Office of Civil Rights; Information Collection; Nondiscrimination in Federal Financial Assistance Programs, 10687-10688 [E6-2932]

Download as PDF wwhite on PROD1PC61 with NOTICES Federal Register / Vol. 71, No. 41 / Thursday, March 2, 2006 / Notices billion, for more than 119,000 small and mid-size merchants. In the course of processing these credit and debit card purchases, CardSystems collected and stored personal information about consumers, including card number and expiration date and other information, from magnetic stripes on the cards. Pay By Touch acquired CardSystems’ assets on December 9, 2005, at which time CardSystems ceased doing business. Pay By Touch uses CardSystems’ former employees, equipment, and technology to process transactions for the same merchants CardSystems served. The Commission’s proposed complaint alleges that CardSystems stored personal information on computers on its computer network and failed to employ reasonable and appropriate security measures to protect the information. The complaint alleges that this failure was an unfair practice because it caused or was likely to cause substantial consumer injury that was not reasonably avoidable and was not outweighed by countervailing benefits to consumers or competition. In particular, CardSystems engaged in a number of practices that, taken together, failed to provide reasonable and appropriate security for personal information stored on its computer network. Among other things, it: (1) Created unnecessary risks to the information by storing it; (2) did not adequately assess the vulnerability of its computer network to commonly known or reasonably foreseeable attacks, including but not limited to ‘‘Structured Query Language’’ injection attacks; (3) did not implement simple, low-cost, and readily available defenses to such attacks; (4) failed to use strong passwords to prevent a hacker from gaining control over computers on its computer network and access to personal information stored on the network; (5) did not use readily available security measures to limit access between computers on its network and between such computers and the Internet; and (6) failed to employ sufficient measures to detect unauthorized access to personal information or to conduct security investigations. The complaint further alleges that several million dollars in fraudulent purchases were made using counterfeit copies of credit and debit cards that contained the same personal information CardSystems had collected from the magnetic stripes of credit and debit cards and then stored on its computer network. After discovering the fraudulent purchases, banks cancelled and re-issued thousands of these credit and debit cards, and consumers holding VerDate Aug<31>2005 17:54 Mar 01, 2006 Jkt 208001 these cards were unable to use them to access credit and their own bank accounts. The proposed order applies to personal information from or about consumers that CardSystems and Pay By Touch (as CardSystems’ successor) collect in connection with authorization processing. The proposed order contains provisions designed to prevent them from engaging in the future in practices similar to those alleged in the complaint. Part I of the proposed order requires CardSystems and Pay By Touch to establish and maintain a comprehensive information security program in writing that is reasonably designed to protect the security, confidentiality, and integrity of personal information they collect from or about consumers. The security program must contain administrative, technical, and physical safeguards appropriate to their size and complexity, the nature and scope of their activities, and the sensitivity of the personal information collected. Specifically, the order requires CardSystems and Pay By Touch to: • Designate an employee or employees to coordinate and be accountable for the information security program. • Identify material internal and external risks to the security, confidentiality, and integrity of consumer information that could result in unauthorized disclosure, misuse, loss, alteration, destruction, or other compromise of such information, and assess the sufficiency of any safeguards in place to control these risks. • Design and implement reasonable safeguards to control the risks identified through risk assessment, and regularly test or monitor the effectiveness of the safeguards’ key controls, systems, and procedures. • Evaluate and adjust their information security program in light of the results of testing and monitoring, any material changes to their operations or business arrangements, or any other circumstances that they know or have to reason to know may have a material impact on the effectiveness of their information security program. Part II of the proposed order requires that CardSystems and Pay By Touch obtain within 180 days, and on a biennial basis thereafter, an assessment and report from a qualified, objective, independent third-party professional, certifying, among other things, that: (1) They have in place a security program that provides protections that meet or exceed the protections required by Part I of the proposed order, and (2) their security program is operating with PO 00000 Frm 00054 Fmt 4703 Sfmt 4703 10687 sufficient effectiveness to provide reasonable assurance that the security, confidentiality, and integrity of consumers’ personal information has been protected. Parts III through VII of the proposed order are reporting and compliance provisions. Part III requires CardSystems and Pay By Touch to retain documents relating to their compliance with the order. Part IV requires dissemination of the order now and in the future to persons with responsibilities relating to the subject matter of the order. Part V requires them to notify the Commission of changes in their corporate status. Part VI mandates that CardSystems and Pay By Touch submit compliance reports to the FTC. Part VII is a provision ‘‘sunsetting’’ the order after twenty (20) years, with certain exceptions. This case is similar to the recent FTC cases against BJ’s Wholesale Club and DSW Inc., which also involved alleged failures to secure credit and debit card information. As in those cases, CardSystems faces potential liability in the millions of dollars under bank procedures and in private litigation for losses related to the breach. The purpose of this analysis is to facilitate public comment on the proposed order. It is not intended to constitute an official interpretation of the proposed order or to modify its terms in any way. By direction of the Commission, with Commissioner Harbour recused. Donald S. Clark, Secretary. [FR Doc. E6–2934 Filed 3–1–06; 8:45 am] BILLING CODE 6750–01–P GENERAL SERVICES ADMINISTRATION [OMB Control No. 3090–0228] Office of Civil Rights; Information Collection; Nondiscrimination in Federal Financial Assistance Programs Office of Civil Rights, GSA. Notice of request for comments regarding a renewal to an existing OMB clearance. AGENCY: ACTION: SUMMARY: Under the provisions of the Paperwork Reduction Act of 1995 (44 U.S.C. Chapter 35), the General Services Administration will be submitting to the Office of Management and Budget (OMB) a request to review and approve a renewal of a currently approved information collection requirement regarding nondiscrimination in Federal financial assistance programs. The E:\FR\FM\02MRN1.SGM 02MRN1 10688 Federal Register / Vol. 71, No. 41 / Thursday, March 2, 2006 / Notices wwhite on PROD1PC61 with NOTICES clearance currently expires on June 30, 2006. This information is needed to facilitate nondiscrimination in GSA’s Federal Financial Assistance Programs, consistent with Federal civil rights laws and regulations that apply to recipients of Federal financial assistance. Public comments are particularly invited on: Whether this collection of information is necessary and whether it will have practical utility; whether our estimate of the public burden of this collection of information is accurate and based on valid assumptions and methodology; and ways to enhance the quality, utility, and clarity of the information to be collected. DATES: Submit comments on or before: May 1, 2006. FOR FURTHER INFORMATION CONTACT: Evelyn Britton, Compliance Officer, Office of Civil Rights, at telephone (202) 501–4347 or via e-mail to evelyn.britton@gsa.gov. ADDRESSES: Submit comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden to the Regulatory Secretariat (VIR), General Services Administration, Room 4035, 1800 F Street, NW., Washington, DC 20405. Please cite OMB Control No. 3090–0228, Nondiscrimination in Federal Financial Assistance Programs, in all correspondence. SUPPLEMENTARY INFORMATION: A. Purpose The General Services Administration (GSA) has mission responsibilities related to monitoring and enforcing compliance with Federal civil rights laws and regulations that apply to Federal Financial Assistance programs administered by GSA. Specifically, those laws provide that no person on the ground of race, color, national origin, disability, sex or age shall be excluded from participation in, be denied the benefits of, or be otherwise subjected to discrimination under any program in connection with which Federal financial assistance is extended under laws administered in whole or in part by GSA. These mission responsibilities generate the requirement to request and obtain certain data from recipients of Federal surplus property for the purpose of determining compliance, such as the number of individuals, based on race and ethnic origin, of the recipient’s eligible and actual serviced population; race and national origin of those denied participation in the recipient’s program(s); non-English languages encountered by the recipient’s VerDate Aug<31>2005 17:54 Mar 01, 2006 Jkt 208001 program(s) and how the recipient is addressing meaningful access for individuals that are Limited English Proficient; whether there has been complaints or lawsuits filed against the recipient based on prohibited discrimination and whether there has been any findings; and whether the recipient’s facilities are accessible to qualified individuals with disabilities. B. Annual Reporting Burden Respondents: 500. Responses Per Respondent: 1. Total Responses: 500. Hours Per Response: 2. Total Burden Hours: 1000. Obtaining Copies of Proposals: Requesters may obtain a copy of the information collection documents from the General Services Administration, Regulatory Secretariat (VIR), 1800 F Street, NW., Room 4035, Washington, DC 20405, telephone (202) 208–7312. Please cite OMB Control No. 3090–0228, Nondiscrimination in Federal Financial Assistance Programs, in all correspondence. Dated: February 23, 2006. Michael W. Carleton, Chief Information Officer. [FR Doc. E6–2932 Filed 3–1–06; 8:45 am] BILLING CODE 6820–34–S GENERAL SERVICES ADMINISTRATION [OMB Control No. 3090–0274] Public Buildings Service; Information Collection; Art-in-Architecture Program National Artist Registry a renewed focus on commissioning works of art that are an integral part of the building’s architecture and adjacent landscape was instituted. The program continues to commission works of art from living American artists. One-half of one percent of the estimated construction cost of new or substantially renovated Federal buildings and U.S. courthouses is allocated for commissioning works of art. Public comments are particularly invited on: Whether this collection of information is necessary and whether it will have practical utility; whether our estimate of the public burden of this collection of information is accurate and based on valid assumptions and methodology; and ways to enhance the quality, utility, and clarity of the information to be collected. DATES: Submit comments on or before: May 1, 2006. FOR FURTHER INFORMATION CONTACT: Susan Harrison, Public Buildings Service, Office of the Chief Architect, Art-in-Architecture Program, Room 3341, 1800 F Street, NW., Washington, DC 20405, at telephone (202) 501–1812 or via e-mail to susan.harrison@gsa.gov. ADDRESSES: Submit comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to the Regulatory Secretariat (VIR), General Services Administration, Room 4035, 1800 F Street, NW., Washington, DC 20405. Please cite OMB Control No. 3090–0274, Art-inArchitecture Program National Artist Registry, in all correspondence. SUPPLEMENTARY INFORMATION: AGENCY: A. Purpose ACTION: The Art-in-Architecture Program actively seeks to commission works from the full spectrum of American artists and strives to promote new media and inventive solutions for public art. The GSA Form 7437, Art-inArchitecture Program National Artist Registry, will be used to collect information from artists across the country to participate and to be considered for commissions. Public Buildings Service, GSA. Notice of request for comments regarding a renewal to an existing OMB clearance. SUMMARY: Under the provisions of the Paperwork Reduction Act of 1995 (44 U.S.C. Chapter 35), the General Services Administration will be submitting to the Office of Management and Budget (OMB) a request to review and approve a renewal of a currently approved information collection requirement regarding the Art-in-Architecture Program National Artist Registry form. The clearance currently expires on July 31, 2006. The Art-in-Architecture Program is the result of a policy decision made in January 1963 by GSA Administrator Bernard L. Boudin who had served on the Ad Hoc Committee on Federal Office Space in 1961–1962. The program has been modified over the years, most recently in 1996 when PO 00000 Frm 00055 Fmt 4703 Sfmt 4703 B. Annual Reporting Burden Respondents: 360. Responses Per Respondent: 1. Hours Per Response: .25. Total Burden Hours: 90. Obtaining Copies of Proposals: Requesters may obtain a copy of the information collection documents from the General Services Administration, Regulatory Secretariat (VIR), 1800 F Street, NW., Room 4035, Washington, DC 20405, telephone (202) 208–7312. E:\FR\FM\02MRN1.SGM 02MRN1

Agencies

[Federal Register Volume 71, Number 41 (Thursday, March 2, 2006)]
[Notices]
[Pages 10687-10688]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E6-2932]


=======================================================================
-----------------------------------------------------------------------

GENERAL SERVICES ADMINISTRATION

[OMB Control No. 3090-0228]


Office of Civil Rights; Information Collection; Nondiscrimination 
in Federal Financial Assistance Programs

AGENCY: Office of Civil Rights, GSA.

ACTION: Notice of request for comments regarding a renewal to an 
existing OMB clearance.

-----------------------------------------------------------------------

SUMMARY: Under the provisions of the Paperwork Reduction Act of 1995 
(44 U.S.C. Chapter 35), the General Services Administration will be 
submitting to the Office of Management and Budget (OMB) a request to 
review and approve a renewal of a currently approved information 
collection requirement regarding nondiscrimination in Federal financial 
assistance programs. The

[[Page 10688]]

clearance currently expires on June 30, 2006. This information is 
needed to facilitate nondiscrimination in GSA's Federal Financial 
Assistance Programs, consistent with Federal civil rights laws and 
regulations that apply to recipients of Federal financial assistance.
    Public comments are particularly invited on: Whether this 
collection of information is necessary and whether it will have 
practical utility; whether our estimate of the public burden of this 
collection of information is accurate and based on valid assumptions 
and methodology; and ways to enhance the quality, utility, and clarity 
of the information to be collected.

DATES: Submit comments on or before: May 1, 2006.

FOR FURTHER INFORMATION CONTACT: Evelyn Britton, Compliance Officer, 
Office of Civil Rights, at telephone (202) 501-4347 or via e-mail to 
evelyn.britton@gsa.gov.

ADDRESSES: Submit comments regarding this burden estimate or any other 
aspect of this collection of information, including suggestions for 
reducing this burden to the Regulatory Secretariat (VIR), General 
Services Administration, Room 4035, 1800 F Street, NW., Washington, DC 
20405. Please cite OMB Control No. 3090-0228, Nondiscrimination in 
Federal Financial Assistance Programs, in all correspondence.

SUPPLEMENTARY INFORMATION:

A. Purpose

    The General Services Administration (GSA) has mission 
responsibilities related to monitoring and enforcing compliance with 
Federal civil rights laws and regulations that apply to Federal 
Financial Assistance programs administered by GSA. Specifically, those 
laws provide that no person on the ground of race, color, national 
origin, disability, sex or age shall be excluded from participation in, 
be denied the benefits of, or be otherwise subjected to discrimination 
under any program in connection with which Federal financial assistance 
is extended under laws administered in whole or in part by GSA. These 
mission responsibilities generate the requirement to request and obtain 
certain data from recipients of Federal surplus property for the 
purpose of determining compliance, such as the number of individuals, 
based on race and ethnic origin, of the recipient's eligible and actual 
serviced population; race and national origin of those denied 
participation in the recipient's program(s); non-English languages 
encountered by the recipient's program(s) and how the recipient is 
addressing meaningful access for individuals that are Limited English 
Proficient; whether there has been complaints or lawsuits filed against 
the recipient based on prohibited discrimination and whether there has 
been any findings; and whether the recipient's facilities are 
accessible to qualified individuals with disabilities.

B. Annual Reporting Burden

    Respondents: 500.
    Responses Per Respondent: 1.
    Total Responses: 500.
    Hours Per Response: 2.
    Total Burden Hours: 1000.
    Obtaining Copies of Proposals: Requesters may obtain a copy of the 
information collection documents from the General Services 
Administration, Regulatory Secretariat (VIR), 1800 F Street, NW., Room 
4035, Washington, DC 20405, telephone (202) 208-7312. Please cite OMB 
Control No. 3090-0228, Nondiscrimination in Federal Financial 
Assistance Programs, in all correspondence.

    Dated: February 23, 2006.
Michael W. Carleton,
Chief Information Officer.
[FR Doc. E6-2932 Filed 3-1-06; 8:45 am]
BILLING CODE 6820-34-S