[Federal Register Volume 87, Number 213 (Friday, November 4, 2022)]
[Notices]
[Pages 66696-66698]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-24096]


=======================================================================
-----------------------------------------------------------------------

FEDERAL DEPOSIT INSURANCE CORPORATION


Privacy Act of 1974; System of Records

AGENCY: Federal Deposit Insurance Corporation (FDIC).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, as amended, the 
FDIC proposes to establish a new FDIC system of records titled, 
``Mailing, Event, and other Contact Lists.'' This system of records 
notice describes FDIC's collection, maintenance, and use of contact 
information to support FDIC's mission.

DATES: This action will become effective on November 4, 2022. The 
routine uses in this action will become effective on December 5, 2022 
unless the FDIC makes changes based on comments received. Written 
comments should be submitted on or before December 5, 2022.

ADDRESSES: Interested parties are invited to submit written comments 
identified by Privacy Act Systems of Records (FDIC-040) by any of the 
following methods:
     Agency Website: https://www.fdic.gov/resources/regulations/federal-register-publications/. Follow the instructions for 
submitting comments on the FDIC website.
     Email: [email protected]. Include ``Comments-SORN (FDIC-
040)'' in the subject line of communication.
     Mail: James P. Sheesley, Assistant Executive Secretary, 
Attention: Comments SORN (FDIC-040), Legal Division, Office of the 
Executive Secretary, Federal Deposit Insurance Corporation, 550 17th 
Street NW, Washington, DC 20429.
     Hand Delivery: Comments may be hand-delivered to the guard 
station at the rear of the 17th Street NW building (located on F Street 
NW), on business days between 7:00 a.m. and 5:00 p.m.
     Public Inspection: Comments received, including any 
personal information provided, may be posted without change to https://www.fdic.gov/resources/regulations/federal-register-publications/. 
Commenters should submit only information that the commenter wishes to 
make available publicly. The FDIC may review, redact, or refrain from 
posting all or any portion of any comment that it may deem to be 
inappropriate for publication, such as irrelevant or obscene material. 
The FDIC may post only a single representative example of identical or 
substantially identical comments, and in such cases will generally 
identify the number of identical or substantially identical comments 
represented by the posted example. All comments that have been 
redacted, as well as those that have not been posted, that contain 
comments on the merits of this document will be retained in the public 
comment file and will be considered as required under all applicable 
laws. All comments may be accessible under the Freedom of Information 
Act.

FOR FURTHER INFORMATION CONTACT: Shannon Dahn; Chief, Privacy Program; 
703-516-5500; [email protected].

SUPPLEMENTARY INFORMATION: The FDIC's mission encompasses a wide 
variety of activities, including: insuring deposits, examining and 
supervising financial institutions for safety and soundness, making 
large and complex financial institutions resolvable, managing 
receiverships, and protecting consumers. In order to meet its mission, 
FDIC interacts with a wide variety of stakeholders in various settings. 
As part of this interaction, FDIC collects contact information from 
individuals who correspond with the FDIC; request information from the 
FDIC; register for events, training, or other programs; and for other 
purposes for which mailing or contact lists may be created.

SYSTEM NAME AND NUMBER:
    Mailing, Event, and other Contact Lists, FDIC-040.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Records are maintained at FDIC facilities in Arlington, Virginia 
and regional offices. Duplicate systems may exist, in whole or in part, 
at secure sites and on secure servers maintained by third-party service 
providers for the FDIC.

SYSTEM MANAGER(S):
    Director, Division of Administration, 3501 Fairfax Drive, 
Arlington, VA 22226, [email protected].

[[Page 66697]]

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Federal Deposit Insurance Act (e.g., 12 U.S.C. 1811, 1819).

PURPOSE(S) OF THE SYSTEM:
    FDIC uses contact information to correspond with individuals who 
request information from the FDIC; maintain lists of individuals who 
register for events, training, or other programs; maintain lists and 
credentials of individuals whom FDIC may consult professionally in 
furtherance of its mission; and for other purposes for which mailing or 
contact lists may be created.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by this system of records include individuals 
who request to receive information; subscribe to newsletters; seek 
materials from FDIC; register or participate in FDIC-sponsored or FDIC-
funded events or contests; respond to surveys or feedback forms from 
FDIC or a third party contracted by FDIC; have business with the FDIC 
and provide their contact information; or otherwise provide contact 
information to facilitate future communication or collaboration with 
the FDIC.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system contains information including:
     Name;
     Telephone number;
     Mailing address;
     Email address;
     Organizational or institutional affiliation;
     Industry type;
     General descriptions of particular topics or subjects of 
interest as related to individuals or organizations who communicate 
with FDIC;
     Special accommodation information for individuals 
attending events sponsored by FDIC (e.g., dietary restrictions, 
seating, access accommodations);
     Computer-generated identifier or case number when created 
in order to retrieve information; and
     Other identifiers specific to the request, subscription, 
event, or communication.

RECORD SOURCE CATEGORIES:
    Information contained in these systems is obtained from individuals 
and organizations interacting with FDIC; public source data; other 
government agencies; and information in other FDIC records systems.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside the FDIC 
as a routine use as follows:
    (1) To appropriate Federal, State, local and foreign authorities 
responsible for investigating or prosecuting a violation of, or for 
enforcing or implementing a statute, rule, regulation, or order issued, 
when the information indicates a violation or potential violation of 
law, whether civil, criminal, or regulatory in nature, and whether 
arising by general statute or particular program statute, or by 
regulation, rule, or order issued pursuant thereto;
    (2) To a court, magistrate, or other administrative body in the 
course of presenting evidence, including disclosures to counsel or 
witnesses in the course of civil discovery, litigation, or settlement 
negotiations or in connection with criminal proceedings, when the FDIC 
is a party to the proceeding or has a significant interest in the 
proceeding, to the extent that the information is determined to be 
relevant and necessary;
    (3) To a congressional office in response to an inquiry made by the 
congressional office at the request of the individual who is the 
subject of the record;
    (4) To appropriate agencies, entities, and persons when (a) the 
FDIC suspects or has confirmed that there has been a breach of the 
system of records; (b) the FDIC has determined that as a result of the 
suspected or confirmed breach there is a risk of harm to individuals, 
the FDIC (including its information systems, programs, and operations), 
the Federal Government, or national security; the FDIC and (c) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with the FDIC's efforts to respond to 
the suspected or confirmed breach or to prevent, minimize, or remedy 
such harm;
    (5) To another Federal agency or Federal entity, when the FDIC 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (a) responding to 
a suspected or confirmed breach or (b) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach;
    (6) To contractors, grantees, volunteers, and others performing or 
working on a contract, service, grant, cooperative agreement, or 
project for the FDIC, the Office of Inspector General, or the Federal 
Government for use in carrying out their obligations under such 
contract, grant, agreement or project.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored in electronic media or on paper format in secure 
facilities.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Electronic media and paper format are indexed and retrieved by 
name, email address, computer assigned identification number, business 
affiliation, event name.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained until no longer needed in accordance with 
approved records retention schedules.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records are protected from unauthorized access and improper use 
through administrative, technical, and physical security measures. 
Administrative safeguards include written guidelines on handling 
personal information including agency-wide procedures for safeguarding 
personally identifiable information. In addition, all FDIC staff are 
required to take annual privacy and security training. Technical 
security measures within FDIC include restrictions on computer access 
to authorized individuals who have a legitimate need to know the 
information; required use of strong passwords that are frequently 
changed; multi-factor authentication for remote access and access to 
many FDIC network components; use of encryption for certain data types 
and transfers; firewalls and intrusion detection applications; and 
regular review of security procedures and best practices to enhance 
security. Physical safeguards include restrictions on building access 
to authorized individuals, security guard service, and maintenance of 
records in lockable offices and filing cabinets.

RECORD ACCESS PROCEDURES:
    Individuals wishing to request access to records about them in this 
system of records must submit their request in writing to the FDIC FOIA 
& Privacy Act Group, 550 17th Street NW,

[[Page 66698]]

Washington, DC 20429, or email [email protected]. Requests must include 
full name, address, and verification of identity in accordance with 
FDIC regulations at 12 CFR part 310.

CONTESTING RECORD PROCEDURES:
    Individuals wishing to contest or request an amendment to their 
records in this system of records must submit their request in writing 
to the FDIC FOIA & Privacy Act Group, 550 17th Street NW, Washington, 
DC 20429, or email [email protected]. Requests must specify the 
information being contested, the reasons for contesting it, and the 
proposed amendment to such information in accordance with FDIC 
regulations at 12 CFR part 310.

NOTIFICATION PROCEDURES:
    Individuals wishing to know whether this system contains 
information about them must submit their request in writing to the FDIC 
FOIA & Privacy Act Group, 550 17th Street NW, Washington, DC 20429, or 
email [email protected]. Requests must include full name, address, and 
verification of identity in accordance with FDIC regulations at 12 CFR 
part 310.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

Federal Deposit Insurance Corporation.

    Dated at Washington, DC, on November 1, 2022.
James P. Sheesley,
Assistant Executive Secretary.
[FR Doc. 2022-24096 Filed 11-3-22; 8:45 am]
BILLING CODE 6714-01-P