Home/Federal/Federal Register/2024-00859

Notice2024-00859

Privacy Act of 1974; Systems of Records

Primary source

Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.

Published

January 18, 2024

Effective

February 20, 2024

Issuing agencies

Pension Benefit Guaranty Corporation

Abstract

Pursuant to the Privacy Act of 1974, the Pension Benefit Guaranty Corporation (PBGC), at the direction of the Office of Information and Regulatory Affairs, is merging all pertinent General Routine Uses from the Prefatory Statement of General Routine Uses into the Routine Uses sections of the following system of records notices (SORN): PBGC-17, Office of Inspector General Investigative File System, and PBGC-28, Physical Security and Facility Access. Additionally, PBGC is making administrative updates to the official addresses to reflect PBGC's new headquarters location and to pertinent system locations, updating the citation to the Contesting Records Procedures section, and updating the citation to the Privacy Act of 1974 to the following SORNs: PBGC-17 and PBGC-28. Moreover, PBGC is adding one routine use to PBGC-17, adding two routine uses to PBGC-28, and, lastly, establishing PBGC-30: Surveys and Complaints--PBGC.

Full Text

<html>
<head>
<title>Federal Register, Volume 89 Issue 12 (Thursday, January 18, 2024)</title>
</head>
<body><pre>
[Federal Register Volume 89, Number 12 (Thursday, January 18, 2024)]
[Notices]
[Pages 3436-3443]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2024-00859]

=======================================================================
-----------------------------------------------------------------------

PENSION BENEFIT GUARANTY CORPORATION

Privacy Act of 1974; Systems of Records

AGENCY: Pension Benefit Guaranty Corporation.

ACTION: Notice of modified systems of records; notice of a new system
of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974, the Pension Benefit
Guaranty Corporation (PBGC), at the direction of the Office of
Information and Regulatory Affairs, is merging all pertinent General
Routine Uses from the Prefatory Statement of General Routine Uses into
the Routine Uses sections of the following system of records notices
(SORN): PBGC-17, Office of Inspector General Investigative File System,
and PBGC-28, Physical Security and Facility Access. Additionally, PBGC
is making administrative updates to the official addresses to reflect
PBGC's new headquarters location and to pertinent system locations,
updating the citation to the Contesting Records Procedures section, and
updating the citation to the Privacy Act of 1974 to the following
SORNs: PBGC-17 and PBGC-28. Moreover, PBGC is adding one routine use to
PBGC-17, adding two routine uses to PBGC-28, and, lastly, establishing
PBGC-30: Surveys and Complaints--PBGC.

DATES: Comments must be received on or before February 20, 2024 to be
assured of consideration. The new systems of records described herein
will become effective February 20, 2024, without further notice, unless
comments result in a contrary determination and a notice is published
to that effect.

ADDRESSES: You may submit written comments to PBGC by any of the
following methods:
<bullet> Federal eRulemaking Portal: <a href="https://www.regulations.gov">https://www.regulations.gov</a>.
Follow the website instructions for submitting comments.
<bullet> Email: <a href="/cdn-cgi/l/email-protection#c7b5a2a0e9a4a8aaaaa2a9b3b487b7a5a0a4e9a0a8b1">[email&#160;protected]</a>. Refer to SORN in the subject
line.
<bullet> Mail or Hand Delivery: Regulatory Affairs Division, Office
of the General Counsel, Pension Benefit Guaranty Corporation, 445 12th
Street SW, Washington, DC 20024-2101.
Commenters are strongly encouraged to submit comments
electronically. Commenters who submit comments on paper by mail should
allow sufficient time for mailed comments to be received before the
close of the comment period.
All submissions must include the agency's name (Pension Benefit
Guaranty Corporation, or PBGC) and reference this notice. Comments
received will be posted without change to PBGC's website, <a href="http://www.pbgc.gov">http://www.pbgc.gov</a>, including any personal information provided. Do not
submit comments that include any personally identifiable information or
confidential business information. Copies of comments may also be
obtained by writing to the Disclosure Division, (<a href="/cdn-cgi/l/email-protection#06626f75656a6975737463467664616528616970">[email&#160;protected]</a>),
Office of the General Counsel, Pension Benefit Guaranty Corporation,
445 12th Street SW, Washington, DC 20024-2101; or calling 202-229-4040
during normal business hours. If you are deaf or hard of hearing, or
have a speech disability, please dial 7-1-1 to access
telecommunications relay services.

FOR FURTHER INFORMATION CONTACT: Shawn Hartley, Chief Privacy Officer,
Pension Benefit Guaranty Corporation, Office of the General Counsel,
445 12th Street SW, Washington, DC 20024-2101, 202-229-6321. For access
to any of PBGC's systems of records, write to the Disclosure Division,
(<a href="/cdn-cgi/l/email-protection#caaea3b9a9a6a5b9bfb8af8abaa8ada9e4ada5bc">[email&#160;protected]</a>), Office of the General Counsel, Pension Benefit
Guaranty Corporation, 445 12th Street SW, Washington, DC 20024-2101, or
by calling 202-229-4040 during normal business hours, or go to <a href="https://www.pbgc.gov/about/policies/pg/privacy-at-pbgc/system-of-records-notices">https://www.pbgc.gov/about/policies/pg/privacy-at-pbgc/system-of-records-notices</a>.

SUPPLEMENTARY INFORMATION:
(1) At the direction of the Office of Information and Regulatory
Affairs, PBGC is merging all pertinent General Routine Uses from the
Prefatory Statement of General Routine Uses into the Routine Uses
sections of SORNs 17 and 28.
At the direction of the Office of Management and Budget's (OMB)
Office of Information and Regulatory Affairs (OIRA), PBGC is proposing
to merge all pertinent General Routine Uses from the Prefatory
Statement of General Routine Uses, last published at 83 FR 6247 (Feb.
13, 2018), into the routine uses sections

[[Page 3437]]

of the system of records notices (SORNs) 17 and 28. PBGC will merge
General Routine Uses G1, G2, G4, G5, G7, and G9 through G14 (see
Prefatory Statement of General Routine Uses at 83 FR 6247 (Feb. 13,
2018)) into the routine uses section of PBGC-17, Office of Inspector
General Investigative File System, thereby adding them as routine uses.
PBGC will merge General Routine Uses G1 through G5 and G7 through G12
(See Prefatory Statement of General Routine Uses at 83 FR 6247 (Feb.
13, 2018)) into the routine uses section of PBGC-28, Physical Security
and Facility Access.
Additionally, as it merges General Routine Uses 4 and 5 into the
SORNs, PBGC is incorporating OIRA's suggested language to clarify that
any disclosures must be relevant and necessary to litigation. As it
merges General Routine Use 14 into the SORNs, PBGC is rewriting the
language to conform to OMB Memorandum A-130. All additional revisions
will be incorporated into the merger of routine uses and renumbered
accordingly.
(2) PBGC is proposing, in all SORNs, to update the citations to the
Contesting Records Procedures section and to the Privacy Act of 1974,
and to update SORNs 17 and 28, to remove the citation to the Prefatory
Statement of General Routine Uses and to update the Official Addresses
and system locations.
When PBGC reviewed and revised its SORNs in 2018, it omitted the
citation to its regulations explaining the process to contest
information contained in records maintained by PBGC. PBGC is adding the
citation to 29 CFR 4902.5 to the Contesting Records Procedures section
of all its SORNs. Additionally, upon review, it was noticed that the
Routine Uses section of all SORNs contained a citation error. PBGC is
amending the Privacy Act citation in the Routine Uses section of all
its SORNs, changing it from 5 U.S.C. 522a(b) to 5 U.S.C. 552a(b).
Additionally, PBGC is removing all citations to PBGC's Prefatory
Statement of General Routine Uses in SORNs 17 and 28 to reflect that
General Routine Uses were merged at the direction of OIRA. Lastly, PBGC
is updating the Official Addresses of SORNs 17 and 28 to reflect PBGC's
new Headquarters location and/or system locations where applicable.
(3) PBGC is proposing to add one routine use to PBGC-17, Office of
Inspector General Investigative File System.
PBGC is proposing the addition of one routine use to PBGC-17 for
disclosure to compare records maintained by the Office of Inspector
General (OIG) against other records maintained in another Federal
system of records or with non-Federal records. Pursuant to the
Inspector General Empowerment Act of 2016, an Inspector General or an
agency, in coordination with an Inspector General, may conduct a
computerized comparison of two or more automated system of records or a
comparison of a Federal system of records with other records or non-
Federal records without it creating a matching program as defined by
the Computer Matching and Privacy Protection Act, as amended. This
routine use is necessary to allow the OIG to investigate fraud and
other matters under its jurisdiction more efficiently. New Routine Use
27 will read, ``A record to compare such records in other Federal
agencies' systems of records or to non-Federal records.''
(4) PBGC is proposing to add two routine uses to PBGC-28, Physical
Security and Facility Access.
PBGC is also proposing to add to PBGC-28, a Routine Use 12 to read:
``12. Records from this system may be disclosed to a third party for
purposes of providing access to facilities leased by PBGC or on PBGC's
behalf.'' This is to allow PBGC to provide physical access security and
facility access via its landlord's facilities management provider.
Additionally, PBGC is adding a new routine use that will read:
``13. To Another Agency or Non-Federal Entity in Connection with an OIG
Audit, Investigation, or Inspection: To another Federal agency or non-
Federal entity to compare such records in the agency's system of
records or to non-Federal records in coordination with the Office of
Inspector General (OIG) conducting an audit, investigation, inspection,
or some other review as authorized by the Inspector General Act, as
amended.'' Pursuant to the Inspector General Empowerment Act of 2016,
an Inspector General or an agency, in coordination with an Inspector
General, may conduct a computerized comparison of two or more automated
system of records or a comparison of a Federal system of records with
other records or non-Federal records without it creating a matching
program as defined by the Computer Matching and Privacy Protection Act,
as amended. PBGC's Inspector General requested that PBGC create a new
routine use to reflect that information contained in a PBGC system of
records may be used in a computerized comparison of two or more system
of records or with non-Federal records in coordination with the OIG
conducting an audit, investigation, inspection, or some other review as
authorized by the Inspector General Act, as amended.
(5) PBGC is proposing to establish a new SORN ``PBGC-30: Surveys
and Complaints--PBGC'' to reflect its current practice of using
surveys.
PBGC is proposing to establish a new SORN--``PBGC-30: Surveys and
Complaints--PBGC''--to reflect its current practice of using surveys to
obtain internal agency feedback and for responding to complaints
received by the PBGC departments that leverage PBGC's survey tool or
other complaint procedures. PBGC previously relied upon a SORN
published by the Department of the Interior (DOI), as PBGC utilized
DOI's survey system and leveraged the applicable SORN. As PBGC is
transitioning to a different system at DOI's direction, PBGC is seeking
to establish its own system of records.
Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to
submit written comments on the proposed changes described in this
notice. A report has been sent to Congress and the Office of Management
and Budget for their evaluation.
For the convenience of the public the amended and new systems of
records are published in full below with changes italicized.

Issued in Washington, DC.
Gordon Hartogensis,
Director, Pension Benefit Guaranty Corporation.

SYSTEM NAME AND NUMBER:
PBGC-17: Office of Inspector General Investigative File System--
PBGC.

SECURITY CLASSIFICATION:
Unclassified.

SYSTEM LOCATION:
Office of Inspector General, Pension Benefit Guaranty Corporation
(PBGC), 445 12th Street SW, Washington, DC, 20024-2101.

SYSTEM MANAGER(S):
Office of the Inspector General, PBGC, 445 12th Street SW,
Washington, DC, 20024-2101.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. App. 3, sections 2 and 4.

PURPOSE(S) OF THE SYSTEM:
This system of records is used to supervise and conduct
investigations relating to programs and operations of PBGC by the
Inspector General.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals named in investigations conducted by the Office of
Inspector General (OIG); complainants and subjects of complaints
collected through

[[Page 3438]]

the operation of the OIG Hotline; other individuals, including
witnesses, sources, and members of the general public who are named
individuals in connection with investigations conducted by OIG.

CATEGORIES OF RECORDS IN THE SYSTEM:
Information within this system relates to OIG investigations
carried out under applicable statutes, regulations, policies, and
procedures. The investigations may relate to criminal, civil, or
administrative matters. These OIG files may contain investigative
reports; transcripts; internal staff memoranda; working drafts of
papers to PBGC employees; investigative plans; litigation strategies;
copies of personnel, financial, contractual, and property management
records maintained by PBGC; information submitted by or about pension
plan sponsors or plan participants; background data including arrest
records, statements of informants and witnesses, and laboratory reports
of evidence analysis; information and documentation received from other
government agencies; search warrants, summonses and subpoenas; and
other information related to investigations. Personal data in the
system may consist of names, social security numbers, addresses, dates
of birth and death, fingerprints, handwriting samples, reports of
confidential informants, physical identifying data, voiceprints,
polygraph tests, photographs, and individual personnel and payroll
information.

RECORD SOURCE CATEGORIES:
Subject individuals; individual complainants; witnesses; interviews
conducted during investigations; Federal, state, tribal, and local
government records; individual or company records; claim and payment
files; employer medical records; insurance records; court records;
articles from publications; financial data; bank information; telephone
data; service providers; other law enforcement organizations; grantees
and sub-grantees; contractors and subcontractors; pension plan sponsors
and participants; and other sources.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
Information about covered individuals may be disclosed without
consent as permitted by the Privacy Act of 1974, 5 U.S.C. 552a(b) and:
1. A record from this system may be disclosed to law enforcement in
the event the record is connected to a violation or potential violation
of law, whether civil, criminal, or regulatory in nature, and whether
arising by general statute, regulation, rule, or order issued pursuant
thereto. Such disclosure may be made to the appropriate agency, whether
Federal, state, local, or tribal, or other public authority responsible
for enforcing, investigating or prosecuting such violation or charged
with enforcing or implementing the statute, or rule, regulation, or
order issued pursuant thereto, if PBGC determines that the records are
both relevant and necessary to any enforcement, regulatory,
investigative or prospective responsibility of the receiving entity.
2. A record from this system of records may be disclosed to a
Federal, state, tribal or local agency or to another public or private
source maintaining civil, criminal, or other relevant enforcement
information or other pertinent information if, and to the extent
necessary, to obtain information relevant to a PBGC decision concerning
the hiring or retention of an employee, the retention of a security
clearance, or the letting of a contract.
3. A record from this system of records may be disclosed in a
proceeding before a court or other adjudicative body in which PBGC, an
employee of PBGC in his or her official capacity, an employee of PBGC
in his or her individual capacity whom PBGC (or the Department of
Justice (DOJ)) has agreed to represent is a party, or the United States
or any other Federal agency is a party and PBGC determines that it has
an interest in the proceeding, and if PBGC determines that the record
is relevant and necessary to the litigation and that the use of the
record is compatible with the purpose for which PBGC collected the
information.
4. When PBGC, an employee of PBGC in his or her official capacity,
or an employee of PBGC in his or her individual capacity whom PBGC (or
DOJ) has agreed to represent is a party to a proceeding before a court
or other adjudicative body, or the United States or any other Federal
agency is a party and PBGC determines that it has an interest in the
proceeding, a record from this system of records may be disclosed to
DOJ if PBGC is consulting with DOJ regarding the proceeding or has
decided that DOJ will represent PBGC, or its interest, in the
proceeding and PBGC determines that the record is relevant and
necessary to the litigation and that the use of the record is
compatible with the purpose for which PBGC collected the information.
5. A record from this system of records may be disclosed to a
congressional office in response to an inquiry from the congressional
office made at the request of the individual.
6. A record from this system of records may be disclosed to
appropriate agencies, entities, and persons when (1) PBGC suspects or
has confirmed that there has been a breach of the system of records;
(2) PBGC has determined that as a result of the suspected or confirmed
breach there is a risk of harm to individuals, PBGC (including its
information systems, programs and operations), the Federal Government,
or national security; and (3) the disclosure made to such agencies,
entities, and persons is reasonably necessary to assist in connection
with PBGC's efforts to respond to the suspected or confirmed breach or
to prevent, minimize, or remedy such harm.
7. To contractors, experts, consultants, and the agents thereof,
and others performing or working on a contract, service, cooperative
agreement, or other assignment for PBGC when necessary to accomplish an
agency function. Individuals provided information under this routine
use are subject to the same Privacy Act requirements and limitations on
disclosure as are applicable to PBGC employees.
8. To the National Archives and Records Administration or to the
General Services Administration for records management inspections
conducted under 44 U.S.C. 2904 and 2906.
9. To any source from which information is requested in the course
of processing a grievance, investigation, arbitration, or other
litigation, to the extent necessary to identify the individual, inform
the source of the purpose(s) of the request, and identify the type of
information requested.
10. To disclose information to a Federal agency, in response to its
request, in connection with hiring or retaining an employee, issuing a
security clearance, conducting a security or suitability investigation
of an individual, or classifying jobs, to the extent that the
information is relevant and necessary to the requesting agency's
decision on the matter.
11. To another federal agency or federal entity, when information
from this system of records is reasonably necessary to assist the
recipient agency or entity in (1) responding to a suspected or
confirmed breach or (2) preventing, minimizing, or remedying the risk
of harm to individuals, the agency (including its information systems,
programs, and operations), the Federal Government, or national
security.

[[Page 3439]]

12. A record relating to a person held in custody pending or during
arraignment, trial, sentence, or extradition proceedings or after
conviction may be disclosed to a Federal, state, local, tribal or
foreign prison; probation, parole, or pardon authority; or any other
agency or individual involved with the maintenance, transportation, or
release of such a person.
13. A record relating to a case or matter may be disclosed to an
actual or potential party or his or her attorney for the purpose of
negotiation or discussion on such matters as settlement of the case or
matter, plea bargaining, or informal discovery proceedings.
14. A record may be disclosed to any source, either private or
governmental, when reasonably necessary to elicit information or obtain
the cooperation of a witness or informant when conducting any official
investigation or during a trial or hearing or when preparing for a
trial or hearing.
15. A record relating to a case or matter may be disclosed to a
foreign country, through the United States Department of State or
directly to the representative of such country, under an international
treaty, convention, or executive agreement; or to the extent necessary
to assist the U.S. Department of State, law enforcement officials, and
such country in apprehending or returning a fugitive to a jurisdiction
that seeks that individual's return.
16. A record originating exclusively within this system of records
may be disclosed to other Federal offices of inspectors general and
councils comprising officials from other Federal offices of inspectors
general, as required by the Inspector General Act of 1978, as amended.
The purpose is to ensure that OIG investigative operations can be
subject to integrity and efficiency peer reviews, and to permit other
offices of inspectors general to investigate and report on allegations
of misconduct by senior OIG officials as directed by a council, the
President, or Congress. Records originating from any other PBGC systems
of records, which may be duplicated in or incorporated into this
system, also may be disclosed with all identifiable information
redacted.
17. A record may be disclosed to the Department of the Treasury and
the Department of Justice when the OIG seeks an ex parte court order to
obtain taxpayer information from the Internal Revenue Service.
18. A record may be disclosed to any governmental, professional, or
licensing authority when such record reflects on qualifications, either
moral, educational or vocational, of an individual seeking to be
licensed or to maintain a license.
19. A record may be disclosed to any direct or indirect recipient
of Federal funds, e.g., a contractor, where such record reflects
problems with the personnel working for a recipient, and disclosure of
the record is made to permit a recipient to take corrective action
beneficial to the Government.
20. A record may be disclosed where there is an indication of a
violation or a potential violation of law, rule, regulation, or order
whether civil, criminal, administrative or regulatory in nature, to the
appropriate agency, whether Federal, state, tribal or local, or to a
securities self-regulatory organization, charged with enforcing or
implementing the statute, or rule, regulation, or order.
21. A record may be disclosed to Federal, state, tribal or local
authorities in order to obtain information or records relevant to an
Office of Inspector General investigation or inquiry.
22. A record may be disclosed to a bar association, state
accountancy board, or other Federal, state, tribal, local, or foreign
licensing or oversight authority; or professional association or self-
regulatory authority to the extent that it performs similar functions
(including the Public Company Accounting Oversight Board) for
investigations or possible disciplinary action.
23. A record may be disclosed to inform complainants, victims, and
witnesses of the results of an investigation or inquiry.
24. A record may be disclosed to the Department of Justice for the
purpose of obtaining advice on investigatory matters or to refer
information for the purpose of prosecution.
25. A record may be disclosed to contractors, interns and experts
who have been engaged to assist in an OIG investigation or in the
performance of a service related to this system of records and require
access to these records for the purpose of assisting the OIG in the
efficient administration of its duties. All recipients of these records
will be required to comply with the requirements of the Privacy Act of
1974, as amended.
26. A record may be disclosed to the public when the matter under
investigation has become public knowledge, or when the Inspector
General determines that such disclosure is necessary to preserve
confidence in the integrity of the OIG investigative process, to
demonstrate the accountability of PBGC employees, or other individuals
covered by this system, or when there exists a legitimate public
interest, unless the Inspector General has determined that disclosure
of specific information would constitute an unwarranted invasion of
personal privacy.
27. A record to compare such records in other Federal agencies'
systems of records or to non-Federal records.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained manually in paper and/or electronic form
(including computer databases or discs). Records may also be maintained
on back-up tapes, or on a PBGC or a contractor-hosted network.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records may be retrieved by any one or more of the following: name;
social security number; subject category; or assigned case number.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
PBGC has established security and privacy protocols that meet the
required security and privacy standards issued by the National
Institute of Standards and Technology (NIST). Records are maintained in
a secure, password protected electronic system that utilizes security
hardware and software to include multiple firewalls, active intruder
detection, and role-based access controls. PBGC has adopted appropriate
administrative, technical, and physical controls in accordance with
PBGC's security program to protect the confidentiality, integrity, and
availability of the information, and to ensure that records are not
disclosed to or accessed by unauthorized individuals.
Electronic records are stored on computer networks, which may
include cloud-based systems, and protected by controlled access with
Personal Identity Verification (PIV) cards, assigning user accounts to
individuals needing access to the records and by passwords set by
authorized users that must be changed periodically.

RECORD ACCESS PROCEDURES:
This system is exempt from the notification and record access

[[Page 3440]]

requirements. However, consideration will be given to requests made in
compliance with 29 CFR 4902.3 and 4902.4.

CONTESTING RECORD PROCEDURES:
This system is exempt from amendment requirements. However,
consideration will be given to requests made in compliance with 29 CFR
4902.3 and 4902.5.

NOTIFICATION PROCEDURES:
This system is exempt from the notification requirements. However,
consideration will be given to inquiries made in compliance with 29 CFR
4902.3.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
Pursuant to 5 U.S.C. 552a(j) and (k), PBGC has established
regulations at 29 CFR 4902.11 that exempt records in this system
depending on their purpose.

HISTORY:
PBGC--17, Inspector General Investigative File System (last
published at 83 FR 6268 (February 13, 2018)).

SYSTEM NAME AND NUMBER:
PBGC--28: Physical Security and Facility Access

SECURITY CLASSIFICATION:
Unclassified

SYSTEM LOCATION:
Pension Benefit Guaranty Corporation (PBGC), 445 12th Street SW,
Washington, DC, 20024-2101.

SYSTEM MANAGER(S):
Director, Workplace Solutions Department, PBGC, 445 12th Street SW,
Washington, DC, 20024-2101.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Executive Order 12977; 6 CFR part 37; Homeland Security
Presidential Directive (HSPD) 12: Policy for a Common Identification
Standard for Federal Employees and Contractors.

PURPOSE(S) OF THE SYSTEM:
The purpose of this system is to maintain information to allow PBGC
to provide for its facilities: control of visitor, employee, and
government contractor access; physical and operational security; and
video surveillance. It can also be used to maintain information from
issuing temporary facility access for employees and contractors who are
not in possession of their Personal Identity Verification (PIV) card or
office key.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Current PBGC employees, students, interns, government contractors,
employees of other agencies, vendors, and other authorized visitors who
access PBGC facilities.

CATEGORIES OF RECORDS IN THE SYSTEM:
This system contains records relating to employee and government
contractor access, visitor access, and facility security. This includes
government Personal Identity Verification (PIV) cards, visitor,
contractor, and employee access records, temporary access cards,
biometric data, and video surveillance recordings. PIV card records
include the following information: name, photo, type of access,
employee affiliation, expiration date, activation date, credential
serial number to include the full Card Holder Unique Identifier
(CHUID), height, eye color, and hair color. Visitor access records
include the following information: name, phone number, email address,
digital photo, scan of government-issued photo identification, reason
for visit, organization name, date and time of visit, floor visited,
and temporary visitor badge number or barcode. Employee access records
include date and time of room or facility access and fingerprint or
other biometric data.

RECORD SOURCE CATEGORIES:
Subject individuals, employees, visitors, contractors, vendors, and
others visiting PBGC facilities.

[[Page 3441]]

8. A record from this system of records may be disclosed to
appropriate agencies, entities, and persons when (1) PBGC suspects or
has confirmed that there has been a breach of the system of records;
(2) PBGC has determined that as a result of the suspected or confirmed
breach there is a risk of harm to individuals, PBGC (including its
information systems, programs and operations), the Federal Government,
or national security; and (3) the disclosure made to such agencies,
entities, and persons is reasonably necessary to assist in connection
with PBGC's efforts to respond to the suspected or confirmed breach or
to prevent, minimize, or remedy such harm.
9. To contractors, experts, consultants, and the agents thereof,
and others performing or working on a contract, service, cooperative
agreement, or other assignment for PBGC when necessary to accomplish an
agency function. Individuals provided information under this routine
use are subject to the same Privacy Act requirements and limitations on
disclosure as are applicable to PBGC employees.
10. To the National Archives and Records Administration or to the
General Services Administration for records management inspections
conducted under 44 U.S.C. 2904 and 2906.
11. To any source from which information is requested in the course
of processing a grievance, investigation, arbitration, or other
litigation, to the extent necessary to identify the individual, inform
the source of the purpose(s) of the request, and identify the type of
information requested.
12. Records from this system may be disclosed to a third party for
purposes of providing access to facilities leased by PBGC or on PBGC's
behalf.
13. To another Federal agency or non-Federal entity to compare such
records in the agency's system of records or to non-Federal records in
coordination with the Office of Inspector General conducting an audit,
investigation, inspection, or some other review as authorized by the
Inspector General Act, as amended.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrieved by any one of the following: employee or
contractor name, PIV card number, temporary access card number, access
clearance, key number, key removal date and time, visitor name, date
and time of visit, organization, name of PBGC personnel escorting the
visitor, visitor badge number, and reason for visit.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are maintained and destroyed in accordance with the
National Archives and Record Administration's (NARA) Basic Laws and
Authorities (44 U.S.C. 3301, et seq.) or a PBGC records disposition
schedule approved by NARA. Records existing on paper are destroyed
beyond recognition. Records existing on computer storage media are
destroyed according to the applicable PBGC media practice for physical
security and access control systems and will be maintained in
accordance with General Records Schedule 5.6 Security Records Items:
010, 021, 100, 111, 120, 121, 130, and 240.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
PBGC has established security and privacy protocols that meet the
required security and privacy standards issued by the National
Institute of Standards and Technology (NIST). Records are maintained in
a secure, password protected electronic system that utilizes security
hardware and software to include multiple firewalls, active intruder
detection, and role-based access controls. PBGC has adopted appropriate
administrative, technical, and physical controls in accordance with
PBGC's security program to protect the confidentiality, integrity, and
availability of the information, and to ensure that records are not
disclosed to or accessed by unauthorized individuals.
Electronic records are stored on computer networks, which may
include cloud-based systems, and protected by controlled access with
PIV cards, assigning user accounts to individuals needing access to the
records and by passwords set by authorized users that must be changed
periodically.

RECORD ACCESS PROCEDURES:
Individuals, or third parties with written authorization from the
individual, wishing to request access to their records in accordance
with 29 CFR 4902.4, should submit a written request to the Disclosure
Officer, PBGC, 445 12th Street SW, Washington, DC, 20024-2101, or by
emailing <a href="/cdn-cgi/l/email-protection#6e0a071d0d02011d1b1c0b2e1e0c090d40090118">[email&#160;protected]</a>, providing their name, address, date of
birth, and verification of their identity in accordance with 29 CFR
4902.3(c).

CONTESTING RECORD PROCEDURES:
Individuals, or third parties with written authorization from the
individual, wishing to amend their records must submit a written
request, in accordance with 29 CFR 4902.5, identifying the information
they wish to correct in their file, following the requirements of
Record Access Procedure above.

NOTIFICATION PROCEDURES:
Individuals, or third parties with written authorization from the
individual, wishing to learn whether this system of records contains
information about them should submit a written request to the
Disclosure Officer, PBGC, 445 12th Street SW, Washington, DC, 20024-
2101, or by emailing <a href="/cdn-cgi/l/email-protection#acc8c5dfcfc0c3dfd9dec9ecdccecbcf82cbc3da">[email&#160;protected]</a>, providing their name,
address, date of birth, and verification of their identity in
accordance with 29 CFR 4902.3(c).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.

HISTORY:
PBGC--28, Physical Security and Facility Access (last published at
87 FR 4668 (Jan. 28,2022)).

SYSTEM NAME AND NUMBER:
PBGC-30: Surveys and Complaints--PBGC

SECURITY CLASSIFICATION:
Unclassified

SYSTEM LOCATION:
Pension Benefit Guaranty Corporation (PBGC), 445 12th Street SW,
Washington, DC 20024-2101. (Records may be kept at an additional
location of the commercial service provider of Qualtrics, 333 W. River
Park Drive Provo, UT 84604, in the Amazon Web Services Government
Commercial Cloud).

SYSTEM MANAGER(S):
Office of the General Counsel (OGC), PBGC, 445 12th Street SW,
Washington, DC, 20024-2101.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
29 U.S.C. 1055, 1056(d)(3), 1302, 1303, 1310, 1321, 1322a, 1341,
1342, 1343, 1350; 1431, and 1432; 5 U.S.C. 301; 44 U.S.C. 3101 et seq.

PURPOSE(S) OF THE SYSTEM:
The purpose of this system of records is for all departments at
PBGC to elicit

[[Page 3442]]

feedback through surveys and respond to complaints PBGC receives from
communications contained within them. This includes a process for
tracking, receiving, and responding to surveys, complaints, concerns,
or questions from individuals about the organizational security and
privacy practices. Names, addresses, and telephone numbers are used to
survey customers to measure their satisfaction with PBGC's services and
to track (for follow-up) those who do not respond to surveys. De-
identified, aggregated information from this system may be used for
research and statistical purposes.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals who access a website operated by or on behalf of PBGC;
and individuals who are the subject of or are otherwise connected to an
inquiry, investigation, or complaint concerning PBGC's privacy or
cybersecurity programs.

CATEGORIES OF RECORDS IN THE SYSTEM:
Responses to individual survey questions or complaint forms; IP
addresses; cookies (session and persistent); email communications; and
information pertaining to the individual's complaint such as their
name, email address, phone number, and details about their experience
using a PBGC website or their complaint.

RECORD SOURCE CATEGORIES:
Subject individuals; pension plan participants, sponsors,
administrators and third parties; current and former employees or
contractors.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
Information about covered individuals may be disclosed without
consent as permitted by the Privacy Act of 1974, 5 U.S.C. 552a(b), and:
1. A record from this system may be disclosed to law enforcement in
the event the record is connected to a violation or potential violation
of law, whether civil, criminal, or regulatory in nature, and whether
arising by general statute, regulation, rule, or order issued pursuant
thereto. Such disclosure may be made to the appropriate agency, whether
Federal, state, local, or tribal, or other public authority responsible
for enforcing, investigating or prosecuting such violation or charged
with enforcing or implementing the statute, or rule, regulation, or
order issued pursuant thereto, if PBGC determines that the records are
both relevant and necessary to any enforcement, regulatory,
investigative or prospective responsibility of the receiving entity.
2. A record from this system of records may be disclosed to a
Federal, state, tribal or local agency or to another public or private
source maintaining civil, criminal, or other relevant enforcement
information or other pertinent information if, and to the extent
necessary, to obtain information relevant to a PBGC decision concerning
the hiring or retention of an employee, the retention of a security
clearance, or the letting of a contract.
3. A record from this system of records may be disclosed in a
proceeding before a court or other adjudicative body in which PBGC, an
employee of PBGC in his or her official capacity, an employee of PBGC
in his or her individual capacity whom PBGC (or the Department of
Justice (DOJ)) has agreed to represent is a party, or the United States
or any other Federal agency is a party and PBGC determines that it has
an interest in the proceeding, and if PBGC determines that the record
is relevant and necessary to the litigation and that the use of the
record is compatible with the purpose for which PBGC collected the
information.
4. When PBGC, an employee of PBGC in his or her official capacity,
or an employee of PBGC in his or her individual capacity whom PBGC (or
DOJ) has agreed to represent is a party to a proceeding before a court
or other adjudicative body, or the United States or any other Federal
agency is a party and PBGC determines that it has an interest in the
proceeding, a record from this system of records may be disclosed to
DOJ if PBGC is consulting with DOJ regarding the proceeding or has
decided that DOJ will represent PBGC, or its interest, in the
proceeding and PBGC determines that the record is relevant and
necessary to the litigation and that the use of the record is
compatible with the purpose for which PBGC collected the information.
5. A record from this system of records may be disclosed to OMB in
connection with the review of private relief legislation as set forth
in OMB Circular No. A-19 at any stage of the legislative coordination
and clearance process as set forth in that Circular.
6. A record from this system of records may be disclosed to a
congressional office in response to an inquiry from the congressional
office made at the request of the individual.
7. A record from this system of records may be disclosed to an
official of a labor organization recognized under 5 U.S.C. ch. 71 when
necessary for the labor organization to properly perform its duties as
the collective bargaining representative of PBGC employees in the
bargaining unit.
8. A record from this system of records may be disclosed to
appropriate agencies, entities, and persons when (1) PBGC suspects or
has confirmed that there has been a breach of the system of records;
(2) PBGC has determined that as a result of the suspected or confirmed
breach there is a risk of harm to individuals, PBGC (including its
information systems, programs and operations), the Federal Government,
or national security; and (3) the disclosure made to such agencies,
entities, and persons is reasonably necessary to assist in connection
with PBGC's efforts to respond to the suspected or confirmed breach or
to prevent, minimize, or remedy such harm.
9. To contractors, experts, consultants, and the agents thereof,
and others performing or working on a contract, service, cooperative
agreement, or other assignment for PBGC when necessary to accomplish an
agency function. Individuals provided information under this routine
use are subject to the same Privacy Act requirements and limitations on
disclosure as are applicable to PBGC employees.
10. To the National Archives and Records Administration or to the
General Services Administration for records management inspections
conducted under 44 U.S.C. 2904 and 2906.
11. To any source from which information is requested in the course
of processing a grievance, investigation, arbitration, or other
litigation, to the extent necessary to identify the individual, inform
the source of the purpose(s) of the request, and identify the type of
information requested.
12. To Another Agency or Non-Federal Entity in Connection with an
OIG Audit, Investigation, or Inspection: To another Federal agency or
non-Federal entity to compare such records in the agency's system of
records or to non-Federal records in coordination with the Office of
Inspector General conducting an audit, investigation, inspection, or
some other review as authorized by the Inspector General Act, as
amended.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained in electronic databases. Records may also be
maintained on back-up tapes, or on a PBGC or a contractor-hosted
network.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Indexing surveys and complaints will be determined by individual
system

[[Page 3443]]

implementations, but records are generally indexed by a generic,
sequential survey or complaint record identifier. Records may be
indexed by a combination of survey responses and contact information
that is voluntarily provided through the survey or complaint form.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are maintained and destroyed in accordance with the
National Archives and Record Administration's (NARA) Basic Laws and
Authorities (44 U.S.C. 3301, et seq.) or a PBGC records disposition
schedule approved by NARA. Records existing on paper are destroyed
beyond recognition. Records existing on computer storage media are
destroyed according to the applicable PBGC media practice for systems
that leverage this SORN and will be maintained in accordance with PBGC
Records Schedule. See General Records Schedule (GRS) Items 6.5.010 and
6.5.020: Public Customer Service Records; See also GRS 6.5.010:
Complaints-Customer Service; see also GRS Items 4.2.06; Privacy
complaint files. See also PBGC Records Schedule Item 1.2:
Administrative Records--Privacy Act.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
PBGC has established security and privacy protocols that meet the
required security and privacy standards issued by the National
Institute of Standards and Technology (NIST). Records are maintained in
a secure, password protected electronic system that utilizes security
hardware and software to include multiple firewalls, active intruder
detection, and role-based access controls. PBGC has adopted appropriate
administrative, technical, and physical controls in accordance with
PBGC's security program to protect the confidentiality, integrity, and
availability of the information, and to ensure that records are not
disclosed to or accessed by unauthorized individuals. Paper records are
kept in file folders in areas of restricted access that are locked
after office hours.
Electronic records are stored on computer networks, which may
include cloud-based systems, and protected by controlled access with
Personal Identity Verification (PIV) cards, assigning user accounts to
individuals needing access to the records and by passwords set by
authorized users that must be changed periodically. Further, for
certain systems covered by this notice, heightened security access is
required. Such access is granted by the specific permissions group
assigned to monitor that particular system and only authorized
employees of the agency may retrieve, review or modify those records.

RECORD ACCESS PROCEDURES:
Individuals, or third parties with written authorization from the
individual, wishing to request access to their records in accordance
with 29 CFR 4902.4, should submit a written request to the Disclosure
Officer, PBGC, 445 12th Street SW, Washington, DC 20024-2101, or by
emailing <a href="/cdn-cgi/l/email-protection#e0848993838c8f93959285a090828783ce878f96">[email&#160;protected]</a>, providing their name, address, date of
birth, and verification of their identity in accordance with 29 CFR
4902.3(c).

CONTESTING RECORD PROCEDURES:
Individuals, or third parties with written authorization from the
individual, wishing to amend their records must submit a written
request, in accordance with 29 CFR 4902.5, identifying the information
they wish to correct in their file, in addition to following the
requirements of the Record Access Procedure above.

NOTIFICATION PROCEDURES:
Individuals, or third parties with written authorization from the
individual, wishing to learn whether this system of records contains
information about them should submit a written request to the
Disclosure Officer, PBGC, 445 12th Street SW, Washington, DC 20024-
2101, or by emailing <a href="/cdn-cgi/l/email-protection#3d59544e5e51524e484f587d4d5f5a5e135a524b">[email&#160;protected]</a>, providing their name,
address, date of birth, and verification of their identity in
accordance with 29 CFR 4902.3(c).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.

HISTORY:
None.
[FR Doc. 2024-00859 Filed 1-17-24; 8:45 am]
BILLING CODE 7709-02-P

</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>

View on FederalRegister.gov →Plain-text source

Indexed from Federal Register on January 18, 2024.

This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.