[Federal Register Volume 87, Number 12 (Wednesday, January 19, 2022)]
[Notices]
[Pages 2777-2779]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-00924]


-----------------------------------------------------------------------

DEPARTMENT OF ENERGY

Federal Energy Regulatory Commission


Privacy Act of 1974; System of Records

AGENCY: Federal Energy Regulatory Commission, DOE.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: The Federal Energy Regulatory Commission (FERC) is publishing 
notice of modifications to an existing FERC system of records, FERC-56 
titled Management, Administrative, and Payroll System (MAPS) Financials 
System, and reissuing this system of records under its new name titled 
FERC-56-PeopleSoft Financials. In accordance with the Privacy Act of 
1974, and to comply with the Office of Management and Budget (OMB) 
Memorandum M-17-12, Preparing for and Responding to a Breach of 
Personally Identifiable Information, January 3, 2017, this notice will 
create 13 new routine uses, including two new routine uses that will 
permit FERC to disclose information as necessary in response to an 
actual or suspected breach that pertains to a breach of its own records 
or to assist another agency in its efforts to respond to a breach. This 
System of Records Notice (SORN) also describes the Commission's 
financial management application name change, and the inclusion of new 
breach response routine uses.

DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this system of 
records notice is effective upon publication, with the exception of the 
routine uses, which will go into effect February 18, 2022, unless 
comments have been received from interested members of the public 
requiring modification and republication of the notice. Please submit 
any comments by February 18, 2022.

ADDRESSES: Any person interested in commenting on the establishment of 
this modified system of records may do so by submitting comments 
electronically to: [email protected] (Include reference to ``PeopleSoft 
Financials--FERC-56'' in the subject line of the message.)
    For United States Postal Service-delivered mail: Director, Office 
of External Affairs, Federal Energy Regulatory Commission, 888 First 
Street NE, Room 4A-05, Washington, DC 20426.
    For hand-delivered or courier-delivered mail: Director, Office of 
External Affairs, Federal Energy Regulatory Commission, 12225 Wilkins 
Avenue, Rockville, Maryland 20852.

FOR FURTHER INFORMATION CONTACT: Mittal Desai, Chief Information 
Officer & Senior Agency Official for Privacy, Office of the Executive 
Director, Federal Energy Regulatory Commission, 888 First Street NE, 
Washington, DC 20426, (202) 502-6432.

SUPPLEMENTARY INFORMATION: FERC maintains the PeopleSoft Financials 
system, the Commission's official financial management system that is 
used to account for and control appropriated resources and to maintain 
accounting and financial information associated with the operations of 
FERC. There are several changes to this System of Records Notice since 
its last publication.
    First, the Management, Administrative, and Payroll System (MAPS) 
Financials System (FERC-56) System of Records Notice was last published 
in the Federal Register on September 23, 2009 (74 FR 48530). This 
notice is being modified to inform the public that this system has 
undergone a name change and will no longer be called Management, 
Administrative, and Payroll System Financials System. This system is 
now called PeopleSoft Financials. Second, FERC is modifying the 
existing routine uses for this system to include, among others, routine 
uses that allow FERC the ability to disclose records in response to a 
breach involving its own records or to assist another agency in its 
efforts to respond to a breach, in compliance with Office

[[Page 2778]]

of Management and Budget (OMB) Memorandum M-17-12.

SYSTEM NAME AND NUMBER:
    PeopleSoft Financials--FERC-56

SECURITY CLASSIFICATION:
    Unclassified

SYSTEM LOCATION:
    Federal Energy Regulatory Commission, Office of the Executive 
Director, 888 First Street NE, Washington, DC 20426.
    Third-Party Service Provider: Accenture Federal Services, 800 N 
Glebe Rd., #300, Arlington, VA 22203.

SYSTEM MANAGER(S):
    System Manager/Project Manager, Federal Energy Regulatory 
Commission, Office of the Executive Director, Financial Information 
Technology and Travel Division, 888 First Street NE, Washington, DC 
20426.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Title 31 U.S.C. 3511, Prescribing accounting requirements and 
developing accounting systems.

PURPOSE(S) OF THE SYSTEM:
    The PeopleSoft Financials system is the official financial 
management system for FERC to account for and control appropriated 
resources and to maintain accounting and financial information 
associated with the normal operation of a U.S. government organization. 
The information in this system is used to make authorized payments for 
goods and services to companies or individuals doing business with 
FERC, to make authorized reimbursement payments to an employee, to 
prepare Internal Revenue Service (IRS) -1099 tax reports, and to 
account for regulatory fees owed to FERC. The system is also used to 
provide the Commission with advanced analytics and dashboard reports 
for financial, Human Resource (HR), and payroll data.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Peoplesoft Financials maintains records on salaried employees, non-
salaried employees, current employees, former employees, vendors, 
consultants, legal representatives, representatives of regulated 
entities.

CATEGORIES OF RECORDS IN THE SYSTEM:
    PeopleSoft Financials contains financial and Human Resources 
records on current and former employees, such as names, home addresses, 
bank account number, credit card numbers, invoices, claims for 
reimbursement, claims based on a legal settlement, Social Security 
Numbers (SSNs)/Taxpayer Identification Numbers (TINs), as well as HR 
actions (SF-50) and employee identifier. PeopleSoft Financials also 
contain financial records on vendors, consultants, legal 
representatives, as part of a contract or reimbursement claim, which 
include names, home or business addresses, vendor IDs, SSNs/TINs, bank 
account numbers for electronic fund transfer of payments, invoices, and 
claims for reimbursement.

RECORD SOURCE CATEGORIES:
    Information is obtained from current and former employees seeking 
reimbursement from FERC for expenses incurred while on official travel 
or for training; current and former employees for the purposes of 
collecting receivables for FERC; current and former employees for the 
payment of legal settlements; current and former employees for the 
purposes of generating and maintaining payroll records and associated 
reporting on benefits and retirement data; and vendors and individual 
points of contact for a vendor seeking reimbursement for goods or 
services provided to FERC.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, information maintained in this system may 
be disclosed to authorized entities outside FERC for purposes 
determined to be relevant and necessary as a routine use pursuant to 5 
U.S.C. 552a(b)(3) as follows:
    1. To appropriate agencies, entities, and persons when: (1) FERC 
suspects or has confirmed that there has been a breach of the system of 
records; (2) FERC has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, the Commission 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the Commission's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    2. To another Federal agency or Federal entity, when FERC 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in: (1) Responding 
to a suspected or confirmed breach; or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    3. To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of that individual.
    4. To the Equal Employment Opportunity Commission (EEOC) when 
requested in connection with investigations of alleged or possible 
discriminatory practices, examination of Federal affirmative employment 
programs, or other functions of the Commission as authorized by law or 
regulation.
    5. To the Federal Labor Relations Authority or its General Counsel 
when requested in connection with investigations of allegations of 
unfair labor practices or matters before the Federal Service Impasses 
Panel.
    6. To disclose information to another Federal agency, to a court, 
or a party in litigation before a court or in an administrative 
proceeding being conducted by a Federal agency, where the record is 
relevant and necessary to the proceeding and the Government is a party 
to the judicial or administrative proceeding. In those cases where the 
Government is not a party to the proceeding, records may be disclosed 
if a subpoena has been signed by a judge.
    7. To the Department of Justice (DOJ) for its use in providing 
legal advice to FERC or in representing FERC in a proceeding before a 
court, adjudicative body, or other administrative body, where the use 
of such information by the DOJ is deemed by FERC to be relevant and 
necessary to the advice or proceeding, and such proceeding names as a 
party in interest: (a) FERC; (b) Any employee of FERC in his or her 
official capacity; (c) Any employee of FERC in his or her individual 
capacity where DOJ has agreed to represent the employee; or (d) The 
United States, where FERC determines that litigation is likely to 
affect FERC or any of its components;
    8. To non-Federal Personnel, such as Contractors, agents, or other 
authorized individuals performing work on a contract, service, 
cooperative agreement, job, or other activity on behalf of FERC or 
Federal Government and who have a need to access the information in the 
performance of their duties or activities;
    9. To the National Archives and Records Administration in records 
management inspections and its role as Archivist, as permitted by 44 
U.S.C. 2904 and 2906.

[[Page 2779]]

    10. To appropriate Federal, State, or local agency responsible for 
investigating, prosecuting, enforcing, or implementing a statute, rule, 
regulation, or order, if the information may be relevant to a potential 
violation of civil or criminal law, rule, regulation, order.
    11. To the Department of Treasury Users to issue authorized 
payments to companies and individuals or to issue authorized 
reimbursement payments to employees.
    12. To IRS Users and companies or individuals who have received 
qualifying payments during the tax year as recipients of IRS-1099 
reporting.
    13. To disclose information to Government Services Administration 
(GSA), Department of the Interior, and other Federal Agencies under 
contractual obligations with FERC to assist in the management and 
transmittal of payroll and reimbursements.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are maintained in electronic format, on a FedRAMP-
authorized cloud service provider. In addition, all FERC employees and 
contractors with authorized access have undergone a thorough background 
security investigation. Data access is restricted to agency personnel 
or contractors whose responsibilities require access. Access to 
electronic records is controlled by ``User ID'' and password 
combination and/or other network access or security controls (e.g., 
firewalls). Role based access is used to restrict electronic data 
access and the organization employs the principle of least privilege, 
allowing only authorized users with access (or processes acting on 
behalf of users) necessary to accomplish assigned tasks in accordance 
with organizational missions and business functions.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by name of employee or name of vendor, and 
vendor ID (system unique) for both employees and vendors.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are retained in accordance with the applicable National 
Archives and Records Administration schedules, General Records Schedule 
(GRS) 5.2: Transitory and Intermediary Records (GRS 5.2 Item 020 
Intermediary Records: https://www.archives.gov/files/records-mgmt/grs/grs05-2.pdf).'' Materials, including hard copy printouts derived from 
electronic records created on an ad hoc basis for reference purposes or 
to meet day-today business needs, are destroyed when the Commission 
determines that they are no longer needed for administrative, legal, 
audit, or other operational purposes. Additionally, PeopleSoft 
Financials system of records is retained as defined by the NARA 
approved Records Control Schedule, for financial records (https://www.archives.gov/files/records-mgmt/grs/grs01-1.pdf), and https://www.archives.gov/files/records-mgmt/grs/grs02-2.pdf for Human Resources 
records.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Physical access to FERC is controlled by security guards and 
admission is limited to those individuals possessing a valid 
identification card or individuals under proper escort. All personnel 
are required to go through a background check prior to being granted 
access to the system. The system utilizes role-based access controls to 
restrict access to PII based on job function and role. Data-at-rest 
encryption is applied as a safeguard to all files containing PII Data. 
The system is secured with the safeguards required by FedRAMP and NIST 
SP 800-53.

RECORD ACCESS PROCEDURES:
    Submit a Privacy Act Request

    The Privacy Act permits access to records about yourself that are 
maintained by FERC in a Privacy Act system of records. In addition, you 
may request that incorrect or incomplete information be changed or 
amended.
    Privacy requests follow FERC's Freedom of Information Act (FOIA) 
request process. You may access the FOIA website at https://www.ferc.gov/freedom-information-act-foia-and-privacy-act.
    For questions: Contact the FOIA Service Center at 202-502-6088 or 
by email at [email protected].Written request for access to records 
should be directed to:
    For United States Postal Service-delivered mail: Director, Office 
of External Affairs, Federal Energy Regulatory Commission, 888 First 
Street NE, Washington, DC 20426.
    For hand-delivered or courier-delivered mail: Director, Office of 
External Affairs, Federal Energy Regulatory Commission, 12225 Wilkins 
Avenue, Rockville, Maryland 20852.

CONTESTING RECORD PROCEDURES:
    The Privacy Act permits access to records about yourself that are 
maintained by FERC in a Privacy Act system of records. In addition, you 
may request that incorrect or incomplete information be changed or 
amended.
    Privacy requests follow FERC's Freedom of Information Act (FOIA) 
request process. You may access the FOIA website at https://www.ferc.gov/freedom-information-act-foia-and-privacy-act.
    For questions: Contact the FOIA Service Center at 202-502-6088 or 
by email at [email protected].
    Written request to contest records should be directed to:
    For United States Postal Service-delivered mail: Director, Office 
of External Affairs, Federal Energy Regulatory Commission, 888 First 
Street NE, Washington, DC 20426.
    For hand-delivered or courier-delivered mail: Director, Office of 
External Affairs, Federal Energy Regulatory Commission, 12225 Wilkins 
Avenue, Rockville, Maryland 20852.

NOTIFICATION PROCEDURES:
    The Privacy Act permits access to records about yourself that are 
maintained by FERC in a Privacy Act system of records. In addition, you 
may request that incorrect or incomplete information be changed or 
amended.
    Privacy requests follow FERC's Freedom of Information Act (FOIA) 
request process. You may access the FOIA website at https://www.ferc.gov/freedom-information-act-foia-and-privacy-act.
    For questions: Contact the FOIA Service Center at 202-502-6088 or 
by email at [email protected].
    Written request for access to records should be directed to:
    For United States Postal Service-delivered mail: Director, Office 
of External Affairs, Federal Energy Regulatory Commission, 888 First 
Street NE, Washington, DC 20426.
    For hand-delivered or courier-delivered mail: Director, Office of 
External Affairs, Federal Energy Regulatory Commission, 12225 Wilkins 
Avenue, Rockville, Maryland 20852.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    Peoplesoft Financials was previously published in the Federal 
Register as Management, Administrative, and Payroll System (MAPS) 
Financials System. The previous Federal Register notice citation is 
Federal Register Vol.74, No. 183, Wednesday, September 23, 2009.

    Issued: January 12, 2022.
Kimberly D. Bose,
Secretary.
[FR Doc. 2022-00924 Filed 1-18-22; 8:45 am]
BILLING CODE 6717-01-P