[Federal Register Volume 89, Number 100 (Wednesday, May 22, 2024)]
[Notices]
[Pages 44970-44972]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-11249]


-----------------------------------------------------------------------

DEPARTMENT OF ENERGY

Federal Energy Regulatory Commission


Privacy Act of 1974; System of Records

AGENCY: Federal Energy Regulatory Commission (FERC), DOE.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, all agencies are 
required to publish in the Federal Register a notice of their systems 
of records. Notice is hereby given that the Federal Energy Regulatory 
Commission (FERC) is publishing a notice of modifications to an 
existing FERC system of records titled ``Financial Management Records 
(FERC-56)'' previously titled ``PeopleSoft Financials (FERC-56)''.

DATES: Comments on this modified system of records must be received no 
later than 30 days after date of publication in the Federal Register. 
If no public comment is received during the period allowed for comment 
or unless otherwise published in the Federal Register by FERC, the 
modified system of records will become effective a minimum of 30 days 
after date of publication in the Federal Register. If FERC receives 
public comments, FERC shall review the comments to determine whether 
any changes to the notice are necessary.

ADDRESSES: Comments may be submitted in writing to Federal Energy 
Regulatory Commission, 888 First Street NE, Washington, DC 20426, or 
electronically to [email protected]. Comments should indicate that they 
are submitted in response to ``Financial Management Records (FERC-
56).''

FOR FURTHER INFORMATION CONTACT: Mittal Desai, Chief Information 
Officer & Senior Agency Official for Privacy, Office of the Executive 
Director, Federal Energy Regulatory Commission, 888 First Street NE, 
Washington, DC 20426, (202) 502-6432.

SUPPLEMENTARY INFORMATION: In accordance with the Privacy Act of 1974, 
and to comply with the Office of

[[Page 44971]]

Management and Budget (OMB) Memorandum M-17-12, Preparing for and 
Responding to a Breach of Personally Identifiable Information, January 
3, 2017, this notice has fourteen (14) routine uses, including two new 
routine uses that will permit FERC to disclose information as necessary 
in response to an actual or suspected breach that pertains to a breach 
of its own records or to assist another agency in its efforts to 
respond to a breach that was previously published separately at 87 FR 
35543 (June 10, 2022).
    The following sections have been updated to reflect changes made 
since the publication of the last notice in the Federal Register: 
dates; addresses; system name; system location; authority for 
maintenance of the system; purpose of the system; categories of 
individuals covered by the system; categories of records in the system; 
record source categories; routine uses of records maintained in the 
system, including categories of users and the purpose of such; policies 
and practices for storage of records; policies and practices for 
retrieval of records; policies and practices for retention and disposal 
of records; administrative, technical, and physical safeguards; records 
access procedures; contesting records procedures; notification 
procedures; and history.

SYSTEM NAME AND NUMBER:
    Financial Management Records (FERC-56).

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Federal Energy Regulatory Commission, Office of the Executive 
Director, Financial Information Technology and Travel Division, 888 
First Street NE, Washington, DC 20426.
    Third-Party Service Provider: Accenture Federal Services, 800 N 
Glebe Rd., #300, Arlington, VA 22203.

SYSTEM MANAGER(S):
    System Manager/Project Manager, Federal Energy Regulatory 
Commission, Office of the Executive Director, Financial Information 
Technology and Travel Division, 888 First Street NE, Washington, DC 
20426.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    31 U.S.C. 3511, 31 U.S.C. 3512(b).

PURPOSE(S) OF THE SYSTEM:
    The main purpose of the system is to provide the official financial 
management capability for FERC to account for and control appropriated 
resources and to maintain accounting and financial information 
associated with the normal operation of a U.S. government organization. 
The purposes of the system include, but are not limited to: (1) to make 
authorized payments for goods and services to companies or individuals 
doing business with FERC; (2) to make authorized reimbursement payments 
to an employee; (3) to prepare Internal Revenue Service tax reports; 
and (4) to account for regulatory fees owed to FERC. The system is also 
used to provide the Commission with advanced analytics and dashboard 
reports for financial, Human Resource, and payroll data.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The categories of individuals on whom records are maintained in the 
system of records are salaried employees, non-salaried employees, 
current employees, former employees, vendors, consultants, legal 
representatives, and representatives of regulated entities.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The categories of records maintained in the system of records 
include: financial and payroll records on current and former employees, 
such as name, Social Security Numbers (SSNs)/Taxpayer Identification 
Numbers (TINs), home addresses, bank account number, credit card 
numbers, invoices, travel request and reimbursement forms, claims for 
reimbursement, claims based on a legal settlement, and employee 
identifier. The system of records also contains financial records on 
vendors, consultants, legal representatives, as part of a contract or 
reimbursement claim, which include names, home or business addresses, 
vendor IDs, SSNs/TINs, bank account numbers for electronic fund 
transfer of payments, invoices, supplier or vendor ID, and claims for 
reimbursement.

RECORD SOURCE CATEGORIES:
    Information is obtained from current and former employees seeking 
reimbursement from FERC for expenses incurred while on official travel 
or for training; current and former employees for the payment of legal 
settlements; vendors and individual points of contact for a vendor 
seeking reimbursement for goods or services provided to FERC; and from 
assessment performed related to collecting receivables for FERC. 
Information is obtained through an integration with FERC's payroll 
provider that transmits payroll records for the purpose of generating a 
financial payroll journal entry.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, information maintained in this system may 
be disclosed to authorized entities outside FERC for purposes 
determined to be relevant and necessary as a routine use pursuant to 5 
U.S.C. 552a(b)(3) as follows:
    1. To appropriate agencies, entities, and persons when (1) FERC 
suspects or has confirmed that there has been a breach of the system of 
records; (2) FERC has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, the Commission 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the Commission's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    2. To another Federal agency or Federal entity, when FERC 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach; or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    3. To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of that individual.
    4. To the Equal Employment Opportunity Commission (EEOC) when 
requested in connection with investigations of alleged or possible 
discriminatory practices, examination of Federal affirmative employment 
programs, or other functions of the Commission as authorized by law or 
regulation.
    5. To the Federal Labor Relations Authority or its General Counsel 
when requested in connection with investigations of allegations of 
unfair labor practices or matters before the Federal Service Impasses 
Panel.
    6. To disclose information to another Federal agency, to a court, 
or a party in litigation before a court or in an administrative 
proceeding being

[[Page 44972]]

conducted by a Federal agency, when the Government is a party to the 
judicial or administrative proceeding. In those cases where the 
Government is not a party to the proceeding, records may be disclosed 
if a subpoena has been signed by a judge.
    7. To the Department of Justice (DOJ) for its use in providing 
legal advice to FERC or in representing FERC in a proceeding before a 
court, adjudicative body, or other administrative body, where the use 
of such information by the DOJ is deemed by FERC to be relevant and 
necessary to the advice or proceeding, and such proceeding names as a 
party in interest: (a) FERC; (b) any employee of FERC in his or her 
official capacity; (c) any employee of FERC in his or her individual 
capacity where DOJ has agreed to represent the employee; or (d) the 
United States, where FERC determines that litigation is likely to 
affect FERC or any of its components.
    8. To non-Federal Personnel, such as contractors, agents, or other 
authorized individuals performing work on a contract, service, 
cooperative agreement, job, or other activity on behalf of FERC or 
Federal Government and who have a need to access the information in the 
performance of their duties or activities.
    9. To the National Archives and Records Administration in records 
management inspections and its role as Archivist.
    10. To the Merit Systems Protection Board or the Board's Office of 
the Special Counsel, when relevant information is requested in 
connection with appeals, special studies of the civil service and other 
merit systems, review of OPM rules and regulations, and investigations 
of alleged or possible prohibited personnel practices.
    11. To appropriate Federal, State, or local agency responsible for 
investigating, prosecuting, enforcing, or implementing a statute, rule, 
regulation, or order, if the information may be relevant to a potential 
violation of civil or criminal law, rule, regulation, order.
    12. To appropriate agencies, entities, and person(s) that are a 
party to a dispute, when FERC determines that information from this 
system of records is reasonably necessary for the recipient to assist 
with the resolution of the dispute; the name, address, telephone 
number, email address, and affiliation; of the agency, entity, and/or 
person(s) seeking and/or participating in dispute resolution services, 
where appropriate.
    13. To the Department of Treasury to issue authorized payments to 
companies and individuals or to issue authorized reimbursement payments 
to employees.
    14. To the Internal Revenue Service (IRS) and companies or 
individuals who have received qualifying payments during the tax year 
as recipients of IRS-1099 reporting.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored electronically on a FedRAMP-authorized cloud 
service provider, and on a FedRAMP-authorized SharePoint site and 
shared drive. Files are zipped and encrypted after processing. In 
addition, all FERC employees and contractors with authorized access 
have undergone a thorough background security investigation. Data 
access is restricted to agency personnel or contractors whose 
responsibilities require access. Access to electronic records is 
controlled by the organization's Single Sign-On and Multi-Factor 
Authentication Solution. Role based access is used to restrict 
electronic data access and the organization employs the principle of 
least privilege, allowing only authorized users with access (or 
processes acting on behalf of users) necessary to accomplish assigned 
tasks in accordance with organizational missions and business 
functions.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by name of employee or name of vendor, and 
vendor or supplier ID (system unique) for both employees and vendors.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are retained in accordance with the applicable National 
Archives and Records Administration (NARA) schedules, General Records 
Schedules as follows:
    General Records Schedule (GRS) 1.1: Financial Management and 
Reporting Records. Item 010: Disposition Authority: DAA-GRS-2016-0013-
0001. Temporary. Destroy when 3 years old, but longer retention is 
authorized if needed for business use.
    General Records Schedule (GRS) 1.1: Financial Management and 
Reporting Records. Item 011: Disposition Authority: DAA-GRS-2013-0003-
0002. Temporary. Destroy when business use ceases, but longer retention 
is authorized if needed for business use.
    General Records Schedule (GRS) 5.2: Transitory and Intermediary 
Records. Item 020: Disposition Authority: DAA-GRS-2022-0009-0002. 
Temporary. Destroy upon creation or update of the final record, or when 
no longer needed for business use, whichever is later.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    See Policies and Practices for Storage of Records.

RECORD ACCESS PROCEDURES:
    Individuals requesting access to the contents of records must 
submit a request through the Freedom of Information Act (FOIA) office. 
The FOIA website is located at: https://www.ferc.gov/foia. Requests may 
be submitted through the following portal: https://www.ferc.gov/enforcement-legal/foia/electronic-foia-privacy-act-request-form. 
Written requests for access to records should be directed to: Director, 
Office of External Affair, Federal Energy Regulatory Commission, 888 
First Street NE, Washington, DC 20426.

CONTESTING RECORD PROCEDURES:
    See Records Access Procedures.

NOTIFICATION PROCEDURES:
    Generalized notice is provided by the publication of this notice. 
For specific notice, see Records Access Procedures, above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    74 FR 48530 (September 23, 2009), 87 FR 2777 (January 19, 2022)

    Dated: May 16, 2024.
Debbie-Anne A. Reese,
Acting Secretary.
[FR Doc. 2024-11249 Filed 5-21-24; 8:45 am]
BILLING CODE 6717-01-P