[Federal Register: May 29, 1997 (Volume 62, Number 103)]
[Notices]
[Page 29108-29113]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr29my97-58]

-----------------------------------------------------------------------

COMMODITY FUTURES TRADING COMMISSION


Privacy Act of 1974: System of Records

AGENCY: Commodity Futures Trading Commission.

ACTION: Notice of new systems of records.

-----------------------------------------------------------------------

SUMMARY: This notice adds five systems to the Commodity Futures Trading
Commission's systems of records maintained under the Privacy Act: The
Commission's internal and Internet e-mail system, the Internet web and
news group browsing system, the Lexis/Westlaw billing system, the
Library automated circulation system, and the telephone system. The
notice informs the public of the existence and character of these
systems and the routine uses which the Commission may make of the
information contained in the systems.

DATES: Comments on the establishment of the new system of records must
be received no later than June 30, 1997. The new system of records will
be effective July 8, 1997, unless the Commission receives comments
which would result in a contrary determination.

ADDRESSES: Comments concerning routine uses should be addressed to Jean
A. Webb, Secretary, Commodity Futures Trading Commission, Three
Lafayette Centre, 1155 21st Street NW., Washington, DC 20581. Comments
may also be sent via the Internet via [email protected].

FOR FURTHER INFORMATION CONTACT: Stacy Dean Yochum, Office of the
Executive Director, (202) 418-5157, or Glynn Mays, Office of General
Counsel, (202) 418-5120, Commodity Futures Trading Commission, Three
Lafayette Centre, 1155 21st Street NW., Washington, DC 20581.

SUPPLEMENTARY INFORMATION: In accordance with the Privacy Act of 1974,
5 U.S.C. 552a, and the Commission's implementing regulations, 17 CFR
part 146, the Commission is publishing a description of five new
systems of records. Each is described in detail below.
    1. Telephone System. The Commission is establishing this system to
enhance its ability to assess employee use of the telephone systems
provided by the Commission. Since parts of this system may be used to
retrieve information about an individual through the telephone number
assigned to that individual, the Privacy Act of 1974, as amended,
requires a general notice of the existence of this system of records to
the public. The information may be used for telecommunication traffic
studies, cost projections or other management studies and to enable the
Commission to determine responsibility for placement of specific calls
in connection with inquiries into possible employee or contractor
misconduct, including misuse of government-provided telephones.
    The new system includes records relating to calls made from
Commission telephones or charged to CFTC issued calling cards. The
Commission keeps a record of the telephone number or calling card
number assigned to each employee or on-site contractor. Local telephone
services provide a monthly bill which includes a list of local toll
call activity. For local toll calls, the bill shows the number from
which the call was made, the date and time of the call, the city or
service and the number to which the call was made, the length of the
call and the charge for the call.
    For long distance calls placed through the Federal
Telecommunications System, the General Services Administration (GSA)
provides the Commission with a monthly report by line number that shows
the city and telephone number for each call placed, the date, time and
duration of the call and the cost for that call. This system also
contains telephone assignment records, records reflecting the location
of government telephones and requests for information concerning calls
made to or from particular line numbers. OAS also receives reports,
listed by calling card number, of employee long-distance calls placed
through AT&T, MCI, and Sprint which are charged to an employee's
government issued calling card.
    2. Interoffice and Internet E-mail. The Commission is establishing
a system of records for its electronic mail system. The e-mail system
allows each employee to send and receive messages and document
attachments at his or her personal computer. Because this system allows
information on individuals to be retrieved through the address assigned
to each employee or on-site contractor, the Privacy Act of 1974, as
amended, requires a general notice of the existence of this system of
records to the public.
    The interoffice system allows messages to be sent and received by
CFTC employees or on-site contractors. Through gateway software,
employees also may use their e-mail system to send and receive external
messages and document attachments via the Internet. Each employee has
an interoffice mail address based on his or her name, division or
office and location. Each employee also has an Internet address

[[Page 29109]]

which is based on his or her name (usually the first initial and full
last name of the employee) with the appendix ``@cftc.gov'' which is the
Commission's registered Internet domain.
    Employees have a number of options on how to treat information sent
or received through the e-mail system. They may send and delete, send
and save, send and move to another file, just save or just move, and
print.
    The complete content of both interoffice and Internet e-mail which
has been saved by the sender or recipient, including sender, recipient,
subject, attachments, date and time, and message, is retained on file
servers in each CFTC location. The e-mail information remains on the
file server until the employee deletes the message sent or received, or
some system failure causes a loss of e-mail information. File servers
are backed up nightly on magnetic tapes which are rotated every four
weeks. The e-mail information is maintained by the agency's network
administrators and may be accessed, if necessary to restore mail
service in the event of a hardware or software failure. The network
administrator has the capability to access the header information of
the message (i.e., sender, recipient, subject, date and time sent or
received, and the filename of any data attached) in order to maintain
the system.
    In addition, the network administrator has the capability to change
passwords for employees, which employees may request if they have
forgotten their password or their password has been compromised. At the
time the network administrator assigns a temporary password to an
employee, the network administrator has the ability to access the
content of the employee's mailbox. The network administrator's
authority to change a password without a request from the employee is
severely limited. Once an employee enters a new password, which he or
she must do to access the e-mail system after the temporary password
change, the network administrator no longer has access to the
employee's mailbox, except to view the header information.
    As part of the gateway software used by the Commission to link the
Internet to the interoffice mail system, the network administrator will
see the full content of an Internet e-mail message in the event of an
error. If the person to whom a CFTC employee sent an Internet e-mail
message cannot be reached or if a message sent to a CFTC employee
cannot be received, usually due to an error in the address or a
malfunction of any hardware in the link, a CFTC ``postmaster,'' who is
also a network administrator, receives both the header information and
the content of the message. The network administrator then alerts the
employee trying to send or receive the message of the error and assists
in the resolution of the error, if possible. The purpose of this
feature is to provide the postmaster with the information necessary to
resolve errors.
    3. Internet Web Site and News Group Browsing. The Commission is
establishing a system of records related to employees' use of the
Internet web site and news group browsing capability. The Commission
offers the capability to browse Internet web sites and news groups in
order to conduct quick and extensive research to enhance productivity
and effectiveness. Because information in this system can be retrieved
by an Internet protocol address assigned to each computer which is, in
turn, assigned (in most cases) to an office and individual, the Privacy
Act of 1974 , as amended, requires a general notice of the existence of
this system of records to the public.
    When an individual accesses Internet web sites or news groups from
a CFTC computer, a record , expressed in URL (Uniform Resource Locator)
terms, which shows the address of each site visited and the document
and graphic images viewed are kept on the individual computer. The
information is stored in a ``history file,'' which includes the URL as
well as additional data, and in a ``cache directory,'' which stores
text and graphic images from sites visited so that the computer can
retrieve the information from its own files rather than the Internet if
the user wishes to revisit the site. The purpose of the record on the
individual computer is to allow the individual to recall particular
sites visited more quickly. The record in the history file expands
until 100 URLs are entered or until the individual deletes the
information. The files in the ``cache directory'' will increase until
1% hard disk capacity is reached or until the individual deletes the
information. When capacity is reached in the history file or the cache
directory, the information will be overwritten, with the oldest
information being replaced first. This information on the individual
computer is not protected by a password; any individual using that
computer could determine what web sites had been previously visited
using that computer. No information in that record identifies the
individual who conducted the searches. However, if the computer resides
in an office assigned to one individual, that individual is presumably
the person using the computer to visit the web sites recorded on that
computer.
    Records on web site and news group browsing are also kept for a
limited time on the Commission's firewall software located in the
headquarters computer room. Because the file size for recording web
site and news group browsing is limited, the firewall retains the
information until the file is full. Currently, the file becomes full in
about 3 days, although that time could shorten with increased web site
and news group browsing. The records are kept by Internet protocol
address, which is assigned to a particular computer in a particular
location. Some computers are ``shared access'' computers, but most are
assigned to an individual. In addition to the protocol address, the
firewall software tracks the web sites and news groups accessed and the
date and time of the access, although not the content of the site or
search.
    The network administrators have access to the firewall information
in order to assess the use of the Internet web site and news group
browsing capability. The Commission has put a ``URL blocker'' into
place to block access to web sites and news groups that are clearly
unrelated to the work of the Commission.
    4. Lexis/Westlaw Billing System. The Commission is establishing a
system of records which tracks, by division, by database used, by
employee name and by user identification, the date, elapsed time and
charge for the use of the Lexis and Westlaw legal research systems. The
billing system also tracks the subject name of the search, which is
provided by the individual user. Because this system allows retrieval
of information about an individual through his or her name, the Privacy
Act of 1974, as amended, requires a general notice of the existence of
this system of records to the public.
    In order to enhance Commission employees' ability to conduct
efficient legal research, the Commission has entered into a government
contract, through the Library of Congress, for access to the Lexis and
Westlaw legal research systems. Each employee who wishes to use the
system obtains a user identification number and, if necessary, training
on the system through the Administrative Officer, Office of Information
Resources Management (OIRM).
    The cost of the system to the Commission is based on actual usage.
Each month, the Commission receives a detailed bill from Lexis/Westlaw
providing information by division which includes user name, user
identification number, the total charge,

[[Page 29110]]

date, type of charge, elapsed time of the search and the database
accessed. The Administrative Officer, OIRM, reviews the billing
information and forwards the information for each office to the
office's administrative officer. The administrative officer certifies
that the information is accurate, i.e., that the individuals using the
system are, in fact, Commission employees who would, in the performance
of their duties, have need of the legal research system, and returns
the billing information to the Administrative Officer, OIRM. The
Administrative Officer then certifies the bill on behalf of the
Commission, and forwards the certification to the CFTC's Office of
Financial Management for payment.
    The Administrative Officer retains a hard copy of the billing
information for a period of two years in a locked drawer of her desk.
Information is retrieved only by manual search, and in order to
retrieve information about individual usage, the Administrative Officer
must look at each month's bill and know the division or office in which
the individual works. The Administrative Officer uses the information
to conduct an annual analysis, without reference to individual users,
of the cost of Lexis/Westlaw use by month and year, and comparing
actual expenditures to budget estimates. Lexis/Westlaw also has access
to this information, but uses it only for statistical and billing
purposes.
    In the event that apparently excessive or unusual use of the Lexis/
Westlaw databases was evident from the face of the bill, the
administrative officer in each division would be responsible for
discussing the matter with division employees or management prior to
certifying the information as accurate.
    5. Automated Library Circulation System. The Commission is
establishing an automated library circulation system to improve
inventory control of the Commission's library resources. Because parts
of this system may be used to retrieve information about an individual
through his or her library bar code number, the Privacy Act of 1974, as
amended, requires a general notice of the existence of this system of
records to the public.
    Before the establishment of the automated system, information on
checking out library materials was done by hand, on index cards, by
various library employees. As a result, the accuracy of the information
was questionable. When an employee left the Commission, the library
could not always accurately determine what materials the person needed
to return to the library. Similarly, if library materials were missing,
their location could not always be accurately traced.
    The new automated circulation system's primary feature is a bar
code based check-in, check-out system. The library assigns each book a
unique bar code number. The library also assigns each library user a
unique bar code number, which is kept on a rolodex card at the
circulation desk. At the point of check out, the bar codes are entered
into the automated system by waving a bar code reader over the user
information and the book information. The computer unites the book and
the user bar codes, and a loan record is established. When the book is
returned or, in the case of lost materials, when reimbursement is made,
the loan record is deleted. Individuals may also request that a hold be
placed in the system on individual titles to prevent the title from
being checked-out or renewed .
    When a title has been checked-out, the system places a ``CHECKED
OUT'' notice next to the title in the library's automated catalog. The
identity of the person who checked-out the material is not available to
the catalog user, but is available to library staff.
    The circulation system can provide each user, on request, a receipt
for his or her most current loan transaction. The receipt will include
a list of all materials currently checked-out to the individual. The
system does not retain any record of check out once the materials are
returned. The system can also produce, if necessary, a series of three
computer-generated overdue notices. The third notice informs the
recipient that he or she will be responsible for reimbursing the
Commission the cost of the materials borrowed unless the materials are
returned within a specified period.
    These new systems of records, as required by 5 U.S.C. 552a(r) of
the Privacy Act, have been submitted to the Committee on Government
Oversight and Reform of the U.S. House of Representatives, the
Committee on Governmental Affairs of the U.S. Senate, and the Office of
Management and Budget, pursuant to Appendix I to OMB Circular A-130,
``Federal Agency Responsibilities for Maintaining Records About
Individuals,'' dated July 15, 1994. Accordingly, the Commission is
giving notice of the establishment of the following systems of records:
CFTC-34

SYSTEM NAME:
    Telephone System.

SYSTEM LOCATION:
    Monthly billing records for local toll calls, long distance calls,
and calling card calls are located in the Office of Administrative
Services, Commodity Futures Trading Commission, Three Lafayette Centre,
1155 21st Street, NW, Washington, DC 20581. The most current record of
the phone numbers and calling card numbers assigned to individual
employees and contractors is kept by the administrative office in each
regional location except Los Angeles. Los Angeles telephone assignment
records are kept in the Washington, DC, Office of Administrative
Services.

 CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals (generally Commission employees and on-site contractor
personnel) who make telephone calls from Commission telephones or use
government issued calling cards.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records relating to the use of Commission telephones or calling
cards to place calls; records indicating assignment of telephone or
calling card numbers to employees; and records relating to requests for
telephone call detail information.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301 and 41 CFR part 101-35.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
    See the Commission's ``General Statement of Routine Uses,'' Nos. 1
and 2, Privacy Act Issuances, 1995. In addition, records and data may
be disclosed as necessary (1) to representatives of the General
Services Administration or the National Archives and Records
Administration who are conducting records management inspections under
the authority of 44 U.S.C. 2904 and 2906; (2) to a telecommunications
company or consultant providing telecommunications support to permit
servicing the account.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored on computer printouts.

RETRIEVABILITY:
    Records are retrievable by a Commission telephone or calling card
number that is assigned to an individual.

SAFEGUARDS:
    In addition to general building security, records are maintained in
limited access areas at all times.

[[Page 29111]]

RETENTION AND DISPOSAL:
    In accordance with the general record schedules and the
Commission's record management handbook, the records in the system are
considered temporary and are destroyed when no longer required, usually
every 3 months.

SYSTEM MANAGER(s) AND ADDRESS:
    Director, Office of Administrative Services, Commodity Futures
Trading Commission, 1155 21st Street, NW, Washington, DC 20581.

NOTIFICATION PROCEDURES:
    Individuals seeking to determine whether the system of records
contains information about themselves, seeking access to records about
themselves in the system of records or contesting the content of
records about themselves should address written inquiries to the FOI,
Privacy and Sunshine Acts Compliance Staff, Commodity Futures Trading
Commission, 1155 21st Street, NW, Washington, DC 20581.

RECORD ACCESS PROCEDURES:
    See ``Notification Procedures,'' above.

CONTESTING RECORD PROCEDURES:
    See ``Notification Procedures,'' above.

RECORD SOURCE CATEGORIES:
    Telephone and calling card assignment records; call detail listings
received from local and long distance service providers; results of
administrative inquiries relating to assignment of responsibility for
placement of specific long distance calls.
CFTC-35

SYSTEM NAME:
    Interoffice and Internet E-Mail System.

SYSTEM LOCATION:
    File servers in each system location (Washington, DC, Chicago, New
York, Kansas City, Minneapolis, and Los Angeles) retain records.
Records are backed up nightly onto magnetic tape in all locations
except Minneapolis. Records are backed up weekly onto magnetic tape in
the Minneapolis office. The most recent two weeks of tapes are kept in
locked boxes in the Washington, DC, and Chicago locations. Tapes with
information covering the prior two weeks are kept at an off-site
storage facility in Washington, DC, and Chicago. Tapes with information
covering the most recent four week period are kept on-site, in a
secured area, in the New York, Kansas City, Los Angeles, and
Minneapolis locations.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    All CFTC employees and on-site contractors.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records on the use of the interoffice and Internet e-mail system,
including address of sender and receiver(s), subject, date sent or
received, name of attachment and certification status. On a restricted
basis, records may include the contents of an individual's mailbox.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301 and section 12(b)(3) of the Commodity Exchange Act, 7
U.S.C. 16(b)(3).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
    The records are used by CFTC network administrators who have a need
for the records in the performance of their duties. See also the
Commission's ``General Statement of Routine Uses,'' Nos. 1, and 2,
Privacy Act Issuances, 1995 Comp. In addition, the records and data,
other than the content of individual mailboxes, may also be disclosed
as necessary to contractors as necessary for assessment, modification,
or maintenance of the e-mail system.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored on the file servers in each CFTC location.
Servers are backed up nightly and the information is transferred to
magnetic tape. In Washington, DC, and Chicago, the most recent two
weeks of magnetic tape are kept in a locked box in the Computer Room.
The prior two weeks are kept at an off-site storage facility in
Washington, DC, and Chicago. The entire four weeks of magnetic tape
information is kept in unlocked boxes in a secured area in the New
York, Kansas City, Los Angeles and Minneapolis locations.

RETRIEVABILITY:
    The information can be retrieved by assigned interoffice or
Internet mail address.

SAFEGUARDS:
    Only network administrators have access to the e-mail information.
This access is generally limited to the ``header'' information
described under ``Categories of Records.'' The tapes are kept in locked
storage boxes in Washington, DC, and Chicago, and only network
administrators and OIRM management have keys to the locked boxes. In
the New York, Kansas City, Los Angeles and Minneapolis locations, tapes
are kept in unlocked boxes, either stored in a fireproof safe or vault.
Only designated office personnel have access to the safe or vault.

RETENTION AND DISPOSAL:
    Records on magnetic tape are retained for four weeks, then
destroyed as the tape is written over with new information. Records are
retained on the file server until the sender and receiver delete the
information from the e-mail system. Internet e-mail information that is
received by the postmaster due to an error in delivery is considered
temporary and is destroyed after the problem is corrected.

SYSTEM MANAGER(S) AND ADDRESS:
    Network Manager, Commodity Futures Trading Commission, Three
Lafayette Centre, 1155 21st Street NW., Washington, DC 20581.

NOTIFICATION PROCEDURES:
    Individuals seeking to determine whether the system of records
contains information about themselves, seeking access to records about
themselves in the system of records, or contesting the content of
records about themselves should address written inquiries to the FOI,
Privacy and Sunshine Acts Compliance Staff, Commodity Futures Trading
Commission, 1155 21st Street NW., Washington, DC 20581.

RECORDS ACCESS PROCEDURES:
    See ``Notification Procedures'' above.

 CONTESTING RECORDS PROCEDURES:
    See ``Notification Procedures'' above.

RECORDS SOURCE CATEGORIES:
    Internet e-mail, interoffice e-mail.
 CFTC 36

SYSTEM NAME:
    Internet Web Site and News Group Browsing System.

SYSTEM LOCATION:
    Firewall software, located on PC in the Washington, DC, office's
computer room. Information on use of each personal computer is stored
on that computer.

 CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    All CFTC employees and on-site contractors who are users of the
Internet Web Site and News Group Browsing capability.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records on the web sites and news groups visited, as identified by
the

[[Page 29112]]

Internet protocol address assigned to each computer, as well as
information on the date and time of the web site or news group access.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301 and section 12(b)(3) of the Commodity Exchange Act, 7
U.S.C. 16(b)(3).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
    The records are used by CFTC network administrators for maintenance
of the firewall system which protects the CFTC from unauthorized access
to its data. The network administrators may also use the information to
evaluate the level of use of the agency's Internet browsing capability.
See also the Commission's ``General Statement of Routine Uses,'' Nos.
1, and 2, Privacy Act Issuances, 1995 Comp. Records may also be
disclosed as necessary to the agency's Internet service provider or
agency contractor to the extent the information is necessary for
maintenance of the agency's Internet access.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are kept on the software maintained on the firewall gateway
server in the headquarters computer room. In addition, a record of the
Internet browsing done on each computer is maintained on that PC. The
length of time of storage on the firewall gateway server is governed by
available disk space on the server. At current levels of browsing
usage, the information is stored on the server for approximately three
days. Information on web sites visited by each PC is also stored in the
PC's history file or cache directory. The information is stored on the
individual PC until the cache directory consumes 1% of total disk
space. Oldest items are then removed until the directory is equal to or
less than 1% of the total disk space. History file records are
maintained until 100 URLs are entered. (URL stands for ``Uniform
Resource Locator'' and is the address of the site visited, for example,
http://www.cftc.gov). The oldest URLs are deleted until the total URL
count is equal to or less than 100 entries.

 RETRIEVABILITY:
    The information can be retrieved by Internet protocol address. The
network administrators have access to information about the office
location and individuals assigned to each computer, as identified by
Internet protocol address.

SAFEGUARDS:
    Network administrators, through use of a password protection, have
access to the Internet web browsing system information that is stored
on the firewall gateway server in the headquarters computer room.
Access to the computer room is limited to OIRM employees. The Director
of OIRM may grant the Commission's Internet service provider access to
the Internet web browsing system information for maintenance purposes.
However, the provider would not have access to the information that
links Internet protocol addresses to particular computers, locations
and individuals.

RETENTION AND DISPOSAL:
    Records are retained on the Commission's firewall software for
approximately three days, then written over.

 SYSTEM MANAGER(S) AND ADDRESS:
    Network Manager, Commodity Futures Trading Commission, Three
Lafayette Centre, 1155 21st Street NW., Washington, DC 20581.

 NOTIFICATION PROCEDURES:
    Individuals seeking to determine whether the system of records
contains information about themselves, seeking access to records about
themselves in the system of records, or contesting the content of
records about themselves should address written inquiries to the FOI,
Privacy and Sunshine Acts Compliance Staff, Commodity Futures Trading
Commission, 1155 21st Street NW., Washington, DC 20581.

RECORDS ACCESS PROCEDURES:
    See ``Notification Procedures'' above.

CONTESTING RECORDS PROCEDURES:
    See ``Notification Procedures'' above.

RECORDS SOURCE CATEGORIES:
    Internet, web site and news group browsing, Web site access.
CFTC 37

 SYSTEM NAME:
    Lexis/Westlaw Billing Information System.

SYSTEM LOCATION:
    Office of Information Resources Management, Three Lafayette Centre,
1155 21st Street NW., Washington, DC, 20581.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    All CFTC employees and on-site contractors who are users of the
Lexis/Westlaw research system.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records on the name, search subject, database searched, date,
elapsed time, type of charge, and total charge for a search in the
Lexis/Westlaw automated research system.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301 and section 12(b)(3) of the Commodity Exchange Act, 7
U.S.C. 16(b)(3).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
    Records are used primarily by the Administrative Officer, OIRM, to
monitor expenditures and to ensure the availability of funds. The
records containing usage information are distributed monthly to the
administrative officers in each office for their confirmation that
Lexis/Westlaw use was authorized. See the Commission's ``General
Statement of Routine Uses,'' Nos. 1 and 2, Privacy Act Issuances, 1995
Comp. Lexis/Westlaw can also access the information and uses it for
statistical analysis and billing purposes.

 POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Billing information is maintained by the Administrative Officer,
OIRM, in a locked file drawer.

RETRIEVABILITY:
    By division, by month of use, by database accessed, by user name
and user identification number. Retrieval is done manually.

 SAFEGUARDS:
    Billing information is kept in locked desks at all times.
Information is provided only to the Administrative Officer, OIRM, and
is circulated to the administrative officer for each office.

RETENTION AND DISPOSAL:
    Hard copies of monthly billing statements are retained for two
years, then destroyed.

SYSTEM MANAGER(S) AND ADDRESS:
    Administrative Officer, Office of Information Resources Management,
Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st
Street NW., Washington, DC 20581.

[[Page 29113]]

NOTIFICATION PROCEDURES:
    Individuals seeking to determine whether the system of records
contains information about themselves, seeking access to records about
themselves in the system of records, or contesting the content of
records about themselves should address written inquiries to the FOI,
Privacy and Sunshine Acts Compliance Staff, Commodity Futures Trading
Commission, 1155 21st Street NW., Washington, DC 20581.

RECORDS ACCESS PROCEDURES:
    See ``Notification Procedures'' above.

 CONTESTING RECORDS PROCEDURES:
    See ``Notification Procedures'' above.

RECORDS SOURCE CATEGORIES:
    Lexis/Westlaw billing information.
 CFTC 38

SYSTEM NAME:
    Automated Library Circulation System.

SYSTEM LOCATION:
    Library, Commodity Futures Trading Commission, Three Lafayette
Centre, 1155 21st Street, NW., Washington, DC 20581.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individual CFTC employees who check out books and periodicals from
the CFTC Library.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records showing the bar code assigned to employees who use the
library, title, due date, and hold information on library materials
checked-out by individual CFTC employees; records of overdue materials
and of employee notification of overdue materials.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301 and 41 CFR part 101-27.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM , INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
    The Library staff uses the information to track the location of
library materials, to provide users on request with a list of materials
currently shown as in their possession, and to issue, as necessary,
overdue notices for materials. See the Commission's ``General Statement
of Routine Uses,'' Nos. 1 and 2, Privacy Act Issuances, 1995 Comp. The
records may also be disclosed as necessary to agency contractors in
connection with assessment, modification or maintenance of the
automated circulation system.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored on the CFTC local area network file server.
Records on the identifying bar codes assigned to individuals are stored
in the file server and on rolodex cards.

RETRIEVABILITY:
    Records are retrievable by employee name or by the employee's bar
code number.

SAFEGUARDS:
    Records may be accessed only by authorized CFTC staff members, who
are principally staff of the Library or the Office of Information
Resources Management. Staff members must use an individual password to
gain access to the information stored in the computer.

RETENTION AND DISPOSAL:
    Records in the system are considered temporary. The records of
library transactions are destroyed when an item on loan is returned or
reimbursement is made for replacement of the item.

SYSTEM MANAGER(S) AND ADDRESS:
    Administrative Librarian, Commodity Futures Trading Commission,
1155 21st Street NW., Washington, DC 20581.

NOTIFICATION PROCDURES:
    Individuals seeking to determine whether the system of records
contains information about themselves, seeking access to records about
themselves in the system of records, or contesting the content of
records about themselves should address written inquiries to the FOI,
Privacy and Sunshine Acts Compliance Staff, Commodity Futures Trading
Commission, 1155 21st Street NW., Washington, DC 20581.

RECORDS ACCESS PROCEDURES:
    See ``Notification Procedures'' above.

CONTESTING RECORDS PROCEDURES:
    See ``Notification Procedures'' above.

RECORDS SOURCE CATEGORIES:
    Library user bar code identifiers; library materials use; overdue
notices.

    Issued in Washington, DC on May 20, 1997, by the Commission.
Jean A. Webb,
 Secretary of the Commission.
[FR Doc. 97-13773 Filed 5-28-97; 8:45 am]
BILLING CODE 6351-01-P



======== RETURN TO INDEX ========