2023-07029
[Federal Register Volume 88, Number 65 (Wednesday, April 5, 2023)]
[Notices]
[Pages 20144-20146]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-07029]
-----------------------------------------------------------------------
COMMODITY FUTURES TRADING COMMISSION
Privacy Act of 1974; System of Records
AGENCY: Commodity Futures Trading Commission.
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: The Commodity Futures Trading Commission (CFTC or Commission)
is establishing a new system of records, CFTC-56, Office of the
Inspector General Audit Files, to account for information maintained
about individuals that is included in Office of the Inspector General
(OIG) audit files.
DATES: Comments must be received on or before May 5, 2023. Routine uses
will go into effect on May 5, 2023.
ADDRESSES: You may submit comments by any of the following methods:
CFTC Comments Portal: https://comments.cftc.gov. Select
the ``Submit Comments'' link for this notice and follow the
instructions on the Public Comment Form.
Mail: Send to Christopher Kirkpatrick, Secretary of the
Commission, Commodity Futures Trading Commission, Three Lafayette
Centre, 1155 21st Street NW, Washington, DC 20581.
Hand Delivery/Courier: Follow the same instructions as for
Mail, above. Please submit your comments using only one of these
methods. Submissions through the CFTC Comments Portal are encouraged.
All comments must be submitted in English, or if not, be
accompanied by an English translation. Comments will be posted as
received to comments.cftc.gov. You should submit only information that
you wish to make available publicly.
The Commission reserves the right, but shall have no obligation, to
review, pre-screen, filter, redact, refuse, or remove any or all of a
submission from comments.cftc.gov that it may deem to be inappropriate
for publication, such as obscene language. All submissions that have
been redacted or removed that contain comments on the merits of this
notice will be retained in the comment file and will be considered as
required under all applicable laws, and may be accessible under the
Freedom of Information Act.
FOR FURTHER INFORMATION CONTACT: Marcela Souaya, (202) 418-5137,
[email protected], Office of the General Counsel, Commodity Futures
Trading Commission, Three Lafayette Centre, 1155 21st Street NW,
Washington, DC 20581.
SUPPLEMENTARY INFORMATION: Background information is not applicable
since this is a new SORN.
SYSTEM NAME AND NUMBER:
Office of the Inspector General Audit Files; CFTC-56.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Office of the Inspector General, Commodity Futures Trading
Commission, Three Lafayette Centre, 1155 21st Street, NW, Washington,
DC 20581. The system will be hosted on a cloud and data center
computing infrastructure. Duplicate versions of some or all system
information may be at satellite locations where the CFTC has granted
direct access to support CFTC operations, system backup, emergency
preparedness, and/or continuity of operations.
[[Page 20145]]
SYSTEM MANAGER(S):
Inspector General, Office of the Inspector General, Commodity
Futures Trading Commission, Three Lafayette Centre, 1155 21st Street
NW, Washington, DC 20581. Email is [email protected].
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Commodity Exchange Act, 7 U.S.C. 1 et seq., and regulations, rules
or orders issued thereunder; Inspector General Act of 1978, as amended,
Public Law 95-452, 5 U.S.C. Appx. 3.
PURPOSE(S) OF THE SYSTEM:
The purpose of this system is to maintain a management information
system for CFTC OIG audit projects (such as financial statement audits,
performance audits, and other audit projects relating to the programs
and operations of the CFTC); and OIG personnel (such as staff training
records and conflict of interest certifications necessary for peer
review purposes); and to assist in the accurate and timely conduct of
audits and audit projects.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals covered consist of: (1) CFTC program participants and
CFTC employees and contractors who are associated with an activity that
is performed by the CFTC OIG Office of Audit as an audit or audit
product included under Generally Accepted Government Auditing Standards
(such as a financial audit, an attestation engagement, a review
engagement, an agreed-upon procedures engagement, or a review of
financial statements); (2) requesters of an OIG audit or other activity
(such as a member of Congress, Congressional staff, or a CFTC
Chairperson or Commissioner); and (3) persons and entities performing
some other role of significance to the OIG Office of Audit efforts
(such as potential witnesses, or persons who represent legal entities
that are connected to an OIG audit or other activity). The system also
tracks information pertaining to OIG staff handling the audit or other
activity, and may contain names of relevant staff in other agencies or
private sector entities.
CATEGORIES OF RECORDS IN THE SYSTEM:
Records consist of materials compiled and/or generated in
connection with audits and other activities performed by OIG staff.
These materials include work papers and information regarding the
planning, conduct, and resolution of audits and reviews of CFTC
programs and participants in those programs, internal legal assistance
requests, information requests, responses to such requests, and reports
of findings. The information consists of audit work papers and reports.
RECORD SOURCE CATEGORIES:
Information in the system is obtained from the CFTC, other federal
agencies and entities, the Government Accountability Office,
contractors, program participants including individuals and business
entities, subject individuals, complainants, witnesses, other
nongovernmental sources and open source intelligence, including web-
based communities, user-generated content, social-networking sites,
wikis, blogs and news sources maintained on the Surface, Deep, and Dark
web. The Surface Web is what users access in their regular day-to-day
activity. It is available to the general public using standard search
engines and can be accessed using standard web browsers that do not
require any special configuration. The Deep Web is the portion of the
web that is not indexed or searchable by ordinary search engines. The
Dark Web is a less accessible subset of the Deep Web that relies on
connections made between trusted peers and requires specialized
software, tools, or equipment to access.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
Routine uses for the Office of the Inspector General Audit Files
record systems are set forth below:
1. The information may be given or shown to any person or entity
during the course of an Office of the Inspector General (OIG) audit or
audit activity (audit) if there is reason to believe that disclosure to
the person or entity will further the audit.
2. Information may be disclosed to the Department of Justice or
other federal entity, the Merit Systems Protection Board, the Office of
Special Counsel, or in a proceeding before a court, adjudicative body,
or other administrative body before which the agency is authorized to
appear, or in the course of civil discovery, litigation, or settlement
negotiations, in actions authorized under the Commodity Exchange Act
and otherwise authorized, when:
a. The agency, or any component thereof; or
b. Any employee of the agency in their official capacity; or
c. Any employee of the agency in their personal capacity where the
Department of Justice or the agency has agreed to represent the
employee; or
d. The United States, when the litigation is likely to affect the
CFTC or any of its components; is a party to litigation or has an
interest in such litigation, and the use of such records by the
Department of Justice or the agency is deemed to be relevant and
necessary to the litigation.
3. In any case in which records in the system, either alone or in
conjunction with other information, indicates a violation or potential
violation of law, whether civil, criminal or regulatory in nature,
whether arising by general statute or particular program statute, or by
regulation, rule or order issued pursuant thereto, the relevant records
may be referred to the appropriate agency, whether Federal, foreign,
State or local, charged with enforcing or implementing the statute,
regulation, rule or order. This includes a state or federal bar
association, state accountancy board, or other federal, state, local,
or foreign licensing or oversight authority; or professional
association or self-regulatory authority to the extent that it performs
similar functions (including the Public Company Accounting Oversight
Board) for investigations or possible disciplinary action, including
suspension and debarment.
4. Information may be disclosed to the National Archives and
Records Administration to the extent necessary to fulfill its
responsibilities under the law relating to these records.
5. Information may be disclosed to private and public entities,
contractors, grantees, volunteers, experts, students, and others
performing or working on a contract, service, grant, cooperative
agreement, or job that facilitate or are necessary to accomplish an OIG
audit, or to collate, aggregate or otherwise refine or dispose of data
collected in the system of records. Each private or public entity,
contractor, grantee, volunteer, expert, student, or other shall be
required to maintain Privacy Act safeguards with respect to such
information.
6. To appropriate agencies, entities, and persons when (1) CFTC's
OIG suspects or has confirmed that there has been a breach of the
system of records, (2) CFTC's OIG has determined that as a result of
the suspected or confirmed breach there is a risk of harm to
individuals, CFTC's OIG (including its information systems, programs,
and operations), the Federal Government, or national security; and (3)
the disclosure made to such agencies, entities, and persons is
reasonably necessary to assist in connection with CFTC's efforts to
respond to the suspected or confirmed breach or to prevent, minimize,
or remedy such harm.
[[Page 20146]]
7. To another Federal agency or Federal entity, when CFTC's OIG
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (1) responding to
a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
8. A record from the system of records may be disclosed to a grand
jury agent pursuant either to a Federal or State grand jury subpoena,
or to a prosecution request that such record be released for the
purpose of its introduction to a grand jury, provided that the grand
jury channels its request through the cognizant U.S. Attorney, that the
U.S. Attorney has been delegated the authority to make such requests by
the Attorney General, and that the U.S. Attorney actually signs the
letter specifying both the information sought and the law enforcement
purpose served. In the case of a State grand jury subpoena, the State
equivalent of the U.S. Attorney and Attorney General shall be
substituted.
9. A record from the system of records may be disclosed in response
to a subpoena issued by a Federal agency having the power to subpoena
records of other Federal agencies, provided the subpoena is channeled
through the head of the issuing agency, if the OIG determines that: (a)
The head of the issuing agency signed the subpoena; (b) the subpoena
specifies the information sought and the law enforcement purpose
served; (c) the records are both relevant and necessary to the
proceeding; and (d) such release is compatible with the purpose for
which the records were collected.
10. A record from the system of records may be disclosed to the
Department of Justice for the purpose of obtaining its advice on an OIG
audit, or other related inquiry, including Freedom of Information or
Privacy Act matters relating to information in this record system.
11. A record may be disclosed to any official charged with the
responsibility to conduct investigations, qualitative assessment
reviews, or peer reviews of audit operations within the Office of the
Inspector General. This disclosure category includes members of the
Council of the Inspectors General on Integrity and Efficiency or any
successor entity and officials, designees, and administrative staff
within their chain of command, as well as authorized officials of the
Department of Justice and the Federal Bureau of Investigation.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are stored electronically or on paper in secure facilities.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Information in the system generally can be retrieved by OIG
personnel in headquarters and working remotely. Information is
generally retrieved by audit assignment number and can be retrieved by
using alphanumeric queries and personal identifiers.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
The records are retained and disposed of in compliance with CFTC
record disposition authorities, approved by the National Archives and
Records Administration. The OIG Audit Files are destroyed 10 years
after the audit is completed, unless the audit is deemed of
significance sufficient to justify permanent retention. The OIG staff
training and related records are destroyed six years after cut off.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Administrative safeguards include restricting access to the OIG
work area, and restricting relevant audit tasks to only those competent
or qualified to perform the work. Technical security measures within
CFTC include restrictions on computer access to authorized individuals
who have a legitimate need to know the information; use of encryption
for certain data types and transfers; firewalls and intrusion detection
applications (set and maintained by the CFTC); and regular review of
security procedures and best practices to enhance security (performed
by the CFTC). Physical safeguards include restrictions on building
access to authorized individuals, 24-hour security guard service, and
maintenance of records in lockable offices, desks, and filing cabinets.
RECORD ACCESS PROCEDURES:
Individuals seeking to determine whether this system of records
contains information about themselves or seeking access to records
about themselves in this system of records should address written
inquiries to the Office of the General Counsel, Commodity Futures
Trading Commission, Three Lafayette Centre, 1155 21st Street NW,
Washington, DC 20581. See 17 CFR 146.3 for full details on what to
include in a Privacy Act access request.
CONTESTING RECORD PROCEDURES:
Individuals contesting the content of records about themselves
contained in this system of records should address written inquiries to
the Office of the General Counsel, Commodity Futures Trading
Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC
20581. See 17 CFR 146.8 for full details on what to include in a
Privacy Act amendment request.
NOTIFICATION PROCEDURES:
Individuals seeking notification of any records about themselves
contained in this system of records should address written inquiries to
the Office of the General Counsel, Commodity Futures Trading
Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC
20581. See 17 CFR 146.3 for full details on what to include in a
Privacy Act notification request.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
Issued in Washington, DC, on March 30, 2023, by the Commission.
Christopher Kirkpatrick,
Secretary of the Commission.
[FR Doc. 2023-07029 Filed 4-4-23; 8:45 am]
BILLING CODE 6351-01-P