83 FR 55541 - Privacy Act of 1974; System of Records

FEDERAL TRADE COMMISSION

Federal Register Volume 83, Issue 215 (November 6, 2018)

The FTC is making non-substantive technical corrections to Appendix I, which lists the authorized disclosures and routine uses applicable to all FTC Privacy Act systems of records. This action makes the notices for these systems of records clearer, more accurate, and up-to-date.

[Federal Register Volume 83, Number 215 (Tuesday, November 6, 2018)]
[Notices]
[Pages 55541-55543]
From the Federal Register Online  [www.thefederalregister.org]
[FR Doc No: 2018-24226]


-----------------------------------------------------------------------

FEDERAL TRADE COMMISSION


Privacy Act of 1974; System of Records

AGENCY: Federal Trade Commission (FTC).

[[Page 55542]]


ACTION: Notice of modified systems of records; correction.

-----------------------------------------------------------------------

SUMMARY: The FTC is making non-substantive technical corrections to 
Appendix I, which lists the authorized disclosures and routine uses 
applicable to all FTC Privacy Act systems of records. This action makes 
the notices for these systems of records clearer, more accurate, and 
up-to-date.

DATES: This modified systems of records shall become final and 
effective on November 6, 2018.

FOR FURTHER INFORMATION CONTACT: G. Richard Gold and Alex Tang, 
Attorneys (202-326-2424), Office of the General Counsel, FTC, 600 
Pennsylvania Avenue NW, Washington, DC 20580.

SUPPLEMENTARY INFORMATION: To inform the public, the FTC publishes in 
the Federal Register and posts on its website a ``system of records 
notice'' (SORN) for each system of records that the FTC currently 
maintains within the meaning of the Privacy Act of 1974, as amended, 5 
U.S.C. 552a (``Privacy Act'' or ``Act''). See https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems. The Privacy Act 
protects records about individuals in systems of records collected and 
maintained by Federal agencies. (A system is not a ``system of 
records'' under the Act unless the agency maintains and retrieves 
records in the system by the relevant individual's name or other 
personally assigned identifier.) Each Federal agency, including the 
FTC, must publish a SORN that describes the records maintained in each 
of its Privacy Act systems, including the categories of individuals 
that the records in the system are about, where and how the agency 
maintains these records, and how individuals can find out whether an 
agency system contains any records about them or request access to such 
records, if any. The FTC, for example, maintains 40 systems of records 
under the Act. Some of these systems contain records about the FTC's 
own employees, such as personnel and payroll files, while other FTC 
systems contain records about members of the public, such as public 
comments, consumer complaints, or phone numbers submitted to the FTC's 
Do Not Call Registry.
    The FTC's SORNs discussed in this notice apply only to the FTC's 
own Privacy Act record systems. They do not cover Privacy Act records 
that other Federal agencies may collect and maintain in their own 
systems. Likewise, the FTC's SORNs and the Privacy Act of 1974 do not 
cover records that private businesses or other non-FTC entities may 
collect about individuals, which may be covered by other privacy laws.
    On June 12, 2008, the FTC republished and updated all of its SORNs, 
describing all of the agency's systems of records covered by the 
Privacy Act in a single document for ease of use and reference. 73 FR 
33592. To ensure the SORNs remain accurate, FTC staff reviews each SORN 
on a periodic basis. As a result of this systematic review, the FTC 
made revisions to several of its SORNs on April 17, 2009 (74 FR 17863), 
August 27, 2010 (75 FR 52749), February 23, 2015 (80 FR 9460), and 
November 2, 2017 (82 FR 50871).
    Based on a periodic review of its SORNs, the FTC is publishing two 
technical non-substantive revisions to Appendix I, which lists the 
routine uses that apply to all FTC SORNs. First, the FTC is updating 
the number of routine uses stated in the Appendix from ``(23)'' to 
``(24).'' This conforming amendment was inadvertently omitted when the 
FTC, following Office of Management and Budget guidance, added a new 
routine use to this Appendix, relating to data breach notification, 
earlier this year. See 83 FR 39095 (Aug. 8, 2018). Second, the FTC is 
removing the current reference in the Appendix to the ``General 
Accounting Office'' and, in its place, adding that agency's current 
name, the ``Government Accountability Office'' (GAO). This correction 
reflects the change in GAO's legal name made by Congress several years 
ago, Public Law 108-271, 118 Stat. 811 (2004). In the same legislation, 
Congress made a conforming amendment to the Privacy Act of 1974 to 
authorize disclosures of Privacy Act records to the ``Government 
Accountability Office.'' See 5 U.S.C. 552a(b)(10).
    The FTC is not substantively adding or amending any routine uses of 
its Privacy Act system records. The corrections to Appendix I described 
above are purely technical, and do not in any way modify the legal 
intent, operation, or effect of the routine uses set forth in that 
Appendix. Accordingly, the FTC is not required to provide prior public 
comment or notice to OMB or Congress for these technical amendments, 
which are final upon publication. See U.S.C. 552a(e)(11) and 552a(r); 
OMB Circular A-108, supra.
    The FTC is reprinting the entire text of Appendix I for the 
public's benefit and convenience, to read as follows:

Appendix I
Authorized Disclosures and Routine Uses Applicable to All FTC Privacy 
Act Systems of Records
    The Privacy Act allows the FTC to disclose its Privacy Act records 
in the following ways:
    (1) Within the FTC, to FTC officers and employees who need the 
record to perform their duties;
    (2) In response to a request for public disclosure under the 
Freedom of Information Act (FOIA);
    (3) For any ``routine use'' compatible with the purpose for which 
the record was collected, as set forth in each system of records notice 
and in paragraphs (13)-(24) of this Appendix below;
    (4) To the Bureau of the Census for purposes of planning or 
carrying out a census or survey or related activity under title 13 of 
the United States Code;
    (5) To a recipient who has provided the agency with advance 
adequate written assurance that the record will be used solely as a 
statistical research or reporting record, and the record is to be 
transferred in a form that is not individually identifiable;
    (6) To the National Archives and Records Administration as a record 
having sufficient historical or other value to warrant its continued 
preservation by the United States Government, or for evaluation by the 
Archivist of the United States or the designee of the Archivist to 
determine whether the record has such value;
    (7) To another agency or to an instrumentality of any governmental 
jurisdiction within or under the control of the United States for a 
civil or criminal law enforcement activity if the activity is 
authorized by law, and if the head of the agency or instrumentality has 
made a written request to the agency which maintains the record 
specifying the particular portion desired and the law enforcement 
activity for which the record is sought;
    (8) To a person pursuant to a showing of compelling circumstances 
affecting the health or safety of an individual if upon such disclosure 
notification is transmitted to the last known address of such 
individual;
    (9) To either House of Congress, or, to the extent of a matter 
within its jurisdiction, any committee or subcommittee thereof, any 
joint committee of Congress or subcommittee of any such joint 
committee;
    (10) to the Comptroller General, or any of his authorized 
representatives, in the course of the performance of the duties of the 
Government Accountability Office;

[[Page 55543]]

    (11) Under an order of a court of competent jurisdiction; and
    (12) To a consumer reporting agency, when trying to collect a claim 
of the Government, in accordance with 31 U.S.C. 3711(e).
    In addition, in accordance with paragraph (3) above, the ``routine 
uses'' set forth in paragraphs (13) through (24) below shall apply to 
all records in all FTC Privacy Act systems of records. Specifically, 
such records:
    (13) Where appropriately incorporated into the records maintained 
in FTC-II-6 (Discrimination Complaint System-FTC), may be disclosed 
under the routine uses published for that system;
    (14) May be disclosed to the National Archives and Records 
Administration for records management inspections conducted under 
authority of 44 U.S.C. 2904 and 2906;
    (15) May be disclosed to other agencies, offices, establishments, 
and authorities, whether federal, state, local, foreign, or self-
regulatory (including, but not limited to organizations such as 
professional associations or licensing boards), authorized or with the 
responsibility to investigate, litigate, prosecute, enforce, or 
implement a statute, rule, regulation, or order, where the record or 
information by itself or in connection with other records or 
information:
    (a) Indicates a violation or potential violation of law, whether 
criminal, civil, administrative, or regulatory in nature, and whether 
arising by general statute or particular program statute, or by 
regulation, rule, or order issued pursuant thereto, or
    (b) Indicates a violation or potential violation of a professional, 
licensing, or similar regulation, rule, or order, or otherwise reflects 
on the qualifications or fitness of an individual who is licensed or 
seeking to be licensed;
    (16) May be disclosed to any source, private or governmental, to 
the extent necessary to secure from such source information relevant to 
and sought in furtherance of a legitimate investigation or audit;
    (17) May be disclosed to any authorized agency component of the 
Federal Trade Commission, Department of Justice, or other law 
enforcement authorities, and for disclosure by such parties:
    (a) To the extent relevant and necessary in connection with 
litigation in proceedings before a court or other adjudicative body, 
where (i) the United States is a party to or has an interest in the 
litigation, including where the agency, or an agency component, or an 
agency official or employee in his or her official capacity, or an 
individual agency official or employee whom the Department of Justice 
has agreed to represent, is or may likely become a party, and (ii) the 
litigation is likely to affect the agency or any component thereof; or
    (b) To obtain advice, including advice concerning the accessibility 
of a record or information under the Privacy Act or the Freedom of 
Information Act;
    (18) May be disclosed to a congressional office in response to an 
inquiry from that office made at the written request of the subject 
individual, but only to the extent that the record would be legally 
accessible to that individual;
    (19) May be disclosed to debt collection contractors for the 
purpose of collecting debts owed to the government, as authorized under 
the Debt Collection Act of 1982, 31 U.S.C. 3718, and subject to 
applicable Privacy Act safeguards;
    (20) May be disclosed to a grand jury agent pursuant either to a 
federal or state grand jury subpoena, or to a prosecution request that 
such record be released for the purpose of its introduction to a grand 
jury, where the subpoena or request has been specifically approved by a 
court;
    (21) May be disclosed to the Office of Management and Budget (OMB) 
for the purpose of obtaining advice regarding agency obligations under 
the Privacy Act, or in connection with the review of private relief 
legislation pursuant to OMB Circular A-19;
    (22) To appropriate agencies, entities, and persons when (a) the 
FTC suspects or has confirmed that there has been a breach of the 
system of records; (b) the FTC has determined that as a result of the 
suspected or confirmed breach there is a risk of harm to individuals, 
the FTC (including its information systems, programs, and operations), 
the Federal Government, or national security; and (c) the disclosure 
made to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the FTC's efforts to respond to the suspected 
or confirmed breach or to prevent, minimize, or remedy such harm.
    (23) To another Federal agency or Federal entity, when the FTC 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (a) responding to 
a suspected or confirmed breach or (b) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    (24) May be disclosed to FTC contractors, volunteers, interns or 
other authorized individuals who have a need for the record in order to 
perform their officially assigned or designated duties for or on behalf 
of the FTC.
    The routine uses contained in this Appendix are in addition to any 
routine uses contained in the system of records notice (SORN) for each 
FTC Privacy Act records system. Some of the authorized disclosures and 
routine uses may overlap with one another. The FTC will treat a routine 
use as valid and still in effect, even if an overlapping routine use or 
disclosure is partly or fully invalidated or repealed.

Heather Hippsley,
Deputy General Counsel.
[FR Doc. 2018-24226 Filed 11-5-18; 8:45 am]
 BILLING CODE 6750-01-P