83 FR 43872 - Privacy Act of 1974; System of Records

FEDERAL RESERVE SYSTEM

Federal Register Volume 83, Issue 167 (August 28, 2018)

Pursuant to the provisions of the Privacy Act of 1974, notice is given that the Board of Governors of the Federal Reserve System (Board) is amending its General Routine Uses of Board Systems of Records (General Routine Uses) that apply to the Board's systems of records, by revising an existing routine use and adding a new routine use, both related to breach response. The changes are necessary in order to comply with Office of Management and Budget (OMB) Memorandum M-17-12, ``Preparing for and Responding to a Breach of Personally Identifiable Information'' (January 3, 2017), which sets forth the two required routine uses. Accordingly, the Board is revising Routine Use I, as prescribed by OMB, which allows the Board to disclose records as necessary to respond to a suspected or confirmed breach of the system of records where the Board has determined the breach poses a risk of harm to individuals, the Board, the Federal Government, or national security, and the disclosure is reasonably necessary to assist the Board in its efforts to respond to the breach or to prevent, minimize or remedy such harm. The Board is also adding Routine Use J as prescribed by OMB to allow the Board to assist another federal agency or federal entity in that agency's or entity's response to a suspected or confirmed breach or efforts to prevent, minimize, or remedy the risk of harm to individuals, the agency or entity, the Federal Government, or national security, resulting from a suspected or confirmed breach. These breach-response related uses are relevant and apply to all of the Board's systems of records. Accordingly, the Board is revising its list of General Routine Uses and is amending all of the Board's systems of records to include the revised Routine Use I and the new Routine Use J. These uses will ensure that the Board is able to respond as necessary in the event of a breach of personally identifiable information involving a Board system of records and assist other federal agencies or federal entities in their response. Breaches pose a risk of harm to individuals, and thus the revised and new routine uses will further enhance the Board's ability to protect the privacy of individuals by allowing the Board to respond to the suspected or confirmed breach and prevent, minimize, or remedy the resulting harm posed by the breach. In order that the Board's General Routine Uses will be contained in a single notice readily accessible by the public, the Board is republishing the General Routine Uses previously published on May 6, 2008 (73 FR 24985) which were not revised under this notice.

[Federal Register Volume 83, Number 167 (Tuesday, August 28, 2018)]
[Notices]
[Pages 43872-43875]
From the Federal Register Online  [www.thefederalregister.org]
[FR Doc No: 2018-18627]


-----------------------------------------------------------------------

FEDERAL RESERVE SYSTEM


Privacy Act of 1974; System of Records

AGENCY: Board of Governors of the Federal Reserve System.

ACTION: Notice of General Amendment to Federal Reserve Board of 
Governors Systems of Records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, notice 
is given that the Board of Governors of the Federal Reserve System 
(Board) is amending its General Routine Uses of Board Systems of 
Records (General Routine Uses) that apply to the Board's systems of 
records, by revising an existing routine use and adding a new routine 
use, both related to breach response. The changes are necessary in 
order to comply with Office of Management and Budget (OMB) Memorandum 
M-17-12, ``Preparing for and Responding to a Breach of Personally 
Identifiable Information'' (January 3, 2017), which sets forth the two 
required routine uses. Accordingly, the Board is revising Routine Use 
I, as prescribed by OMB, which allows the Board to disclose records as 
necessary to respond to a suspected or confirmed breach of the system 
of records where the Board has determined the breach poses a risk of 
harm to individuals, the Board, the Federal Government, or national 
security, and the disclosure is reasonably necessary to assist the 
Board in its efforts to respond to the breach or to prevent, minimize 
or remedy such harm. The Board is also adding Routine Use J as 
prescribed by OMB to allow the Board to assist another federal agency 
or federal entity in that agency's or entity's response to a suspected 
or confirmed breach or efforts to prevent, minimize, or remedy the risk 
of harm to individuals, the agency or entity, the Federal Government, 
or national security, resulting from a suspected or confirmed breach.
    These breach-response related uses are relevant and apply to all of 
the Board's systems of records. Accordingly, the Board is revising its 
list of General Routine Uses and is amending all of the Board's systems 
of records to include the revised Routine Use I and the new Routine Use 
J. These uses will ensure that the Board is able to respond as 
necessary in the event of a breach of personally identifiable 
information involving a Board system of records and assist other 
federal agencies or federal entities in their response. Breaches pose a 
risk of harm to individuals, and thus the revised and new routine uses 
will further enhance the Board's ability to protect the privacy of 
individuals by allowing the Board to respond to the suspected or 
confirmed breach and prevent, minimize, or remedy the resulting harm 
posed by the breach. In order that the Board's General Routine Uses 
will be contained in a single notice readily accessible by the public, 
the Board is republishing the General Routine Uses previously published 
on May 6, 2008 (73 FR 24985) which were not revised under this notice.

DATES: Comments must be received on or before September 27, 2018. The 
revised systems of records notices and General Routine Uses will become 
effective September 27, 2018, without further notice, unless comments 
dictate otherwise. The Office of Management and Budget (OMB), which has 
oversight responsibility under the Privacy Act, requires a 30-day 
period prior to publication in the Federal Register in which to review 
the system and to provide any comments to the agency. The public is 
then given a 30-day period in which to comment, in accordance with 5 
U.S.C. 552a(e)(4) and (11). The routine uses below were submitted to 
OMB on July 16, 2018.

ADDRESSES: You may submit comments, identified by Board General Routine 
Uses and SORN Amendment, by any of the following methods:
     Agency website: http://www.federalreserve.gov. Follow the 
instructions for submitting comments at http://www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm.
     Email: [email protected]. Include ``Board 
General Routine Uses and SORN Amendment'' in the subject line of the 
message.
     Fax: (202) 452-3819 or (202) 452-3102.
     Mail: Ann E. Misback, Secretary, Board of Governors of the 
Federal Reserve System, 20th Street and Constitution Avenue NW, 
Washington, DC 20551.
    All public comments will be made available on the Board's website 
at www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm as 
submitted, unless modified for technical reasons or to remove 
personally identifiable information at the commenter's request. Public 
comments may also be viewed electronically or in paper form in Room 
3515, 1801 K Street (between 18th and 19th Streets NW) Washington, DC 
20006 between 9:00 a.m. and 5:00 p.m. on weekdays. For security 
reasons, the Board requires that visitors make an appointment to 
inspect comments. You may do so by calling (202) 452-3684. Upon 
arrival, visitors will be required to present valid government-issued 
photo identification and to submit to security screening in order to 
inspect and photocopy comments.

FOR FURTHER INFORMATION CONTACT: David B. Husband, Senior Attorney, 
Legal Division, (202) 530-6270, or [email protected]; Alye S. 
Foster, Assistant General Counsel, Legal Division, or (202) 452-5289, 
or [email protected]. Board of Governors of the Federal Reserve 
System, 20th Street and Constitution Avenue NW, Washington, DC 20551, 
Telecommunications Device for the Deaf (TDD) users may contact (202) 
263-4869.

SUPPLEMENTARY INFORMATION: In accordance with the Privacy Act of 1974, 
5 U.S.C. 552a(r), a report of these systems of records is being filed 
with the Chair of the House Committee on Oversight and Government 
Reform, the Chair of the Senate Committee on Homeland Security and 
Governmental Affairs, and the Administrator of the Office of 
Information and Regulatory Affairs of the Office of Management and 
Budget.

SYSTEM NAME AND NUMBER:
    BGFRS-1 Recruiting and Placement Records
    BGFRS-2 Personnel Security Systems
    BGFRS-3 Medical Records
    BGFRS-4 General Personnel Records
    BGFRS-5 EEO Discrimination Complaint File
    BGFRS-6 Disciplinary and Adverse Action Records
    BGFRS-7 Payroll and Leave Records
    BGFRS-8 Travel Records
    BGFRS-9 Supplier Files
    BGFRS-10 General Files on Board Members
    BGFRS-11 Official General Files
    BGFRS-12 Bank Officers Personnel System

[[Page 43873]]

    BGFRS-13 Federal Reserve System Bank Supervision Staff 
Qualifications
    BGFRS-14 General File of Federal Reserve Bank and Branch Directors
    BGFRS-16 Regulation U Reports of NonBank Lenders
    BGFRS-17 Municipal or Government Securities Principals and 
Representatives
    BGFRS-18 Consumer Complaint Information
    BGFRS-20 Survey of Consumer Finances
    BGFRS-21 Supervisory Enforcement Actions and Special Examinations 
Tracking System
    BGFRS-23 Freedom of Information Act and Privacy Act Case Tracking 
and Reporting System
    BGFRS-24 EEO General Files
    BGFRS-25 Multi-Rater Feedback Records
    BGFRS-26 Employee Relations Records
    BGFRS-27 Performance Management Program Records
    BGFRS-28 Employee Assistance Program Records
    BGFRS-29 Benefits Records
    BGFRS-30 Academic Assistance Program Files
    BGFRS-31 Protective Information Systems
    BGFRS-32 Visitor Registration System
    BGFRS-34 ESS Staff Identification Card File
    BGFRS-35 Staff Parking Permit File
    BGFRS-36 Federal Reserve Application Name Check System
    BGFRS-37 Electronic Applications
    BGFRS-38 Transportation Subsidy Records
    BGFRS-39 General File of the Community Advisory Council
    OIG-1 OIG Investigative Records
    OIG-2 OIG Personnel Records

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The Board maintains its systems of records at the Board of 
Governors of the Federal Reserve System, 20th Street and Constitution 
Avenue NW, Washington, DC 20551. Some sub-categories of certain systems 
may also be maintained by various third-parties, which are described in 
the corresponding SORNs located here: https://www.federalreserve.gov/system-of-records-notices.htm.

SYSTEM MANAGER(S):
    The system manager for each system is described in the system's 
corresponding SORN located here: https://www.federalreserve.gov/system-of-records-notices.htm.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The authority for each system is described in the system's 
corresponding SORN located here: https://www.federalreserve.gov/system-of-records-notices.htm.

PURPOSE(S) OF THE SYSTEM:
    The purpose for each system is described in the system's 
corresponding SORN located here: https://www.federalreserve.gov/system-of-records-notices.htm.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The categories of individuals covered by each system are described 
in the system's corresponding SORN located here: https://www.federalreserve.gov/system-of-records-notices.htm.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The categories of records covered by each system are described in 
the system's corresponding SORN located here: https://www.federalreserve.gov/system-of-records-notices.htm.

RECORD SOURCE CATEGORIES:
    The categories of sources of records for each system is described 
in the system's corresponding SORN located here: https://www.federalreserve.gov/system-of-records-notices.htm.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    The Board is amending its General Routine Uses by revising Routine 
Use I and adding Routine Use J. The Board is also revising all of the 
SORNs listed above \1\ to include the revised Routine Use I and the new 
Routine Use J. The Board is revising Routine Use I of its General 
Routine Uses to read as follows:
---------------------------------------------------------------------------

    \1\ BGFRS-40, ``FRB--Board Subscription Services'' is not 
included in the list because the Board's April 11, 2018 publication 
of that SORN included the substance of the new Routine Uses I and J. 
83 FR 15569 (April 11, 2018).
---------------------------------------------------------------------------

    ``I. Disclosure to Facilitate a Response to a Breach of the Board. 
Information may be disclosed to appropriate agencies, entities, and 
persons when: (1) The Board suspects or has confirmed that there has 
been a breach of the system of records; (2) the Board has determined 
that as a result of the suspected or confirmed breach there is a risk 
of harm to individuals, the Board (including its information systems, 
programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, and 
persons is reasonably necessary to assist in connection with the 
Board's efforts to respond to the suspected or confirmed breach or to 
prevent, minimize, or remedy such harm.''
    The Board is also adding Routine Use J to its General Routine Uses 
to read as follows:
    ``J. Disclosure to Assist another Federal Agency or Federal Entity 
in Responding to a Breach. Information may be disclosed to another 
federal agency or federal entity, when the Board determines that the 
information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach.''
    The complete list of General Routine Uses now reads as follows:
General Routine Uses of Board Systems of Records
    A. Disclosure for Enforcement, Statutory and Regulatory Purposes. 
Information may be disclosed to the appropriate federal, state, local, 
foreign, or self-regulatory organization or agency responsible for 
investigating, prosecuting, enforcing, implementing, issuing, or 
carrying out a statute, rule, regulation, order, policy, or license if 
the information may be relevant to a potential violation of civil or 
criminal law, rule, regulation, order, policy or license.
    B. Disclosure to Another Agency or a Federal Reserve Bank. 
Information may be disclosed to a federal agency in the executive, 
legislative, or judicial branch of government, or to a Federal Reserve 
Bank, in connection with the hiring, retaining, or assigning of an 
employee, the issuance of a security clearance, the conducting of a 
security or suitability investigation of an individual, the classifying 
of jobs, the letting of a contract, the issuance of a license, grant, 
or other benefits by the receiving entity, or the lawful statutory, 
administrative, or investigative purpose of the receiving entity to the 
extent that the information is relevant and necessary to the receiving 
entity's decision on the matter.
    C. Disclosure to a Member of Congress. Information may be disclosed 
to a congressional office in response to an inquiry from the 
congressional office made at the request of the individual to whom the 
record pertains.
    D. Disclosure to the Department of Justice, a Court, an 
Adjudicative Body or Administrative Tribunal, or a Party in Litigation. 
Information may be disclosed

[[Page 43874]]

to the Department of Justice, a court, an adjudicative body or 
administrative tribunal, a party in litigation, or a witness if the 
Board (or in the case of an Office of Inspector General system, the 
Office of Inspector General) determines, in its sole discretion, that 
the information is relevant and necessary to the matter.
    E. Disclosure to Federal, State, Local, and Professional Licensing 
Boards. Information may be disclosed to federal, state, local, foreign, 
and professional licensing boards, including a bar association, a Board 
of Medical Examiners, a state board of accountancy, or a similar 
governmental or non-government entity that maintains records concerning 
the issuance, retention, or revocation of licenses, certifications, or 
registrations relevant to practicing an occupation, profession, or 
specialty.
    F. Disclosure to the EEOC, MSPB, OGE and OSC. Information may be 
disclosed to the Equal Employment Opportunity Commission, the Merit 
Systems Protection Board, the Office of Government Ethics, or the 
Office of Special Counsel to the extent determined to be relevant and 
necessary to carrying out their authorized functions.
    G. Disclosure to Contractors, Agents, and Others. Information may 
be disclosed to contractors, agents, or others performing work on a 
contract, service, cooperative agreement, job, or other activity for 
the Board and who have a need to access the information in the 
performance of their duties or activities for the Board.
    H. Disclosure to Labor Relations Panels. Information may be 
disclosed to the Federal Reserve Board Labor Relations Panel or the 
Federal Reserve Banks Labor Relations Panel in connection with the 
investigation and resolution of allegations of unfair labor practices 
or other matters within the jurisdiction of the relevant panel when 
requested.
    I. Disclosure to Facilitate a Response to a Breach of the Board. 
Information may be disclosed to appropriate agencies, entities, and 
persons when: (1) The Board suspects or has confirmed that there has 
been a breach of the system of records; (2) the Board has determined 
that as a result of the suspected or confirmed breach there is a risk 
of harm to individuals or the Board (including its information systems, 
programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, and 
persons is reasonably necessary to assist in connection with the 
Board's efforts to respond to the suspected or confirmed breach or to 
prevent, minimize, or remedy such harm.
    J. Disclosure to Assist another Federal Agency or Federal Entity in 
Responding to a Breach. Information may be disclosed to another federal 
agency or federal entity, when the Board determines that the 
information from the system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach, or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    The storage practices for each system are set out in the 
corresponding SORN located here: https://www.federalreserve.gov/system-of-records-notices.htm.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Depending on the particular system, paper and electronic records 
may be retrieved by name or other identifying aspects.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    The retention period for each system is set out in the 
corresponding SORN located here: https://www.federalreserve.gov/system-of-records-notices.htm. Records will be disposed of at the end of their 
retention periods, subject to an annual close-out.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Access to records is limited to those whose official duties require 
it. Electronic records are password protected.

RECORD ACCESS PROCEDURES:
    The Privacy Act allows individuals the right to access records 
maintained about them in a Board system of records. Your request for 
access must: (1) Contain a statement that it is made pursuant to the 
Privacy Act of 1974; (2) provide either the name of the Board system of 
records expected to contain the record requested or a concise 
description of the system of records; (3) provide the information 
necessary to verify your identity; and (4) provide any other 
information that may assist in the rapid identification of the record 
for which you are requesting access.
    Current or former Board employees may make a request for access by 
contacting the Board office that maintains the record. The Board 
handles all Privacy Act requests as both a Privacy Act request and as a 
Freedom of Information Act request. The Board does not charge fees to a 
requestor seeking to access or amend his/her Privacy Act records.
    You may submit your Privacy Act request to the--Secretary of the 
Board, Board of Governors of the Federal Reserve System, 20th Street 
and Constitution Avenue NW, Washington DC 20551.
    If your request is for records maintained by the Board's Office of 
Inspector General, submit your request to the--Inspector General, Board 
of Governors of the Federal Reserve System, 20th Street and 
Constitution Avenue NW, Washington, DC 20551.
    You may also submit your Privacy Act request electronically through 
the Board's FOIA ``Electronic Request Form'' located here: https://www.federalreserve.gov/secure/forms/efoiaform.aspx.

CONTESTING RECORD PROCEDURES:
    The Privacy Act allows individuals to seek amendment of information 
that is erroneous, irrelevant, untimely, or incomplete and is 
maintained in a system of records about you. To request an amendment to 
your record, you should clearly mark the request as a ``Privacy Act 
Amendment Request.'' You have the burden of proof for demonstrating the 
appropriateness of the requested amendment and you must provide 
relevant and convincing evidence in support of your request.
    Your request for amendment must: (1) Provide the name of the 
specific Board system of records containing the record you seek to 
amend; (2) Identify the specific portion of the record you seek to 
amend; (3) Describe the nature of and reasons for each requested 
amendment; (4) Explain why you believe the record is not accurate, 
relevant, timely, or complete; and (5) Unless you have already done so 
in a Privacy Act request for access, provide the necessary information 
to verify your identity.

NOTIFICATION PROCEDURES:
    Same as ``Access procedures'' above. You may also follow this 
procedure in order to request an accounting of previous disclosures of 
records pertaining to you as provided for by 5 U.S.C. 552a(c).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    Any exemptions claimed for each specific system is described in the 
system's corresponding SORN located here: https://www.federalreserve.gov/system-of-records-notices.htm.

[[Page 43875]]

HISTORY:
    The history of the Board's various systems can be located at: 
https://www.federalreserve.gov/system-of-records-notices.htm by 
clicking on the Federal Register Notice associated with the SORN for 
each system. In order that the Board's General Routine Uses will be 
contained in a single notice readily accessible by the public, the 
Board is taking the opportunity to republish the General Routine Uses 
previously published on May 6, 2008 (73 FR 24985) which were not 
revised under this notice.

    Board of Governors of the Federal Reserve System, August 23, 
2018.
Ann Misback,
Secretary of the Board.
[FR Doc. 2018-18627 Filed 8-27-18; 8:45 am]
 BILLING CODE P