Privacy Act of 1974; System of Records

Issuing agencies

Abstract

In accordance with the Privacy Act of 1974, all agencies are required to publish in the Federal Register a notice of their systems of records. Notice is hereby given that the Federal Energy Regulatory Commission (FERC) is publishing a notice of modifications to an existing FERC system of records titled "Federal Personnel and Payroll Records (FERC-57)" previously titled "Federal Personnel and Payroll System (FPPS)."

Full Text

<html>
<head>
<title>Federal Register, Volume 89 Issue 231 (Monday, December 2, 2024)</title>
</head>
<body><pre>
[Federal Register Volume 89, Number 231 (Monday, December 2, 2024)]
[Notices]
[Pages 95204-95206]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2024-28091]


-----------------------------------------------------------------------

DEPARTMENT OF ENERGY

Federal Energy Regulatory Commission


Privacy Act of 1974; System of Records

AGENCY: Federal Energy Regulatory Commission (FERC), Department of 
Energy (DOE).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, all agencies are 
required to publish in the Federal Register a notice of their systems 
of records. Notice is hereby given that the Federal Energy Regulatory 
Commission (FERC) is publishing a notice of modifications to an 
existing FERC system of records titled ``Federal Personnel and Payroll 
Records (FERC-57)'' previously titled ``Federal Personnel and Payroll 
System (FPPS).''

DATES: Comments on this modified system of records must be received no 
later than 30 days after date of publication in the Federal Register. 
If no public comment is received during the period allowed for comment 
or unless otherwise published in the Federal Register by FERC, the 
modified system of records will become effective a minimum of 30 days 
after date of publication in the Federal Register. If FERC receives 
public comments, FERC shall review the comments to determine whether 
any changes to the notice are necessary.

ADDRESSES: Comments should be submitted in writing to Federal Energy 
Regulatory Commission, 888 First Street NE, Washington, DC 20426 or 
electronically to <a href="/cdn-cgi/l/email-protection#bbcbc9d2cddad8c2fbdddec9d895dcd4cd"><span class="__cf_email__" data-cfemail="cfbfbda6b9aeacb68fa9aabdace1a8a0b9">[email&#160;protected]</span></a>. Comments should indicate that they 
are submitted in response to ``Federal Personnel and Payroll Records 
(FERC-57)''.

FOR FURTHER INFORMATION CONTACT: Mittal Desai, Chief Information 
Officer & Senior Agency Official for Privacy, Office of the Executive 
Director, Federal Energy Regulatory Commission, 888 First Street NE, 
Washington, DC 20426, <a href="/cdn-cgi/l/email-protection#c4b4b6adb2a5a7bd84a2a1b6a7eaa3abb2"><span class="__cf_email__" data-cfemail="215153485740425861474453420f464e57">[email&#160;protected]</span></a>, (202) 502-6832.

SUPPLEMENTARY INFORMATION: In accordance with the Privacy Act of 1974, 
and to comply with the Office of Management and Budget (OMB) Memorandum 
M-17-12, ``Preparing for and Responding to a Breach of Personally 
Identifiable Information,'' January 3, 2017, this notice has twelve 
(12) new routine uses (routine uses 1-12), including two routine uses 
that will permit FERC to disclose information as necessary in response 
to an actual or suspected breach that pertains to a breach of its own 
records or to assist another agency in its efforts to respond to a 
breach that was previously published separately at 87 FR 35543 (June 
10, 2022).
    The following sections have been updated to reflect changes made 
since the publication of the last notice in the Federal Register: 
dates; addresses; for further contact information; system name and 
number; system location; purpose of the system; categories of 
individuals covered by the system; categories of records in the system; 
record source categories; routine uses of records maintained in the 
system, including categories of users and the purpose of such; policies 
and practices for storage of records; policies and practices for 
retrieval of records; policies and practices for retention and disposal 
of records; administrative, technical, physical safeguards; records 
access procedures; contesting records procedures; notification 
procedures; and history.

SYSTEM NAME AND NUMBER:
    Federal Personnel and Payroll Records (FERC-57).

SECURITY CLASSIFCATION:
    Unclassified.

SYSTEM LOCATION:
    Interior Business Center, U.S. Department of the Interior, One 
Denver Federal Center, Bldg. 48, Denver, CO 80225.
    Human Resources Division, Office of the Executive Director, Federal 
Energy Regulatory Commission, 888 First Street NE, Washington, DC 
20426.

SYSTEM MANAGER(S):
    Director, Human Resources Division, Office of the Executive 
Director, Federal Energy Regulatory Commission, 888 First Street NE, 
Washington, DC 20426, (202) 502-6852.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 2951, 5 U.S.C. 5101 et seq.

PURPOSE(S) OF THE SYSTEM:
    The main purpose of the system is to provide personnel and payroll 
support and workforce management including: salary and benefits 
payment; and time, attendance, leave, other absences tracking and 
reporting. The system is used to create and generate the full life 
cycle of personnel transactions including, but not limited to, 
personnel actions, vacancy announcements, candidate processing and 
interviews, new hire tracking, specialized pay, garnishments, and 
appointment programs.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The following categories of individuals are covered by the system: 
current and former employees and their beneficiaries; and candidates 
for employment.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The categories of records in the system are: name; citizenship; 
gender; date of birth; marital status; other names; social security 
number (SSN); legal status; place of birth; security clearance; 
financial information; disability information; education information; 
race/ethnicity; driver's license; personal cellphone number; personal 
email address; home telephone

[[Page 95205]]

number; child or dependent information; employment information; 
military status/service; mailing/home address; taxpayer identification 
number (TIN); bank account information such as routing and account 
numbers; beneficiary information such as name, date of birth, address, 
telephone number, SSN, and relationship; family member and dependents 
information; professional licensing and credentials; family 
relationships; age; involuntary debt (garnishments or child support 
payments); court order information; back pay information; user ID; time 
and attendance data; leave time information; Employee Common Identifier 
(ECI); pay rate; grade; length of service; and deductions.

RECORD SOURCE CATEGORIES:
    Records are obtained from FERC employees, supervisors, timekeepers, 
previous employers, the Internal Revenue Service and State tax 
agencies, the Department of the Treasury, other Federal agencies, 
courts, State child support agencies, employing agency accounting 
offices, and third-party benefit providers.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, information maintained in this system may 
be disclosed to authorized entities outside FERC for purposes 
determined to be relevant and necessary as a routine use pursuant to 5 
U.S.C. 552a(b)(3) as follows:
    1. To appropriate agencies, entities, and persons when (1) FERC 
suspects or has confirmed that there has been a breach of the system of 
records; (2) FERC has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, the Commission 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the Commission's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    2. To another Federal agency or Federal entity, when FERC 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    3. To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of that individual.
    4. To the Equal Employment Opportunity Commission (EEOC) when 
requested in connection with investigations of alleged or possible 
discriminatory practices, examination of Federal affirmative employment 
programs, or other functions of the Commission as authorized by law or 
regulation.
    5. To the Federal Labor Relations Authority or its General Counsel 
when requested in connection with investigations of allegations of 
unfair labor practices or matters before the Federal Service Impasses 
Panel.
    6. To disclose information to another Federal agency, to a court, 
or a party in litigation before a court or in an administrative 
proceeding being conducted by a Federal agency, when the Government is 
a party to the judicial or administrative proceeding. In those cases 
where the Government is not a party to the proceeding, records may be 
disclosed if a subpoena has been signed by a judge.
    7. To the Department of Justice (DOJ) for its use in providing 
legal advice to FERC or in representing FERC in a proceeding before a 
court, adjudicative body, or other administrative body, where the use 
of such information by the DOJ is deemed by FERC to be relevant and 
necessary to the advice or proceeding, and such proceeding names as a 
party in interest: (a) FERC; (b) any employee of FERC in his or her 
official capacity; (c) any employee of FERC in his or her individual 
capacity where DOJ has agreed to represent the employee; or (d) the 
United States, where FERC determines that litigation is likely to 
affect FERC or any of its components.
    8. To non-Federal Personnel, such as contractors, agents, or other 
authorized individuals performing work on a contract, service, 
cooperative agreement, job, or other activity on behalf of FERC or 
Federal Government and who have a need to access the information in the 
performance of their duties or activities.
    9. To the National Archives and Records Administration in records 
management inspections and its role as Archivist.
    10. To the Merit Systems Protection Board or the Board's Office of 
the Special Counsel, when relevant information is requested in 
connection with appeals, special studies of the civil service and other 
merit systems, review of OPM rules and regulations, and investigations 
of alleged or possible prohibited personnel practices.
    11. To appropriate Federal, State, or local agency responsible for 
investigating, prosecuting, enforcing, or implementing a statute, rule, 
regulation, or order, if the information may be relevant to a potential 
violation of civil or criminal law, rule, regulation, order.
    12. To appropriate agencies, entities, and person(s) that are a 
party to a dispute, when FERC determines that information from this 
system of records is reasonably necessary for the recipient to assist 
with the resolution of the dispute; the name, address, telephone 
number, email address, and affiliation; of the agency, entity, and/or 
person(s) seeking and/or participating in dispute resolution services, 
where appropriate.
    13. To consumer reporting agencies as defined in the Fair Credit 
Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Act of 1966 
(31 U.S.C. 3701(a)(3)).
    14. To the Commission's parent agency, the Department of Energy 
(DOE) for reporting purposes; as well as individuals, entities, and 
agencies identified in:
    (a) Payroll, Attendance, Retirement, and Leave Records--Interior, 
DOI-85.
    (b) Interior Personnel Records--Interior, DOI-79.
    (c) General Personnel Records--OPM, OPM/GOVT-1.

POLICIES AND PRACTICES FOR THE STORAGE OF RECORDS:
    Records are stored in paper and electronic form. All FERC employees 
and contractors with authorized access have undergone a thorough 
background security investigation. Paper records are stored in a 
lockable file cabinet. Data access is restricted to agency personnel or 
contractors whose responsibilities require access. Access to electronic 
records is controlled by the organization's Single Sign-On and Multi-
Factor Authentication Solution. Role based access is used to restrict 
electronic data access and the organization employs the principle of 
least privilege, allowing only authorized users with access (or 
processes acting on behalf of users) necessary to accomplish assigned 
tasks in accordance with organizational missions and business 
functions.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by employee identification such as name, 
SSN, and ECI.

[[Page 95206]]

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are retained in accordance with the applicable National 
Archives and Records Administration Schedules, with the following 
applicable General Records Schedules:
    (1.) General Records Schedule (GRS) 2.2: Employee Management 
Records, Item 030, DAA-GRS-2017-0007-0003. Temporary. Destroy when 2 
years old or 2 years after award is approved or disapproved, whichever 
is later, but longer retention is authorized if required for business 
use.
    (2.) General Records Schedule (GRS) 2.2: Employee Management 
Records, Item 040, DAA-GRS-2017-0007-0004. Temporary. Destroy when 
survivor or retirement claims are adjudicated or when records are 129 
years old, whichever is sooner, but longer retention is authorized if 
required for business use.
    (3.) General Records Schedule (GRS) 2.2: Employee Management 
Records, Item 041, DAA-GRS-2017-0007-0005. Temporary. Destroy when 
superseded or obsolete, or upon separation or transfer of employee, 
whichever is earlier.
    (4.) General Records Schedule (GRS) 2.4: Employee Compensation and 
Benefits Records, Item 050, DAA-GRS-2018-0002-0005. Temporary. Destroy 
7 years after case is closed or final settlement on appeal, as 
appropriate, but longer retention is authorized if required for 
business use.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Authorized users complete the Rules of Behavior for HR Access, 
which provides guidance on the user's roles and responsibilities. 
Security controls used to protect personal sensitive data are 
commensurate with those required for an information system rated 
moderate for confidentiality, integrity, and availability, as 
prescribed in NIST Special Publication, 800-53, ``Recommended Security 
Controls for Federal Information Systems,'' Revision 5. FERC personnel 
are required to complete annual agency Information Security and Privacy 
training. FERC personnel are instructed to lock their computers when 
they leave their desks. Electronic records are restricted to authorized 
users with appropriate security privileges, including the use of 2-
factor PIV Card authentication. Web-based connections are VPN encrypted 
sessions between FERC and DOI. Access to electronic records is 
controlled by the organization's Single Sign-On and Multi-Factor 
Authentication Solution. The database is maintained behind a firewall. 
These records are maintained in controlled access areas. Identification 
cards are verified to ensure that only authorized personnel can access 
the records.

RECORD ACCESS PROCEDURES:
    Individuals requesting access to the contents of records must 
submit a request through the Freedom of Information Act (FOIA) office. 
The FOIA website is located at: <a href="https://www.ferc.gov/foia">https://www.ferc.gov/foia</a>. Requests may 
be submitted through the following portal: <a href="https://www.ferc.gov/enforcement-legal/foia/electronic-foia-privacy-act-request-form">https://www.ferc.gov/enforcement-legal/foia/electronic-foia-privacy-act-request-form</a>. 
Written requests for access to records should be directed to: Director, 
Office of External Affair, Federal Energy Regulatory Commission, 888 
First Street NE, Washington, DC 20426.

CONTESTING RECORD PROCEDURES:
    See Records Access procedures.

NOTIFICATION PROCEDURES:
    Generalized notice is provided by the publication of this notice. 
For specific notice, see Records Access Procedure, above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    74 FR 57308 (November 5, 2009).

    Dated: November 22, 2024.
Debbie-Anne A. Reese,
Secretary.
[FR Doc. 2024-28091 Filed 11-29-24; 8:45 am]
BILLING CODE 6717-01-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>