFTC-54, 
Ensuring Workplace Health and Safety in Response to a Public Health 
Emergency, a system of records under the Privacy Act of 1974. The CFTC 
is committed to providing all CFTC staff with a safe and healthy work 
environment and to that end it may develop and institute additional 
safety measures in response to a public health emergency. These 
measures may include instituting activities such as requiring CFTC 
staff and visitors to provide information before being allowed access 
to a CFTC facility, medical screening, and contact tracing. Contact 
tracing conducted by CFTC staff will involve collecting information 
about CFTC staff and visitors who are exhibiting symptoms or who have 
tested positive for an infectious disease in order to identify and 
notify other CFTC staff and visitors with whom they may have come into 
contact and who may have been exposed.
    Information will be collected and maintained in accordance with the 
Americans with Disabilities Act of 1990 and regulations and guidance 
published by the U.S. Occupational Safety and Health Administration, 
the U.S. Equal Employment Opportunity Commission, and the U.S. Centers 
for Disease Control and Prevention.

II. The Privacy Act

    Under the Privacy Act of 1974, 5 U.S.C. 552a, a ``system of 
records'' is defined as any group of records under the control of a 
Federal government agency from which information about individuals is 
retrieved by name or by some identifying number, symbol, or other 
identifying particular assigned to the individual. The Privacy Act 
establishes the means by which government agencies must collect, 
maintain, and use information about an individual in a government 
system of records.
    Each government agency is required to publish a notice in the 
Federal Register in which the agency identifies and describes each 
system of records it maintains, the reasons why the agency uses the 
information therein, the routine uses for which the agency will 
disclose such information outside the agency, and how individuals may 
exercise their rights under the Privacy Act.
    In accordance with 5 U.S.C. 552a(r), CFTC has provided a report of 
this modified system of records to the Office of Management and Budget 
and to Congress.

SYSTEM NAME AND NUMBER:
    Ensuring Workplace Health and Safety in Response to a Public Health 
Emergency; CFTC-54.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    This system is maintained by the Security and Emergency Management 
Unit (SEMU) in the Commission's principal office at Three Lafayette 
Centre, 1155 21st Street NW, Washington, DC 20581. Records may also be 
located at the regional offices in Chicago at 525 West Monroe Street, 
Suite 1100, Chicago, IL 60661; in Kansas City at Two Emanuel Cleaver II 
Blvd., Suite 300, Kansas City, MO 64112; and, New York at 140 Broadway, 
19th Floor, New York, NY 10005.

SYSTEM MANAGER(S):
    The system manager is the SEMU Officer located in the Commission's 
principal office at Three Lafayette Centre, 1155 21st Street NW, 
Washington, DC 20581, and available at [email protected]. Additional 
records may be located and managed by Logistics and Operations staff in 
the regional offices in Chicago at 525 West Monroe Street, Suite 1100, 
Chicago, IL 60661; in Kansas City at Two Emanuel Cleaver II Blvd., 
Suite 300, Kansas City, MO 64112; and, in New York at 140 Broadway, 
19th Floor, New York, NY 10005.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The authority to collect this information derives from General Duty 
Clause, Section 5(a)(1) of the Occupational Safety and Health (OSH) Act 
of 1970 (29 U.S.C. 654), Executive Order 12196, Occupational safety and 
health programs for Federal employees (Feb. 26, 1980), OMB Memorandum 
M-20-23 Aligning Federal Agency Operations with the National Guidelines 
for Opening Up America Again (Apr. 20, 2020), and the National Defense 
Authorization Act For Fiscal Year 2017 (5 U.S.C. 6329c(b)). Information 
will be collected and maintained in accordance with the Americans with 
Disabilities Act of 1990 (42 U.S.C. 12101 et seq.)

PURPOSE(S) OF THE SYSTEM:
    The information in the system is collected to assist the CFTC with 
maintaining a safe and healthy workplace and to protect CFTC staff 
working on-site from risks associated with a public health emergency 
(as defined by the U.S. Department of Health and Human Services and 
declared by its Secretary), such as a pandemic or epidemic. To that 
end, the CFTC may develop and institute additional safety measures in 
response to a public health emergency. These measures may include 
instituting activities such as requiring CFTC staff and visitors to 
provide information before being allowed access to a CFTC facility, 
medical screening, and contact tracing. Contact tracing conducted by 
CFTC staff will involve collecting information about CFTC staff and 
visitors who are exhibiting symptoms or who have tested positive for an 
infectious disease in order to identify and notify other CFTC staff and 
visitors with whom they may have come into contact and who may have 
been exposed.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by this system include CFTC staff (e.g., 
political appointees, employees, detailees, contractors, consultants, 
interns, and volunteers) and visitors to a CFTC facility during a 
public health emergency, such as a pandemic or epidemic.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system maintains information collected about CFTC staff and 
visitors accessing CFTC facilities during a public health emergency, 
including a pandemic or epidemic. It maintains biographical information 
collected about CFTC staff and visitors that includes, but is not 
limited to, their

[[Page 60983]]

name, contact information, whether they are in a high-risk category or 
provide dependent care for individuals in a high-risk category, and 
recent travel. It maintains health information collected about CFTC 
staff and visitors to a CFTC facility, that includes, but is not 
limited to, temperature checks, expected or confirmed test results, 
dates, symptoms, potential or actual exposure to a pathogen, 
immunizations and vaccination information, or other medical history 
related to the treatment of a pathogen or communicable disease. It 
maintains information collected about CFTC staff and visitors to a CFTC 
facility necessary to conduct contact tracing that includes, but is not 
limited to, the dates when they visited the facility, the locations 
that they visited within the facility (e.g., office and cubicle 
number), the duration of time spent in the facility, whether they may 
have potentially come into contact with a contagious person while 
visiting the facility, travel dates and locations, and a preferred 
contact number. It maintains information about emergency contacts for 
CFTC staff that includes, but is not limited to, the emergency 
contact's name, phone number, and email address.

RECORD SOURCE CATEGORIES:
    The information in this system is collected in part directly from 
the individual or from the individual's emergency contact. Information 
is also collected from security systems monitoring access to CFTC 
facilities, such as video surveillance and turnstiles, human resources 
systems, emergency notification systems, and federal, state, and local 
agencies assisting with the response to a public health emergency. 
Information may also be collected from property management companies 
responsible for managing office buildings that house CFTC facilities.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    These records and information in these records may be disclosed:
    (a) To a Federal, State, or local agency to the extent necessary to 
comply with laws governing reporting of infectious disease;
    (b) To the CFTC staff member's emergency contact for purposes of 
locating a staff member during a public health emergency or to 
communicate that the CFTC staff member may have potentially been 
exposed to a virus as the result of a pandemic or epidemic while 
visiting a CFTC facility;
    (c) To another Federal agency, to a court, or a party in litigation 
before a court or in an administrative proceeding being conducted by a 
Federal agency when the Commission is a party to the judicial or 
administrative proceeding where the information is relevant and 
necessary to the proceeding;
    (d) To contractors, performing or working on a contract for the 
Commission when necessary to accomplish an agency function;
    (e) To the Department of Justice or in a proceeding before a court, 
adjudicative body, or other administrative body which the Commission is 
authorized to appear, when:
    (1) The Commission; or
    (2) Any employee of the Commission in his or her official capacity; 
or
    (3) Any employee of the Commission in his or her official capacity 
where the Department of Justice or the Commission has agreed to 
represent the employee; or
    (4) The United States, when the Commission determines that 
litigation is likely to affect the agency or any of its components;
    Is a party to litigation or has an interest in such litigation, and 
the use of such records by the Department of Justice or the Commission 
is deemed by the agency to be relevant and necessary to the litigation.
    (f) To appropriate agencies, entities, and persons when (1) the 
Commission suspects or has confirmed that there has been a breach of 
the system of records, (2) the Commission has determined that as a 
result of the suspected or confirmed breach there is a risk of harm to 
individuals, the Commission (including its information systems, 
programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, and 
persons is reasonably necessary to assist in connection with the 
Commission's efforts to respond to the suspected or confirmed breach or 
to prevent, minimize, or remedy such harm; or
    (g) To another Federal agency or Federal entity, when the 
Commission determines that information from this system of records is 
reasonably necessary to assist the recipient agency or entity in (1) 
responding to a suspected or confirmed breach or (2) preventing, 
minimizing, or remedying the risk of harm to Individuals, the recipient 
agency or entity (including its information systems, programs, and 
operations), the Federal Government, or national security, resulting 
from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records in this system of records are stored electronically or on 
paper in secure facilities. Electronic records are stored on the 
Commission's secure network.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Information covered by this system of records notice may be 
retrieved by the name of the individual.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records of emergency contacts for CFTC staff will be maintained in 
accordance with General Records Schedule 5.3, Item 020: Employee 
Emergency Contact Information, which requires that the records be 
destroyed when superseded or obsolete, or upon separation or transfer 
of employee. CFTC will work with the National Archives and Records 
Administration (NARA) to draft and secure approval of a records 
disposition schedule to cover the remainder of the records described in 
this SORN. Until this records disposition schedule is approved by NARA, 
CFTC will maintain, and not destroy, these records.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records are protected from unauthorized access and improper use 
through administrative, technical, and physical security measures. 
Administrative safeguards include applying a coversheet to sensitive 
information. Technical security safeguards within CFTC include 
restrictions on computer access to authorized individuals who have a 
legitimate need to know the information; required use of strong 
passwords that are frequently changed; multi-factor authentication for 
remote access and access to many CFTC network components; use of 
encryption for certain data types and transfers; firewalls and 
intrusion detection applications; and regular review of security 
procedures and best practices to enhance security. Physical safeguards 
include restrictions on building access to authorized individuals, 24-
hour security guard service, and maintenance of records in lockable 
offices and filing cabinets.

RECORD ACCESS PROCEDURES:
    Individuals seeking to determine whether this system of records 
contains information about themselves or seeking access to records 
about themselves in this system of records should address written 
inquiries to the Office of General

[[Page 60984]]

Counsel, Commodity Futures Trading Commission, Three Lafayette Centre, 
1155 21st Street NW, Washington, DC 20581. See 17 CFR 146.3 for full 
details on what to include in a Privacy Act access request.

CONTESTING RECORD PROCEDURES:
    Individuals contesting the content of records about themselves 
contained in this system of records should address written inquiries to 
the Office of General Counsel, Commodity Futures Trading Commission, 
Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. See 
17 CFR 146.8 for full details on what to include in a Privacy Act 
amendment request.

NOTIFICATION PROCEDURES:
    Individuals seeking notification of any records about themselves 
contained in this system of records should address written inquiries to 
the Office of General Counsel, Commodity Futures Trading Commission, 
Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. See 
17 CFR 146.3 for full details on what to include in a Privacy Act 
notification request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

    Issued in Washington, DC, on September 23, 2020, by the 
Commission.
Robert Sidman,
Deputy Secretary of the Commission.
[FR Doc. 2020-21423 Filed 9-28-20; 8:45 am]
BILLING CODE 6351-01-P