83 FR 55541 - Privacy Act of 1974; System of Records
FEDERAL TRADE COMMISSION Federal Register Volume 83, Issue 215 (November 6, 2018)
Federal Register Volume 83, Issue 215 (November 6, 2018)
| Page Range | 55541-55543 | |
| FR Document | 2018-24226 |
[Federal Register Volume 83, Number 215 (Tuesday, November 6, 2018)] [Notices] [Pages 55541-55543] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2018-24226] ----------------------------------------------------------------------- FEDERAL TRADE COMMISSION Privacy Act of 1974; System of Records AGENCY: Federal Trade Commission (FTC). [[Page 55542]] ACTION: Notice of modified systems of records; correction. ----------------------------------------------------------------------- SUMMARY: The FTC is making non-substantive technical corrections to Appendix I, which lists the authorized disclosures and routine uses applicable to all FTC Privacy Act systems of records. This action makes the notices for these systems of records clearer, more accurate, and up-to-date. DATES: This modified systems of records shall become final and effective on November 6, 2018. FOR FURTHER INFORMATION CONTACT: G. Richard Gold and Alex Tang, Attorneys (202-326-2424), Office of the General Counsel, FTC, 600 Pennsylvania Avenue NW, Washington, DC 20580. SUPPLEMENTARY INFORMATION: To inform the public, the FTC publishes in the Federal Register and posts on its website a ``system of records notice'' (SORN) for each system of records that the FTC currently maintains within the meaning of the Privacy Act of 1974, as amended, 5 U.S.C. 552a (``Privacy Act'' or ``Act''). See https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems. The Privacy Act protects records about individuals in systems of records collected and maintained by Federal agencies. (A system is not a ``system of records'' under the Act unless the agency maintains and retrieves records in the system by the relevant individual's name or other personally assigned identifier.) Each Federal agency, including the FTC, must publish a SORN that describes the records maintained in each of its Privacy Act systems, including the categories of individuals that the records in the system are about, where and how the agency maintains these records, and how individuals can find out whether an agency system contains any records about them or request access to such records, if any. The FTC, for example, maintains 40 systems of records under the Act. Some of these systems contain records about the FTC's own employees, such as personnel and payroll files, while other FTC systems contain records about members of the public, such as public comments, consumer complaints, or phone numbers submitted to the FTC's Do Not Call Registry. The FTC's SORNs discussed in this notice apply only to the FTC's own Privacy Act record systems. They do not cover Privacy Act records that other Federal agencies may collect and maintain in their own systems. Likewise, the FTC's SORNs and the Privacy Act of 1974 do not cover records that private businesses or other non-FTC entities may collect about individuals, which may be covered by other privacy laws. On June 12, 2008, the FTC republished and updated all of its SORNs, describing all of the agency's systems of records covered by the Privacy Act in a single document for ease of use and reference. 73 FR 33592. To ensure the SORNs remain accurate, FTC staff reviews each SORN on a periodic basis. As a result of this systematic review, the FTC made revisions to several of its SORNs on April 17, 2009 (74 FR 17863), August 27, 2010 (75 FR 52749), February 23, 2015 (80 FR 9460), and November 2, 2017 (82 FR 50871). Based on a periodic review of its SORNs, the FTC is publishing two technical non-substantive revisions to Appendix I, which lists the routine uses that apply to all FTC SORNs. First, the FTC is updating the number of routine uses stated in the Appendix from ``(23)'' to ``(24).'' This conforming amendment was inadvertently omitted when the FTC, following Office of Management and Budget guidance, added a new routine use to this Appendix, relating to data breach notification, earlier this year. See 83 FR 39095 (Aug. 8, 2018). Second, the FTC is removing the current reference in the Appendix to the ``General Accounting Office'' and, in its place, adding that agency's current name, the ``Government Accountability Office'' (GAO). This correction reflects the change in GAO's legal name made by Congress several years ago, Public Law 108-271, 118 Stat. 811 (2004). In the same legislation, Congress made a conforming amendment to the Privacy Act of 1974 to authorize disclosures of Privacy Act records to the ``Government Accountability Office.'' See 5 U.S.C. 552a(b)(10). The FTC is not substantively adding or amending any routine uses of its Privacy Act system records. The corrections to Appendix I described above are purely technical, and do not in any way modify the legal intent, operation, or effect of the routine uses set forth in that Appendix. Accordingly, the FTC is not required to provide prior public comment or notice to OMB or Congress for these technical amendments, which are final upon publication. See U.S.C. 552a(e)(11) and 552a(r); OMB Circular A-108, supra. The FTC is reprinting the entire text of Appendix I for the public's benefit and convenience, to read as follows: Appendix I Authorized Disclosures and Routine Uses Applicable to All FTC Privacy Act Systems of Records The Privacy Act allows the FTC to disclose its Privacy Act records in the following ways: (1) Within the FTC, to FTC officers and employees who need the record to perform their duties; (2) In response to a request for public disclosure under the Freedom of Information Act (FOIA); (3) For any ``routine use'' compatible with the purpose for which the record was collected, as set forth in each system of records notice and in paragraphs (13)-(24) of this Appendix below; (4) To the Bureau of the Census for purposes of planning or carrying out a census or survey or related activity under title 13 of the United States Code; (5) To a recipient who has provided the agency with advance adequate written assurance that the record will be used solely as a statistical research or reporting record, and the record is to be transferred in a form that is not individually identifiable; (6) To the National Archives and Records Administration as a record having sufficient historical or other value to warrant its continued preservation by the United States Government, or for evaluation by the Archivist of the United States or the designee of the Archivist to determine whether the record has such value; (7) To another agency or to an instrumentality of any governmental jurisdiction within or under the control of the United States for a civil or criminal law enforcement activity if the activity is authorized by law, and if the head of the agency or instrumentality has made a written request to the agency which maintains the record specifying the particular portion desired and the law enforcement activity for which the record is sought; (8) To a person pursuant to a showing of compelling circumstances affecting the health or safety of an individual if upon such disclosure notification is transmitted to the last known address of such individual; (9) To either House of Congress, or, to the extent of a matter within its jurisdiction, any committee or subcommittee thereof, any joint committee of Congress or subcommittee of any such joint committee; (10) to the Comptroller General, or any of his authorized representatives, in the course of the performance of the duties of the Government Accountability Office; [[Page 55543]] (11) Under an order of a court of competent jurisdiction; and (12) To a consumer reporting agency, when trying to collect a claim of the Government, in accordance with 31 U.S.C. 3711(e). In addition, in accordance with paragraph (3) above, the ``routine uses'' set forth in paragraphs (13) through (24) below shall apply to all records in all FTC Privacy Act systems of records. Specifically, such records: (13) Where appropriately incorporated into the records maintained in FTC-II-6 (Discrimination Complaint System-FTC), may be disclosed under the routine uses published for that system; (14) May be disclosed to the National Archives and Records Administration for records management inspections conducted under authority of 44 U.S.C. 2904 and 2906; (15) May be disclosed to other agencies, offices, establishments, and authorities, whether federal, state, local, foreign, or self- regulatory (including, but not limited to organizations such as professional associations or licensing boards), authorized or with the responsibility to investigate, litigate, prosecute, enforce, or implement a statute, rule, regulation, or order, where the record or information by itself or in connection with other records or information: (a) Indicates a violation or potential violation of law, whether criminal, civil, administrative, or regulatory in nature, and whether arising by general statute or particular program statute, or by regulation, rule, or order issued pursuant thereto, or (b) Indicates a violation or potential violation of a professional, licensing, or similar regulation, rule, or order, or otherwise reflects on the qualifications or fitness of an individual who is licensed or seeking to be licensed; (16) May be disclosed to any source, private or governmental, to the extent necessary to secure from such source information relevant to and sought in furtherance of a legitimate investigation or audit; (17) May be disclosed to any authorized agency component of the Federal Trade Commission, Department of Justice, or other law enforcement authorities, and for disclosure by such parties: (a) To the extent relevant and necessary in connection with litigation in proceedings before a court or other adjudicative body, where (i) the United States is a party to or has an interest in the litigation, including where the agency, or an agency component, or an agency official or employee in his or her official capacity, or an individual agency official or employee whom the Department of Justice has agreed to represent, is or may likely become a party, and (ii) the litigation is likely to affect the agency or any component thereof; or (b) To obtain advice, including advice concerning the accessibility of a record or information under the Privacy Act or the Freedom of Information Act; (18) May be disclosed to a congressional office in response to an inquiry from that office made at the written request of the subject individual, but only to the extent that the record would be legally accessible to that individual; (19) May be disclosed to debt collection contractors for the purpose of collecting debts owed to the government, as authorized under the Debt Collection Act of 1982, 31 U.S.C. 3718, and subject to applicable Privacy Act safeguards; (20) May be disclosed to a grand jury agent pursuant either to a federal or state grand jury subpoena, or to a prosecution request that such record be released for the purpose of its introduction to a grand jury, where the subpoena or request has been specifically approved by a court; (21) May be disclosed to the Office of Management and Budget (OMB) for the purpose of obtaining advice regarding agency obligations under the Privacy Act, or in connection with the review of private relief legislation pursuant to OMB Circular A-19; (22) To appropriate agencies, entities, and persons when (a) the FTC suspects or has confirmed that there has been a breach of the system of records; (b) the FTC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the FTC (including its information systems, programs, and operations), the Federal Government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the FTC's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. (23) To another Federal agency or Federal entity, when the FTC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. (24) May be disclosed to FTC contractors, volunteers, interns or other authorized individuals who have a need for the record in order to perform their officially assigned or designated duties for or on behalf of the FTC. The routine uses contained in this Appendix are in addition to any routine uses contained in the system of records notice (SORN) for each FTC Privacy Act records system. Some of the authorized disclosures and routine uses may overlap with one another. The FTC will treat a routine use as valid and still in effect, even if an overlapping routine use or disclosure is partly or fully invalidated or repealed. Heather Hippsley, Deputy General Counsel. [FR Doc. 2018-24226 Filed 11-5-18; 8:45 am] BILLING CODE 6750-01-P
![Federal Register / Vol. 83, No. 215 / Tuesday, November 6, 2018 / Notices 55541
Website, unless you submit a of whom actually pay more on a unique advertisements. Part V requires
confidentiality request that meets the monthly basis. As a result, SoFi’s SoFi to submit additional compliance
requirements for such treatment under representations significantly inflate the reports within 10 business days of a
FTC Rule 4.9(c), and the General average savings consumers have written request by the Commission. Part
Counsel grants that request. actually achieved—sometimes even VI is a provision ‘‘sunsetting’’ the order
Visit the FTC Website at http:// doubling the actual savings. after twenty (20) years, with certain
www.ftc.gov to read this Notice and the Additionally, when a consumer exceptions.
news release describing it. The FTC Act submits an application to refinance his The purpose of this analysis is to aid
and other laws that the Commission or her student loan(s) and is presented public comment on the proposed order.
administers permit the collection of with loan options, SoFi misrepresents It is not intended to constitute an
public comments to consider and use in that the consumer will save zero dollars official interpretation of the complaint
this proceeding, as appropriate. The when the consumer is actually expected or proposed order, or to modify in any
Commission will consider all timely to lose money. Specifically, if, for a way the proposed order’s terms.
and responsive public comments that it fixed rate loan option, the consumer is By direction of the Commission.
receives on or before November 28, expected to lose money over the lifetime Donald S. Clark,
2018. For information on the of the loan, then SoFi falsely states that
Secretary.
Commission’s privacy policy, including the consumer’s lifetime savings will be
routine uses permitted by the Privacy ‘‘$0.00.’’ Likewise, if a consumer is Statement of Commissioner Rohit
Act, see https://www.ftc.gov/site- expected to pay more on a monthly Chopra
information/privacy-policy. basis for a given loan option, then SoFi Today, the Federal Trade Commission
falsely states that the consumer’s has issued for public comment a
Analysis of Proposed Consent Order To
monthly savings will be ‘‘$0.00.’’ settlement with SoFi, an online student
Aid Public Comment The proposed order will prevent SoFi lender. According to the FTC’s
The Federal Trade Commission from engaging in similar acts or complaint, SoFi’s widely disseminated
(‘‘Commission’’) has accepted, subject to practices. Part I.A. would prohibit SoFi advertisements have significantly
final approval, an agreement containing from misrepresenting that consumers exaggerated the average savings that
a consent order from Social Finance, who obtain a credit product have saved, student loan borrowers achieve when
Inc. and SoFi Lending Corp. will save, or will likely save money, or they refinance through the company.
(collectively ‘‘SoFi’’). a specific amount of money, over the
The proposed consent order has been These advertisements were deceptive
lifetime of a credit product or over any and I agree that SoFi’s actions were
placed on the public record for thirty other time period (e.g., monthly),
(30) days for receipt of comments by unlawful, so I have voted in favor.
including by representing that the Our proposed resolution does not
interested persons. Comments received amount of money saved over a specific require SoFi to pay any money
during this period will become part of time period will be zero when whatsoever for this misconduct. Ideally,
the public record. After thirty (30) days, consumers will instead pay more money SoFi would pay civil penalties for
the Commission will again review the over that specific time period. Part I.B. violating the law. Due to limitations in
agreement and the comments received, would also prohibit SoFi from making the FTC’s authority, the agency cannot
and will decide whether it should any of the savings claims covered by seek civil penalties in matters like these.
withdraw from the agreement and take Part I.A., unless those claims are However, the Consumer Financial
appropriate action or make final the substantiated with competent and Protection Bureau and the State
agreement’s proposed order. reliable evidence. Part I.C. would
SoFi is an online lender that offers, Attorneys General would be able to seek
prohibit SoFi from misrepresenting any penalties from SoFi under existing
among other credit products, student other material fact about the
loan refinancing. The Commission’s federal law.1
performance, benefits, or characteristics In future matters where we are unable
proposed complaint alleges that SoFi of any credit product when making a to obtain monetary remedies, we should
makes savings claims that, as detailed savings claim covered by Part I.A. carefully consider whether partnering
below, misrepresent how much money Parts II through VI of the proposed with other law enforcement agencies
students have saved, will save, or will order are reporting and compliance can lead to better results for consumers
likely save by refinancing their student provisions. Part II is an order
and deter bad actors from violating the
loans with SoFi. distribution provision that requires SoFi
SoFi has prominently advertised that law.
to provide the order to current and [FR Doc. 2018–24207 Filed 11–5–18; 8:45 am]
consumers who refinance their loans future principals, officers, and corporate
BILLING CODE 6750–01–P
with SoFi have saved large average directors, as well as current and future
amounts of money over the lifetime of managers, employees, agents and
those loans or each month. These claims representatives who participate in FEDERAL TRADE COMMISSION
overstate consumers’ average savings. certain duties related to the subject
SoFi’s calculations of its members’ matter of the proposed complaint and Privacy Act of 1974; System of
average savings selectively excludes order, and to secure statements Records
large categories of consumers who acknowledging receipt of the order. Part
would likely pay more money, instead III requires SoFi to submit a compliance AGENCY: Federal Trade Commission
of saving. Specifically, when SoFi report one year after the order is (FTC).
calculates its members’ average lifetime
khammond on DSK30JT082PROD with NOTICES
entered. It also requires SoFi to notify 1 SoFi’s alleged misconduct likely violated both
savings it excludes all consumers who the Commission of corporate changes the Federal Trade Commission Act’s ban on unfair
refinance into longer term loans, most of that may affect compliance obligations or deceptive practices and the Consumer Financial
whom actually pay more over the within 14 days of such a change. Protection Act’s (CFPA) prohibition on unfair,
lifetime of the loan. Further, when SoFi Part IV requires SoFi to maintain and deceptive, or abusive practices by those who offer
or provide a consumer financial product or service.
calculates its members’ average monthly upon request make available certain With some exceptions, States can enforce the CFPA
savings it excludes all consumers who compliance-related records, including and obtain remedies available under it. See 12
refinance into shorter term loans, most certain consumer complaints and U.S.C. 5552(a).
VerDate Sep<11>2014 17:05 Nov 05, 2018 Jkt 247001 PO 00000 Frm 00028 Fmt 4703 Sfmt 4703 E:\FR\FM\06NON1.SGM 06NON1](https://thefederalregister.org/doc/83_FR_55756/page/1.svg)
![Federal Register / Vol. 83, No. 215 / Tuesday, November 6, 2018 / Notices 55543
(11) Under an order of a court of official capacity, or an individual national security, resulting from a
competent jurisdiction; and agency official or employee whom the suspected or confirmed breach.
(12) To a consumer reporting agency, Department of Justice has agreed to (24) May be disclosed to FTC
when trying to collect a claim of the represent, is or may likely become a contractors, volunteers, interns or other
Government, in accordance with 31 party, and (ii) the litigation is likely to authorized individuals who have a need
U.S.C. 3711(e). affect the agency or any component for the record in order to perform their
In addition, in accordance with thereof; or officially assigned or designated duties
paragraph (3) above, the ‘‘routine uses’’ (b) To obtain advice, including advice for or on behalf of the FTC.
set forth in paragraphs (13) through (24) concerning the accessibility of a record The routine uses contained in this
below shall apply to all records in all or information under the Privacy Act or Appendix are in addition to any routine
FTC Privacy Act systems of records. the Freedom of Information Act; uses contained in the system of records
Specifically, such records: (18) May be disclosed to a notice (SORN) for each FTC Privacy Act
(13) Where appropriately congressional office in response to an records system. Some of the authorized
incorporated into the records inquiry from that office made at the disclosures and routine uses may
maintained in FTC–II–6 (Discrimination written request of the subject overlap with one another. The FTC will
Complaint System–FTC), may be individual, but only to the extent that treat a routine use as valid and still in
disclosed under the routine uses the record would be legally accessible to effect, even if an overlapping routine
published for that system; that individual; use or disclosure is partly or fully
(14) May be disclosed to the National (19) May be disclosed to debt invalidated or repealed.
Archives and Records Administration collection contractors for the purpose of
for records management inspections collecting debts owed to the Heather Hippsley,
conducted under authority of 44 U.S.C. government, as authorized under the Deputy General Counsel.
2904 and 2906; Debt Collection Act of 1982, 31 U.S.C. [FR Doc. 2018–24226 Filed 11–5–18; 8:45 am]
(15) May be disclosed to other 3718, and subject to applicable Privacy BILLING CODE 6750–01–P
agencies, offices, establishments, and Act safeguards;
authorities, whether federal, state, local, (20) May be disclosed to a grand jury
foreign, or self-regulatory (including, agent pursuant either to a federal or
but not limited to organizations such as state grand jury subpoena, or to a DEPARTMENT OF HEALTH AND
professional associations or licensing prosecution request that such record be HUMAN SERVICES
boards), authorized or with the released for the purpose of its
responsibility to investigate, litigate, introduction to a grand jury, where the Agency for Toxic Substance and
prosecute, enforce, or implement a subpoena or request has been Disease Registry
statute, rule, regulation, or order, where specifically approved by a court;
the record or information by itself or in (21) May be disclosed to the Office of [60Day–19–0048; Docket No. ATSDR–2018–
connection with other records or Management and Budget (OMB) for the 0009]
information: purpose of obtaining advice regarding
(a) Indicates a violation or potential agency obligations under the Privacy Proposed Data Collection Submitted
violation of law, whether criminal, civil, Act, or in connection with the review of for Public Comment and
administrative, or regulatory in nature, private relief legislation pursuant to Recommendations
and whether arising by general statute OMB Circular A–19;
(22) To appropriate agencies, entities, AGENCY: Agency for Toxic Substance
or particular program statute, or by
and persons when (a) the FTC suspects and Disease Registry, Department of
regulation, rule, or order issued
or has confirmed that there has been a Health and Human Services (HHS)
pursuant thereto, or
(b) Indicates a violation or potential breach of the system of records; (b) the ACTION: Notice with comment period.
violation of a professional, licensing, or FTC has determined that as a result of
similar regulation, rule, or order, or the suspected or confirmed breach there SUMMARY: The Agency for Toxic
otherwise reflects on the qualifications is a risk of harm to individuals, the FTC Substance and Disease Registry, as part
or fitness of an individual who is (including its information systems, of its continuing effort to reduce public
licensed or seeking to be licensed; programs, and operations), the Federal burden and maximize the utility of
(16) May be disclosed to any source, Government, or national security; and government information, invites the
private or governmental, to the extent (c) the disclosure made to such general public and other Federal
necessary to secure from such source agencies, entities, and persons is agencies the opportunity to comment on
information relevant to and sought in reasonably necessary to assist in a proposed and/or continuing
furtherance of a legitimate investigation connection with the FTC’s efforts to information collection, as required by
or audit; respond to the suspected or confirmed the Paperwork Reduction Act of 1995.
(17) May be disclosed to any breach or to prevent, minimize, or This notice invites comment on a
authorized agency component of the remedy such harm. proposed information collection project
Federal Trade Commission, Department (23) To another Federal agency or titled ATSDR Exposure Investigations
of Justice, or other law enforcement Federal entity, when the FTC (EIs) (OMB Control No. 0923–0048,
authorities, and for disclosure by such determines that information from this Expiration Date 3/31/2019)—
parties: system of records is reasonably Extension—Agency for Toxic
(a) To the extent relevant and necessary to assist the recipient agency Substances and Disease Registry
khammond on DSK30JT082PROD with NOTICES
necessary in connection with litigation or entity in (a) responding to a (ATSDR). To evaluate public health
in proceedings before a court or other suspected or confirmed breach or (b) issues at a site resulting from
adjudicative body, where (i) the United preventing, minimizing, or remedying environmental exposure, ATSDR EIs fill
States is a party to or has an interest in the risk of harm to individuals, the data gaps by conducting environmental
the litigation, including where the recipient agency or entity (including its and biological sampling.
agency, or an agency component, or an information systems, programs, and DATES: CDC must receive written
agency official or employee in his or her operations), the Federal Government, or comments on or before January 7, 2019.
VerDate Sep<11>2014 17:05 Nov 05, 2018 Jkt 247001 PO 00000 Frm 00030 Fmt 4703 Sfmt 4703 E:\FR\FM\06NON1.SGM 06NON1](https://thefederalregister.org/doc/83_FR_55756/page/3.svg)
Document Created: 2018-11-06 00:18:55
Document Modified: 2018-11-06 00:18:55
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Notice of modified systems of records; correction. | |
| Dates | This modified systems of records shall become final and effective on November 6, 2018. | |
| Contact | G. Richard Gold and Alex Tang, Attorneys (202-326-2424), Office of the General Counsel, FTC, 600 Pennsylvania Avenue NW, Washington, DC 20580. | |
| FR Citation | 83 FR 55541 |
2024 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR