Privacy Act of 1974; System of Records

AGENCY:

Board of Governors of the Federal Reserve System.

ACTION:

Notice of General Amendment to Federal Reserve Board of Governors Systems of Records.

SUMMARY:

Pursuant to the provisions of the Privacy Act of 1974, notice is given that the Board of Governors of the Federal Reserve System (Board) is amending its General Routine Uses of Board Systems of Records (General Routine Uses) that apply to the Board's systems of records, by revising an existing routine use and adding a new routine use, both related to breach response. The changes are necessary in order to comply with Office of Management and Budget (OMB) Memorandum M-17-12, “Preparing for and Responding to a Breach of Personally Identifiable Information” (January 3, 2017), which sets forth the two required routine uses. Accordingly, the Board is revising Routine Use I, as prescribed by OMB, which allows the Board to disclose records as necessary to respond to a suspected or confirmed breach of the system of records where the Board has determined the breach poses a risk of harm to individuals, the Board, the Federal Government, or national security, and the disclosure is reasonably necessary to assist the Board in its efforts to respond to the breach or to prevent, minimize or remedy such harm. The Board is also adding Routine Use J as prescribed by OMB to allow the Board to assist another federal agency or federal entity in that agency's or entity's response to a suspected or confirmed breach or efforts to prevent, minimize, or remedy the risk of harm to individuals, the agency or entity, the Federal Government, or national security, resulting from a suspected or confirmed breach.

These breach-response related uses are relevant and apply to all of the Board's systems of records. Accordingly, the Board is revising its list of General Routine Uses and is amending all of the Board's systems of records to include the revised Routine Use I and the new Routine Use J. These uses will ensure that the Board is able to respond as necessary in the event of a breach of personally identifiable information involving a Board system of records and assist other federal agencies or federal entities in their response. Breaches pose a risk of harm to individuals, and thus the revised and new routine uses will further enhance the Board's ability to protect the privacy of individuals by allowing the Board to respond to the suspected or confirmed breach and prevent, minimize, or remedy the resulting harm posed by the breach. In order that the Board's General Routine Uses will be contained in a single notice readily accessible by the public, the Board is republishing the General Routine Uses previously published on May 6, 2008 (73 FR 24985) which were not revised under this notice.

DATES:

Comments must be received on or before September 27, 2018. The revised systems of records notices and General Routine Uses will become effective September 27, 2018, without further notice, unless comments dictate otherwise. The Office of Management and Budget (OMB), which has oversight responsibility under the Privacy Act, requires a 30-day period prior to publication in the Federal Register in which to review the system and to provide any comments to the agency. The public is then given a 30-day period in which to comment, in accordance with 5 U.S.C. 552a(e)(4) and (11). The routine uses below were submitted to OMB on July 16, 2018.

ADDRESSES:

You may submit comments, identified by Board General Routine Uses and SORN Amendment, by any of the following methods:

• Agency website: http://www.federalreserve.gov. Follow the instructions for submitting comments at http://www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm.
• Email: regs.comments@federalreserve.gov. Include “Board General Routine Uses and SORN Amendment” in the subject line of the message.
• Fax: (202) 452-3819 or (202) 452-3102.
• Mail: Ann E. Misback, Secretary, Board of Governors of the Federal Reserve System, 20th Street and Constitution Avenue NW, Washington, DC 20551.

All public comments will be made available on the Board's website at www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm as submitted, unless modified for technical reasons or to remove personally identifiable information at the commenter's request. Public comments may also be viewed electronically or in paper form in Room 3515, 1801 K Street (between 18th and 19th Streets NW) Washington, DC 20006 between 9:00 a.m. and 5:00 p.m. on weekdays. For security reasons, the Board requires that visitors make an appointment to inspect comments. You may do so by calling (202) 452-3684. Upon arrival, visitors will be required to present valid government-issued photo identification and to submit to security screening in order to inspect and photocopy comments.

FOR FURTHER INFORMATION CONTACT:

David B. Husband, Senior Attorney, Legal Division, (202) 530-6270, or david.b.husband@frb.gov; Alye S. Foster, Assistant General Counsel, Legal Division, or (202) 452-5289, or alye.s.foster@frb.gov. Board of Governors of the Federal Reserve System, 20th Street and Constitution Avenue NW, Washington, DC 20551, Telecommunications Device for the Deaf (TDD) users may contact (202) 263-4869.

SUPPLEMENTARY INFORMATION:

In accordance with the Privacy Act of 1974, 5 U.S.C. 552a(r), a report of these systems of records is being filed with the Chair of the House Committee on Oversight and Government Reform, the Chair of the Senate Committee on Homeland Security and Governmental Affairs, and the Administrator of the Office of Information and Regulatory Affairs of the Office of Management and Budget.

SYSTEM NAME AND NUMBER:

BGFRS-1 Recruiting and Placement Records

BGFRS-2 Personnel Security Systems

BGFRS-3 Medical Records

BGFRS-4 General Personnel Records

BGFRS-5 EEO Discrimination Complaint File

BGFRS-6 Disciplinary and Adverse Action Records

BGFRS-7 Payroll and Leave Records

BGFRS-8 Travel Records

BGFRS-9 Supplier Files

BGFRS-10 General Files on Board Members

BGFRS-11 Official General Files

BGFRS-12 Bank Officers Personnel System

BGFRS-13 Federal Reserve System Bank Supervision Staff Qualifications

BGFRS-14 General File of Federal Reserve Bank and Branch Directors

BGFRS-16 Regulation U Reports of NonBank Lenders

BGFRS-17 Municipal or Government Securities Principals and Representatives

BGFRS-18 Consumer Complaint Information

BGFRS-20 Survey of Consumer Finances

BGFRS-21 Supervisory Enforcement Actions and Special Examinations Tracking System

BGFRS-23 Freedom of Information Act and Privacy Act Case Tracking and Reporting System

BGFRS-24 EEO General Files

BGFRS-25 Multi-Rater Feedback Records

BGFRS-26 Employee Relations Records

BGFRS-27 Performance Management Program Records

BGFRS-28 Employee Assistance Program Records

BGFRS-29 Benefits Records

BGFRS-30 Academic Assistance Program Files

BGFRS-31 Protective Information Systems

BGFRS-32 Visitor Registration System

BGFRS-34 ESS Staff Identification Card File

BGFRS-35 Staff Parking Permit File

BGFRS-36 Federal Reserve Application Name Check System

BGFRS-37 Electronic Applications

BGFRS-38 Transportation Subsidy Records

BGFRS-39 General File of the Community Advisory Council

OIG-1 OIG Investigative Records

OIG-2 OIG Personnel Records

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

The Board maintains its systems of records at the Board of Governors of the Federal Reserve System, 20th Street and Constitution Avenue NW, Washington, DC 20551. Some sub-categories of certain systems may also be maintained by various third-parties, which are described in the corresponding SORNs located here: https://www.federalreserve.gov/system-of-records-notices.htm.

SYSTEM MANAGER(S):

The system manager for each system is described in the system's corresponding SORN located here: https://www.federalreserve.gov/system-of-records-notices.htm.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

The authority for each system is described in the system's corresponding SORN located here: https://www.federalreserve.gov/system-of-records-notices.htm.

PURPOSE(S) OF THE SYSTEM:

The purpose for each system is described in the system's corresponding SORN located here: https://www.federalreserve.gov/system-of-records-notices.htm.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The categories of individuals covered by each system are described in the system's corresponding SORN located here: https://www.federalreserve.gov/system-of-records-notices.htm.

CATEGORIES OF RECORDS IN THE SYSTEM:

The categories of records covered by each system are described in the system's corresponding SORN located here: https://www.federalreserve.gov/system-of-records-notices.htm.

RECORD SOURCE CATEGORIES:

The categories of sources of records for each system is described in the system's corresponding SORN located here: https://www.federalreserve.gov/system-of-records-notices.htm.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

The Board is amending its General Routine Uses by revising Routine Use I and adding Routine Use J. The Board is also revising all of the SORNs listed above to include the revised Routine Use I and the new Routine Use J. The Board is revising Routine Use I of its General Routine Uses to read as follows:

“I. Disclosure to Facilitate a Response to a Breach of the Board. Information may be disclosed to appropriate agencies, entities, and persons when: (1) The Board suspects or has confirmed that there has been a breach of the system of records; (2) the Board has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Board (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Board's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.”

The Board is also adding Routine Use J to its General Routine Uses to read as follows:

“J. Disclosure to Assist another Federal Agency or Federal Entity in Responding to a Breach. Information may be disclosed to another federal agency or federal entity, when the Board determines that the information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.”

The complete list of General Routine Uses now reads as follows:

General Routine Uses of Board Systems of Records

A. Disclosure for Enforcement, Statutory and Regulatory Purposes. Information may be disclosed to the appropriate federal, state, local, foreign, or self-regulatory organization or agency responsible for investigating, prosecuting, enforcing, implementing, issuing, or carrying out a statute, rule, regulation, order, policy, or license if the information may be relevant to a potential violation of civil or criminal law, rule, regulation, order, policy or license.

B. Disclosure to Another Agency or a Federal Reserve Bank. Information may be disclosed to a federal agency in the executive, legislative, or judicial branch of government, or to a Federal Reserve Bank, in connection with the hiring, retaining, or assigning of an employee, the issuance of a security clearance, the conducting of a security or suitability investigation of an individual, the classifying of jobs, the letting of a contract, the issuance of a license, grant, or other benefits by the receiving entity, or the lawful statutory, administrative, or investigative purpose of the receiving entity to the extent that the information is relevant and necessary to the receiving entity's decision on the matter.

C. Disclosure to a Member of Congress. Information may be disclosed to a congressional office in response to an inquiry from the congressional office made at the request of the individual to whom the record pertains.

D. Disclosure to the Department of Justice, a Court, an Adjudicative Body or Administrative Tribunal, or a Party in Litigation. Information may be disclosed to the Department of Justice, a court, an adjudicative body or administrative tribunal, a party in litigation, or a witness if the Board (or in the case of an Office of Inspector General system, the Office of Inspector General) determines, in its sole discretion, that the information is relevant and necessary to the matter.

E. Disclosure to Federal, State, Local, and Professional Licensing Boards. Information may be disclosed to federal, state, local, foreign, and professional licensing boards, including a bar association, a Board of Medical Examiners, a state board of accountancy, or a similar governmental or non-government entity that maintains records concerning the issuance, retention, or revocation of licenses, certifications, or registrations relevant to practicing an occupation, profession, or specialty.

F. Disclosure to the EEOC, MSPB, OGE and OSC. Information may be disclosed to the Equal Employment Opportunity Commission, the Merit Systems Protection Board, the Office of Government Ethics, or the Office of Special Counsel to the extent determined to be relevant and necessary to carrying out their authorized functions.

G. Disclosure to Contractors, Agents, and Others. Information may be disclosed to contractors, agents, or others performing work on a contract, service, cooperative agreement, job, or other activity for the Board and who have a need to access the information in the performance of their duties or activities for the Board.

H. Disclosure to Labor Relations Panels. Information may be disclosed to the Federal Reserve Board Labor Relations Panel or the Federal Reserve Banks Labor Relations Panel in connection with the investigation and resolution of allegations of unfair labor practices or other matters within the jurisdiction of the relevant panel when requested.

I. Disclosure to Facilitate a Response to a Breach of the Board. Information may be disclosed to appropriate agencies, entities, and persons when: (1) The Board suspects or has confirmed that there has been a breach of the system of records; (2) the Board has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals or the Board (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Board's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

J. Disclosure to Assist another Federal Agency or Federal Entity in Responding to a Breach. Information may be disclosed to another federal agency or federal entity, when the Board determines that the information from the system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach, or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

The storage practices for each system are set out in the corresponding SORN located here: https://www.federalreserve.gov/system-of-records-notices.htm.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Depending on the particular system, paper and electronic records may be retrieved by name or other identifying aspects.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

The retention period for each system is set out in the corresponding SORN located here: https://www.federalreserve.gov/system-of-records-notices.htm. Records will be disposed of at the end of their retention periods, subject to an annual close-out.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Access to records is limited to those whose official duties require it. Electronic records are password protected.

RECORD ACCESS PROCEDURES:

The Privacy Act allows individuals the right to access records maintained about them in a Board system of records. Your request for access must: (1) Contain a statement that it is made pursuant to the Privacy Act of 1974; (2) provide either the name of the Board system of records expected to contain the record requested or a concise description of the system of records; (3) provide the information necessary to verify your identity; and (4) provide any other information that may assist in the rapid identification of the record for which you are requesting access.

Current or former Board employees may make a request for access by contacting the Board office that maintains the record. The Board handles all Privacy Act requests as both a Privacy Act request and as a Freedom of Information Act request. The Board does not charge fees to a requestor seeking to access or amend his/her Privacy Act records.

You may submit your Privacy Act request to the—Secretary of the Board, Board of Governors of the Federal Reserve System, 20th Street and Constitution Avenue NW, Washington DC 20551.

If your request is for records maintained by the Board's Office of Inspector General, submit your request to the—Inspector General, Board of Governors of the Federal Reserve System, 20th Street and Constitution Avenue NW, Washington, DC 20551.

You may also submit your Privacy Act request electronically through the Board's FOIA “Electronic Request Form” located here: https://www.federalreserve.gov/secure/forms/efoiaform.aspx.

CONTESTING RECORD PROCEDURES:

The Privacy Act allows individuals to seek amendment of information that is erroneous, irrelevant, untimely, or incomplete and is maintained in a system of records about you. To request an amendment to your record, you should clearly mark the request as a “Privacy Act Amendment Request.” You have the burden of proof for demonstrating the appropriateness of the requested amendment and you must provide relevant and convincing evidence in support of your request.

Your request for amendment must: (1) Provide the name of the specific Board system of records containing the record you seek to amend; (2) Identify the specific portion of the record you seek to amend; (3) Describe the nature of and reasons for each requested amendment; (4) Explain why you believe the record is not accurate, relevant, timely, or complete; and (5) Unless you have already done so in a Privacy Act request for access, provide the necessary information to verify your identity.

NOTIFICATION PROCEDURES:

Same as “Access procedures” above. You may also follow this procedure in order to request an accounting of previous disclosures of records pertaining to you as provided for by 5 U.S.C. 552a(c).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

Any exemptions claimed for each specific system is described in the system's corresponding SORN located here: https://www.federalreserve.gov/system-of-records-notices.htm.

HISTORY:

The history of the Board's various systems can be located at: https://www.federalreserve.gov/system-of-records-notices.htm by clicking on the Federal Register Notice associated with the SORN for each system. In order that the Board's General Routine Uses will be contained in a single notice readily accessible by the public, the Board is taking the opportunity to republish the General Routine Uses previously published on May 6, 2008 (73 FR 24985) which were not revised under this notice.