2018-15392

Federal Register, Volume 83 Issue 139 (Thursday, July 19, 2018) 
[Federal Register Volume 83, Number 139 (Thursday, July 19, 2018)]
[Notices]
[Pages 34123-34126]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-15392]


=======================================================================
-----------------------------------------------------------------------

COMMODITY FUTURES TRADING COMMISSION


Privacy Act of 1974; System of Records

AGENCY: Commodity Futures Trading Commission.

ACTION: Notice of Two Modified Systems of Records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of
1974, as amended, the Commodity Futures Trading Commission (CFTC or
Commission) is republishing two existing System of Record Notices
(SORNs): CFTC-39, Freedom of Information Act Requests and CFTC-40,
Privacy Act Requests. The modification will add three routine uses,
clarify existing routine uses, and bring the SORNs in compliance with
the Office of Management and Budget (OMB) Circular A-108 SORN template.
Two of the new routine uses pertain to sharing information to mitigate
a breach and are required by OMB Memorandum 17-12. The third new
routine use is requested by the Office of Government Information
Services (OGIS) to allow disclosure of personally identifiable
information to OGIS for Freedom of Information Act (FOIA) dispute
resolution and compliance review purposes. Other updates include
identifying the specific routine uses applicable to each of the systems
of records rather than relying on CFTC's previously published blanket
routine uses, and administrative updates to comply with the OMB
Circular A-108 SORN template format.

DATES: Comments must be received on or before August 20, 2018. This
action takes effect without further notice on August 20, 2018, unless
revised pursuant to comments received.

ADDRESSES: You may submit comments identified as pertaining to
``Freedom of Information Act Requests'' or ``Privacy Act Requests'' by
any of the following methods:
     Agency website, via its Comments Online process: https://comments.cftc.gov. Follow the instructions for submitting comments
through the website.
     Mail: Christopher J. Kirkpatrick, Secretary of the
Commission, Commodity Futures Trading Commission, Three Lafayette
Centre, 1155 21st Street NW, Washington, DC 20581.
     Hand Delivery/Courier: Same as Mail, above.

Please submit your comments using only one method.
    All comments must be submitted in English, or if not, accompanied
by an English translation. Comments will be posted as received to
http://www.cftc.gov. You should submit only information that you wish
to make available publicly. If you wish the Commission to consider
information that you believe is exempt from disclosure under the
Freedom of Information Act (FOIA), a petition for confidential
treatment of the exempt information may be submitted according to the
procedures established in Sec.  145.9 of the Commission's regulations,
17 CFR 145.9.
    The Commission reserves the right, but shall have no obligation, to
review, pre-screen, filter, redact, refuse, or remove any or all of a
submission from http://www.cftc.gov that it may deem to be
inappropriate for publication, such as obscene language. All
submissions that have been redacted or removed that contain comments on
the merits of the notice will be retained in the comment file and will
be considered as required under all applicable laws, and may be
accessible under the FOIA.

FOR FURTHER INFORMATION CONTACT: Chief Privacy Officer,
[email protected], Office of the Executive Director, Commodity Futures
Trading Commission, Three Lafayette Centre, 1155 21st Street NW,
Washington, DC 20581.

SUPPLEMENTARY INFORMATION:

I. The Privacy Act

    Under the Privacy Act of 1974, 5 U.S.C. 552a, a ``system of
records'' is defined as any group of records under the control of a
Federal government agency from which information about individuals is
retrieved by name or by some identifying number, symbol, or other
identifying particular assigned to the individual. The Privacy Act
establishes the means by which government agencies must collect,
maintain, and use information about an individual in a government
system of records.
    Each government agency is required to publish a notice in the
Federal Register in which the agency identifies and describes each
system of records it maintains, the reasons why the agency uses the
information therein, the routine uses for which the agency will
disclose such information outside the agency, and how individuals may
exercise their rights under the Privacy Act.
    In accordance with 5 U.S.C. 552a(r), CFTC has provided reports of
these systems of records to the Office of Management and Budget (OMB)
and to Congress.

II. Background

    The Commodity Futures Trading Commission (CFTC or Commission) is
republishing two existing SORNs: CFTC-39, Freedom of Information Act
Requests and CFTC-40, Privacy Act Requests. The SORNs are being
republished to add three routine uses, clarify existing routine uses,
and bring the SORN in compliance with OMB Circular A-108 SORN template.
The records covered under the Freedom of Information Act Requests SORN
are collected and maintained to process requests made under the
provisions of the FOIA, and to assist the CFTC in carrying out any
other responsibilities relating to the FOIA. The records covered under
the Privacy Act Requests SORN are collected and maintained to process
requests made under the provisions of the Privacy Act, and to assist
the CFTC in carrying out any other responsibilities relating to the
Privacy Act. Two routine uses are being added to both SORNs to permit
sharing with other Federal agencies or Federal entities as required by
OMB Memorandum 17-12, ``Preparing for and Responding to a Breach of
Personally Identifiable Information.'' These routine uses will assist
the CFTC and/or other Federal agencies or entities in responding to a
suspected or confirmed breach and/or prevent, minimize, or remedy the
risk of harm to the requesters, the CFTC, the Federal government, or
national security. A third routine use is being added to both SORNs to
permit sharing with the National Archives and Records Administration
(NARA), Office of Government Information Services (OGIS) so OGIS can
review administrative policies, procedures, and compliance, and to
facilitate resolutions to disputes between persons making FOIA requests
and the CFTC. Additional updates to both SORNs include clarifying the
specific routine uses applicable to each system of records, and
administrative updates including section name and organization updates
to comply with the OMB Circular A-108 SORN template format.

[[Page 34124]]

III. Notice: Freedom of Information Act Requests, CFTC-39.

SYSTEM NAME AND NUMBER
    Freedom of Information Act Requests, CFTC-39.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    This system is located at the Commodity Futures Trading Commission,
Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.
Other offices involved in the processing of requests may also maintain
copies of the requests and any related internal administrative records.

SYSTEM MANAGER(S):
    General Counsel, Commodity Futures Trading Commission, Three
Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The collection of this information is authorized under the Freedom
of Information Act, 5 U.S.C. 552, 5 U.S.C. 301.

PURPOSE(S) OF THE SYSTEM:
    The information in this system is being collected to enable the
CFTC to carry out its responsibilities under the FOIA. These
responsibilities include enabling CFTC staff to receive, track, and
respond to FOIA requests. This requires maintaining documentation
gathered during the consideration and disposition process and
administering annual reporting requirements.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals requesting information from the Commission pursuant to
provisions of FOIA, 5 U.S.C. 552, and individuals who are the subjects
of FOIA requests.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system of records includes information that may contain:
requests, responsive documents, internal memoranda, electronic mail,
response letters, appeals of denials, appeal determinations, electronic
tracking data, fee schedules, cost calculations, and assessed cost for
disclosed FOIA records.

RECORD SOURCE CATEGORIES:
    Individuals requesting information from the Commission pursuant to
the FOIA and CFTC staff processing the requests.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
    These records and information in these records may be used:
    (a) To disclose information to the National Archives and Records
Administration, Office of Government Information Services (OGIS), to
the extent necessary to fulfill its responsibilities in 5 U.S.C.
552(h), to review administrative agency policies, procedures, and
compliance with the Freedom of Information Act, and to facilitate OGIS'
offering of mediation services to resolve disputes between persons
making FOIA requests and administrative agencies;
    (b) To disclose in any administrative proceeding before the
Commission, in any injunctive action authorized under the Commodity
Exchange Act, or in any other action or proceeding in which the
Commission or its staff participates as a party or the Commission
participates as amicus curiae;
    (c) To disclose to Federal, State, local, territorial, Tribal, or
foreign agencies for use in meeting their statutory or regulatory
requirements;
    (d) To disclose to contractors, grantees, volunteers, experts,
students, and others performing or working on a contract, service,
grant, cooperative agreement, or job for the Federal government when
necessary to accomplish an agency function;
    (e) To disclose to Congress upon its request, acting within the
scope of its jurisdiction, pursuant to the Commodity Exchange Act, 7
U.S.C. 1 et seq., and the rules and regulations promulgated thereunder;
    (f) To disclose to appropriate agencies, entities, and persons when
(1) the Commission suspects or has confirmed that there has been a
breach of the system of records; (2) the Commission has determined that
as a result of the suspected or confirmed breach there is a risk of
harm to individuals, the Commission (including its information systems,
programs, and operations), the Federal Government, or national
security; and (3) the disclosure made to such agencies, entities, and
persons is reasonably necessary to assist in connection with the
Commission's efforts to respond to the suspected or confirmed breach or
to prevent, minimize, or remedy such harm; or
    (g) To disclose to another Federal agency or Federal entity, when
the Commission determines that information from this system of records
is reasonably necessary to assist the recipient agency or entity in (1)
responding to a suspected or confirmed breach or (2) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient
agency or entity (including its information systems, programs, and
operations), the Federal Government, or national security, resulting
from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    The FOIA system of records stores records in this system
electronically. The records are stored on the Commission's secure
network and secure back-up media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Information covered by this system of records notice may be
retrieved by assigned control number, name of requester, or by subject
of request.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records for this system will be maintained in accordance with
General Records Schedule 4.2 of the National Archives and Records
Administration. All approved schedules are available at http://www.cftc.gov.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records are protected from unauthorized access and improper use
through administrative, technical, and physical security measures.
Administrative safeguards include written guidelines on handling FOIA
information including agency-wide procedures for safeguarding
personally identifiable information. In addition, all CFTC staff are
required to take annual privacy and security training. Technical
security measures within CFTC include restrictions on computer access
to authorized individuals who have a legitimate need to know the
information; required use of strong passwords that are frequently
changed; multi-factor authentication for remote access and access to
many CFTC network components; use of encryption for certain data types
and transfers; firewalls and intrusion detection applications; and
regular review of security procedures and best practices to enhance
security. Physical safeguards include restrictions on building access
to authorized individuals, 24-hour security guard service, and
maintenance of records in lockable offices and filing cabinets.

RECORD ACCESS PROCEDURES:
    Individuals seeking to determine whether this system of records
contains information about themselves or seeking access to records
about themselves in

[[Page 34125]]

this system of records should address written inquiries to the Office
of General Counsel, Commodity Futures Trading Commission, Three
Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. See 17 CFR
146.3 for full details on what to include in a Privacy Act access
request.

CONTESTING RECORD PROCEDURES:
    Individuals contesting the content of records about themselves
contained in this system of records should address written inquiries to
the Office of General Counsel, Commodity Futures Trading Commission,
Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. See
17 CFR 146.8 for full details on what to include in a Privacy Act
amendment request.

NOTIFICATION PROCEDURES:
    Individuals seeking notification of any records about themselves
contained in this system of records should address written inquiries to
the Office of General Counsel, Commodity Futures Trading Commission,
Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. See
17 CFR 146.3 for full details on what to include in a Privacy Act
notification request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    A previous version of this SORN was published in the Federal
Register on February 02, 2011 at 76 FR 5973.
    IV. Notice: Privacy Act Requests, CFTC-40.
SYSTEM NAME AND NUMBER
    Privacy Act Requests, CFTC-40.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    This system is located at the Commodity Futures Trading Commission,
Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.
Other offices involved in the processing of requests may also maintain
copies of the requests and any related internal administrative records.

SYSTEM MANAGER(S):
    General Counsel, Commodity Futures Trading Commission, Three
Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The collection of this information is authorized under the Privacy
Act, 5 U.S.C. 552a, 5 U.S.C. 301.

PURPOSE(S) OF THE SYSTEM:
    The information in this system is being collected to enable the
CFTC to carry out its responsibilities under the Privacy Act. These
responsibilities include enabling CFTC staff to receive, track, and
respond to Privacy Act requests.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals filing requests for access to, correction of, or an
accounting of disclosures of personal information contained in systems
of records maintained by the Commission, pursuant to the Privacy Act of
1974. 5 U.S.C. 552a.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Requests, responsive documents, internal memoranda, response
letters, appeals of denials, appeal determinations, and electronic
tracking data.

RECORD SOURCE CATEGORIES:
    Individuals requesting information from the Commission pursuant to
the Privacy Act and CFTC staff processing the requests.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
    These records and information in these records may be used:
    (a) To disclose information to the National Archives and Records
Administration, Office of Government Information Services (OGIS), to
the extent necessary to fulfill its responsibilities in 5 U.S.C.
552(h), to review administrative agency policies, procedures, and
compliance with the Freedom of Information Act, and to facilitate OGIS'
offering of mediation services to resolve disputes between persons
making FOIA requests and administrative agencies;
    (b) To disclose in any administrative proceeding before the
Commission, in any injunctive action authorized under the Commodity
Exchange Act, or in any other action or proceeding in which the
Commission or its staff participates as a party or the Commission
participates as amicus curiae;
    (c) To disclose to Federal, State, local, territorial, Tribal, or
foreign agencies for use in meeting their statutory or regulatory
requirements;
    (d) To disclose to anyone during the course of a Commission
investigation if Commission staff has reason to believe that the person
to whom it is disclosed may have further information about matters
relevant to the subject of the investigation;
    (e) To disclose to contractors, grantees, volunteers, experts,
students, and others performing or working on a contract, service,
grant, cooperative agreement, or job for the Federal government when
necessary to accomplish an agency function;
    (f) To disclose to Congress upon its request, acting within the
scope of its jurisdiction, pursuant to the Commodity Exchange Act, 7
U.S.C. 1 et seq., and the rules and regulations promulgated thereunder;
    (g) To disclose to appropriate agencies, entities, and persons when
(1) the Commission suspects or has confirmed that there has been a
breach of the system of records; (2) the Commission has determined that
as a result of the suspected or confirmed breach there is a risk of
harm to individuals, the Commission (including its information systems,
programs, and operations), the Federal Government, or national
security; and (3) the disclosure made to such agencies, entities, and
persons is reasonably necessary to assist in connection with the
Commission's efforts to respond to the suspected or confirmed breach or
to prevent, minimize, or remedy such harm; or
    (h) To disclose to another Federal agency or Federal entity, when
the Commission determines that information from this system of records
is reasonably necessary to assist the recipient agency or entity in (1)
responding to a suspected or confirmed breach or (2) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient
agency or entity (including its information systems, programs, and
operations), the Federal Government, or national security, resulting
from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    The Privacy Act Requests system of records stores records in this
system electronically. The records are stored on the Commission's
secure network, and on secure back-up media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Information covered by this system of records notice may be
retrieved by assigned control number, name of requester, or by subject
of request.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records for this system will be maintained in accordance with
General Records Schedule 4.2 of the National Archives and Records
Administration. All approved schedules are available at http://www.cftc.gov.

[[Page 34126]]

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records are protected from unauthorized access and improper use
through administrative, technical, and physical security measures.
Administrative safeguards include agency-wide training and procedures
for safeguarding personally identifiable information. Technical
security measures within CFTC include restrictions on computer access
to authorized individuals who have a legitimate need to know the
information; required use of strong passwords that are frequently
changed; multi-factor authentication for remote access and access to
many CFTC network components; use of encryption for certain data types
and transfers; firewalls and intrusion detection applications; and
regular review of security procedures and best practices to enhance
security. Physical safeguards include restrictions on building access
to authorized individuals, 24-hour security guard service, and
maintenance of records in lockable offices and filing cabinets.

RECORD ACCESS PROCEDURES:
    Individuals seeking to determine whether this system of records
contains information about themselves or seeking access to records
about themselves in this system of records should address written
inquiries to the Office of General Counsel, Commodity Futures Trading
Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC
20581. See 17 CFR 146.3 for full details on what to include in Privacy
Act access request.

CONTESTING RECORD PROCEDURES:
    Individuals contesting the content of records about themselves
contained in this system of records should address written inquiries to
the Office of General Counsel, Commodity Futures Trading Commission,
Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. See
17 CFR 146.8 for full details on what to include in a Privacy Act
amendment request.

NOTIFICATION PROCEDURES:
    Individuals seeking notification of any records about themselves
contained in this system of records should address written inquiries to
the Office of General Counsel, Commodity Futures Trading Commission,
Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. See
17 CFR 146.3 for full details on what to include in a Privacy Act
notification request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    A previous version of this SORN was published in the Federal
Register on February 02, 2011 at 76 FR 5973.

    Issued in Washington, DC, on July 13, 2018, by the Commission.
Robert Sidman,
Deputy Secretary of the Commission.
[FR Doc. 2018-15392 Filed 7-18-18; 8:45 am]
 BILLING CODE 6351-01-P