Privacy Act of 1974 System of Records Notice

SUMMARY

The Commodity Futures Trading Commission (CFTC) is consolidating and revising several notices of systems of records under the Privacy Act of 1974. It is consolidating two system of records notices, CFTC-5, ``Employee Personnel/Payroll Records,'' and CFTC-4, ``Employee Leave, Time, and Attendance,'' into one, CFTC-5, ``Employee Personnel, Payroll, Time and Attendance,'' to reflect more integrated business processes and applications, and to be more descriptive of its contents and enhancements. The Commission also is consolidating three system of records notices, CFTC-34, ``Telecommunications Services,'' CFTC-35, ``Interoffice and Internet Email,'' and CFTC-36, ``Internet Security Gateway Systems,'' into one system of records notice, CFTC-35, entitled ``General Information Technology Records'' to reflect more integrated business processes and applications, and to be more descriptive of its contents and enhancements. The revised CFTC-35, ``General Information Technology Records,'' broadly covers the information in identifiable form needed for the CFTC information technology network to provide communications and operate effectively and securely.

 
CONTENT

Federal Register, Volume 81 Issue 190 (Friday, September 30, 2016)

Federal Register Volume 81, Number 190 (Friday, September 30, 2016)

Notices

Pages 67327-67331

From the Federal Register Online via the Government Publishing Office www.gpo.gov

FR Doc No: 2016-23616

=======================================================================

-----------------------------------------------------------------------

COMMODITY FUTURES TRADING COMMISSION

Privacy Act of 1974 System of Records Notice

AGENCY: Commodity Futures Trading Commission.

ACTION: Notice; alterations of Privacy Act systems of records.

-----------------------------------------------------------------------

SUMMARY: The Commodity Futures Trading Commission (CFTC) is consolidating and revising several notices of systems of records under the Privacy Act of 1974. It is consolidating two system of records notices, CFTC-5, ``Employee Personnel/Payroll Records,'' and CFTC-4, ``Employee Leave, Time,

Page 67328

and Attendance,'' into one, CFTC-5, ``Employee Personnel, Payroll, Time and Attendance,'' to reflect more integrated business processes and applications, and to be more descriptive of its contents and enhancements. The Commission also is consolidating three system of records notices, CFTC-34, ``Telecommunications Services,'' CFTC-35, ``Interoffice and Internet Email,'' and CFTC-36, ``Internet Security Gateway Systems,'' into one system of records notice, CFTC-35, entitled ``General Information Technology Records'' to reflect more integrated business processes and applications, and to be more descriptive of its contents and enhancements. The revised CFTC-35, ``General Information Technology Records,'' broadly covers the information in identifiable form needed for the CFTC information technology network to provide communications and operate effectively and securely.

DATES: Comments must be received on or before October 31, 2016. This action will be effective without further notice on November 9, 2016, unless revised pursuant to comments received.

ADDRESSES: You may submit comments identified by ``Employee Personnel, Payroll, Time and Attendance Records'' or ``General Information Technology Records,'' as applicable, by any of the following methods:

Agency Web site, via its Comments Online process: http://comments.cftc.gov. Follow the instructions for submitting comments through the Web site.

Federal eRulemaking Portal: Comments may be submitted at http://www.regulations.gov. Follow the instructions for submitting comments.

Mail: Christopher Kirkpatrick, Secretary of the Commission, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW., Washington, DC 20581.

Hand Delivery/Courier: Same as Mail, above.

Please submit your comments using only one method.

All comments must be submitted in English, or if not, accompanied by an English translation. Comments will be posted as received to http://www.cftc.gov. You should submit only information that you wish to make available publicly. If you wish the Commission to consider information that you believe is exempt from disclosure under the Freedom of Information Act, a petition for confidential treatment of the exempt information may be submitted according to the procedures established in Sec. 145.9 of the Commission's regulations, 17 CFR 145.9.

The Commission reserves the right, but shall have no obligation, to review, pre-screen, filter, redact, refuse or remove any or all of a submission from http://www.cftc.gov that it may deem to be inappropriate for publication, such as obscene language. All submissions that have been redacted or removed that contain comments on the merits of the notice will be retained in the public comment file and will be considered as required under all applicable laws and may be accessible under the Freedom of Information Act.

FOR FURTHER INFORMATION CONTACT: Kathy Harman-Stokes, Chief Privacy Officer, kharman-stokes@cftc.gov, 202-418-6629, Office of the Executive Director, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW., Washington, DC 20581.

SUPPLEMENTARY INFORMATION:

  1. The Privacy Act

    Under the Privacy Act of 1974, 5 U.S.C. 552a, a ``system of records'' is defined as any group of records under the control of a federal government agency from which information about individuals is retrieved by name or other personal identifier. The Privacy Act establishes the means by which government agencies must collect, maintain, and use personally identifiable information associated with an individual in a government system of records.

    Each government agency is required to publish a notice in the Federal Register of a system of records in which the agency identifies and describes each system of records it maintains, the reasons why the agency uses the personally identifying information therein, the routine uses for which the agency will disclose such information outside the agency, and how individuals may exercise their rights under the Privacy Act to determine if the system contains information about them.

  2. Routine Uses

    Information in the systems of records covered by this Federal Register notice may be disclosed as specifically stated in the applicable notice and also in accordance with the blanket routine uses numbered 1 through 19 published at 76 FR 5974 (Feb. 2, 2011). These blanket routine uses apply to all CFTC systems of records, except as otherwise provided in a specific system of records notice.

  3. Employee Personnel, Payroll, Time and Attendance

    The Employee Personnel, Payroll, Time and Attendance System is a collection of information concerning CFTC employees, including interns and volunteers. This System contains certain personnel records not covered by government-wide system of records notices, including records related to telework, requests for reasonable accommodation, student loan repayment program documentation, employee counseling, and grievances and other employee matters not appealed to the Merit Systems Protection Board (MSPB). This System also contains records related to payroll, pay deductions for taxes, benefits, garnishments, and other matters, all forms of leave and absences, and time and attendance. The System includes, but is not limited to: Name; business and personal contact information; social security number; date of birth; medical and other information provided for leave requests and requests for reasonable accommodation; pay and benefit information; and direct deposit information.

  4. CFTC's General Information Technology Records

    The General Information Technology Records system covers certain records that the CFTC computer systems routinely compile and maintain about users of those systems to enable the information technology (``IT'') network and its hardware, software, applications, databases, communications, and Internet access to function effectively, reliably and securely, and for activities to be logged for auditing, system improvement, and security purposes. While the CFTC IT network contains a broad array of hardware, software, applications, databases, communications tools, and means to access the Internet, this General Information Technology Records system of records notice (``SORN'') covers the personally identifiable information (``PII'') processed or generated by the IT network that would be covered by the Privacy Act of 1974 and is not covered by another SORN, for individuals who currently or previously had access to the CFTC IT network, including current and former employees, volunteers, interns, contractors, and consultants. This system of records includes, but is not limited to: Network user information needed for the IT network and its components to function effectively and securely and for the CFTC to control access to software, applications, data and information; network activity

    Page 67329

    information including activity logs, audit trails, identification of devices used to access CFTC systems, Internet sites visited, and information input into sites visited, logs of calls to and from a CFTC network user on desk or mobile phones, and similar communication data traffic logs, and, if needed to locate a misplaced CFTC mobile device or for related purposes, the location of that device; and logs of calls placed using CFTC calling cards. Many CFTC computer systems collect and maintain additional information, other than system use data, about individuals inside and outside the CFTC. For a complete list of CFTC Privacy Act systems, please see http://www.cftc.gov/Transparency/PrivacyOffice/SORN/index.htm to learn about other categories of information collected and maintained about individuals in the CFTC's computer system.

    Issued in Washington, DC, on September 26, 2016, by the Commission.

    Christopher J. Kirkpatrick,

    Secretary of the Commission.

    CFTC-5

    SYSTEM NAME:

    Employee Personnel, Payroll, Time and Attendance.

    SECURITY CLASSIFICATION:

    Unclassified.

    SYSTEM LOCATION:

    This system is located in the Office of the Executive Director, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW., Washington, DC 20581 and on a computer system at the Commission's payroll processor, Department of Agriculture's National Finance Center, New Orleans, LA.

    CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

    Former and current Commission employees, including volunteers and interns.

    CATEGORIES OF RECORDS IN THE SYSTEM:

    Categories of records include personnel records not covered by government-wide system of records notices, including records related to telework and requests for reasonable accommodation, which may include medical information; student loan repayment program application and information; and employee counseling, grievances and other employee matters not appealed to the MSPB. This System also contains records related to payroll, including salary information, awards and pay increases; benefits information needed for processing payment of benefits; direct deposit information; pay deductions, including tax and retirement deductions, life insurance, health and dental insurance deductions, flexible spending account deductions, savings allotments, transit and parking deductions, garnishments, debts owed to the Commission, and charity deductions; salary offset under part 141 of the Commission's rules; all forms of leave requests, balances and credits; all other absence types, including suspension; information necessary to administer the Commission's voluntary leave transfer program, including leave donated or used and any supporting documentation, which may include medical information; hours worked; and time and attendance records. The System includes identifying information, such as name; business and personal contact information; social security number; date of birth; citizenship; bank account information for direct deposit; and employee identification number.

    Note: The CFTC is the custodian of many employment-related records that are described in the system notices published by the Office of Personnel Management, MSPB, Equal Employment Opportunity Commission and other Federal agencies. For a complete list of government-wide Privacy Act systems, please see OMB Memo 99-05, Attachment C, ``Government-wide Systems of Records,'' at https://www.whitehouse.gov/omb/memoranda_m99-05-c/.

    AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

    5 U.S.C. 6101-6133; 5 U.S.C. 6301-6326; 44 U.S.C. 3101.

    PURPOSE(S):

    Information is collected to allow the Commission to handle personnel, payroll, time and attendance functions, including personnel functions involving records not covered by government-wide system of records notices, telework requests, requests for reasonable accommodation, student loan repayment program documentation, employee counseling, grievances and other employee matters not appealed to the Merit Systems Protection Board (MSPB), and payroll, pay deductions, leave requests, time and attendance.

    ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

    1. The information may be provided to the Department of Justice, the Office of Personnel Management or other Federal agencies, or used by the Commission in connection with any investigation or administrative or legal proceeding involving any violation of Federal law or regulation thereunder.

    2. Certain information will be provided, as required by law, to the Office of Child Support Enforcement, Administration for Children and Families, Department of Health and Human Services Federal Parent Locator System (FPLS) and Federal Tax Offset System to enable state jurisdictions to locate individuals and identify their income sources to establish paternity, establish and modify orders of support, and for enforcement action.

    3. Certain information will be provided, as required by law, to the Office of Child Support Enforcement for release to the Social Security Administration for verifying social security numbers in connection with the operation of the FPLS by the Office of Child Support Enforcement.

    4. Certain information will be provided, as required by law, to the Office of Child Support Enforcement for release to the Department of Treasury for purposes of administering the Earned Income Tax Credit Program (Section 32, Internal Revenue Code of 1986) and verifying a claim with respect to employment in a tax return.

    5. The information may be provided to insurance companies providing, or proposing to bid on a solicitation to provide, health benefits to Commission employees. This data may include, but is not limited to: Name, social security number, date of birth, age, gender, marital status, service computation date, date of initial appointment with the Commission, geographic location, standard metropolitan service area, home phone number, and home address of the Commission employee. For each enrolled dependent of the Commission employee, this information may include, but is not limited to: Dependent's name, relationship of the dependent to the Commission employee, date of birth, age, gender, social security number, home address, marital status, student status, and handicap status where applicable. This information may be used to verify eligibility, pay claims, or provide accurate bids.

    6. For employees who request repayment of student loans through the CFTC Student Loan Repayment Program, certain information will be provided to the organizations that hold the requesting employees' loan notes for the purpose of verifying outstanding loan amounts and administering such program.

    7. To provide information to officials of labor organizations recognized under 5 U.S.C. Chapter 71 when relevant and necessary to their duties of exclusive representation concerning personnel

    Page 67330

    policies, practices, and matters affecting work conditions.

    Information in this system also may be disclosed in accordance with the blanket routine uses that appear at the beginning of the Commission's compilation of its system of records notices, see, e.g., 76 FR 5974 (Feb. 2, 2011), and the Commission's Web site, www.cftc.gov.

    DISCLOSURE TO CONSUMER REPORTING AGENCIES:

    None.

    POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:

    STORAGE:

    Paper records are stored in file folders, and electronic records, including computer files, are stored on the Commission's network, the National Finance Center Personnel/Payroll System, and other electronic media as needed.

    RETRIEVABILITY:

    By the name, identification number, or other personally identifying information of the employee, volunteer or intern.

    SAFEGUARDS:

    Records are protected from unauthorized access and improper use through administrative, technical and physical security measures. Technical security measures within CFTC include restrictions on computer access to authorized individuals who have a legitimate need to know the information; required use of strong passwords that are frequently changed; multi-factor authentication for remote access and access to many CFTC network components; use of encryption for certain data types and transfers; firewalls and intrusion detection applications; and regular review of security procedures and best practices to enhance security. Only specifically authorized individuals may access the National Finance Center computer system. Physical measures include restrictions on building access to authorized individuals, 24-hour security guard service, and maintenance of records in lockable offices and filing cabinets.

    RETENTION AND DISPOSAL:

    These records are maintained according to retention schedules prescribed by the General Records Schedule for each type of workforce record.

    SYSTEM MANAGER(S) AND ADDRESS:

    Executive Director, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW., Washington, DC 20581.

    NOTIFICATION PROCEDURE:

    Individuals seeking to determine whether this system of records contains information about themselves, seeking access to records about themselves in this system of records, or contesting the content of records about themselves contained in this system of records should address written inquiries to the Office of General Counsel, Paralegal Specialist, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW., Washington, DC 20581. Telephone (202) 418-5011.

    RECORDS SOURCE CATEGORIES:

    Individual about whom the record is maintained; CFTC human resources office records; records from the National Finance Center; and information from third parties providing benefits or other services to covered individuals.

    EXEMPTIONS CLAIMED FOR THE SYSTEM:

    None.

    CFTC-35

    SYSTEM NAME:

    General Information Technology Records.

    SECURITY CLASSIFICATION:

    Unclassified.

    SYSTEM LOCATION:

    This system is located in the Commission's Office of Data and Technology at its principal office at Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW., Washington, DC 20581.

    CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

    Individuals covered by the system include current and former CFTC network users, including current or former employees, interns, volunteers, contractors and consultants.

    CATEGORIES OF RECORDS IN THE SYSTEM:

    The system of records covers certain records that the CFTC computer systems routinely compile and maintain about users of its systems to enable the information technology (``IT'') network and its hardware, software, applications, databases, communications and Internet access to function effectively, reliably and securely, and for activities to be logged for auditing, system improvement, and security purposes, to the extent such records are covered by the Privacy Act of 1974 and not included in another system of records. This system includes but is not limited to: Network user information needed for the IT network and its components to function effectively and securely and for the CFTC to control access to software, applications, data and information; network activity information including, for example, activity logs, audit trails, identification of devices used to access CFTC systems, Internet sites visited, and information input into sites visited, logs of calls to and from a CFTC network user on desk or mobile phones, and similar communication data traffic logs, and, if needed to locate a misplaced CFTC mobile device or for related purposes, the location of that device; and logs of calls placed using CFTC calling cards. Many CFTC computer systems collect and maintain additional information, other than system use data, about individuals inside and outside the CFTC. For a complete list of CFTC Privacy Act systems, please see http://www.cftc.gov/Transparency/PrivacyOffice/SORN/index.htm to learn about other categories of information collected and maintained about individuals in the CFTC's computer system.

    AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

    5 U.S.C. 301; Commodity Exchange Act, 7 U.S.C. 1 et seq. including Section 12 of the Commodity Exchange Act, at 7 U.S.C. 16, and the rules and regulations promulgated thereunder.

    PURPOSE(S):

    The purpose of the system of records is to enable effective, reliable and secure operation of the information technology network and its hardware, software, applications, databases, communications and Internet access that CFTC staff members rely upon to perform their job duties and carry out the agency's mission. This includes: To monitor usage of computer systems; to ensure the availability and reliability of the agency computer facilities; to document and/or control access to various computer systems; to audit, log, and alert responsible CFTC personnel when certain personally identifying information is accessed in specified systems; to identify the need for and to conduct training programs, which can include the topics of information security, acceptable computer practices, and CFTC information security policies and procedures; to monitor security on computer systems; to add and delete users; to investigate and make referrals for disciplinary or other action if improper or unauthorized use is suspected or detected.

    Page 67331

    ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

    The information in this system will be routinely used by CFTC staff members in the Office of Data and Technology to: Facilitate authorized access to and use of CFTC email accounts and internal individual and shared electronic storage and collaboration platforms; enable appropriate access and controls over access to other CFTC systems, applications and information; implement privacy and security controls over CFTC resources and information; generate audit trails for review by staff to understand vulnerabilities and issues to improve system effectiveness and security; and support the communications, telecommunications and audiovisual services CFTC staff members need to fulfill their job duties. Information in this system also may be disclosed in accordance with the blanket routine uses that appear at the beginning of the Commission's compilation of its system of records notices, see, e.g., 76 FR 5974 (Feb. 2, 2011), and the Commission's Web site, http://www.cftc.gov.

    DISCLOSURE TO CONSUMER REPORTING AGENCIES:

    None.

    POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESS CONTROLS, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:

    STORAGE:

    Paper records are stored in file folders and electronic records are stored on the Commission's network and other electronic media as needed, such as encrypted hard drives and back-up media.

    RETRIEVABILITY:

    Certain information covered by this SORN may be retrieved by name, CFTC username, identification number, title, device identifier, Internet Protocol address assigned to CFTC IT network components, email address, and calling card or phone number of the CFTC network user.

    SAFEGUARDS:

    Records are protected from unauthorized access and improper use through administrative, technical and physical security measures. Technical security measures within CFTC include restrictions on computer access to authorized individuals who have a legitimate need to know the information; required use of strong passwords that are frequently changed; multi-factor authentication for remote access and access to many CFTC network components; use of encryption for certain data types and transfers; firewalls and intrusion detection applications; and regular review of security procedures and best practices to enhance security. Physical measures include restrictions on building access to authorized individuals, 24-hour security guard service, and maintenance of records in lockable offices and filing cabinets.

    RETENTION AND DISPOSAL:

    The records will be maintained in accordance with records disposition schedules approved by the National Archives and Records Administration. The schedules are available at www.cftc.gov.

    SYSTEM MANAGER(S) AND ADDRESS:

    The Chief Information Officer, Office of Data and Technology, located at the Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW., Washington, DC 20581.

    NOTIFICATION PROCEDURE:

    Individuals seeking to determine whether this system of records contains information about themselves, seeking access to records about themselves in this system of records, or contesting the content of records about themselves contained in this system of records should address written inquiries to the Office of General Counsel, Paralegal Specialist, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW., Washington, DC 20581. Telephone (202) 418-5011.

    RECORD SOURCE CATEGORIES:

    Current and former CFTC IT network users, including current and former employees, interns, volunteers, contractors and consultants; individuals communicating with CFTC network users through CFTC communications platforms; and CFTC hardware, software and system components that generate information reflecting activity on the CFTC IT network.

    EXEMPTIONS CLAIMED FOR THE SYSTEM:

    None.

    FR Doc. 2016-23616 Filed 9-29-16; 8:45 am

    BILLING CODE 6351-01-P