Privacy Act of 1974; System of Records

Issuing agencies

Abstract

In accordance with the Privacy Act of 1974, all agencies are required to publish in the Federal Register a notice of their systems of records. Notice is hereby given that the Federal Energy Regulatory Commission (FERC) is publishing a notice of modification to an existing FERC system of records previously titled "Critical Energy Infrastructure Information (CEII) Records (FERC-58)"and now titled "Critical Energy/Electric Infrastructure Information (CEII) Records (FERC-58)."

Full Text

<html>
<head>
<title>Federal Register, Volume 89 Issue 35 (Wednesday, February 21, 2024)</title>
</head>
<body><pre>
[Federal Register Volume 89, Number 35 (Wednesday, February 21, 2024)]
[Notices]
[Pages 13069-13071]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2024-03491]


-----------------------------------------------------------------------

DEPARTMENT OF ENERGY

Federal Energy Regulatory Commission


Privacy Act of 1974; System of Records

AGENCY: Federal Energy Regulatory Commission (FERC), DOE.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, all agencies are 
required to publish in the Federal Register a notice of their systems 
of records. Notice is hereby given that the Federal Energy Regulatory 
Commission (FERC) is publishing a notice of modification to an existing 
FERC system of records previously titled ``Critical Energy 
Infrastructure Information (CEII) Records (FERC-58)''and now titled 
``Critical Energy/Electric Infrastructure Information (CEII) Records 
(FERC-58).''

DATES: Comments on this modified system of records must be received no 
later than 30 days after date of publication in the Federal Register. 
If no public comment is received during the period allowed for comment 
or unless otherwise published in the Federal Register by FERC, the 
modified system of records will become effective a minimum of 30 days 
after date of publication in the Federal Register. If FERC receives 
public comments, FERC shall review the comments to determine whether 
any changes to the notice are necessary.

ADDRESSES: Comments should be submitted in writing to Federal Energy 
Regulatory Commission, 888 First Street NE, Washington, DC 20426 or 
electronically to <a href="/cdn-cgi/l/email-protection#1767657e6176746e577172657439707861"><span class="__cf_email__" data-cfemail="0272706b7463617b42646770612c656d74">[email&#160;protected]</span></a>. Comments should indicate that they 
are submitted in response to ``Critical Energy/Electric Infrastructure 
Information (CEII) Records (FERC-58)''.

FOR FURTHER INFORMATION CONTACT: Mittal Desai, Chief Information 
Officer & Senior Agency Official for Privacy, Office of the Executive 
Director, Federal Energy Regulatory Commission, 888 First Street NE, 
Washington, DC 20426, (202) 502-6432.

SUPPLEMENTARY INFORMATION: In Order No. 833, the Federal Energy 
Regulatory Commission amended its regulations to implement provisions 
of the Fixing America's Surface Transportation Act (FAST Act), codified 
at 16 U.S.C. 824o-1, related to Critical Electric Infrastructure 
Information. Regulations Implementing FAST Act Section 61003--Critical 
Electric Infrastructure Security and Amending Critical Energy 
Infrastructure Information, Availability of Certain North American 
Electric Reliability Corporation Databases to the Commission, Order No. 
833, 157 FERC ] 61,123 (2016). The amended regulations refer to 
Critical Energy/Electric Infrastructure Information (CEII). 
Accordingly, this SORN which was previously titled ``Critical Energy 
Infrastructure Information (CEII) Records (FERC-58)'' will now be 
titled ``Critical Energy/Electric Infrastructure Information (CEII) 
Records (FERC-58).''
    Moreover, in accordance with the Privacy Act of 1974, and to comply 
with the Office of Management and Budget (OMB) Memorandum M-17-12, 
Preparing for and Responding to a Breach of Personally Identifiable 
Information, January 3, 2017, this notice has twelve (12) new routine 
uses, including two routine uses that will permit FERC to disclose 
information as necessary in response to an actual or suspected breach 
that pertains to a breach of its own records or to assist another 
agency in its efforts to respond to a breach that was previously 
published separately at 87 FR 35543 (June 10, 2022).
    The following sections have been updated to reflect changes made 
since the publication of the last notice in the Federal Register: 
dates; addresses for further contact information; system location; 
system manager; authority for maintenance of the system; purpose of the 
system; categories of individuals covered by the system; categories of 
records in the system; record source categories; routine uses of 
records maintained in the system, including categories of users and the 
purpose of such; policies and practices for storage of records; 
policies and practices for retrieval of records; policies and practices 
for retention and disposal of records; administrative, technical, 
physical safeguards; records access procedures; contesting records 
procedures; notification procedures; and history.

SYSTEM NAME AND NUMBER:
    Critical Energy/Electric Infrastructure Information (CEII) Records 
(FERC-58).

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Federal Energy Regulatory Commission, Office of External Affairs, 
888 First Street NE, Washington, DC 20426.

SYSTEM MANAGER(S):
    Office of External Affairs, CEII Coordinator, Federal Energy 
Regulatory Commission, 888 First Street NE, Washington, DC 20426.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    16 U.S.C. 824o-1; 18 CFR 388.113.

PURPOSE(S) OF THE SYSTEM:
    The purpose of the system is to determine: (1) what the type of 
CEII material has been requested; (2) whether an individual seeking 
CEII is a legitimate requester with a valid need that should be 
provided CEII under a non-disclosure agreement; and (3) assess whether 
individuals have previously asked for or been granted access to CEII.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The following categories of individuals are covered by this system: 
members of the public and outside entities who request access to CEII 
from the Commission.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Individuals seeking CEII from FERC file a signed, written request 
for access to CEII along with an executed non-

[[Page 13070]]

disclosure agreement. The material in the record would contain the 
following: (1) requester's full name (including any other name(s) which 
the requester has used and the dates the requester used such name(s)), 
title, address, telephone number; (2) the name, address, and telephone 
number of the person or entity on whose behalf the information is 
requested; (3) the name and contact information of business references; 
(4) a detailed statement explaining the particular need for and 
intended use of the information; and (5) a statement as to the 
requester's willingness to adhere to limitations on the use and 
disclosure of the information requested. Furthermore, if it is 
determined by the CEII Coordinator that additional information is 
necessary to process the request, a requester in some instances may be 
asked to provide supporting information such as his or her date and 
place of birth.

RECORD SOURCE CATEGORIES:
    Information in these records is supplied by individuals and 
companies requesting information along with external comments on the 
requests.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, information maintained in this system may 
be disclosed to authorized entities outside FERC for purposes 
determined to be relevant and necessary as a routine use pursuant to 5 
U.S.C. 552a(b)(3) as follows:
    1. To appropriate agencies, entities, and persons when (1) FERC 
suspects or has confirmed that there has been a breach of the system of 
records; (2) FERC has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, the Commission 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the Commission's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    2. To another Federal agency or Federal entity, when FERC 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    3. To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of that individual.
    4. To the Equal Employment Opportunity Commission (EEOC) when 
requested in connection with investigations of alleged or possible 
discriminatory practices, examination of Federal affirmative employment 
programs, or other functions of the Commission as authorized by law or 
regulation.
    5. To the Federal Labor Relations Authority or its General Counsel 
when requested in connection with investigations of allegations of 
unfair labor practices or matters before the Federal Service Impasses 
Panel.
    6. To disclose information to another Federal agency, to a court, 
or a party in litigation before a court or in an administrative 
proceeding being conducted by a Federal agency, when the Government is 
a party to the judicial or administrative proceeding. In those cases 
where the Government is not a party to the proceeding, records may be 
disclosed if a subpoena has been signed by a judge.
    7. To the Department of Justice (DOJ) for its use in providing 
legal advice to FERC or in representing FERC in a proceeding before a 
court, adjudicative body, or other administrative body, where the use 
of such information by the DOJ is deemed by FERC to be relevant and 
necessary to the advice or proceeding, and such proceeding names as a 
party in interest: (a) FERC; (b) any employee of FERC in his or her 
official capacity; (c) any employee of FERC in his or her individual 
capacity where DOJ has agreed to represent the employee; or (d) the 
United States, where FERC determines that litigation is likely to 
affect FERC or any of its components.
    8. To non-Federal Personnel, such as contractors, agents, or other 
authorized individuals performing work on a contract, service, 
cooperative agreement, job, or other activity on behalf of FERC or 
Federal Government and who have a need to access the information in the 
performance of their duties or activities.
    9. To the National Archives and Records Administration in records 
management inspections and its role as Archivist.
    10. To the Merit Systems Protection Board or the Board's Office of 
the Special Counsel, when relevant information is requested in 
connection with appeals, special studies of the civil service and other 
merit systems, review of OPM rules and regulations, and investigations 
of alleged or possible prohibited personnel practices.
    11. To appropriate Federal, State, or local agency responsible for 
investigating, prosecuting, enforcing, or implementing a statute, rule, 
regulation, or order, if the information may be relevant to a potential 
violation of civil or criminal law, rule, regulation, order.
    12. To appropriate agencies, entities, and person(s) that are a 
party to a dispute, when FERC determines that information from this 
system of records is reasonably necessary for the recipient to assist 
with the resolution of the dispute; the name, address, telephone 
number, email address, and affiliation; of the agency, entity, and/or 
person(s) seeking and/or participating in dispute resolution services, 
where appropriate.
    13. In addition to those disclosures generally permitted under 5 
U.S.C. 552a(b), these records or information contained therein may 
specifically be disclosed as a routine use to determine who has asked 
for access to CEII and who has received such access.

POLICIES AND PRACTICES FOR THE STORAGE OF RECORDS:
    Records are maintained in electronic format using a tracker system 
and saved on a shared drive with access limited to individuals whose 
official duties require access.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    The records are retrieved by the names of the individual requester, 
the name of the company, where applicable, and the reference number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are retained in accordance with the applicable National 
Archives and Records Administration schedules, General Records Schedule 
(GRS) 4.2: Information Access and Protection Records Item 020. 
Temporary. Destroy six (6) years after final agency action or three (3) 
years after final adjudication by the courts, whichever is later, but 
longer retention is authorized if required for business use.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Access is restricted to agency personnel or contractors whose 
responsibilities require access. Access to electronic records is 
controlled by the organizations Single Sign-On and Multi-Factor 
Authentication solution. Role based access is used to restrict 
electronic data access allowing only

[[Page 13071]]

authorized users with access (or processes acting on behalf of users) 
necessary to accomplish assigned tasks in accordance with 
organizational missions and business functions.

RECORD ACCESS PROCEDURES:
    Individuals requesting access to the contents of records must 
submit a request through the Freedom of Information Act (FOIA) office. 
The FOIA website is located at: <a href="https://www.ferc.gov/foia">https://www.ferc.gov/foia</a>. CEII 
requests, along with Non-Disclosure Agreements may be submitted through 
the following link: <a href="https://www.ferc.gov/enforcement-legal/ceii/electronic-ceii-request-form">https://www.ferc.gov/enforcement-legal/ceii/electronic-ceii-request-form</a>. Written requests for access to records 
should be directed to: Director, Office of External Affair, Federal 
Energy Regulatory Commission, 888 First Street NE, Washington, DC 
20426.

CONTESTING RECORD PROCEDURES:
    See Records Access procedures.

NOTIFICATION PROCEDURES:
    Generalized notice is provided by the publication of this notice. 
For specific notice, see Records Access Procedure, above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    Under 5 U.S.C. 552a(k)(2) this system of records is exempted from 
the following provisions of the Privacy Act, 5 U.S.C. 552a(c)(3), (d), 
(e)(1), (e)(4)(G), (H), and (I), and (f). Furthermore, during the 
course of reviewing a CEII request, exempt materials from other systems 
of records may in turn become part of the case records. To the extent 
that copies of exempt records from those other systems of records are 
entered into this system of records, FERC hereby claims the same 
exemptions for the records from those other systems that are entered 
into this system, as claimed for the original primary systems of 
records of which they are a part. FOIA lists the following exemptions, 
which are provided in 5 U.S.C 552(b). In addition, the FAST Act, 16 
U.S.C. 824o-1(d)(1), exempts CEII from mandatory disclosure under the 
FOIA.

HISTORY: 79 FR 17530, March 28, 2014.

    Dated: February 14, 2024.
Debbie-Anne A. Reese,
Acting Secretary.
[FR Doc. 2024-03491 Filed 2-20-24; 8:45 am]
BILLING CODE 6717-01-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>