83 FR 39095 - Privacy Act of 1974; System of Records
FEDERAL TRADE COMMISSION Federal Register Volume 83, Issue 153 (August 8, 2018)
Federal Register Volume 83, Issue 153 (August 8, 2018)
| Page Range | 39095-39096 | |
| FR Document | 2018-16935 |
[Federal Register Volume 83, Number 153 (Wednesday, August 8, 2018)] [Notices] [Pages 39095-39096] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2018-16935] ======================================================================= ----------------------------------------------------------------------- FEDERAL TRADE COMMISSION Privacy Act of 1974; System of Records AGENCY: Federal Trade Commission (FTC). ACTION: Notice of modified systems of records. ----------------------------------------------------------------------- SUMMARY: The FTC is publishing in final form a modification to all FTC Privacy Act system of records notices (SORNs) by amending and bifurcating an existing global routine use relating to assistance in data breach responses, to conform with Office of Management and Budget (OMB) guidance to federal agencies, OMB Memorandum 17-12. DATES: August 8, 2018, except that the new routine use shall be effective September 7, 2018. FOR FURTHER INFORMATION CONTACT: G. Richard Gold and Alex Tang, Attorneys, Office of the General Counsel, FTC, 600 Pennsylvania Avenue NW, Washington, DC 20580, (202) 326-2424. SUPPLEMENTARY INFORMATION: In a document previously published in the Federal Register, 83 FR 19560 (May 3, 2018), the Federal Trade Commission, as required by the Privacy Act, sought comments on a proposal to modify and bifurcate an existing routine use relating to assistance in data breach responses, which is applicable to all Federal Trade Commission SORNs, to conform with OMB Memorandum M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information (January 3, 2017). See 5 U.S.C. 552a(e)(4) and (11). The comment period closed on June 4, 2018, and the FTC received three comments to the proposal to modify and bifurcate an existing routine use relating to assistance in data breach responses. The commenters were Xyampza Kerz, Thomas Dickinson, and Dave Root. Xyampza Kerz's comment expressed concerns about the privacy of homeowner's personal information posted on the Web when they buy a home and about internet searches that allow a searcher to find out your age and possibly lead to discrimination. M/M. Kerz also complains about the practices of an online entity and asks that the entity be shut down. These are important privacy issues but are not [[Page 39096]] germane to the current public notice and comment process. We have referred M/M. Kerz's comment to the FTC's Consumer Response Center for entry into the Consumer Sentinel Network of complaints and related inquiries. The second commenter, Thomas Dickinson, also filed a comment that is non-germane to the current public notice and comment process. Mr. Dickinson asks the FTC to apply a ``monitor'' to individuals' home phones that identifies violations of the Do-Not-Call Rule and allows the FTC to take appropriate punitive actions. We have also referred Mr. Dickinson's complaint to the FTC's Consumer Response Center for entry into the Consumer Sentinel Network. The third commenter, Dave Root, commented that ``due process and . . . [his] . . . privacy . . . [would] . . . be harmed by open access to sharing . . . [his] . . . personal info between all government agencies as outlined in this notice.'' Mr. Root asked if there are ``any safeguards against `political weaponization' without any accountability, by any federal, state or local governmental agency having access to this information.'' Mr. Root asked for ```teeth' in the rule for anyone . . . that purposefully uses this information incorrectly . . . [meaning] . . . seriously enforced jail time for anyone who fails to act in the investigation and prosecution process.'' The revised routine use would not provide ``open access'' to ``all government agencies'' but would require that the FTC receive a request from another Federal agency or Federal entity that provides enough supporting information such that the FTC can determine that information from an FTC Privacy Act system or systems is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. The Privacy Act specifically provides civil remedies, 5 U.S.C. 552a(g), including damages, and criminal penalties, 5 U.S.C. 552a(i), for violations of the Act. In addition, an individual may be fined up to $5,000 for knowingly and willfully requesting or gaining access to a record about an individual under false pretenses. 5 U.S.C. 552a(i)(3). As stated in the Federal Register Notice dated May 3, 2018, the FTC believes that the modified and bifurcated routine use on data breaches is compatible with the collection of information pertaining to individuals affected by a breach, and that the disclosure of such records will help prevent, minimize or remedy a data breach or compromise that may affect such individuals. By contrast, the FTC believes that failure to take reasonable steps to help prevent, minimize or remedy the harm that may result from such a breach or compromise would jeopardize, rather than promote, the privacy of such individuals. The FTC provided a public comment period and notice to OMB and Congress as required by the Privacy Act and implementing OMB guidelines.\1\ --------------------------------------------------------------------------- \1\ See U.S.C. 552a(e)(11) and 552a(r); OMB Circular A-108 (2016). --------------------------------------------------------------------------- Accordingly, the FTC hereby amends Appendix I of its Privacy Act system notices, as published at 73 FR 33591, by revising item number (22), adding new item number (23), and re-designating the former item number (23) as (24) (without any other change) at the end of the existing routine uses set forth in that Appendix: * * * * * (22) To appropriate agencies, entities, and persons when (a) the FTC suspects or has confirmed that there has been a breach of the system of records; (b) the FTC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the FTC (including its information systems, programs, and operations), the Federal Government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the FTC's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. (23) To another Federal agency or Federal entity, when the FTC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. (24) May be disclosed to FTC contractors, volunteers, interns or other authorized individuals who have a need for the record in order to perform their officially assigned or designated duties for or on behalf of the FTC. History 73 FR 33591-33634 (June 12, 2008). By direction of the Commission. Donald S. Clark, Secretary. [FR Doc. 2018-16935 Filed 8-7-18; 8:45 am] BILLING CODE 6750-01-P
![Federal Register / Vol. 83, No. 153 / Wednesday, August 8, 2018 / Notices 39095
Transitions, 23 hours; Regulatory submit up to 18 filings each year: two Board of Governors of the Federal Reserve
Capital Instruments, 54 hours; semi-annual FR Y–14A filings, four System, August 2, 2018.
Operational Risk, 50 hours; MSR quarterly FR Y–14Q filings, and 12 Michele Taylor Fennell,
Valuation, 23 hours; Supplemental, 4 monthly FR Y–14M filings. Compliance Assistant Secretary of the Board.
hours; Retail FVO/HFS, 15 hours; with the information collection is [FR Doc. 2018–16917 Filed 8–7–18; 8:45 am]
Counterparty, 514 hours; and Balances, mandatory. BILLING CODE 6210–01–P
16 hours. FR Y–14M: 1st Lien Mortgage,
516 hours; Home Equity, 516 hours; and Proposed revisions: In December
Credit Card, 512 hours. FR Y–14 On- 2017, the Board approved modifications
to the FR Y–14 series of reports and a FEDERAL TRADE COMMISSION
going Automation Revisions, 480 hours.
FR Y–14 Attestation On-going Audit notice was published in the Federal
Privacy Act of 1974; System of
and Review, 2,560 hours. Register (December 15, 2017; 82 FR Records
General description of report: These 59608). The proposal modified the FR
collections of information are applicable Y–14Q, Schedule L (Counterparty) AGENCY: Federal Trade Commission
to top-tier BHCs with total consolidated effective as of the March 31, 2018, (FTC).
assets of $100 billion or more and U.S. report date. These changes included ACTION: Notice of modified systems of
IHCs. This family of information simplifying the ranking methodology records.
collections is composed of the following required for reporting positions and
three reports: combining the previously separate SUMMARY: The FTC is publishing in final
• The FR Y–14A collects quantitative collections of counterparties as ranked form a modification to all FTC Privacy
projections of balance sheet, income, by derivatives and securities financing Act system of records notices (SORNs)
losses, and capital across a range of by amending and bifurcating an existing
transactions (SFTs), respectively.
macroeconomic scenarios and global routine use relating to assistance
Following the finalization and adoption
qualitative information on in data breach responses, to conform
of these proposed changes, the Board with Office of Management and Budget
methodologies used to develop internal
projections of capital across scenarios became aware of unintended omissions (OMB) guidance to federal agencies,
either annually or semi-annually. from the report forms and instructions OMB Memorandum 17–12.
• The quarterly FR Y–14Q collects for the FR Y–14Q. The omitted items
DATES: August 8, 2018, except that the
granular data on various asset classes, required respondents to report their
new routine use shall be effective
including loans, securities, and trading total stressed net current exposure September 7, 2018.
assets, and PPNR for the reporting under the two supervisory stressed
FOR FURTHER INFORMATION CONTACT: G.
period. scenarios.
• The monthly FR Y–14M is Richard Gold and Alex Tang, Attorneys,
To rectify the unintended changes, Office of the General Counsel, FTC, 600
comprised of three retail portfolio- and the Board is proposing to revise sub-
loan-level schedules, and one detailed Pennsylvania Avenue NW, Washington,
schedule L.5 (Derivatives and SFT DC 20580, (202) 326–2424.
address-matching schedule to
Profile) on the FR Y–14Q by adding the SUPPLEMENTARY INFORMATION: In a
supplement two of the portfolio and
loan-level schedules. mistakenly omitted items. This document previously published in the
The data collected through the FR modification would allow continued Federal Register, 83 FR 19560 (May 3,
Y–14A/Q/M reports provide the Board operationalization of supervisory 2018), the Federal Trade Commission,
with the information and perspective modeling, and would provide for total as required by the Privacy Act, sought
needed to help ensure that large firms stressed net current exposure reporting comments on a proposal to modify and
have strong, firm-wide risk under the two supervisory stressed bifurcate an existing routine use relating
measurement and management scenarios. to assistance in data breach responses,
processes supporting their internal With the addition of the total stressed which is applicable to all Federal Trade
assessments of capital adequacy and net current exposure item, the Commission SORNs, to conform with
that their capital resources are sufficient instructions would be changed to OMB Memorandum M–17–12,
given their business focus, activities, modify the associated ranking Preparing for and Responding to a
and resulting risk exposures. The Breach of Personally Identifiable
methodologies for the yearly stressed/
annual Comprehensive Capital Analysis Information (January 3, 2017). See 5
CCAR submission in sub-schedule L.5
and Review (CCAR) exercise U.S.C. 552a(e)(4) and (11).
to require the top 25 counterparties to
complements other Board supervisory The comment period closed on June
efforts aimed at enhancing the be reported as ranked by the total 4, 2018, and the FTC received three
continued viability of large firms, stressed net current exposure. This comments to the proposal to modify and
including continuous monitoring of modification would ensure that top bifurcate an existing routine use relating
firms’ planning and management of counterparties are properly rank- to assistance in data breach responses.
liquidity and funding resources, as well ordered by the total stressed net current The commenters were Xyampza Kerz,
as regular assessments of credit, market exposure to be added on sub-schedule Thomas Dickinson, and Dave Root.
and operational risks, and associated L.5 in a manner that captures both Xyampza Kerz’s comment expressed
risk management practices. Information derivative and securities financing concerns about the privacy of
gathered in this data collection is also transaction exposures. homeowner’s personal information
used in the supervision and regulation posted on the Web when they buy a
sradovich on DSK3GMQ082PROD with NOTICES
The proposed revisions do not result
of these financial institutions. To fully in a change to the estimated burden for home and about internet searches that
evaluate the data submissions, the this series of reports, as the burden from allow a searcher to find out your age
Board may conduct follow-up the proposed revisions is already and possibly lead to discrimination. M/
discussions with, or request responses captured in the burden estimates M. Kerz also complains about the
to follow up questions from, associated with the FR Y–14Q report. practices of an online entity and asks
respondents. Respondent firms are that the entity be shut down. These are
currently required to complete and important privacy issues but are not
VerDate Sep<11>2014 22:37 Aug 07, 2018 Jkt 244001 PO 00000 Frm 00055 Fmt 4703 Sfmt 4703 E:\FR\FM\08AUN1.SGM 08AUN1](https://thefederalregister.org/doc/83_FR_39248/page/1.svg)
![39096 Federal Register / Vol. 83, No. 153 / Wednesday, August 8, 2018 / Notices
germane to the current public notice believes that the modified and HISTORY
and comment process. We have referred bifurcated routine use on data breaches 73 FR 33591–33634 (June 12, 2008).
M/M. Kerz’s comment to the FTC’s is compatible with the collection of By direction of the Commission.
Consumer Response Center for entry information pertaining to individuals
Donald S. Clark,
into the Consumer Sentinel Network of affected by a breach, and that the
Secretary.
complaints and related inquiries. disclosure of such records will help
The second commenter, Thomas prevent, minimize or remedy a data [FR Doc. 2018–16935 Filed 8–7–18; 8:45 am]
Dickinson, also filed a comment that is breach or compromise that may affect BILLING CODE 6750–01–P
non-germane to the current public such individuals. By contrast, the FTC
notice and comment process. Mr. believes that failure to take reasonable
Dickinson asks the FTC to apply a steps to help prevent, minimize or FEDERAL TRADE COMMISSION
‘‘monitor’’ to individuals’ home phones remedy the harm that may result from
Agency Information Collection
that identifies violations of the Do-Not- such a breach or compromise would
Call Rule and allows the FTC to take Activities; Proposed Collection;
jeopardize, rather than promote, the
appropriate punitive actions. We have Comment Request
privacy of such individuals.
also referred Mr. Dickinson’s complaint The FTC provided a public comment AGENCY: Federal Trade Commission
to the FTC’s Consumer Response Center period and notice to OMB and Congress (‘‘FTC’’ or ‘‘Commission’’).
for entry into the Consumer Sentinel as required by the Privacy Act and ACTION: Notice.
Network. implementing OMB guidelines.1
The third commenter, Dave Root, Accordingly, the FTC hereby amends SUMMARY: The FTC intends to ask the
commented that ‘‘due process and . . . Appendix I of its Privacy Act system Office of Management and Budget
[his] . . . privacy . . . [would] . . . be notices, as published at 73 FR 33591, by (‘‘OMB’’) to extend for an additional
harmed by open access to sharing . . . revising item number (22), adding new three years the current Paperwork
[his] . . . personal info between all item number (23), and re-designating Reduction Act (‘‘PRA’’) clearance for the
government agencies as outlined in this the former item number (23) as (24) information collection requirements in
notice.’’ Mr. Root asked if there are ‘‘any (without any other change) at the end of the FTC Red Flags, Card Issuers, and
safeguards against ‘political the existing routine uses set forth in that Address Discrepancies Rules 1
weaponization’ without any Appendix: (‘‘Rules’’). That clearance expires on
accountability, by any federal, state or * * * * * November 30, 2018.
local governmental agency having (22) To appropriate agencies, entities, DATES: Comments must be submitted by
access to this information.’’ Mr. Root and persons when (a) the FTC suspects October 9, 2018.
asked for ‘‘‘teeth’ in the rule for anyone or has confirmed that there has been a ADDRESSES: Interested parties may file a
. . . that purposefully uses this breach of the system of records; (b) the comment online or on paper by
information incorrectly . . . [meaning] FTC has determined that as a result of following the instructions in the
. . . seriously enforced jail time for the suspected or confirmed breach there Request for Comment part of the
anyone who fails to act in the is a risk of harm to individuals, the FTC SUPPLEMENTARY INFORMATION section
investigation and prosecution process.’’ (including its information systems, below. Write ‘‘Red Flags Rule, PRA
The revised routine use would not programs, and operations), the Federal Comment, Project No. P095406’’ on your
provide ‘‘open access’’ to ‘‘all Government, or national security; and comment. File your comment online at
government agencies’’ but would (c) the disclosure made to such https://ftcpublic.commentworks.com/
require that the FTC receive a request agencies, entities, and persons is ftc/RedFlagsPRA by following the
from another Federal agency or Federal reasonably necessary to assist in instructions on the web-based form. If
entity that provides enough supporting connection with the FTC’s efforts to
information such that the FTC can you prefer to file your comment on
respond to the suspected or confirmed paper, mail your comment to the
determine that information from an FTC breach or to prevent, minimize, or
Privacy Act system or systems is following address: Federal Trade
remedy such harm. Commission, Office of the Secretary,
reasonably necessary to assist the (23) To another Federal agency or
recipient agency or entity in (a) 600 Pennsylvania Avenue NW, Suite
Federal entity, when the FTC CC–5610 (Annex J), Washington, DC
responding to a suspected or confirmed determines that information from this
breach or (b) preventing, minimizing, or 20580, or deliver your comment to the
system of records is reasonably following address: Federal Trade
remedying the risk of harm to necessary to assist the recipient agency
individuals, the recipient agency or Commission, Office of the Secretary,
or entity in (a) responding to a Constitution Center, 400 7th Street SW,
entity (including its information suspected or confirmed breach or (b)
systems, programs, and operations), the 5th Floor, Suite 5610 (Annex J),
preventing, minimizing, or remedying Washington, DC 20024.
Federal Government, or national the risk of harm to individuals, the
security, resulting from a suspected or FOR FURTHER INFORMATION CONTACT:
recipient agency or entity (including its
confirmed breach. Requests for additional information
information systems, programs, and
The Privacy Act specifically provides should be addressed to Mark Eichorn,
operations), the Federal Government, or
civil remedies, 5 U.S.C. 552a(g), Assistant Director, Division of Privacy
national security, resulting from a
including damages, and criminal and Identity Protection, Bureau of
suspected or confirmed breach.
penalties, 5 U.S.C. 552a(i), for violations (24) May be disclosed to FTC Consumer Protection, (202) 326–3053,
Federal Trade Commission, 600
sradovich on DSK3GMQ082PROD with NOTICES
of the Act. In addition, an individual contractors, volunteers, interns or other
may be fined up to $5,000 for knowingly authorized individuals who have a need Pennsylvania Avenue NW, Washington,
and willfully requesting or gaining for the record in order to perform their DC 20580.
access to a record about an individual officially assigned or designated duties 1 16 CFR 681.1 (Duties regarding the detection,
under false pretenses. 5 U.S.C. for or on behalf of the FTC. prevention, and mitigation of identity theft); 16 CFR
552a(i)(3). 681.2 (Duties of card issuers regarding changes of
As stated in the Federal Register 1 See U.S.C. 552a(e)(11) and 552a(r); OMB address); 16 CFR 641.1 (Duties of users of consumer
Notice dated May 3, 2018, the FTC Circular A–108 (2016). reports regarding address discrepancies).
VerDate Sep<11>2014 22:37 Aug 07, 2018 Jkt 244001 PO 00000 Frm 00056 Fmt 4703 Sfmt 4703 E:\FR\FM\08AUN1.SGM 08AUN1](https://thefederalregister.org/doc/83_FR_39248/page/2.svg)
Document Created: 2018-08-08 02:06:12
Document Modified: 2018-08-08 02:06:12
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Notice of modified systems of records. | |
| Dates | August 8, 2018, except that the new routine use shall be effective September 7, 2018. | |
| Contact | G. Richard Gold and Alex Tang, Attorneys, Office of the General Counsel, FTC, 600 Pennsylvania Avenue NW, Washington, DC 20580, (202) 326-2424. | |
| FR Citation | 83 FR 39095 |
2024 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR