[Federal Register Volume 86, Number 94 (Tuesday, May 18, 2021)]
[Notices]
[Pages 26916-26918]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-10408]


-----------------------------------------------------------------------

FEDERAL COMMUNICATIONS COMMISSION

[FR ID 26344]


Privacy Act of 1974; System of Records

AGENCY: Federal Communications Commission

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: The Federal Communications Commission (FCC, Commission, or 
Agency) proposes to add a new system of records, FCC/WCB-5, Robocall 
Mitigation Database to its inventory of records systems subject to the 
Privacy Act of 1974, as amended. This action is necessary to meet the 
requirements of the Privacy Act to publish in the Federal Register 
notice of the existence and character of records maintained by the 
Agency. The FCC requires voice service providers to certify that they 
have implemented the Secure Telephone Identity Revisited and Signature-
based Handling of Asserted Information Using toKENs (STIR/SHAKEN) 
caller ID authentication framework and/or a robocall mitigation 
program. These certifications will be uploaded to the Robocall 
Mitigation Database and include the personally identifiable information 
(PII) of individual representatives of the service providers, such as 
contact information. Once service providers submit their certifications 
to the FCC, the certifications will then be made available for download 
via a public website to ensure transparency and accountability for 
implementing robocall mitigation programs.

DATES: This system of records will become effective on May 18, 2021. 
Written comments on the routine uses are due by June 17, 2021. The 
routine

[[Page 26917]]

uses will become effective on June 17, 2021, unless written comments 
are received that require a contrary determination.

ADDRESSES: Send comments to Margaret Drake, at [email protected], or at 
Federal Communications Commission (FCC), 45 L Street NE, Washington, DC 
20554 at (202) 418-1707.

FOR FURTHER INFORMATION CONTACT: Margaret Drake, (202) 418-1707, or 
[email protected] (and to obtain a copy of the Narrative Statement and 
the Supplementary Document, which includes details of the modifications 
to this system of records).

SYSTEM NAME AND NUMBER:
    FCC/WCB-5, ROBOCALL MITIGATION DATABASE.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION(S):
    Federal Communications Commission (FCC), 45 L Street NE, 
Washington, DC 20554.

SYSTEM MANAGER(S):
    The FCC's Wireline Competition Bureau.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    47 U.S.C. 227b(b)(5)(C).

PURPOSES:
    The FCC uses this system to ensure compliance with FCC rules 
requiring implementation of the STIR/SHAKEN caller ID authentication 
framework and/or a robocall mitigation program.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individual representatives of voice service providers.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Contact information, such as name, phone numbers, emails, and 
addresses, as well as work title and department.

RECORD SOURCE CATEGORIES:
    Information in this system is provided by individual 
representatives of voice service providers who are certifying the 
service providers' implementation of the STIR/SHAKEN caller ID 
authentication framework and/or a robocall mitigation program.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed to authorized 
entities, as is determined to be relevant and necessary, outside the 
FCC as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    1. Public Access--Information from service providers' 
certifications, including the representative's contact information, 
will be posted to the Robocall Mitigation Database, a publicly 
accessible website. The certifications themselves will also be 
available for download on the site.
    2. Service Providers--To other voice service providers to further 
ensure transparency concerning implementation of STIR/SHAKEN caller ID 
authentication framework and/or a robocall mitigation program, and to 
allow intermediate and terminating voice service providers to confirm 
they are only accepting traffic directly from originating voice service 
providers in the database.
    3. Adjudication and Litigation--To the Department of Justice (DOJ), 
or to administrative or adjudicative bodies before which the FCC is 
authorized to appear, when: (a) The FCC or any component thereof; or 
(b) any employee of the FCC in his or her official capacity; or (c) any 
employee of the FCC in his or her individual capacity where the DOJ or 
the FCC have agreed to represent the employee; or (d) the United States 
is a party to litigation or has an interest in such litigation, and the 
use of such records by the DOJ or the FCC is deemed by the FCC to be 
relevant and necessary to the litigation.
    4. Law Enforcement and Investigation--To appropriate Federal, 
State, local, or tribal agencies, authorities, and officials 
responsible for investigating, prosecuting, enforcing, or implementing 
a statute, rule, regulation, or order, when the FCC becomes aware of an 
indication of a violation or potential violation of civil or criminal 
law, regulation, or order.
    5. Congressional Inquiries--To a Congressional office from the 
record of an individual in response to an inquiry from that 
Congressional office made at the written request of that individual.
    6. Government-wide Program Management and Oversight--To the 
Department of Justice (DOJ) to obtain that department's advice 
regarding disclosure obligations under the Freedom of Information Act; 
or to the Office of Management and Budget (OMB) to obtain that office's 
advice regarding obligations under the Privacy Act.
    7. Breach Notification--To appropriate agencies, entities, and 
persons when: (a) The Commission suspects or has confirmed that there 
has been a breach of the system of records; (b) the Commission has 
determined that as a result of the suspected or confirmed breach there 
is a risk of harm to individuals, the Commission (including its 
information systems, programs, and operations), the Federal Government, 
or national security; and (c) the disclosure made to such agencies, 
entities, and persons is reasonably necessary to assist in connection 
with the Commission's efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm.
    8. Assistance to Federal Agencies and Entities--To another Federal 
agency or Federal entity, when the Commission determines that 
information from this system is reasonably necessary to assist the 
recipient agency or entity in: (a) Responding to a suspected or 
confirmed breach or (b) preventing, minimizing, or remedying the risk 
of harm to individuals, the recipient agency or entity (including its 
information systems, program, and operations), the Federal Government, 
or national security, resulting from a suspected or confirmed breach.
    9. Non-Federal Personnel--To disclose information to non-federal 
personnel, including contractors, who have been engaged to assist the 
FCC in the performance of a contract service, grant, cooperative 
agreement, or other activity related to this system of records and who 
need to have access to the records in order to perform their activity.
    In each of these cases, the FCC will determine whether disclosure 
of the records is compatible with the purpose for which the records 
were collected.

REPORTING TO A CONSUMER REPORTING AGENCIES:
    In addition to the routine uses cited above, the Commission may 
share information from this system of records with a consumer reporting 
agency regarding an individual who has not paid a valid and overdue 
debt owed to the Commission, following the procedures set out in the 
Debt Collection Act, 31 U.S.C. 3711(e).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    This an electronic system of records that is maintained within the 
FCC's network accreditation boundaries.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Information in this system can be retrieved by various identifiers, 
such as name, title, department, address, phone number, and email 
address.

[[Page 26918]]

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL:
    The National Archives and Records Administration (NARA) has not 
established a records schedule for the information in the Robocall 
Mitigation Database system of records. Consequently, until NARA has 
approved a records schedule, USAC will maintain all information in the 
Robocall Mitigation Database system of records will be maintained in 
accordance with NARA records management directives.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The electronic records, files, and data are stored within FCC 
accreditation boundaries and maintained in a database housed in the 
FCC's computer network databases. Access to the electronic files is 
restricted to authorized Commission employees and contractors; and to 
IT staff, contractors, and vendors who maintain the IT networks and 
services. Other FCC employees and contractors may be granted access on 
a need-to-know basis. The FCC's electronic files and records are 
protected by the FCC and third-party privacy safeguards, a 
comprehensive and dynamic set of IT safety and security protocols and 
features that are designed to meet all Federal privacy standards, 
including those required by the Federal Information Security 
Modernization Act of 2014 (FISMA), the Office of Management and Budget 
(OMB), and the National Institute of Standards and Technology (NIST).

RECORD ACCESS PROCEDURES:
    Individuals wishing to request access to and/or amendment of 
records about themselves should follow the Notification Procedure 
below.

CONTESTING RECORD PROCEDURES:
    Individuals wishing to request access to and/or amendment of 
records about themselves should follow the Notification Procedure 
below.

NOTIFICATION PROCEDURE:
    Individuals wishing to determine whether this system of records 
contains information about themselves may do so by writing 
[email protected]. Individuals requesting access must also comply with 
the FCC's Privacy Act regulations regarding verification of identity to 
gain access to records as required under 47 CFR part 0, subpart E.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    None.

HISTORY:
    This is a new system of records.

Federal Communications Commission.
Marlene Dortch,
Secretary.
[FR Doc. 2021-10408 Filed 5-17-21; 8:45 am]
BILLING CODE 6712-01-P