[Federal Register Volume 88, Number 169 (Friday, September 1, 2023)]
[Notices]
[Pages 60455-60458]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-18945]


-----------------------------------------------------------------------

FEDERAL COMMUNICATIONS COMMISSION

[FR ID: 167780]


Privacy Act of 1974; System of Records

AGENCY: Federal Communications Commission.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: The Federal Communications Commission (FCC, Commission, or 
Agency) proposes to modify an existing system of records, FCC/CGB-4, 
internet-based Telecommunications Relay Service-User Registration 
Database (ITRS-URD) Program, subject to the Privacy Act of 1974, as 
amended. This action is necessary to meet the requirements of the 
Privacy Act to publish in the Federal Register notice of the existence 
and character of records maintained by the agency. The ITRS-URD's 
system of records contains personally identifiable information (PII) 
that is collected, used, stored, and maintained to support the 
administration, management, operations, and functions of the ITRS 
programs. The ITRS-URD, which is administered by a third party under 
contract with the FCC, is a database registration system that provides 
a necessary interface for multiple ITRS services, which include, but 
are not limited to Video Relay Service (VRS), and internet Protocol 
Captioned Telephone Service (IP CTS). These services are available to 
individuals who are deaf, deaf-blind, hard of hearing, or have speech 
disabilities, who are eligible under the Americans with Disabilities 
Act (ADA), and who register to participate in a TRS program. This 
modification makes various necessary changes and updates, including 
clarification of the purpose of the system, formatting changes required 
by the Office of Management and Budget (OMB) Circular A-108 since its 
previous publication, the addition of new routine uses, as well as the 
revision of existing routine uses.

DATES: This modified system of records will become effective on 
September 1, 2023. Written comments on the routine uses are due by 
October 2, 2023. The routine uses in this action will become effective 
on October 2, 2023 unless comments are received that require a contrary 
determination.

ADDRESSES: Send comments to Katherine C. Clark, FCC, 45 L Street NE, 
Washington, DC 20554, or to [email protected].

FOR FURTHER INFORMATION CONTACT: Katherine C. Clark, (202) 418-1773 or 
[email protected] (and to obtain a copy of the Narrative Statement and 
the Supplementary Document, which includes details of the proposed 
alterations to this system of records).

SUPPLEMENTARY INFORMATION: As required by the Privacy Act of 1974, as 
amended, 5 U.S.C. 552a(e)(4) and (e)(11), this document sets forth 
notice of the proposed modification of a system of records maintained 
by the FCC. The FCC previously provided notice of the system of records 
FCC/CGB-4, internet-based Telecommunications Relay Service-User 
Registration Database (ITRS-URD) Program, by publication in the Federal 
Register on February 9, 2015 (80 FR 6963).
    This notice serves to update and modify FCC/CGB-4 as a result of 
various necessary changes and updates, including approval by the 
National Archives and Records Administration (NARA) of a records 
retention and disposal schedule for the information in this system, 
since its previous publication. The substantive changes and 
modifications to the previously published version of the FCC/CGB-4 
system of records include:
    1. Restyling the name of the System as the ``internet-based 
Telecommunications Relay Service-User Registration Database (ITRS-
URD)'';
    2. Updating the language in the Security Classification to follow 
OMB guidance;
    3. Modifying the language in the Categories of Individuals and 
Categories of Records to be consistent with the

[[Page 60456]]

language and phrasing now used in FCC SORNs and to reflect regulatory 
changes in the ITRS-URD and ITRS programs;
    4. Updating and/or revising language in the following routine uses 
(listed by current routine use number): (4) FCC Enforcement Actions; 
(5) Congressional Inquiries; (6) Government-wide Program Management and 
Oversight; (7) Law Enforcement and Investigation; (8) Litigation; (9) 
Adjudication; and (10) Breach Notification, the revision of which is as 
required by OMB Memorandum No. M-17-12;
    5. Adding two new routine uses (listed by current routine use 
number): (11) Assistance to Federal Agencies and Entities Related to 
Breaches--to assist with other Federal agencies' data breach 
situations, which is required by OMB Memorandum No. M-17-12; and (12) 
Non-Federal Personnel--to allow contractors, other vendors, grantees, 
and volunteers who have been engaged to assist the FCC in the 
performance of a contract service, grant, cooperative agreement access 
to information; and
    6. Deleting one routine use (listed by previous routine use 
number): (10) Department of Justice as duplicative of the newly revised 
routine use (8) Litigation.
    7. Updating the existing records retention and disposal schedule 
with a new records schedule: ``Telecommunications Relay Service 
(TRS),'' Records Schedule Number DAA-0173-2015-0006.
    The system of records is also revised for clarity and updated to 
reflect various administrative changes related to the system managers 
and system addresses; policy and practices for storage and retrieval of 
the information; administrative, technical, and physical safeguards; 
and updated notification, records access, and contesting records 
procedures.

SYSTEM NAME AND NUMBER:
    FCC/CGB-4, internet-based Telecommunications Relay Service-User 
Registration Database (ITRS-URD).

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Consumer and Governmental Affairs Bureau (CGB), FCC, 45 L Street 
NE, Washington, DC 20554.

SYSTEM MANAGER(S):
    CGB, FCC, 45 L Street NE, Washington, DC 20554.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    47 U.S.C. 141-154, 225, 255, 303(r), 616, and 620; 47 CFR parts 64, 
Subpart F.

PURPOSE(S) OF THE SYSTEM:
    This system collects and maintains:
    1. Information that is used to determine whether an individual who 
is applying for a TRS program is eligible to register for the program;
    2. Information that the ITRS-URD administrator uses to determine 
whether information with respect to registered users already in the 
ITRS-URD is correct and complete;
    3. Information that the ITRS-URD administrator uses or will use in 
a system for automated validation of the registration information that 
has been submitted and ensure that the authorized VRS and IP CTS 
providers are unable to register individuals who do not pass the 
identification verification check conducted through the ITRS-URD;
    4. Information that VRS and IP CTS providers must request to 
validate each individual who seeks to register that he/she is an actual 
person living or visiting in the United States;
    5. Information related to users signed up with multiple providers 
for VRS or IP CTS; and
    6. Information that is contained in the records of the inquiries 
that VRS and IP CTS providers will make available to the ITRS-URD 
administrator and its contractors and subcontractors who manages the 
database (providing verification/call/service center(s) services) to 
verify that individuals who are deaf, deaf-blind, hard of hearing, or 
have speech disabilities and who are eligible under the ADA to 
participate in ITRS programs.
    Collecting and maintaining these types of information allows staff 
access to documents necessary for key activities discussed in this 
SORN, including verifying the eligibility of individuals to participate 
in ITRS programs; analyzing effectiveness and efficiency of related FCC 
programs and informing future rule-making and policy-making activity; 
and improving staff efficiency. Records in this system are available 
for public inspection, e.g., in response to requests under the Freedom 
of Information Act (FOIA), after redaction of identifying information 
such as a name, address, telephone number, fax number, and/or email 
address.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals who are deaf, deaf-blind, hard of hearing, or have 
speech disabilities, and who are eligible under the ADA to register for 
one or more of the ITRS program's multiple services; representatives of 
certified ITRS Program providers; individuals who are registered and 
currently receiving ITRS Program services; and/or individuals who are 
minors whose status makes them eligible for a parent or guardian to 
register them for ITRS program services.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Electronic records regarding ITRS participants, subscribers, and 
applicants, including their full names (first, middle, and last names); 
the names of parents or guardians; full residential addresses; dates of 
birth; last four digits of social security numbers (SSNs) or Tribal 
identification numbers (or alternative proof of identification for 
those who do not have an SSN or Tribal identification number); ten 
digit telephone number(s) assigned in the TRS number directory and 
associated uniform resource identifier (URI) information; users' 
registered location information for emergency calling purposes; 
eligibility certifications (digital copy) for ITRS program's service(s) 
and date obtained from provider; users' VRS or IP CTS initiation dates 
and (when applicable) termination dates; date on which user last placed 
a point-to-point or relay call.

RECORD SOURCE CATEGORIES:
    Information in this system is provided by individuals, or by 
parents or guardians of minor individuals, who are deaf, deaf-blind, 
hard of hearing or have speech disabilities to determine their 
eligibility for ITRS programs; and by ITRS program providers for 
registration of subscribers, participants, and applicants, and/or their 
re-certification in ITRS programs.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed to authorized 
entities, as is determined to be relevant and necessary, outside of the 
FCC as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    1. FCC Program Management--A record from this system may be 
accessed and used by the ITRS-URD Administrator and to third-party 
contractor's employees (including employees of subcontractors) to 
conduct official duties associated with the administration, management, 
and operation of the ITRS programs, as directed by the Commission. Such 
duties include conducting the verification process that allows the 
ITRS-URD administrator to determine

[[Page 60457]]

the accuracy of the PII provided by or regarding participants, 
subscribers, and applicants to the system of records, i.e., when an 
employee of a third-party contractor (and/or subcontractor), 
responsible for management registration and fraud prevention, verifies 
the eligibility of the participant, registrant, or subscriber. The FCC 
may share access to the information in the ITRS-URD for the purposes of 
managing and/or eliminating waste, fraud, and abuse in the ITRS 
programs, including as necessary for, among other things, audits, 
oversight, and or investigations.
    2. ADA Eligibility Verification Data--A record from this system may 
be disclosed to the appropriate Federal, State, Tribal, or local 
authorities (including transfers of PII data to/from the ITRS-URD 
Administrator, contractors, and subcontractors, as required) for the 
purposes of verifying whether individuals who are deaf, deaf-blind, 
hard of hearing or have speech disabilities are eligible under the ADA 
to register to participate in/subscribe to ITRS programs;
    3. State or Tribal Agencies and Authorized Entities--A record from 
this system may be disclosed to designated State or Tribal agencies and 
other authorized entities, which include, but are not limited to state 
public utility commissions, and their agents, as is consistent with 
applicable Federal and State laws, to administer TRS or ITRS (as 
applicable) programs in that state and to perform other management and 
oversight duties and responsibilities, including determining 
eligibility for TRS or ITRS programs.
    4. FCC Enforcement Actions--When a record in this system involves 
an informal complaint filed with the FCC alleging a violation of FCC 
rules, regulations, orders, or requirements by an ITRS applicant, 
subscriber, participant, licensee, certified or regulated entity/
provider, or an unlicensed person or entity, the complaint may be 
served to the alleged violator for a response through the FCC's normal 
course of complaint handling process. When an order or other 
Commission-issued document that includes consideration of an informal 
complaint or complaints is issued by the FCC for resolution or 
enforcement, the complainant's name may be made public in that order or 
letter document. Where a complainant in filing his or her complaint 
explicitly requests that confidentiality of his or her name from public 
disclosure, the Commission will endeavor to protect such information 
from public disclosure. Complaints that contain requests for 
confidentiality may be dismissed if the Commission determines that the 
request impedes the Commission's ability to investigate and/or resolve 
the complaint.
    5. Congressional Inquiries--To provide information to a 
Congressional office from the record of an individual in response to an 
inquiry from that Congressional office made at the written request of 
that individual.
    6. Government-wide Program Management and Oversight--To provide 
information to the Department of Justice (DOJ) to obtain that 
department's advice regarding disclosure obligations under FOIA; or to 
OMB to obtain that office's advice regarding obligations under the 
Privacy Act.
    7. Law Enforcement and Investigation--To disclose pertinent 
information to appropriate Federal, State, Tribal, or local agencies, 
authorities, and officials responsible for investigating, prosecuting, 
enforcing, or implementing a statute, rule, regulation, order, or other 
requirement when the FCC becomes aware of an indication of a violation 
or potential violation of a civil or criminal statute, law, regulation, 
order, or other requirement.
    8. Litigation--To disclose records to DOJ when: (a) the FCC or any 
component thereof; (b) any employee of the FCC in his or her official 
capacity; (c) any employee of the FCC in his or her individual capacity 
where the DOJ or the FCC has agreed to represent the employee; or (d) 
the United States Government is a party to litigation or has an 
interest in such litigation, and by careful review, the FCC determines 
that the records are both relevant and necessary to the litigation, and 
the use of such records by the DOJ is for a purpose that is compatible 
with the purpose for which the FCC collected the records.
    9. Adjudication--To disclose records in a proceeding before a court 
or adjudicative body, when: (a) the FCC or any component thereof; or 
(b) any employee of the FCC in his or her official capacity; or (c) any 
employee of the FCC in his or her individual capacity; or (d) the 
United States Government, is a party to litigation or has an interest 
in such litigation, and by careful review, the FCC determines that the 
records are both relevant and necessary to the litigation, and that the 
use of such records is for a purpose that is compatible with the 
purpose for which the agency collected the records.
    10. Breach Notification--To appropriate agencies, entities, and 
persons when: (a) the Commission suspects or has confirmed that there 
has been a breach of the system of records; (b) the Commission has 
determined that as a result of the suspected or confirmed compromise 
there is a risk of harm to individuals, the Commission (including its 
information systems, programs, and operations), the Federal Government, 
or national security; and (c) the disclosure made to such agencies, 
entities, and persons is reasonably necessary to assist in connection 
with the Commission's efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm.
    11. Assistance to Federal Agencies and Entities Related to 
Breaches--To another Federal agency or Federal entity, when the 
Commission determines that information from this system is reasonably 
necessary to assist the recipient agency or entity in: (a) responding 
to a suspected or confirmed breach or (b) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, program, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    12. Non-Federal Personnel--To disclose information to non-Federal 
personnel, including contractors, other vendors (e.g., identity 
verification services), grantees, and volunteers who have been engaged 
to assist the FCC in the performance of a contract service, grant, 
cooperative agreement, or other activity related to this system of 
records and who need to have access to the records in order to perform 
their activity.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    This system contains electronic records, files, and data. The ITRS-
URD Program Administrator will host the electronic data, which will 
reside in the administrator's ITRS-URD Program's database(s) and in the 
databases of third-party contractors and subcontractors who conduct the 
subscribers/participants' verification processes.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records in this system of records can be retrieved by any category 
field, e.g., first or last name or email address.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    The information in this system is maintained and disposed of in 
accordance with NARA records schedule ``Telecommunications Relay 
Service (TRS),'' Records Schedule Number DAA-0173-2015-0006.

[[Page 60458]]

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The electronic records, files, and data are stored within FCC or a 
vendor's accreditation boundaries and maintained in a database housed 
in the FCC's or vendor's computer network databases. Access to the 
electronic files is restricted to authorized employees and contractors; 
and to IT staff, contractors, and vendors who maintain the IT networks 
and services. Other employees and contractors may be granted access on 
a need-to-know basis. The electronic files and records are protected by 
the FCC and third-party privacy safeguards, a comprehensive and dynamic 
set of IT safety and security protocols and features that are designed 
to meet all Federal privacy standards, including those required by the 
Federal Information Security Modernization Act of 2014 (FISMA), OMB, 
and the National Institute of Standards and Technology (NIST).

RECORD ACCESS PROCEDURES:
    Individuals wishing to request access to and/or amendment of 
records about themselves should follow the Notification Procedure 
below.

CONTESTING RECORD PROCEDURES:
    Individuals wishing to request access to and/or amendment of 
records about themselves should follow the Notification Procedure 
below.

NOTIFICATION PROCEDURES:
    Individuals wishing to determine whether this system of records 
contains information about themselves may do so by writing to 
[email protected]. Individuals requesting access must also comply with 
the FCC's Privacy Act regulations regarding verification of identity to 
gain access to records as required under 47 CFR part 0, subpart E.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    80 FR 6963 (February 9, 2015)

Federal Communications Commission.
Marlene Dortch,
Secretary.
[FR Doc. 2023-18945 Filed 8-31-23; 8:45 am]
BILLING CODE 6712-01-P