Home/Federal/Federal Register/2024-22391

Notice2024-22391

Privacy Act of 1974; System of Records

Primary source

Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.

Published

September 30, 2024

Issuing agencies

Federal Trade Commission

Abstract

The FTC is making technical revisions to several of the notices that it has published under the Privacy Act of 1974 to describe its systems of records. This action is intended to make these notices clearer, more accurate, and up-to-date.

Full Text

<html>
<head>
<title>Federal Register, Volume 89 Issue 189 (Monday, September 30, 2024)</title>
</head>
<body><pre>
[Federal Register Volume 89, Number 189 (Monday, September 30, 2024)]
[Notices]
[Pages 79598-79610]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2024-22391]

-----------------------------------------------------------------------

FEDERAL TRADE COMMISSION

Privacy Act of 1974; System of Records

AGENCY: Federal Trade Commission (FTC).

ACTION: Notice of modified systems of records.

-----------------------------------------------------------------------

SUMMARY: The FTC is making technical revisions to several of the
notices that it has published under the Privacy Act of 1974 to describe
its systems of records. This action is intended to make these notices
clearer, more accurate, and up-to-date.

DATES: These modified systems will be applicable on September 30, 2024.

FOR FURTHER INFORMATION CONTACT: G. Richard Gold, Attorney, Office of
the General Counsel, FTC, 600 Pennsylvania Avenue NW, Washington, DC
20580, (202) 326-3355 or <a href="/cdn-cgi/l/email-protection#a4d6c3cbc8c0e4c2d0c78ac3cbd2">[email&#160;protected]</a>.

SUPPLEMENTARY INFORMATION: To inform the public, the FTC publishes in
the Federal Register and posts on its website a ``system of records
notice'' (SORN) for each system of records that the FTC currently
maintains within the meaning of the Privacy Act of 1974, as amended, 5
U.S.C. 552a (``Privacy Act'' or ``Act''). See <a href="https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems">https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems</a>. The Privacy Act
protects records about individuals in systems of records collected and
maintained by Federal agencies. (A system is not a ``system of
records'' under the Act unless the agency maintains and retrieves
records in the system by the relevant individual's name or other
personally assigned identifier.) Each Federal agency, including the
FTC, must publish a SORN that describes the records maintained in each
of its Privacy Act systems, including the categories of individuals
that the records in the system are about where and how the agency
maintains these records, and how individuals can find out whether an
agency system contains any records about them or request access to
their records, if any. The FTC, for example, maintains 39 systems of
records under the Act. Some of these systems contain records about the
FTC's own employees, such as personnel and payroll files. Other FTC
systems contain records about members of the public, such as public
comments, consumer complaints, or phone numbers submitted to the FTC's
Do Not Call Registry.
The FTC's SORNs discussed in this notice apply only to the FTC's
own Privacy Act record systems. They do not cover Privacy Act records
that other Federal agencies may collect and maintain in their own
systems. Likewise, the FTC's SORNs and the Privacy Act of 1974 do not
cover personal records that private businesses or other non-FTC
entities may collect, which may be covered by other privacy laws.

[[Page 79599]]

Based on a periodic review of its SORNs, the FTC is publishing
these additional technical revisions, to ensure that the FTC's SORNs
and Appendices remain clear, accurate, and up-to-date:
<bullet> First, the FTC is amending several SORNs to clarify or
update information about the applicable records disposition schedules
published or approved by the National Archives and Records
Administration (NARA). These schedules determine how long agency
records in each system should be retained and destroyed.
<bullet> Second, the FTC is amending multiple SORNs to make other
technical changes (e.g., updating the official title of the system
manager, the authority for maintenance of the system, and the policies
and practices for storage and record retention of records).
<bullet> Third, the FTC is republishing the full text of each of
the above SORNs, incorporating the technical amendments, for the
convenience of the reader and in accordance with OMB Circular A-108
(2016), which reorganized the format and content for SORNs published by
Federal agencies.
The FTC is not substantively adding or amending any routine uses of
its Privacy Act system records. Accordingly, the FTC is not required to
provide prior public comment or notice to OMB or Congress for these
technical amendments, which are final upon publication. See 5 U.S.C.
552a(e)(11) and 552a(r); OMB Circular A-108, supra.
A SORN-by-SORN summary, including a more detailed description of
each SORN and how it is being amended, appears below, followed by the
full text of the SORNs, as amended.

I. Law Enforcement Systems of Records

FTC-I-3 (Informal Advisory Opinion Requests and Response Files--
FTC). This SORN covers the records of individuals who have requested
informal advisory opinions from the FTC staff, and records of the
responses to such requests. The Commission has updated the sections
relating to the System Manager, Policies and Practices for Storage of
Records, and Policies and Practices for Retrieval of Records.
FTC-I-5 (Matter Management System--FTC). This SORN covers the
administrative database used by the FTC to track and report the history
and status of FTC investigations and other agency matters, including
names of employees or others assigned to or involved in such matters.
The Commission has updated the sections relating to the System Manager
and Policies, Purpose of the System, Categories of Records, Policies
and Practices for Retrieval of Records, and Policies and Practices for
Retention and Disposal of Records.
FTC-I-6 (Public Records--FTC). This SORN covers the FTC's system of
public records, including comments submitted by consumers and others in
rulemakings, workshops, or other FTC proceedings. The FTC makes these
public records routinely available for public inspection and copying,
including by posting copies of such records on the internet, as noted
in section 4.9(b) of the FTC Rules of Practice, 16 CFR 4.9(b), and
explained in the FTC's online privacy policy posted at <a href="http://www.ftc.gov">www.ftc.gov</a>.
This SORN has been updated to add an additional System Manager, the
website Manager, Office of Public Affairs, and to update Policies and
Practices for Retrieval of Records, and Administrative, Technical, and
Physical Safeguards.
FTC-I-7 (Office of Inspector General Files--FTC). This SORN covers
records in the FTC's Office of Inspector General (OIG). The OIG
maintains this system of records to carry out its responsibilities
pursuant to the Inspector General Act, as amended. This system was last
revised in 2009. Among other minor changes, this SORN has been updated
under System Name, Purpose, Categories of Individuals Covered by the
System, Categories of Records in the System, Record Source Categories,
Policies and Practices for Storage of Records, Retention and Disposal
of Records, and Administrative, Technical, and Physical Safeguards.

II. Federal Trade Commission Personnel Systems of Records

FTC-II-11 (Personnel Security, Identity Management & Access Control
Records--FTC). This SORN covers security-related records for
determining the eligibility of FTC employees or other authorized
individuals (e.g., on-site contractors) for access to FTC facilities
and resources, as well as records related to granting and controlling
such access. This SORN has been updated to add an additional System
Manager, the Human Capital Management Office, and an additional Record
Source Category to include the Defense Counterintelligence and Security
Agency (DCSA).

IV. Correspondence Systems of Records

FTC-IV-1 (Consumer Information System--FTC). This SORN covers
consumer complaints and information requests received from consumers,
as well as identity theft complaints. Among other updates, the
Commission has updated the sections relating to the System Manager,
Policies and Practices for Storage of Records, and Policies and
Practices for Retention and Disposal of Records.
FTC-IV-3 (National Do Not Call Registry--FTC). This SORN covers
records of individuals who wish to be placed on the FTC's telemarketing
do-not-call list. It also covers information collected from
telemarketers, sellers, or agents who are required to comply with the
list, but only to the extent, if any, that such telemarketers, sellers,
or agents are also ``individuals'' within the meaning of the Privacy
Act. The FTC is revising the sections on System Location, Practices for
Retention and Disposal of Records, Record Access Procedures, and
Contesting Record Procedures.

VII. Miscellaneous Systems of Records

FTC-VII-1 (Automated Library Management System--FTC). This SORN
covers requests from FTC employees and other individuals to search for
holdings in the FTC Library's collection. The Commission has updated
the Categories of Individuals Covered by the System.
FTC-VII-6 (Matter Record Search System (MaRS)--FTC). This SORN
covers legacy and current electronic data collections of FTC memoranda
and other agency records that may be managed by and retrieved by the
author's name or other personal identifiers. The FTC has revised the
System Name, System Manager, and Administrative, Technical, and
Physical Safeguards.
FTC Systems of Records Notices
In light of the updated SORN template set forth in the revised OMB
Circular A-108 (2016), the FTC is reprinting the entire text of each
amended SORN when necessary for the public's benefit, to read as
follows:
I. Law Enforcement Systems of Records
* * * * *

SYSTEM NAME AND NUMBER:
Informal Advisory Opinion Request and Response Files--FTC (FTC-I-
3).

SECURITY CLASSIFICATION:
Unclassified.

SYSTEM LOCATION:
Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington,
DC 20580. For other locations where records may be maintained or
accessed, see Appendix III (Locations of FTC Buildings and Regional
Offices), available on the FTC's website at <a href="https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems">https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems</a> and at 87 FR 57698
(Sept. 21, 2022).

[[Page 79600]]

SYSTEM MANAGER(S):
Office of the Secretary, Records Management Division, Federal Trade
Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580, email:
<a href="/cdn-cgi/l/email-protection#20736f726e53604654430e474f56">[email&#160;protected]</a>.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Federal Trade Commission Act, 15 U.S.C. 41 et seq.

PURPOSE(S) OF THE SYSTEM:
To respond to requests for informal advisory opinions; to maintain
records of such requests and the staff's responses; for use by staff in
coordinating and preparing future advisory opinions and assuring the
consistency of such opinions; to make records of such requests and
staff responses available within the FTC for historical, legal
research, investigational, and similar purposes (see FTC-VII-6,
Document Management and Retrieval System--FTC); and also to make
appropriate portions of such records available to the public (see FTC-
I-6, Public Records--FTC).

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Applicants for informal advisory opinions from FTC staff under
Sec. 1.1(b) of the Commission's Rules of Practice, 16 CFR 1.1(b).
(Applicants for formal advisory opinions from the Commission under
Sec. 1.1(a) of the Rules of Practice, 16 CFR 1.1(a), are covered by
FTC-I-1, Nonpublic Investigational and Other Nonpublic Legal Program
Records--FTC.)

CATEGORIES OF RECORDS IN THE SYSTEM:
Name of author and documents written by that individual; names or
other data about other individuals by which documents in the system are
searched and retrieved; finding aids or document indexes. Records in
this system may duplicate records included in other FTC systems of
records. See, e.g., FTC-I-1 (Nonpublic Investigational and Other
Nonpublic Legal Program Records--FTC), FTC-I-6 (Public Records--FTC).

RECORD SOURCE CATEGORIES:
Individual proprietorship, corporation, or other business
organization, counsel seeking or receiving a staff advisory opinion,
and FTC employees.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
Records in this system may be:
(1) Referred to appropriate federal or state agencies for advice,
for law enforcement, or where law enforcement action may be warranted;
and
(2) Disclosed on the FTC's public record under the FTC's Rules of
Practice. See FTC-I-6, Public Records--FTC.
For other ways that the Privacy Act permits the FTC to use or
disclose system records outside the agency, see Appendix I (Authorized
Disclosures and Routine Uses Applicable to All FTC Privacy Act Systems
of Records), available on the FTC's website at <a href="https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems">https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems</a> and at 83 FR
55541, 55542-55543 (Nov. 6, 2018).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
The FTC maintains these records in electronic and non-electronic
formats and media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are indexed by name of requesting party and subject matter
of the opinion.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained and disposed of under applicable schedules and
procedures approved by the National Archives and Records
Administration.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
For records other than those made public, access is restricted to
agency personnel or contractors whose responsibilities require access.
Paper records are maintained in lockable rooms or file cabinets. Access
to electronic records is controlled by ``user ID'' and password
combination and/or other appropriate electronic access or network
controls (e.g., firewalls). FTC buildings are guarded and monitored by
security personnel, cameras, ID checks, and other physical security
measures.

RECORD ACCESS PROCEDURES:
See Sec. 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For
additional guidance, see also Appendix II (How to Make A Privacy Act
Request), available on the FTC's website at <a href="https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems">https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems</a> and at 73 FR 33592,
33634 (June 12, 2008).

CONTESTING RECORD PROCEDURES:
See Sec. 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For
additional guidance, see also Appendix II (How to Make A Privacy Act
Request), available on the FTC's website at <a href="https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems">https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems</a> at 73 FR 33592, 33634
(June 12, 2008).

NOTIFICATION PROCEDURES:
See Sec. 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For
additional guidance, see also Appendix II (How to Make A Privacy Act
Request), available on the FTC's website at <a href="https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems">https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems</a> at 73 FR 33592, 33634
(June 12, 2008).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.

HISTORY:
73 FR 33591-33634 (June 12, 2008).
* * * * *

SYSTEM NAME AND NUMBER:
Matter Management System--FTC (FTC-I-5).

SECURITY CLASSIFICATION:
Unclassified.

SYSTEM LOCATION:
Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington,
DC 20580.
For other locations where records may be maintained or accessed,
see Appendix III (Locations of FTC Buildings and Regional Offices),
available on the FTC's website at <a href="https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems">https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems</a> and at 87 FR 57698 (Sept. 21,
2022).

SYSTEM MANAGER(S):
Office of the Secretary, Records Intake and Processing Division,
Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC
20580, email: <a href="/cdn-cgi/l/email-protection#7e2d312c300d3e180a1d50191108">[email&#160;protected]</a>.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Federal Trade Commission Act, 15 U.S.C. 41 et seq.

PURPOSE(S) OF THE SYSTEM:
This system, currently known within the FTC as Matter Management
System 2 (MMS2), is used to record and track the status or occurrence
of planned or actual actions and events that may arise in
investigations, rulemakings, or other Commission matters, and to
generate status or history reports on these actions, events, and
matters for use by Commission management and staff, in combination, as
needed, with matter-related data from other systems. Specific purposes
of this system (FTC-I-5) include: to maintain records of employee work
and Commission law enforcement activities; to make workload and budget
determinations and personnel-related evaluations; to assist in
investigative and adjudicative proceedings, enforcement actions, civil
penalty proceedings, consideration of

[[Page 79601]]

compliance reports, issuance of cease and desist orders, advisory
opinions, and other Commission matters and proceedings; to refer
information compiled in system records to experts and consultants when
considered appropriate by Commission staff; and to use those records to
properly manage Commission resources.
This system includes a subsystem of records to record and keep
track of the status of matters pending for a vote or other review or
action before the full Commission (i.e., the five Federal Trade
Commissioners). The specific purposes of those records include: to
process and control assignments made to individual Commissioners; to
coordinate the consideration of and votes on appropriate issues; to
assist Commissioners and staff in investigative, adjudicative and
rulemaking proceedings, enforcement actions, civil penalty proceedings,
consideration of compliance reports, issuance of complaints,
negotiation of consent orders, issuance of cease and desist orders,
advisory opinions, and other matters before the Commission; and to
retain records of the matters before the Commission, the Commission's
deliberations and decisions concerning those matters, and related
documents.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Past and present Commission employees, and other participants or
parties in Commission investigations, rulemaking, advisory, and law
enforcement matters or proceedings. (Businesses, sole proprietorships,
or corporations are not covered by this system.)

CATEGORIES OF RECORDS IN THE SYSTEM:
For records about past or present Commission employees: employee
name; employee identification number; organization name and code;
employee assignments to individual matters. For others: records related
to investigatory, rulemaking, advisory opinion and other matters or
proceedings, including matter name and associated matter number; matter
status; alleged or potential law violation; and goods or services
associated with the proceeding. The records also includes names and
mailing addresses of civil investigative demand and subpoena recipients
and names of deponents, as well as brief descriptions or summaries of
planned or actual actions or events during an FTC investigation,
rulemaking, court case, or other FTC matter or proceeding. The system
also includes records of assignments, votes, circulations, or other
activities or actions of the FTC's Commissioners on agency proceedings
and matters.

RECORD SOURCE CATEGORIES:
Individual on whom the record is maintained and Commission staff
associated with the matter.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
Records in this system:
(1) May be made available or referred to federal, state, local or
international government authorities for investigation, possible
criminal prosecution, civil action, regulatory order or other law
enforcement purpose; and
(2) May be disclosed on the FTC's public record under the FTC's
Rules of Practice. See FTC-I-6, Public Records--FTC.
For other ways that the Privacy Act permits the FTC to use or
disclose system records outside the agency, see Appendix I (Authorized
Disclosures and Routine Uses Applicable to All FTC Privacy Act Systems
of Records), available on the FTC's website at <a href="https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems">https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems</a> and at 83 FR
55541, 55542-55543 (Nov. 6, 2018).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
System records are primarily maintained and accessed
electronically. The system can generate electronic or printed status or
history reports.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Indexed by Commissioner, staff, or other individual name, employee
identification number, respondent's or correspondent's name, company
name, industry investigation title, and FTC matter number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained and disposed of in accordance with schedules
and procedures issued or approved by the National Archives and Records
Administration.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
For records other than those made public, access is restricted to
agency personnel or contractors whose responsibilities require access.
Access to nonpublic electronic records is controlled by ``user ID'' and
password combination and/or other appropriate electronic access or
network controls (e.g., firewalls). FTC buildings are guarded and
monitored by security personnel, cameras, ID checks, and other physical
security measures.

CONTESTING RECORD PROCEDURES:
See Sec. 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For
additional guidance, see also Appendix II (How To Make A Privacy Act
Request), available on the FTC's website at <a href="https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems">https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems</a> and at 73 FR 33592,
33634 (June 12, 2008).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
Copies of records contained in this system that have been placed on
the FTC public record are available upon request or from the FTC's
website, where applicable. See FTC-I-6, Public Records--FTC. However,
pursuant to 5 U.S.C. 552a(k)(2), records in this system, which reflect
records that are contained in other systems of records that are
designated as exempt, are exempt from the requirements of subsections
(c)(3), (d), (e)(1), (e)(4)(G), (H), (I), and (f) of 5 U.S.C. 552a. See
Sec. 4.13(m) of the FTC Rules of Practice, 16 CFR 4.13(m).

HISTORY:
73 FR 33591-33634 (June 12, 2008).

SYSTEM NAME AND NUMBER:
Public Records--FTC (FTC-I-6).

SECURITY CLASSIFICATION:
Unclassified.

[[Page 79602]]

SYSTEM MANAGER(S):
Office of the Secretary, Clerk of Court Division, Federal Trade
Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580, and
Website Manager, Office of Public Affairs, Federal Trade
Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580.
Email: <a href="/cdn-cgi/l/email-protection#feadb1acb08dbe988a9dd0999188">[email&#160;protected]</a>.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Federal Trade Commission Act, 15 U.S.C. 41 et seq.; Executive Order
10450; Freedom of Information Act, 5 U.S.C. 552; 16 CFR 4.9.

PURPOSE(S) OF THE SYSTEM:
To make appropriate portions of the records in FTC matters
available to the public; to enable members of the public to review and
comment on or respond to such comments; to maintain records of
Commission activities related to those matters.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Participants in Commission investigations, rulemaking, advisory,
and law enforcement proceedings; parties requesting formal advisory
opinions; consumers who have received redress or who are entitled to
redress pursuant to Commission or court orders; and commenters to
Commission proceedings, including general requests for comments.
(Businesses, sole proprietorships, or corporations are not covered by
this system.)

CATEGORIES OF RECORDS IN THE SYSTEM:
Public comments and other records that an individual may submit in
an agency matter, where such record is subject to routine inspection
and copying under the FTC's Rules of Practice, 16 CFR 4.9(b). These
records can for example relate to general requests for information,
investigations, rulemaking, advisory, and law enforcement proceedings.
These records include records that either have become or are likely to
become the subject of subsequent requests for substantially the same
records under the Freedom of Information Act (FOIA). See 5 U.S.C.
552(a)(2)(D). This system (FTC I-6) is limited to files and records
that are about an individual, and only when the file or record is
pulled (``retrieved'') by the name of that individual or other
identifying particular assigned to that individual (e.g., number,
symbol, fingerprint, etc.). Public comments received in connection with
FTC rulemakings, workshops and consent agreements are also collected on
behalf of the FTC and maintained by the Government-wide Federal Docket
Management System (FDMS) through a website (<a href="http://www.regulations.gov">www.regulations.gov</a>). The
General Services Administration (GSA) manages and operates the FDMS on
behalf of the Federal Government, and has published a system of records
notice to cover the FDMS, including any records collected on behalf of
the FTC through that system. See GSA/OGP-1 (e-Rulemaking Program
Administrative System).

RECORD SOURCE CATEGORIES:
Individual respondent(s), company records, complainants,
informants, witnesses, participants, commenters, and FTC employees.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
Records in this system may be:
(1) Disclosed on the FTC's public record under the FTC's Rules of
Practice, including by posting copies of such records on the FTC's
website, <a href="http://www.ftc.gov">www.ftc.gov</a>, or made public by other electronic or non-
electronic means. See 16 CFR 4.9(b); or
(2) Disclosed publicly through the FDMS or for any other routine
use set forth in the system of records notice published for that system
of records, GSA/OGP-1, or any successor system notice for that system.
For other ways that the Privacy Act permits the FTC to use or
disclose system records outside the agency, see Appendix I (Authorized
Disclosures and Routine Uses Applicable to All FTC Privacy Act Systems
of Records), available on the FTC's website at <a href="https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems">https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems</a> and at 83 FR
55541, 55542-55543 (Nov. 6, 2018).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
The FTC maintains these records in electronic and non-electronic
formats. The FTC maintains electronic records in this system using a
combination of different databases and applications, rather than
maintaining them in a single electronic system.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Indexed by respondent's, participant's, commenter's, or FTC staff
member's name; company name; industry investigation title; FTC matter
name; and FTC matter number.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
The FTC's websites are secured and monitored to protect against
unauthorized deletion or alteration of records posted on such sites.
Access to the official record copy of such records is restricted, where
appropriate, to agency personnel or contractors whose responsibilities
require access. See GSA/OGP-1 (e-Rulemaking Program Administrative
System) for a description of the safeguards by the Federal Docket
Management System for any public comments filed in connection with FTC
matters or proceedings that are found at <a href="http://www.regulations.gov">www.regulations.gov</a>.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.

HISTORY:
87 FR 964-974 (January 7, 2022)
73 FR 33591-33634 (June 12, 2008).
* * * * *

SYSTEM NAME AND NUMBER:
Office of Inspector General Files--FTC (FTC-I-7).

SECURITY CLASSIFICATION:
Unclassified.

SYSTEM LOCATION:
Office of Inspector General (OIG), Federal Trade Commission, 600

[[Page 79603]]

Pennsylvania Avenue NW, Washington, DC 20580. For other locations where
records may be maintained or accessed, see Appendix III (Locations of
FTC Buildings and Regional Offices), available on the FTC's website at
<a href="https://www.ftc.gov/policy-notices/privacy-policy/privacy-act-systems">https://www.ftc.gov/policy-notices/privacy-policy/privacy-act-systems</a>
and at 87 FR 57698 (Sept. 21, 2022). Also see <a href="https://www.ftc.gov/office-inspector-general/reports-correspondence">https://www.ftc.gov/office-inspector-general/reports-correspondence</a>.

SYSTEM MANAGER(S):
Inspector General, Federal Trade Commission, 600 Pennsylvania
Avenue NW, Washington, DC 20580, email: <a href="/cdn-cgi/l/email-protection#cd9e829f83be8dabb9aee3aaa2bb">[email&#160;protected]</a>.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Inspector General Act, as amended, 5 U.S.C. 401 et seq.

PURPOSE(S) OF THE SYSTEM:
The OIG maintains this system of records to carry out its
responsibilities pursuant to the Inspector General Act, as amended. The
OIG is statutorily directed to receive complaints and conduct and
supervise investigations, reviews and audits relating to programs and
operations of the Federal Trade Commission, to promote economy,
efficiency, and effectiveness in the administration of such programs
and operations, and to prevent and detect fraud, waste, and abuse in
such programs and operations. Accordingly, the records in this system
consist of complaints and related correspondence concerning possible
violations of law, rules, regulations, mismanagement, gross waste of
funds, abuse of authority or a substantial and specific danger to the
public health or safety related to the FTC; records created, received,
or obtained during the course of investigating individuals and entities
suspected of having committed illegal or unethical acts or misconduct
and in any resulting related criminal prosecutions, civil proceedings,
or administrative actions; and records created, received, or obtained
during the course of conducting audits, inspections, or reviews and
issuing reports, advisories or correspondence.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals covered consist of: (1) current and former FTC
employees, applicants for employment, contractors and subcontractors
associated with an activity that OIG is investigating, inspecting,
reviewing, or auditing; (2) individuals who submit complaints to the
OIG; (3) subjects of hotline complaints; and (4) individuals and
entities performing some other role of significance to the OIG's
investigative, inspecting, reviewing, or auditing efforts, such as
potential witnesses or subjects who are not FTC current or former
employees, contractors or subcontractors. The system also tracks
information related to OIG staff and staff of other agencies involved
in conducting the investigative, inspecting, reviewing or auditing
activity.

CATEGORIES OF RECORDS IN THE SYSTEM
Records related to complaints to the OIG, planning and conducting
investigations, reviews, inspections and audits, the results of
investigations, and any civil, criminal, or administrative actions
resulting from investigations and other matters. More specifically,
this includes, but is not limited to, correspondence relating to
investigations and other matters; internal staff memoranda; copies of
subpoenas issued during investigations and other matters, affidavits,
statements from witnesses, transcripts of testimony taken in
investigations or other matters and accompanying exhibits; documents,
records or copies obtained during investigations and other matters;
interview notes, documents and records relating to investigations and
other matters; opening reports, information or data relating to alleged
or suspected criminal, civil or administrative violations or similar
wrongdoing by subject individuals and final reports of investigation
and other matters.

RECORD SOURCE CATEGORIES:
Employees or other individuals on whom the record is maintained,
non-target witnesses, FTC and non-FTC records, to the extent necessary
to receive, review and respond to complaints and carry out OIG
investigations, reviews, inspections, and audits, as authorized by 5
U.S.C. 401 et seq.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
Records in this system may be:
1. Disclosed to agencies, offices, or establishments of the
executive, legislative, or judicial branches of the federal or state
government--
(a) Where such agency, office, or establishment has an interest in
the individual for employment purposes, including a security clearance
or determination as to access to classified information, and needs to
evaluate the individual's qualifications, suitability, and loyalty to
the United States Government, or
(b) Where such agency, office, or establishment conducts an
investigation of the individual for the purposes of granting a security
clearance, or for making a determination of qualifications,
suitability, or loyalty to the United States Government, or access to
classified information or restricted areas, or
(c) Where the records or information in those records are relevant
and necessary to a decision with regard to the hiring or retention of
an employee or disciplinary or other administrative action concerning
an employee, or
(d) Where disclosure is requested in connection with the award of a
contract or other determination relating to a government procurement,
or the issuance of a license, grant, or other benefit by the requesting
agency, to the extent that the record is relevant and necessary to the
requesting agency's decision on the matter, including, but not limited
to, disclosure to any Federal agency responsible for considering
suspension or debarment actions where such record would be germane to a
determination of the propriety or necessity of such action, or
disclosure to the United States General Accountability Office, the
General Services Administration Board of Contract Appeals, or any other
federal contract board of appeals in cases relating to an agency
procurement.
2. Disclosed to the Office of Personnel Management, the Office of
Government Ethics, the Merit Systems Protection Board, the Office of
the Special Counsel, the Equal Employment Opportunity Commission, or
the Federal Labor Relations Authority or its General Counsel, of
records or portions thereof relevant and necessary to carrying out
their authorized functions, such as, but not limited to, rendering
advice requested by the OIG, investigations of alleged or prohibited
personnel practices (including unfair labor or discriminatory
practices), appeals before official agencies, offices, panels or
boards, and authorized studies or review of civil service or merit
systems or affirmative action programs.
3. Disclosed to independent auditors or other private firms with
which the Office of the Inspector General has contracted to carry out
an independent audit or investigation, or to analyze, collate,
aggregate or otherwise refine data collected in the system of records,
subject to the requirement that such contractors shall maintain Privacy
Act safeguards with respect to such records.
4. Disclosed to a direct recipient of federal funds such as a
contractor, where such record reflects serious inadequacies with a
recipient's personnel and disclosure of the record is for purposes of
permitting a recipient

[[Page 79604]]

to take corrective action beneficial to the Government;
5. Disclosed to any official charged with the responsibility to
conduct qualitative assessment reviews of internal safeguards and
management procedures employed in investigative operations. This
disclosure category includes members of the Council of the Inspectors
General on Integrity and Efficiency and officials and administrative
staff within their investigative chain of command, as well as
authorized officials of the Department of Justice and the Federal
Bureau of Investigation;
6. Disclosed to members of the Council of the Inspectors General on
Integrity and Efficiency for the preparation of reports to the
President and Congress on the activities of the Inspectors General;
7. Disclosed to complainants and/or victims to the extent necessary
to provide such persons with information and explanations concerning
the progress and/or results of the investigation or case arising from
the matters of which they complained and/or which they were a victim.
For other ways that the Privacy Act permits the FTC to use or
disclose system records outside the agency, see Appendix I (Authorized
Disclosures and Routine Uses Applicable to All FTC Privacy Act Systems
of Records), available on the FTC's website at <a href="https://www.ftc.gov/policy-notices/privacy-policy/privacy-act-systems">https://www.ftc.gov/policy-notices/privacy-policy/privacy-act-systems</a> and at 83 FR 55541,
55542-55543 (Nov. 6, 2018).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
The FTC maintains system records in various electronic and non-
electronic formats and media. The OIG Files consist of paper records
maintained in file folders, cassette tapes and CD-ROMs containing audio
recordings of investigative interviews, and data maintained on computer
diskettes and hard drives. The folders, cassette tapes, CD-ROMs and
diskettes are stored in file cabinets in the OIG. Electronic files are
retained either in FTC servers or on the cloud.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
The records are retrieved by the name of the subject of the
investigation or by a unique control number assigned to each
investigation.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained and disposed of in accordance with Schedule
DAA-0122-2020-0001, which was approved by the National Archives and
Records Administration.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Access is restricted to agency personnel or contractors whose
responsibilities require access.. Access to electronic records is
controlled by ``user ID'' and password combination, and/or role-based
access controls, and/or other electronic access or network controls
(e.g., firewalls). Paper records are maintained in lockable rooms or
file cabinets, which are kept locked during non-duty hours. FTC
buildings are guarded and monitored by security personnel, cameras, ID
checks, and other physical security measures.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
Pursuant to 5 U.S.C. 552a(j)(2), records in this system are exempt
from the provisions of 5 U.S.C. 552(a), except subsections (b), (c)(1)
and (2), (e)(4)(A) through (F), (e)(6), (7), (9), (10) and (11) and (i)
and corresponding provisions of 16 CFR 4.13, to the extent that a
record in the system of records was compiled for criminal law
enforcement purposes.
Pursuant to 5 U.S.C. 552a(k)(2), the system is exempt from 5 U.S.C.
552a(c)(3), (d), (e)(1), (e)(4)(G), (H) and (I) and (f) and the
corresponding provisions of 16 CFR 4.13, to the extent the system of
records consists of investigatory material compiled for law enforcement
purposes, other than material within the scope of the exemption at 5
U.S.C. 552a(j)(2). See 16 CFR 4.13(m).

HISTORY:
74 FR 17863-17866 (April 17, 2009).
73 FR 33591-33634 (June 12, 2008).
* * * * *
II. Federal Trade Commission Personnel Systems of Records
* * * * *

SYSTEM NAME AND NUMBER:
Personnel Security, Identity Management, and Access Control Records
System-FTC (FTC-II-11).

SECURITY CLASSIFICATION:
Unclassified.

SYSTEM LOCATION:
Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington,
DC 20580. System data pertaining to identity management are maintained
separately off-site by an FTC contractor. For other locations where
records may be maintained or accessed, see Appendix III (Locations of
FTC Buildings and Regional Offices), available on the FTC's website at
<a href="https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems">https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems</a> and at 87 FR 57698 (Sept. 21, 2022).

SYSTEM MANAGER(S):
Security Officer, Administrative Services Office, Office of the
Executive Director, Federal Trade Commission, 600 Pennsylvania Avenue
NW, Washington, DC 20580 (Personnel Security) and
Chief Human Capital Officer, Human Capital Management Office,
Federal Trade Commission, Federal Trade Commission, 600 Pennsylvania
Avenue NW, Washington, DC 20580 (Physical Security).
Email: <a href="/cdn-cgi/l/email-protection#cd9e829f83be8dabb9aee3aaa2bb">[email&#160;protected]</a>.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 301; Homeland Security Presidential Directive-12 (HSPD-
12).

PURPOSE(S) OF THE SYSTEM:
To conduct personnel security investigations; to make
determinations required based upon the results of those investigations;
and to maintain records of the investigations and determinations; to
issue credentials that comply with Government-wide standards issued
under HSPD-12, or to issue other non-HSPD-12 temporary identification
for access to FTC facilities or resources; to maintain logs or other
records of such logical and physical access by FTC staff, contractors,
or other individuals; to detect, report and take appropriation action
against improper

[[Page 79605]]

or unauthorized issuance or use of FTC credentials, and unauthorized
access to or use of FTC facilities and resources.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Current and former FTC employees, contractor staff, or other
individuals who have requested, been issued, and/or used FTC
identification for access to FTC and/or other Federally controlled
facilities.

CATEGORIES OF RECORDS IN THE SYSTEM:
Names, security investigation reports, adjudication files, card
files, and position sensitivity designation files, and other data
compiled, generated or used for personnel security clearance;
fingerprints, photographs, signatures, and other personal data
collected or used in connection with the issuance of FTC identification
(credentials); time, date, location, or other data, logs, tapes, or
records compiled or generated when such credentials are used to obtain
physical or logical access to FTC facilities or resources.
These records are also covered by the applicable system notice
published by the Defense Counterintelligence and Security Agency (DCSA)
(DUSDI 02-DoD) (Personnel Vetting Records System), and any successor
system notice that may be published by DCSA for this system. Any
materials obtained from DCSA remain property of DCSA and are subject to
DUSDI 02-DoD.

RECORD SOURCE CATEGORIES:
Individual requesting or requiring FTC identification for logical
or physical access purposes, Defense Counterintelligence and Security
Agency (DCSA) Security/Suitability Investigations Index files, FBI
Headquarters investigative files, fingerprint index of arrest records,
Defense Central Index of Investigations, previous employers, references
identified by record subject individual, school registrars, and
responsive law enforcement agencies.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
(1) Records in this system may be used to disclose to an agency in
the executive, legislative, or judicial branch, in response to its
request, information on the issuance of a security clearance or the
conducting of a security or suitability investigation on individuals
who, at the time the records are added to the system, were Commission
employees.
(2) Access logs, tapes, or other system records may be reviewed or
referred and disclosed to police or other law enforcement personnel for
purposes of investigating possible criminal or other illegal activity
of individuals who have accessed FTC facilities or resources.
For other ways that the Privacy Act permits the FTC to use or
disclose system records outside the agency, see Appendix I (Authorized
Disclosures and Routine Uses Applicable to All FTC Privacy Act Systems
of Records), available on the FTC's website at <a href="https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems">https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems</a> and at 83 FR
55542-55543 (Nov. 6, 2018).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Paper and electronic records, tapes, or other digital or non-
digital media. Identity management system data are maintained in an
off-site database maintained and operated by a contractor on behalf of
the FTC.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Paper records indexed by individual's name. Electronic records
searched and retrieved by name or other data fields or codes.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Personnel investigation reports are retained for 15 years or until
an employee separates from the agency. Records of adjudicative actions
are maintained for two years. Other records in this system are retained
and destroyed in accordance with applicable retention and disposal
schedules and guidance issued or approved by the National Archives and
Records Administration.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Access to personnel security files is restricted to FTC Personnel
Security staff, and such files are maintained in a FedRAMP certified
electronic case management system. Any hard copy materials are
maintained in a combination-locked safe and lockable metal file
cabinets in locked rooms. Personnel investigation reports may be
reviewed by an agency official (who has been subject to a favorable
background investigation) only on a strict need-to-know basis. Identity
management system (IDMS) data are collected, maintained and accessed
only by authorized individuals. IDMS data are not maintained with other
data on agency network servers, but are transferred by dedicated
telephone data lines for off-site vendor storage, management and
security. Security systems and equipment that electronically log or
record usage of FTC-issued credentials to obtain access to FTC
facilities or resources are secured electronically and physically
(e.g., recording and video monitoring equipment and servers in rooms
accessible only by authorized key cards). FTC buildings are guarded and
monitored by security personnel, cameras, ID checks, and other physical
security measures.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
Pursuant to 5 U.S.C. 552a(k)(5), records in this system, to the
extent such records have been compiled to determine suitability,
eligibility, or qualifications for employment or other matters, as set
forth in the cited Privacy Act provision, and would reveal the identity
of a confidential source, are exempt from the requirements of
subsections (c)(3), (d), (e)(1), (e)(4)(G), (H), (I), and (f) of 5
U.S.C. 552a. See Sec. 4.13(m) of the FTC Rules of Practice, 16 CFR
4.13(m).

HISTORY:
73 FR 33591-33634 (June 12, 2008).
* * * * *
IV. Correspondence Systems of Records

SYSTEM NAME AND NUMBER:
Consumer Information System-FTC (FTC-IV-1).

SECURITY CLASSIFICATION:
Unclassified.

[[Page 79606]]

SYSTEM LOCATION:
Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington,
DC 20580. This system is operated off-site by a contractor. For other
locations where records may be maintained or accessed, see Appendix III
(Locations of FTC Buildings and Regional Offices), available on the
FTC's website at <a href="https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems">https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems</a> and at 87 FR 57698 (Sept. 21, 2022).

SYSTEM MANAGER(S):
Assistant Director, Division of Consumer Response and Operations,
Bureau of Consumer Protection, Federal Trade Commission, 600
Pennsylvania Avenue NW, Washington, DC 20580, email: <a href="/cdn-cgi/l/email-protection#e1b2aeb3af92a1879582cf868e97">[email&#160;protected]</a>.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Federal Trade Commission Act, 15 U.S.C. 41 et seq.; section 5 of
the Identity Theft and Assumption Deterrence Act of 1998 (ITADA), 18
U.S.C. 1028 note.

PURPOSE(S) OF THE SYSTEM:
To maintain records of complaints and inquiries from individual
consumers; to track and respond to such communications (e.g., providing
information to consumers over the phone or fulfilling requests by
consumers to be mailed copies of FTC publications); identify consumer
problems and issues that may lead to law enforcement investigations,
litigation, or other proceedings; to be used in and made part of the
records of such proceedings, or to be referred to other person,
entities, or authorities, where appropriate, covered by other Privacy
Act system of records notices; and to provide statistical data on the
number and types of complaints or other communications received by the
FTC. Also, to satisfy the requirement of the ITADA that the FTC compile
and refer identity theft complaints to ``appropriate entities,'' and to
provide useful information that may contribute to regulation and
oversight of institutions and systems that play a role in or are
affected by fraudulent business practices or identity theft.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
(1) Individual consumers who submit complaints to the FTC about
identity theft, or the business practices of a company or individual,
as well as consumers who request information or assistance.
(2) Individuals who submit their complaints about identity theft or
the business practices of a company or individual to another
organization that has agreed to provide its consumer complaint
information to the FTC.
(3) Individuals acting on behalf of another consumer to submit the
other consumer's complaint about identity theft, or the business
practices of a company or individual, or to request information or
assistance on behalf of another individual.
(4) Individuals who are the subjects of complaints about identity
theft or about the business practices of a company or individual.
(5) FTC or contractor staff assigned to process or respond to such
communications.
(6) Other system users outside the FTC (e.g., law enforcement
agencies authorized to have access to the system under confidentiality
agreements).

CATEGORIES OF RECORDS IN THE SYSTEM:
(1) Personally identifying information about the individual who
submits a complaint or requests information or assistance, including,
for example, the individual's name, address, telephone number, fax
number, date of birth, Social Security or credit card numbers, email
address and other personal information extracted or summarized from the
individual's complaint.
(2) Personally identifying information about the individual who
submits a complaint or requests information or assistance on behalf of
someone else, including, for example, the submitting individual's name,
address, phone or fax number and email address.
(3) The name, address, telephone number or other information about
an individual who is the subject of a complaint, or is allegedly
associated with the subject of a complaint. (Information in the system
about companies or other non-individuals is not covered by the Privacy
Act.)
(4) The name and reference number of FTC or contractor staff person
who entered or updated the complaint information in the database.
(5) Name, organization, and contact data for system users outside
the FTC (e.g., staff of other authorized law enforcement agencies).

RECORD SOURCE CATEGORIES:
Consumers and entities who communicate with the FTC; FTC staff and
contractors; other law enforcement agencies and non-FTC organizations.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
(1) Consumer complaints can be disclosed to the subject of the
complaint for purposes of attempting to resolve the complaint;
(2) Identity theft complaints also can be disclosed to the three
major national credit reporting agencies and other appropriate entities
to fulfill the requirements of section 5 of the ITADA; and
(3) Contact data for non-FTC users of this system (e.g., staff of
authorized law enforcement agencies) can be shared among such users or
with others within or outside the FTC to enable them to communicate
with one another.
For other ways that the Privacy Act permits the FTC to use or
disclose system records outside the agency, see Appendix I (Authorized
Disclosures and Routine Uses Applicable to All FTC Privacy Act Systems
of Records), available on the FTC's website at <a href="https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems">https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems</a> and at 83 FR
55542-55543 (Nov. 6, 2018).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
The FTC uses several applications or components to collect and
share consumer data. The FTC maintains a Consumer Response Center
(CRC), which gathers, processes, and updates consumer information
submitted by consumers via telephone-based services and internet-based
complaint forms. Consumers access a multi-channel bilingual (English
and Spanish) contact center to file complaints, report instances of
identity theft, receive and print an identity theft report, and request
or receive consumer education materials. Consumers may also file
complaints directly from their computers and mobile devices using the
online ReportFraud portal, which asks consumers to answer a series of
questions organized into a few simple steps. The portal can be accessed
from the URLs <a href="http://Reportfraud.ftc.gov">Reportfraud.ftc.gov</a> and <a href="http://www.ftc.gov/complaint">www.ftc.gov/complaint</a>. Consumers
with cross-border e-commerce complaints may file an online complaint at
<a href="http://www.econsumer.gov">www.econsumer.gov</a>, which offers cross-border consumer protection
information and an additional separate online cross-border complaint
form. Finally, consumers may contact the CRC through postal mail. The
FTC also receives data collected by other entities. External
contributors include a broad array of public and private domestic and
foreign organizations.. Data from such communications are entered into
a structured electronic database maintained by a contractor on the
agency's behalf, and accessible by Web-based interface to FTC staff,
contractors, and other authorized users (e.g., federal, state, local,
and international law enforcement) subject to strict access and

[[Page 79607]]

security controls (see ``Safeguards'' below).

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records may be retrieved and indexed by any category of data that
is submitted by consumers or otherwise compiled in association with
such records (e.g., name, subject of the complaint).

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
The system can currently be accessed by FTC staff, contractors, and
other system users, such as authorized law enforcement agency
personnel. This access occurs via a Web-based interface and is
authorized only on a need-to-know basis to those individuals and
organizations requiring access. Contractors and other non-FTC users
must sign confidentiality and nondisclosure agreements, and, in some
cases, are required to undergo additional security clearance
procedures. Letters or other system records in paper format are
maintained in lockable rooms and cabinets. Access to the electronic
database requires users to have the correct ``user ID'' and password
combination, individual security token code, and internet protocol
(``IP'') address for the user's law enforcement agency. The system
database is maintained on secure servers, protected by firewalls,
access and usage logs, and other security controls. Servers are
maintained in a secure physical environment, including building locks,
security guards, and cameras.

RECORD ACCESS PROCEDURES:
See Sec. 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For
additional guidance, see also Appendix II (How To Make A Privacy Act
Request), available on the FTC's website at <a href="https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems">https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems</a> and at 73 FR 33592,
33634 (June 12, 2008). Individuals who call the FTC's Consumer Response
Center can also use their FTC reference number to identify complaints
they have previously submitted in order to update them.

NOTIFICATION PROCEDURES:
See Sec. 4.13 of the FTC's Rules of Practice, 16 CFR 4.13. For
additional guidance, see also Appendix II (How To Make A Privacy Act
Request), available on the FTC's website at <a href="https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems">https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems</a> and at 73 FR 33592,
33634 (June 12, 2008). Individuals who call the FTC's Consumer Response
Center can also use their FTC reference number to identify complaints
they have previously submitted in order to update them.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
Pursuant to 5 U.S.C. 552a(k)(2), records in this system relating to
identity theft are exempt from the requirements of subsections (c)(3),
(d), (e)(1), (e)(4) (G), (H), (I), and (f) of 5 U.S.C. 552a, and the
corresponding provisions of 16 CFR 4.13. See FTC Rules of Practice
4.13(m), 16 CFR 4.13(m).

HISTORY:
73 FR 33591-33634 (June 12, 2008).
* * * * *

SYSTEM NAME AND NUMBER:
National Do Not Call Registry System-FTC (FTC-IV-3).

SECURITY CLASSIFICATION:
Unclassified.

SYSTEM LOCATION:
Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington,
DC 20580. System database is maintained and operated off-site by a
contractor. For other locations where records may be maintained or
accessed, see Appendix III (Locations of FTC Buildings and Regional
Offices), available on the FTC's website at <a href="https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems">https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems</a> and at 87 FR 57698
(Sept. 21, 2022).

SYSTEM MANAGER(S):
National Do Not Call Registry Program Manager, Division of Consumer
Response and Operations, Bureau of Consumer Protection, Federal Trade
Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580, email:
<a href="/cdn-cgi/l/email-protection#ffacb0adb18cbf998b9cd1989089">[email&#160;protected]</a>.
See Treasury/FMS.017 for the system manager and address of the
<a href="http://www.pay.gov">www.pay.gov</a> system.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Federal Trade Commission Act, 15 U.S.C. 41 et seq., Telemarketing
and Consumer Fraud and Abuse Prevention Act, 15 U.S.C. 6101-6108; Do-
Not-Call Implementation Act, Public Law No. 108-10 (2003); Do-Not-Call
Improvement Act of 2007, Public Law 110-187 (2008); Do-Not-Call
Registry Fee Extension Act of 2007, Public Law 110-188 (2008).

PURPOSE(S) OF THE SYSTEM:
To maintain records of the telephone numbers of individuals who do
not wish to receive telemarketing calls; to disclose such records to
telemarketers, sellers, and their agents in order for them to reconcile
their do-not-call lists with the Registry and comply with the do-not-
call provisions of the Commission's Telemarketing Sales Rule, 16 CFR
part 310; to enable the Commission and other law enforcement officials
to determine whether a company is complying with the Rule; to provide
statistical data that may lead to or be incorporated into law
enforcement investigations and litigation; or for other law
enforcement, regulatory or informational purposes. Information
submitted by or compiled on telemarketers, sellers, and their agents is
used for purposes of fee collection, authorizing their access to the
system, and related purposes and uses as described in this notice.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals who notify the Commission that they do not wish to
receive telemarketing calls. Individually identifiable information
(e.g., name, email address) that telemarketers, sellers, or their
agents must submit when paying for and obtaining access to the system
is covered by this system only to the extent, if any, that such
information is ``about [the] individual'' within the meaning of the
Privacy Act, and is not about the telemarketer, seller, or agent acting
in a non-individual business capacity.

CATEGORIES OF RECORDS IN THE SYSTEM:
Telephone numbers of individuals who do not wish to receive
telemarketing calls; information automatically generated by the system,
including date and/or time that the telephone number was placed on or

[[Page 79608]]

removed from the Registry; and other information that the individual
may be asked to provide voluntarily (such as email address, if the
individual registers through the National Do Not Call Registry
website). Telemarketers, sellers, and their agents are also required to
submit information to pay for and obtain authorized access to the
system, including the names of, or other identifiers that may be
associated with, individuals (e.g., name of contact person, name of the
person to whom the credit card is issued, email address, etc.). Such
information is part of this FTC system of records only to the extent,
if any, that such information is maintained in the FTC's records and is
``about [the] individual'' within the meaning of the Privacy Act, and
not about a telemarketer, seller, or agent acting in a non-individual
business capacity.
Otherwise, user fee payment data from telemarketers, sellers, and
their agents required to participate in the National Do Not Call
Registry are principally collected and maintained on behalf of the
Government by the <a href="http://www.pay.gov">www.pay.gov</a> website operated by the Department of
Treasury Financial Management Service (FMS). Those data are covered by
the applicable system notice published by Treasury/FMS, Treasury/
FMS.017 (Collections Records), and any successor system notice that may
be published for that system.

RECORD SOURCE CATEGORIES:
Individuals who inform the Commission through the procedures
established by the Commission that they do not wish to receive
telemarketing calls. Some records may come from do-not-call lists that
some states or organizations separately maintain. Record sources for
this system may also include telemarketers, sellers, and agents, but
only to the extent, if any, that they are ``individuals'' within the
meaning of the Privacy Act.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
(1) Telephone numbers, but not any email addresses, submitted by
individuals may be made available or referred on an automatic or other
basis to telemarketers, sellers, and their agents for the purpose of
determining or verifying that an individual does not wish to receive
telemarketing calls;
(2) Information submitted by or compiled on telemarketers, sellers,
and their agents may be used and disclosed to other Federal, state, or
local government authorities for payment or billing purposes, including
referral to debt collection agencies or other governmental entities for
collection, tax reporting, or other related purposes. Information that
is submitted by or compiled on telemarketers, sellers, and their agents
and that is incorporated into the <a href="http://www.pay.gov">www.pay.gov</a> system shall also be
subject to routine uses, if any, that may be separately published for
that system, Treasury/FMS.017 (Collections Records), or any successor
system notice for that system.
For other ways that the Privacy Act permits the FTC to use or
disclose system records outside the agency, see Appendix I (Authorized
Disclosures and Routine Uses Applicable to All FTC Privacy Act Systems
of Records), available on the FTC's website at <a href="https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems">https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems</a> and at 83 FR
55542-55543 (Nov. 6, 2018).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records in the system are collected and maintained by an off-site
FTC contractor in an electronic database with Web-based access subject
to strict security controls (see ``Safeguards'' below).

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Indexed by area code and phone number of individuals who have
informed the Commission that they do not wish to receive telemarketing
calls. May also be retrieved by other data, if any, compiled or
otherwise maintained with the record. For information submitted by or
compiled on telemarketers, sellers, or their agents, records may be
indexed and retrieved by any category of data that is submitted by or
compiled on such telemarketers, sellers, or agents.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained and disposed of in accordance with Schedule
DAA-0122-2021-0002, which was approved by the National Archives and
Records Administration. Consumer complaint entries are generally
destroyed when they are 5 years old except when they are subject to
litigation holds to preserve complaints. The consumer registration
function allows consumers to register their telephone numbers in the
DNC system and to verify whether their phone numbers are on the
registry. These registration entries are deleted 20 years after request
of the individual to whom the telephone number is assigned, or the
phone number is disconnected and reassigned. Telemarketer registrations
are deleted 20 years after the telemarketer account no longer has any
active subscriptions. The retention and destruction of payment data
collected from telemarketers, sellers, and their agents by Treasury's
FMS is described in the system notice for the <a href="http://www.pay.gov">www.pay.gov</a> system,
Treasury/FMS.017.
The Spam Database, which was retired in 2019, provided the public
with an email address to which they could forward email and text
messages that they believed to be spam. This database will be deleted
on October 1, 2032.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Access is generally restricted to those agency personnel,
contractors and other law enforcement users subject to confidentiality
agreements whose responsibilities require access, or to approved
telemarketers, sellers, and their agents. Electronic access is subject
to login ID, password, and other electronic access and security
controls (e.g., firewalls). Contractors are required to sign
confidentiality and nondisclosure agreements.

RECORD ACCESS PROCEDURES:
To request access to any information maintained with your
registration that is not available to you through the automated dial-in
system or the designated website described in the notification
procedures above, you must submit your request in writing. See Appendix
II (How To Make A Privacy Act Request) for details. The same access
procedure applies to the extent, if any, that the Privacy Act applies
to information submitted by or compiled on telemarketers, sellers, or
their agents, where that information is not made available for review
or amendments when the telemarketer, seller, or agent accesses the
system.

CONTESTING RECORD PROCEDURES:
Where an individual believes the system has erroneously recorded or
omitted information that is collected and maintained by the system, the
individual will be afforded the opportunity to register, change, or
delete that information after the automated system identifies and
verifies the telephone number from which the individual is calling, if
the individual is using the designated website, or the individual
provides other identifying information, if requested by the automated
system. To contest the accuracy of any other information that is not
accessible to the individual through the automated dial-in system or
website as described in the

[[Page 79609]]

``Notification procedures'' section above, the request must be
submitted to the FTC in writing. See Appendix II (How To Make A Privacy
Act Request) for details. The same written request requirement applies
to telemarketers, sellers, or their agents (to the extent, if any, that
they are ``individuals'' within the meaning of the Privacy Act) when
seeking to contest the accuracy of system information maintained on
them, except for system information, if any, that can be contested or
corrected through the automated system.

NOTIFICATION PROCEDURES:
To obtain notification of whether the system contains a record
pertaining to that individual (i.e., the individual's telephone
number), individuals use a dial-in system or a designated website that
will enable the identification and verification of their telephone
numbers. Individuals filing written requests pursuant to 16 CFR 4.13
will be acknowledged and directed to use those automated systems. To
the extent, if any, that the Privacy Act applies to information
submitted by or compiled on telemarketers, sellers, or their agents,
the system provides notice (i.e., confirms) that the system is
maintaining such information when an individual accesses the system
using the account number that was previously assigned to the
telemarketer, seller, or agent at the time that entity originally
entered information into the system to establish the relevant account.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.

HISTORY:
74 FR 17863-17866 (April 17, 2009).
73 FR 33591-33634 (June 12, 2008).
* * * * *
VII. Miscellaneous Systems of Records
* * * * *

SYSTEM NAME AND NUMBER:
Automated Library Management System-FTC (FTC-VII-1).

SECURITY CLASSIFICATION:
Unclassified.

SYSTEM LOCATION:
Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington,
DC 20580.
For other locations where records may be maintained or accessed,
see Appendix III (Locations of FTC Buildings and Regional Offices),
available on the FTC's website at <a href="https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems">https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems</a> and at 87 FR 57698 (Sept. 21,
2022).

SYSTEM MANAGER(S):
Head Librarian, Library, Federal Trade Commission, 600 Pennsylvania
Avenue NW, Washington, DC 20580, email: <a href="/cdn-cgi/l/email-protection#3b68746975487b5d4f58155c544d">[email&#160;protected]</a>.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Federal Trade Commission Act, 15 U.S.C. 41 et seq.

PURPOSE(S) OF THE SYSTEM:
To manage the FTC Library's acquisition and collection of books,
periodicals and other publications; to fulfill requests for the routing
of serials among FTC employees; to electronically index or search for
holdings in the FTC Library's collection.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
FTC personnel who request that copies of FTC Library periodicals or
other publications in the Library's collection be routinely circulated
(routed) to them within the FTC; authors of books, periodicals, or
other publications indexed in the Library's collection; and other
individuals that request FTC Library materials through inter-library
loans.

CATEGORIES OF RECORDS IN THE SYSTEM:
Name and office location of the FTC individual making a routing
request, employee identification number, and the name and number of the
periodical; names of authors or other individuals indexed or associated
with books or other publications maintained in the FTC Library's
collection or requested through inter-library loans.

RECORD SOURCE CATEGORIES:
Individual about whom the record is maintained; author or other
publication data associated with the book, periodical or other
publication; system users.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
For ways that the Privacy Act permits the FTC to use or disclose
system records outside the agency, see Appendix I (Authorized
Disclosures and Routine Uses Applicable to All FTC Privacy Act Systems
of Records), available on the FTC's website at <a href="https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems">https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems</a> and at 83 FR
55542-55543 (Nov. 6, 2018).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Electronic database using a commercially available software
application.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Indexed by periodical number, employee identification number,
author, or other information in the system.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained and disposed of in accordance with applicable
schedules and procedures issued or approved by the National Archives
and Records Administration.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Access restricted to staff or contractor personnel whose
responsibilities require access. Access to electronic records is
controlled by ``user ID'' and password combination and/or other
appropriate electronic access or network controls (e.g., firewalls).
(This limitation does not apply to searchable online catalog made
available in the FTC Library.) FTC buildings are guarded and monitored
by security personnel, cameras, ID checks, and other physical security
measures.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.

HISTORY:
73 FR 33591-33634 (June 12, 2008).
* * * * *

SYSTEM NAME AND NUMBER:
Matter Record Search System (MaRS)-FTC (FTC-VII-6).

[[Page 79610]]

SECURITY CLASSIFICATION:
Unclassified.

SYSTEM MANAGER(S):
Office of the Secretary, Records Management Division, Federal Trade
Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580, email:
<a href="/cdn-cgi/l/email-protection#bceff3eef2cffcdac8df92dbd3ca">[email&#160;protected]</a>.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Federal Trade Commission Act, 15 U.S.C. 41 et seq.

PURPOSE(S) OF THE SYSTEM:
To provide staff with the ability to search for and access copies
of agency documents needed for legal and economic research activities
of the Commission (e.g., internal memoranda, economic reports, other
agency work product); to provide FTC staff processing Freedom of
Information Act or other disclosure requests with the ability to search
for and access copies of potentially responsive documents outlining the
actions and considerations of the Commission, individual Commissioners,
and the staff; to provide the ability, once the automated system is
fully implemented, to electronically manage the writing, editing,
storage, retrieval and disposal of such documents (e.g., memoranda,
correspondence), and to provide for additional document management
functions, if any.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals who have written documents contained in Commission
files, and other individuals whose names or other personally
identifying data are used to search and retrieve documents from the
system.

RECORD SOURCE CATEGORIES:
FTC employees and others who submit documents to the Commission.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
Records in this system may be disclosed to contractors in
connection with document processing, storage, disposal and similar
records management and retrieval activities.
For other ways that the Privacy Act permits the FTC to use or
disclose system records outside the agency, see Appendix I (Authorized
Disclosures and Routine Uses Applicable to All FTC Privacy Act Systems
of Records), available on the FTC's website at <a href="https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems">https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems</a> and at 83 FR
55541, 55542-55543 (Nov. 6, 2018).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Older records are stored on electronic and non-electronic formats.
The system also comprises one or more structured databases using
commercial software applications to search, retrieve, and manage
records stored electronically.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Indexed by author of the document, or other data fields or codes.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained and destroyed in accordance with schedules and
procedures issued or approved by the National Archives and Records
Administration.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Access is restricted to agency personnel and contractors whose
responsibilities require access. Paper or other non-digital records are
stored in secure offsite storage or lockable file cabinets or offices.
Access to electronic records is controlled by ``user ID'' and password
combination, and/or role-based access controls, and/or other
appropriate electronic access or network controls (e.g., firewalls).
FTC buildings are guarded and monitored by security personnel, cameras,
ID checks, and other physical security measures.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
Records contained in this system that have been placed on the FTC
public record are available upon request or, where applicable, made
available online. See FTC-I-6 (Public Records-FTC). However, pursuant
to 5 U.S.C. 552a(k)(2), records in this system, which reflect records
that are contained in other systems of records that are designated as
exempt, are exempt from the requirements of subsections (c)(3), (d),
(e)(1), (e)(4)(G), (H), (I), and (f) of 5 U.S.C. 552a. See Sec.
4.13(m) of the FTC Rules of Practice, 16 CFR 4.13(m).

HISTORY:
87 FR 964-974 (January 7, 2022)
73 FR 33591-33634 (June 12, 2008).
* * * * *

Joel Christie,
Acting Secretary.
[FR Doc. 2024-22391 Filed 9-27-24; 8:45 am]
BILLING CODE 6750-01-P

</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>

View on FederalRegister.gov →Plain-text source

Indexed from Federal Register on September 30, 2024.

This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.