2016-23616
Federal Register, Volume 81 Issue 190 (Friday, September 30, 2016)
[Federal Register Volume 81, Number 190 (Friday, September 30, 2016)]
[Notices]
[Pages 67327-67331]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-23616]
=======================================================================
-----------------------------------------------------------------------
COMMODITY FUTURES TRADING COMMISSION
Privacy Act of 1974 System of Records Notice
AGENCY: Commodity Futures Trading Commission.
ACTION: Notice; alterations of Privacy Act systems of records.
-----------------------------------------------------------------------
SUMMARY: The Commodity Futures Trading Commission (CFTC) is
consolidating and revising several notices of systems of records under
the Privacy Act of 1974. It is consolidating two system of records
notices, CFTC-5, ``Employee Personnel/Payroll Records,'' and CFTC-4,
``Employee Leave, Time,
[[Page 67328]]
and Attendance,'' into one, CFTC-5, ``Employee Personnel, Payroll, Time
and Attendance,'' to reflect more integrated business processes and
applications, and to be more descriptive of its contents and
enhancements. The Commission also is consolidating three system of
records notices, CFTC-34, ``Telecommunications Services,'' CFTC-35,
``Interoffice and Internet Email,'' and CFTC-36, ``Internet Security
Gateway Systems,'' into one system of records notice, CFTC-35, entitled
``General Information Technology Records'' to reflect more integrated
business processes and applications, and to be more descriptive of its
contents and enhancements. The revised CFTC-35, ``General Information
Technology Records,'' broadly covers the information in identifiable
form needed for the CFTC information technology network to provide
communications and operate effectively and securely.
DATES: Comments must be received on or before October 31, 2016. This
action will be effective without further notice on November 9, 2016,
unless revised pursuant to comments received.
ADDRESSES: You may submit comments identified by ``Employee Personnel,
Payroll, Time and Attendance Records'' or ``General Information
Technology Records,'' as applicable, by any of the following methods:
Agency Web site, via its Comments Online process: http://comments.cftc.gov. Follow the instructions for submitting comments
through the Web site.
Federal eRulemaking Portal: Comments may be submitted at
http://www.regulations.gov. Follow the instructions for submitting
comments.
Mail: Christopher Kirkpatrick, Secretary of the
Commission, Commodity Futures Trading Commission, Three Lafayette
Centre, 1155 21st Street NW., Washington, DC 20581.
Hand Delivery/Courier: Same as Mail, above.
Please submit your comments using only one method.
All comments must be submitted in English, or if not, accompanied
by an English translation. Comments will be posted as received to
http://www.cftc.gov. You should submit only information that you wish
to make available publicly. If you wish the Commission to consider
information that you believe is exempt from disclosure under the
Freedom of Information Act, a petition for confidential treatment of
the exempt information may be submitted according to the procedures
established in Sec. 145.9 of the Commission's regulations, 17 CFR
145.9.
The Commission reserves the right, but shall have no obligation, to
review, pre-screen, filter, redact, refuse or remove any or all of a
submission from http://www.cftc.gov that it may deem to be
inappropriate for publication, such as obscene language. All
submissions that have been redacted or removed that contain comments on
the merits of the notice will be retained in the public comment file
and will be considered as required under all applicable laws and may be
accessible under the Freedom of Information Act.
FOR FURTHER INFORMATION CONTACT: Kathy Harman-Stokes, Chief Privacy
Officer, [email protected], 202-418-6629, Office of the Executive
Director, Commodity Futures Trading Commission, Three Lafayette Centre,
1155 21st Street NW., Washington, DC 20581.
SUPPLEMENTARY INFORMATION:
I. The Privacy Act
Under the Privacy Act of 1974, 5 U.S.C. 552a, a ``system of
records'' is defined as any group of records under the control of a
federal government agency from which information about individuals is
retrieved by name or other personal identifier. The Privacy Act
establishes the means by which government agencies must collect,
maintain, and use personally identifiable information associated with
an individual in a government system of records.
Each government agency is required to publish a notice in the
Federal Register of a system of records in which the agency identifies
and describes each system of records it maintains, the reasons why the
agency uses the personally identifying information therein, the routine
uses for which the agency will disclose such information outside the
agency, and how individuals may exercise their rights under the Privacy
Act to determine if the system contains information about them.
II. Routine Uses
Information in the systems of records covered by this Federal
Register notice may be disclosed as specifically stated in the
applicable notice and also in accordance with the blanket routine uses
numbered 1 through 19 published at 76 FR 5974 (Feb. 2, 2011). These
blanket routine uses apply to all CFTC systems of records, except as
otherwise provided in a specific system of records notice.
III. Employee Personnel, Payroll, Time and Attendance
The Employee Personnel, Payroll, Time and Attendance System is a
collection of information concerning CFTC employees, including interns
and volunteers. This System contains certain personnel records not
covered by government-wide system of records notices, including records
related to telework, requests for reasonable accommodation, student
loan repayment program documentation, employee counseling, and
grievances and other employee matters not appealed to the Merit Systems
Protection Board (MSPB). This System also contains records related to
payroll, pay deductions for taxes, benefits, garnishments, and other
matters, all forms of leave and absences, and time and attendance. The
System includes, but is not limited to: Name; business and personal
contact information; social security number; date of birth; medical and
other information provided for leave requests and requests for
reasonable accommodation; pay and benefit information; and direct
deposit information.
IV. CFTC's General Information Technology Records
The General Information Technology Records system covers certain
records that the CFTC computer systems routinely compile and maintain
about users of those systems to enable the information technology
(``IT'') network and its hardware, software, applications, databases,
communications, and Internet access to function effectively, reliably
and securely, and for activities to be logged for auditing, system
improvement, and security purposes. While the CFTC IT network contains
a broad array of hardware, software, applications, databases,
communications tools, and means to access the Internet, this General
Information Technology Records system of records notice (``SORN'')
covers the personally identifiable information (``PII'') processed or
generated by the IT network that would be covered by the Privacy Act of
1974 and is not covered by another SORN, for individuals who currently
or previously had access to the CFTC IT network, including current and
former employees, volunteers, interns, contractors, and consultants.
This system of records includes, but is not limited to: Network user
information needed for the IT network and its components to function
effectively and securely and for the CFTC to control access to
software, applications, data and information; network activity
[[Page 67329]]
information including activity logs, audit trails, identification of
devices used to access CFTC systems, Internet sites visited, and
information input into sites visited, logs of calls to and from a CFTC
network user on desk or mobile phones, and similar communication data
traffic logs, and, if needed to locate a misplaced CFTC mobile device
or for related purposes, the location of that device; and logs of calls
placed using CFTC calling cards. Many CFTC computer systems collect and
maintain additional information, other than system use data, about
individuals inside and outside the CFTC. For a complete list of CFTC
Privacy Act systems, please see http://www.cftc.gov/Transparency/PrivacyOffice/SORN/index.htm to learn about other categories of
information collected and maintained about individuals in the CFTC's
computer system.
Issued in Washington, DC, on September 26, 2016, by the
Commission.
Christopher J. Kirkpatrick,
Secretary of the Commission.
CFTC-5
SYSTEM NAME:
Employee Personnel, Payroll, Time and Attendance.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
This system is located in the Office of the Executive Director,
Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st
Street NW., Washington, DC 20581 and on a computer system at the
Commission's payroll processor, Department of Agriculture's National
Finance Center, New Orleans, LA.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Former and current Commission employees, including volunteers and
interns.
CATEGORIES OF RECORDS IN THE SYSTEM:
Categories of records include personnel records not covered by
government-wide system of records notices, including records related to
telework and requests for reasonable accommodation, which may include
medical information; student loan repayment program application and
information; and employee counseling, grievances and other employee
matters not appealed to the MSPB. This System also contains records
related to payroll, including salary information, awards and pay
increases; benefits information needed for processing payment of
benefits; direct deposit information; pay deductions, including tax and
retirement deductions, life insurance, health and dental insurance
deductions, flexible spending account deductions, savings allotments,
transit and parking deductions, garnishments, debts owed to the
Commission, and charity deductions; salary offset under part 141 of the
Commission's rules; all forms of leave requests, balances and credits;
all other absence types, including suspension; information necessary to
administer the Commission's voluntary leave transfer program, including
leave donated or used and any supporting documentation, which may
include medical information; hours worked; and time and attendance
records. The System includes identifying information, such as name;
business and personal contact information; social security number; date
of birth; citizenship; bank account information for direct deposit; and
employee identification number.
Note: The CFTC is the custodian of many employment-related
records that are described in the system notices published by the
Office of Personnel Management, MSPB, Equal Employment Opportunity
Commission and other Federal agencies. For a complete list of
government-wide Privacy Act systems, please see OMB Memo 99-05,
Attachment C, ``Government-wide Systems of Records,'' at https://www.whitehouse.gov/omb/memoranda_m99-05-c/.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 6101-6133; 5 U.S.C. 6301-6326; 44 U.S.C. 3101.
PURPOSE(S):
Information is collected to allow the Commission to handle
personnel, payroll, time and attendance functions, including personnel
functions involving records not covered by government-wide system of
records notices, telework requests, requests for reasonable
accommodation, student loan repayment program documentation, employee
counseling, grievances and other employee matters not appealed to the
Merit Systems Protection Board (MSPB), and payroll, pay deductions,
leave requests, time and attendance.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
a. The information may be provided to the Department of Justice,
the Office of Personnel Management or other Federal agencies, or used
by the Commission in connection with any investigation or
administrative or legal proceeding involving any violation of Federal
law or regulation thereunder.
b. Certain information will be provided, as required by law, to the
Office of Child Support Enforcement, Administration for Children and
Families, Department of Health and Human Services Federal Parent
Locator System (FPLS) and Federal Tax Offset System to enable state
jurisdictions to locate individuals and identify their income sources
to establish paternity, establish and modify orders of support, and for
enforcement action.
c. Certain information will be provided, as required by law, to the
Office of Child Support Enforcement for release to the Social Security
Administration for verifying social security numbers in connection with
the operation of the FPLS by the Office of Child Support Enforcement.
d. Certain information will be provided, as required by law, to the
Office of Child Support Enforcement for release to the Department of
Treasury for purposes of administering the Earned Income Tax Credit
Program (Section 32, Internal Revenue Code of 1986) and verifying a
claim with respect to employment in a tax return.
e. The information may be provided to insurance companies
providing, or proposing to bid on a solicitation to provide, health
benefits to Commission employees. This data may include, but is not
limited to: Name, social security number, date of birth, age, gender,
marital status, service computation date, date of initial appointment
with the Commission, geographic location, standard metropolitan service
area, home phone number, and home address of the Commission employee.
For each enrolled dependent of the Commission employee, this
information may include, but is not limited to: Dependent's name,
relationship of the dependent to the Commission employee, date of
birth, age, gender, social security number, home address, marital
status, student status, and handicap status where applicable. This
information may be used to verify eligibility, pay claims, or provide
accurate bids.
f. For employees who request repayment of student loans through the
CFTC Student Loan Repayment Program, certain information will be
provided to the organizations that hold the requesting employees' loan
notes for the purpose of verifying outstanding loan amounts and
administering such program.
g. To provide information to officials of labor organizations
recognized under 5 U.S.C. Chapter 71 when relevant and necessary to
their duties of exclusive representation concerning personnel
[[Page 67330]]
policies, practices, and matters affecting work conditions.
Information in this system also may be disclosed in accordance with
the blanket routine uses that appear at the beginning of the
Commission's compilation of its system of records notices, see, e.g.,
76 FR 5974 (Feb. 2, 2011), and the Commission's Web site, www.cftc.gov.
DISCLOSURE TO CONSUMER REPORTING AGENCIES:
None.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Paper records are stored in file folders, and electronic records,
including computer files, are stored on the Commission's network, the
National Finance Center Personnel/Payroll System, and other electronic
media as needed.
RETRIEVABILITY:
By the name, identification number, or other personally identifying
information of the employee, volunteer or intern.
SAFEGUARDS:
Records are protected from unauthorized access and improper use
through administrative, technical and physical security measures.
Technical security measures within CFTC include restrictions on
computer access to authorized individuals who have a legitimate need to
know the information; required use of strong passwords that are
frequently changed; multi-factor authentication for remote access and
access to many CFTC network components; use of encryption for certain
data types and transfers; firewalls and intrusion detection
applications; and regular review of security procedures and best
practices to enhance security. Only specifically authorized individuals
may access the National Finance Center computer system. Physical
measures include restrictions on building access to authorized
individuals, 24-hour security guard service, and maintenance of records
in lockable offices and filing cabinets.
RETENTION AND DISPOSAL:
These records are maintained according to retention schedules
prescribed by the General Records Schedule for each type of workforce
record.
SYSTEM MANAGER(S) AND ADDRESS:
Executive Director, Commodity Futures Trading Commission, Three
Lafayette Centre, 1155 21st Street NW., Washington, DC 20581.
NOTIFICATION PROCEDURE:
Individuals seeking to determine whether this system of records
contains information about themselves, seeking access to records about
themselves in this system of records, or contesting the content of
records about themselves contained in this system of records should
address written inquiries to the Office of General Counsel, Paralegal
Specialist, Commodity Futures Trading Commission, Three Lafayette
Centre, 1155 21st Street NW., Washington, DC 20581. Telephone (202)
418-5011.
RECORDS SOURCE CATEGORIES:
Individual about whom the record is maintained; CFTC human
resources office records; records from the National Finance Center; and
information from third parties providing benefits or other services to
covered individuals.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
CFTC-35
SYSTEM NAME:
General Information Technology Records.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
This system is located in the Commission's Office of Data and
Technology at its principal office at Commodity Futures Trading
Commission, Three Lafayette Centre, 1155 21st Street NW., Washington,
DC 20581.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals covered by the system include current and former CFTC
network users, including current or former employees, interns,
volunteers, contractors and consultants.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system of records covers certain records that the CFTC computer
systems routinely compile and maintain about users of its systems to
enable the information technology (``IT'') network and its hardware,
software, applications, databases, communications and Internet access
to function effectively, reliably and securely, and for activities to
be logged for auditing, system improvement, and security purposes, to
the extent such records are covered by the Privacy Act of 1974 and not
included in another system of records. This system includes but is not
limited to: Network user information needed for the IT network and its
components to function effectively and securely and for the CFTC to
control access to software, applications, data and information; network
activity information including, for example, activity logs, audit
trails, identification of devices used to access CFTC systems, Internet
sites visited, and information input into sites visited, logs of calls
to and from a CFTC network user on desk or mobile phones, and similar
communication data traffic logs, and, if needed to locate a misplaced
CFTC mobile device or for related purposes, the location of that
device; and logs of calls placed using CFTC calling cards. Many CFTC
computer systems collect and maintain additional information, other
than system use data, about individuals inside and outside the CFTC.
For a complete list of CFTC Privacy Act systems, please see http://www.cftc.gov/Transparency/PrivacyOffice/SORN/index.htm to learn about
other categories of information collected and maintained about
individuals in the CFTC's computer system.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 301; Commodity Exchange Act, 7 U.S.C. 1 et seq. including
Section 12 of the Commodity Exchange Act, at 7 U.S.C. 16, and the rules
and regulations promulgated thereunder.
PURPOSE(S):
The purpose of the system of records is to enable effective,
reliable and secure operation of the information technology network and
its hardware, software, applications, databases, communications and
Internet access that CFTC staff members rely upon to perform their job
duties and carry out the agency's mission. This includes: To monitor
usage of computer systems; to ensure the availability and reliability
of the agency computer facilities; to document and/or control access to
various computer systems; to audit, log, and alert responsible CFTC
personnel when certain personally identifying information is accessed
in specified systems; to identify the need for and to conduct training
programs, which can include the topics of information security,
acceptable computer practices, and CFTC information security policies
and procedures; to monitor security on computer systems; to add and
delete users; to investigate and make referrals for disciplinary or
other action if improper or unauthorized use is suspected or detected.
[[Page 67331]]
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
The information in this system will be routinely used by CFTC staff
members in the Office of Data and Technology to: Facilitate authorized
access to and use of CFTC email accounts and internal individual and
shared electronic storage and collaboration platforms; enable
appropriate access and controls over access to other CFTC systems,
applications and information; implement privacy and security controls
over CFTC resources and information; generate audit trails for review
by staff to understand vulnerabilities and issues to improve system
effectiveness and security; and support the communications,
telecommunications and audiovisual services CFTC staff members need to
fulfill their job duties. Information in this system also may be
disclosed in accordance with the blanket routine uses that appear at
the beginning of the Commission's compilation of its system of records
notices, see, e.g., 76 FR 5974 (Feb. 2, 2011), and the Commission's Web
site, http://www.cftc.gov.
DISCLOSURE TO CONSUMER REPORTING AGENCIES:
None.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESS CONTROLS,
RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Paper records are stored in file folders and electronic records are
stored on the Commission's network and other electronic media as
needed, such as encrypted hard drives and back-up media.
RETRIEVABILITY:
Certain information covered by this SORN may be retrieved by name,
CFTC username, identification number, title, device identifier,
Internet Protocol address assigned to CFTC IT network components, email
address, and calling card or phone number of the CFTC network user.
SAFEGUARDS:
Records are protected from unauthorized access and improper use
through administrative, technical and physical security measures.
Technical security measures within CFTC include restrictions on
computer access to authorized individuals who have a legitimate need to
know the information; required use of strong passwords that are
frequently changed; multi-factor authentication for remote access and
access to many CFTC network components; use of encryption for certain
data types and transfers; firewalls and intrusion detection
applications; and regular review of security procedures and best
practices to enhance security. Physical measures include restrictions
on building access to authorized individuals, 24-hour security guard
service, and maintenance of records in lockable offices and filing
cabinets.
RETENTION AND DISPOSAL:
The records will be maintained in accordance with records
disposition schedules approved by the National Archives and Records
Administration. The schedules are available at www.cftc.gov.
SYSTEM MANAGER(S) AND ADDRESS:
The Chief Information Officer, Office of Data and Technology,
located at the Commodity Futures Trading Commission, Three Lafayette
Centre, 1155 21st Street NW., Washington, DC 20581.
NOTIFICATION PROCEDURE:
Individuals seeking to determine whether this system of records
contains information about themselves, seeking access to records about
themselves in this system of records, or contesting the content of
records about themselves contained in this system of records should
address written inquiries to the Office of General Counsel, Paralegal
Specialist, Commodity Futures Trading Commission, Three Lafayette
Centre, 1155 21st Street NW., Washington, DC 20581. Telephone (202)
418-5011.
RECORD SOURCE CATEGORIES:
Current and former CFTC IT network users, including current and
former employees, interns, volunteers, contractors and consultants;
individuals communicating with CFTC network users through CFTC
communications platforms; and CFTC hardware, software and system
components that generate information reflecting activity on the CFTC IT
network.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
[FR Doc. 2016-23616 Filed 9-29-16; 8:45 am]
BILLING CODE 6351-01-P
Last Updated: September 30, 2016