Privacy Act of 1974: Systems of Records., 30661-30667 [2014-12234]

Agencies

• SECURITIES AND EXCHANGE COMMISSION

[Federal Register Volume 79, Number 102 (Wednesday, May 28, 2014)]
[Notices]
[Pages 30661-30667]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-12234]


-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

[Release No. PA-51; File No. S7-06-14]


Privacy Act of 1974: Systems of Records.

AGENCY: Securities and Exchange Commission.

ACTION: Notice to establish a new system of records and to revise two 
existing systems of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, as amended, 5 U.S.C. 552a, the Securities and Exchange Commission 
(``Commission'' or ``SEC'') proposes to establish a new system of 
records, ``General Information Technology Records (SEC-67).'' 
Additionally, two existing systems of records are being revised: 
``Office of the Chief Accountant Working File (SEC-28)'' last published 
in the Federal Register Volume 62, Number 176 on September 11, 1997; 
and ``Office of Inspector General Investigative Files (SEC-43)'', last 
published in the Federal Register Volume 71, Number 105 on Thursday, 
June 1, 2006.

DATES: The proposed systems will become effective July 7, 2014 unless 
further notice is given. The Commission will publish a new notice if 
the effective date is delayed to review comments or if changes are made 
based on comments received. To be assured of consideration, comments 
should be received on or before June 27, 2014.

ADDRESSES: Comments may be submitted by any of the following methods:

Electronic Comments

     Use the Commission's Internet comment form (https://www.sec.gov/rules/other.shtml); or
     Send an email to rule-comments@sec.gov. Please include 
File Number S7-06-14 on the subject line.

Paper Comments

    Send paper comments in triplicate to Kevin M. O'Neill, Deputy 
Secretary, U.S. Securities and Exchange Commission, 100 F Street NE., 
Washington, DC 20549-1090. All submissions should refer to File Number 
S7-06-14. This file number should be included on the subject line if 
email is used. To help process and review your comments more 
efficiently, please use only one method. The Commission will post all 
comments on the Commission's Internet Web site (https://www.sec.gov/rules/other.shtml). Comments are also available for Web site viewing 
and printing in the Commission's Public Reference Room, 100 F Street 
NE., Washington, DC 20549, on official business days between the hours 
of 10:00 a.m. and 3:00 p.m. All comments received will be posted 
without change; we do not edit personal identifying information from 
submissions. You should submit only information that you wish to make 
available publicly.

FOR FURTHER INFORMATION CONTACT: Todd Scharf, Acting Chief Privacy 
Officer, Office of Information Technology, 202-551-8800.

SUPPLEMENTARY INFORMATION: The Commission proposes to establish a new 
system of records, ``General Information Technology Records (SEC-67),'' 
and to revise two existing systems of records, ``Office of the Chief 
Accountant Working Files (SEC-28),'' and ``Office of Inspector General 
Investigative Files (SEC-43).'' The General Information Technology 
Records (SEC-67) system of records maintains records on all persons who 
are authorized to access SEC

[[Page 30662]]

information or information systems. The purpose of SEC-67 is to provide 
authentication and authorization to such individuals, to maintain logs, 
audit trails, and similar data regarding the use of SEC information or 
information systems, and to enable the Commission to detect, report, 
and take appropriate action against improper or unauthorized access to 
such information and systems.
    The Office of the Chief Accountant Working Files (SEC-28) contain 
records related to Accountants; persons associated with accountants and 
accounting firms; persons associated with SEC registrants, including 
individuals that submit requests for consultation with the Office of 
the Chief Accountant and individuals involved with or subjects of SEC 
investigations; and SEC personnel assigned to work on relevant matters. 
The Office of the Chief Accountant uses the records in formulating and 
applying accounting or auditing policies for documents to be filed with 
the Commission; in determining appropriate recommendations to the 
Commission relating to the disqualification of accountants to appear 
and practice before the Commission; to respond to inquiries concerning 
accounting and auditing matters; and to assist in investigations of 
possible violations of the federal securities laws. Substantive changes 
to SEC-28 have been made to the following sections: (1) Categories of 
Individuals, to clarify specific individuals covered in the records; 
(2) Categories of Records, modifying to include specific data elements 
collected on individuals, to include name, mailing address, telephone 
number and email address; (3) Purpose, stating the purposes of the 
system; (4) Routine Uses, expanding to include seven new routine uses 
located at numbers 1, 12, 18-22; and (5) Exemption Claimed for the 
System, updating to include notice that certain records from this 
system of records are exempt from the certain provisions of the Privacy 
Act. This exemption was originally adopted in 40 FR 44068 (September 
24, 1975).
    The Office of Inspector General Investigative Files (SEC-43) 
records are compiled by the Office of the Inspector General with 
respect to individuals, including subjects, complainants, and 
witnesses, involved in investigations or inquiries relating to SEC 
programs and operations. The Office of Inspector General uses the 
records to effectively and efficiently conduct investigations relating 
to the programs and operations of the SEC, as authorized by the 
Inspector General Act of 1978, as amended. Substantive changes to SEC-
43 have been made to the following sections: (1) System Location, 
modifying to reflect the addition of an off-site location for closed 
investigatory files; (2) Categories of Individuals, clarifying the 
types of files contained in the system; (3) Categories of Records, 
providing additional details about the management system and adding 
additional types of individually identifiable documents; (4) Purpose, 
clarifying the purpose; and (5) Routine Uses, deleting routine uses 
previously numbered 5, 13 and 14, revising routine use previously 
numbered 17, and expanding to include seven new routine uses located at 
numbers 1, 6, 7, 8, 10, 12, and 13.
    The Commission has submitted a report of the new system of records 
and the amended existing systems of records to the appropriate 
Congressional Committees and to the Director of the Office of 
Management and Budget (``OMB'') as required by 5 U.S.C. 552a(r) 
(Privacy Act of 1974) and guidelines issued by OMB on December 12, 2000 
(65 FR 77677).
    Accordingly, the Commission is proposing to establish one new 
system of records and revise two existing systems of records to read as 
follows:
SEC-28

SYSTEM NAME:
    Office of the Chief Accountant Working Files.

SYSTEM LOCATION:
    Securities and Exchange Commission, 100 F Street, NE., Washington, 
DC 20549.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Accountants and persons associated with accountants and accounting 
firms and persons associated with SEC registrants, including 
individuals that submit requests for consultation with the Office of 
the Chief Accountant and individuals involved with or subjects of SEC 
investigations; and SEC personnel assigned to work on relevant matters.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records contain names, mailing addresses, telephone numbers, 
email addresses, and/or information pertaining to accounting and 
auditing practices, problems, issues, and opinions and information 
concerning the activities of individuals in connection with Commission 
enforcement actions or in proceedings pursuant to the Commission's 
rules of practice.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    15 U.S.C. 77a et seq., 78a et seq., 7201 et seq., and 17 CFR 
200.22.

PURPOSE(S):
    1. To assist the Office of the Chief Accountant in performing the 
functions assigned to it by the Commission including the formulation 
and application of accounting or auditing policies in the case of 
documents required to be filed with the Commission and the 
determination of appropriate recommendations to the Commission relating 
to the disqualification of accountants to appear and practice before 
the Commission.
    2. To respond to inquiries from Members of Congress, the press, and 
the public concerning accounting and auditing matters.
    3. To assist investigations of possible violations of the Federal 
securities laws.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, these records or information contained 
therein may specifically be disclosed outside the Commission as a 
routine use pursuant to 5 U.S.C. 552 a(b)(3) as follows:
    1. To appropriate agencies, entities, and persons when (a) it is 
suspected or confirmed that the security or confidentiality of 
information in the system of records has been compromised; (b) the SEC 
has determined that, as a result of the suspected or confirmed 
compromise, there is a risk of harm to economic or property interests, 
identity theft or fraud, or harm to the security or integrity of this 
system or other systems or programs (whether maintained by the SEC or 
another agency or entity) that rely upon the compromised information; 
and (c) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with the SEC's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.
    2. To other federal, state, local, or foreign law enforcement 
agencies; securities self-regulatory organizations; and foreign 
financial regulatory authorities to assist in or coordinate regulatory 
or law enforcement activities with the SEC.
    3. To national securities exchanges and national securities 
associations that are registered with the SEC, the Municipal Securities 
Rulemaking Board; the Securities Investor Protection Corporation; the 
Public Company Accounting Oversight Board; the federal banking 
authorities, including, but not limited to, the Board of Governors of 
the

[[Page 30663]]

Federal Reserve System, the Comptroller of the Currency, and the 
Federal Deposit Insurance Corporation; state securities regulatory 
agencies or organizations; or regulatory authorities of a foreign 
government in connection with their regulatory or enforcement 
responsibilities.
    4. By SEC personnel for purposes of investigating possible 
violations of, or to conduct investigations authorized by, the federal 
securities laws.
    5. In any proceeding where the federal securities laws are in issue 
or in which the Commission, or past or present members of its staff, is 
a party or otherwise involved in an official capacity.
    6. In connection with proceedings by the Commission pursuant to 
Rule 102(e) of its Rules of Practice, 17 CFR 201.102(e).
    7. To a bar association, state accountancy board, or other federal, 
state, local, or foreign licensing or oversight authority; or 
professional association or self-regulatory authority to the extent 
that it performs similar functions (including the Public Company 
Accounting Oversight Board) for investigations or possible disciplinary 
action.
    8. To a federal, state, local, tribal, foreign, or international 
agency, if necessary to obtain information relevant to the SEC's 
decision concerning the hiring or retention of an employee; the 
issuance of a security clearance; the letting of a contract; or the 
issuance of a license, grant, or other benefit.
    9. To a federal, state, local, tribal, foreign, or international 
agency in response to its request for information concerning the hiring 
or retention of an employee; the issuance of a security clearance; the 
reporting of an investigation of an employee; the letting of a 
contract; or the issuance of a license, grant, or other benefit by the 
requesting agency, to the extent that the information is relevant and 
necessary to the requesting agency's decision on the matter.
    10. To produce summary descriptive statistics and analytical 
studies, as a data source for management information, in support of the 
function for which the records are collected and maintained or for 
related personnel management functions or manpower studies; may also be 
used to respond to general requests for statistical information 
(without personal identification of individuals) under the Freedom of 
Information Act.
    11. To any trustee, receiver, master, special counsel, or other 
individual or entity that is appointed by a court of competent 
jurisdiction, or as a result of an agreement between the parties in 
connection with litigation or administrative proceedings involving 
allegations of violations of the federal securities laws (as defined in 
section 3(a)(47) of the Securities Exchange Act of 1934, 15 U.S.C. 
78c(a)(47)) or pursuant to the Commission's Rules of Practice, 17 CFR 
201.100-900 or the Commission's Rules of Fair Fund and Disgorgement 
Plans, 17 CFR 201.1100-1106, or otherwise, where such trustee, 
receiver, master, special counsel, or other individual or entity is 
specifically designated to perform particular functions with respect 
to, or as a result of, the pending action or proceeding or in 
connection with the administration and enforcement by the Commission of 
the federal securities laws or the Commission's Rules of Practice or 
the Rules of Fair Fund and Disgorgement Plans.
    12. To any persons during the course of any inquiry, examination, 
or investigation conducted by the SEC's staff, or in connection with 
civil litigation, if the staff has reason to believe that the person to 
whom the record is disclosed may have further information about the 
matters related therein, and those matters appeared to be relevant at 
the time to the subject matter of the inquiry.
    13. To interns, grantees, experts, contractors, and others who have 
been engaged by the Commission to assist in the performance of a 
service related to this system of records and who need access to the 
records for the purpose of assisting the Commission in the efficient 
administration of its programs, including by performing clerical, 
stenographic, or data analysis functions, or by reproduction of records 
by electronic or other means. Recipients of these records shall be 
required to comply with the requirements of the Privacy Act of 1974, as 
amended, 5 U.S.C. 552a.
    14. In reports published by the Commission pursuant to authority 
granted in the federal securities laws (as such term is defined in 
section 3(a)(47) of the Securities Exchange Act of 1934, 15 U.S.C. 
78c(a)(47)), which authority shall include, but not be limited to, 
section 21(a) of the Securities Exchange Act of 1934, 15 U.S.C. 78u(a).
    15. To members of advisory committees that are created by the 
Commission or by Congress to render advice and recommendations to the 
Commission or to Congress, to be used solely in connection with their 
official designated functions.
    16. To any person who is or has agreed to be subject to the 
Commission's Rules of Conduct, 17 CFR 200.735-1 to 200.735-18, and who 
assists in the investigation by the Commission of possible violations 
of the federal securities laws (as such term is defined in section 
3(a)(47) of the Securities Exchange Act of 1934, 15 U.S.C. 78c(a)(47), 
in the preparation or conduct of enforcement actions brought by the 
Commission for such violations, or otherwise in connection with the 
Commission's enforcement or regulatory functions under the federal 
securities laws.
    17. To a Congressional office from the record of an individual in 
response to an inquiry from the Congressional office made at the 
request of that individual.
    18. To members of Congress, the press, and the public in response 
to inquiries relating to particular Registrants and their activities, 
and other matters under the Commission's jurisdiction.
    19. To prepare and publish information relating to violations of 
the federal securities laws as provided in 15 U.S.C. 78c(a)(47), as 
amended.
    20. To respond to subpoenas in any litigation or other proceeding.
    21. To a trustee in bankruptcy.
    22. To members of Congress, the Government Accountability Office, 
or others charged with monitoring the work of the Commission or 
conducting records management inspections.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are maintained in electronic and paper format. Electronic 
records are stored in computerized databases, magnetic disc, tape and/
or digital media. Paper records and records on computer disc are stored 
in locked file rooms and/or file cabinets.

RETRIEVABILITY:
    Paper records are searchable by name, subject, firm, date, and/or 
internal file number. Electronic records are searchable through routine 
word searches to include searches by name, subject, firm and/or 
keyword.

SAFEGUARDS:
    Access to SEC facilities, data centers, and information or 
information systems is limited to authorized personnel with official 
duties requiring access. SEC facilities are equipped with security 
cameras and 24-hour security guard service. The records are kept in 
limited access areas during duty hours and in locked file cabinets and/
or locked offices or file rooms at all other times. Computerized 
records are safeguarded in a secured environment. Security

[[Page 30664]]

protocols meet the promulgating guidance as established by the National 
Institute of Standards and Technology (NIST) Security Standards from 
Access Control to Data Encryption and Security Assessment & 
Authorization (SA&A). Records are maintained in a secure, password-
protected electronic system that will utilize commensurate safeguards 
that may include: firewalls, intrusion detection and prevention 
systems, and role-based access controls. Additional safeguards will 
vary by program. All records are protected from unauthorized access 
through appropriate administrative, operational, and technical 
safeguards. These safeguards include: restricting access to authorized 
personnel who have a ``need to know''; using locks; and password 
protection identification features. Contractors and other recipients 
providing services to the Commission shall be required to maintain 
equivalent safeguards.

RETENTION AND DISPOSAL:
    These records will be maintained until they become inactive, at 
which time they will be retired or destroyed in accordance with records 
schedules of the United States Securities and Exchange Commission and 
as approved by the National Archives and Records Administration.

SYSTEM MANAGER(S) AND ADDRESS:
    Chief Accountant, Office of the Chief Accountant, Securities and 
Exchange Commission, 100 F Street NE., Washington, DC 20549.

NOTIFICATION PROCEDURE:
    All requests to determine whether this system of records contains a 
record pertaining to the requesting individual may be directed to the 
FOIA/PA Officer, Securities and Exchange Commission, 100 F Street NE., 
Washington, DC 20549-5100.

RECORD ACCESS PROCEDURES:
    Persons wishing to obtain information on the procedures for gaining 
access to or contesting the contents of these records may contact the 
FOIA/PA Officer, Securities and Exchange Commission, 100 F Street NE., 
Washington, DC 20549-5100.

CONTESTING RECORD PROCEDURES:
    See Record access procedures above.

 RECORD SOURCE CATEGORIES:
    The information contained in the system is derived from official 
SEC records, letters and inquiries from the public, SEC staff 
memoranda, which may include information derived from investigations, 
litigation, and other submissions, and professional auditing and 
accounting literature and information received from individuals 
including where practicable those to whom the records relate.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    Under 5 U.S.C. 552a(k)(2), this system of records is exempted from 
the following provisions of the Privacy Act, 5 U.S.C. 552a(c)(3), (d), 
(e)(1), (e)(4)(G), (H), and (I), and (f) and 17 CFR 200.303, 200.304, 
and 200.306, insofar as it contains investigatory materials compiled 
for law enforcement purposes. This exemption is contained in 17 CFR 
200.312(a)(3).
SEC-43

SYSTEM NAME:
    Office of Inspector General Investigative Files.

SYSTEM LOCATION:
    Office of the Inspector General, Securities and Exchange Commission 
(SEC), 100 F Street NE., Washington, DC 20549. Closed investigatory 
files may be stored at a federal records center in accordance with the 
SEC's records retention schedule.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system of records contains records on individuals, including 
subjects, complainants, and witnesses, in connection with the Office of 
Inspector General's investigations or inquiries relating to programs 
and operations of the SEC.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records include: a case management system that contains a unique 
control number, descriptive information, and supporting documents for 
each investigation or preliminary inquiry; incoming complaints and 
complaint logs; preliminary inquiry files and indexes; correspondence 
relating to investigations; internal staff memoranda concerning 
investigations; copies of all subpoenas issued during investigations; 
subpoena logs; affidavits, declarations and statements from witnesses; 
transcripts of interviews conducted or testimony taken in the 
investigation and accompanying exhibits; documents and records obtained 
during investigations; working papers of the staff and other documents 
and records relating to the investigation; investigative plans, 
operation plans, status reports, reports of investigation, and closing 
memoranda; information and documents relating to grand jury 
proceedings; arrest and search warrant affidavits; information and 
documents relating to criminal, civil, and administrative actions; 
information and documents received from other law enforcement entities; 
personnel information for witnesses and subjects; and investigative 
peer review files.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Inspector General Act of 1978, as amended, Pub. L. 95-452, 5 U.S.C. 
App.

PURPOSE(S):
    The purpose of this system of records is to enable the Office of 
Inspector General to effectively and efficiently conduct investigations 
relating to the programs and operations of the SEC, as authorized by 
the Inspector General Act of 1978, as amended.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, these records or information contained 
therein may specifically be disclosed outside the Commission as a 
routine use pursuant to 5 U.S.C. 552 a(b)(3) as follows:
    1. To appropriate agencies, entities, and persons when (a) it is 
suspected or confirmed that the security or confidentiality of 
information in the system of records has been compromised; (b) the SEC 
has determined that, as a result of the suspected or confirmed 
compromise, there is a risk of harm to economic or property interests, 
identity theft or fraud, or harm to the security or integrity of this 
system or other systems or programs (whether maintained by the SEC or 
another agency or entity) that rely upon the compromised information; 
and (c) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with the SEC's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.
    2. Where there is an indication of a violation or a potential 
violation of law, whether civil, criminal or regulatory in nature, to 
the appropriate agency, whether Federal, foreign, state, or local, or 
to a securities self-regulatory organization, charged with enforcing or 
implementing the statute, or rule, regulation or order.
    3. To Federal, foreign, state, or local authorities in order to 
obtain information or records relevant to an Office of Inspector 
General investigation or inquiry.
    4. To non-governmental parties where those parties may have 
information the Office of Inspector General seeks to

[[Page 30665]]

obtain in connection with an investigation or inquiry.
    5. To respond to subpoenas in any litigation or other proceeding.
    6. In connection with proceedings by the Commission pursuant to 
Rule 102(e) of its Rules of Practice, 17 CFR 201.102(e).
    7. To a bar association, state accountancy board, or other federal, 
state, local, or foreign licensing or oversight authority; or 
professional association or self-regulatory authority to the extent 
that it performs similar functions (including the Public Company 
Accounting Oversight Board) for investigations or possible disciplinary 
action.
    8. To a federal, state, local, tribal, foreign, or international 
agency, if necessary to obtain information relevant to the SEC's 
decision concerning the hiring or retention of an employee; the 
issuance of a security clearance; the letting of a contract; or the 
issuance of a license, grant, or other benefit.
    9. To a federal, state, local, tribal, foreign, or international 
agency in response to its request for information concerning the hiring 
or retention of an employee; the issuance of a security clearance; the 
reporting of an investigation of an employee; the letting of a 
contract; or the issuance of a license, grant, or other benefit by the 
requesting agency, to the extent that the information is relevant and 
necessary to the requesting agency's decision on the matter.
    10. To produce summary descriptive statistics and analytical 
studies, as a data source for management information, in support of the 
function for which the records are collected and maintained or for 
related personnel management functions or manpower studies; may also be 
used to respond to general requests for statistical information 
(without personal identification of individuals) under the Freedom of 
Information Act.
    11. To inform complainants, victims, and witnesses of the results 
of an investigation or inquiry.
    12. To any persons during the course of any inquiry, audit, or 
investigation conducted by the SEC's staff, or in connection with civil 
litigation, if the staff has reason to believe that the person to whom 
the record is disclosed may have further information about the matters 
related therein, and those matters appeared to be relevant at the time 
to the subject matter of the inquiry.
    13. To interns, grantees, experts, contractors, and others who have 
been engaged by the Commission to assist in the performance of a 
service related to this system of records and who need access to the 
records for the purpose of assisting the Commission in the efficient 
administration of its programs, including by performing clerical, 
stenographic, or data analysis functions, or by reproduction of records 
by electronic or other means. Recipients of these records shall be 
required to comply with the requirements of the Privacy Act of 1974, as 
amended, 5 U.S.C. 552a.
    14. To qualified individuals or organizations in connection with 
the performance of a peer review or other study of the Office of 
Inspector General's audit or investigative functions.
    15. To a Federal agency responsible for considering debarment or 
suspension action if the record would be relevant to such action.
    16. To the Department of Justice for the purpose of obtaining its 
advice on Freedom of Information Act matters.
    17. To a Congressional office from the record of an individual in 
response to an inquiry from the Congressional office made at the 
request of that individual.
    18. To the Office of Government Ethics (OGE) to comply with agency 
reporting requirements established by OGE in 5 CFR 2638, subpart F.
    19. To the Department of Justice and/or the Office of General 
Counsel of the SEC when the defendant in litigation is: (a) Any 
component of the SEC or any employee of the SEC or any employee of the 
SEC in his or her official capacity; (b) the United States where the 
SEC determines that the claim, if successful, is likely to directly 
affect the operations of the SEC; or (c) any SEC employee in his or her 
individual capacity where the Department of Justice and/or the Office 
of General Counsel of the SEC agree to represent such employee.
    20. To the news media and the public when there exists a legitimate 
public interest (e.g., to provide information on events in the criminal 
process, such as an indictment).
    21. To the Council of the Inspectors General on Integrity and 
Efficiency, another Federal Office of Inspector General, or other 
Federal law enforcement office in connection with an allegation of 
wrongdoing by the Inspector General or staff members of the Office of 
Inspector General.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are maintained in electronic and paper format. Electronic 
records are stored in computerized databases, magnetic disc, tape and/
or digital media. Paper records and records on computer disc are stored 
in locked file rooms and/or file cabinets.

RETRIEVABILITY:
    The records may be retrieved by the name of the complainant, 
subject, witness, or victim; the investigative staff name for the 
investigation or inquiry; or other indexed information.

SAFEGUARDS:
    Access to SEC facilities, data centers, and information or 
information systems is limited to authorized personnel with official 
duties requiring access. SEC facilities are equipped with security 
cameras and 24-hour security guard service. The records are kept in 
limited access areas during duty hours and in locked file cabinets and/
or locked offices or file rooms at all other times. Computerized 
records are safeguarded in a secured environment. Security protocols 
meet the promulgating guidance as established by the National Institute 
of Standards and Technology (NIST) Security Standards from Access 
Control to Data Encryption and Security Assessment & Authorization 
(SA&A). Records are maintained in a secure, password-protected 
electronic system that will utilize commensurate safeguards that may 
include: firewalls, intrusion detection and prevention systems, and 
role-based access controls. Additional safeguards will vary by program. 
All records are protected from unauthorized access through appropriate 
administrative, operational, and technical safeguards. These safeguards 
include: restricting access to authorized personnel who have a ``need 
to know''; using locks; and password protection identification 
features. Contractors and other recipients providing services to the 
Commission shall be required to maintain equivalent safeguards.

RETENTION AND DISPOSAL:
    These records will be maintained until they become inactive, at 
which time they will be retired or destroyed in accordance with the 
SEC's records retention schedule, as approved by the National Archives 
and Records Administration.

SYSTEM MANAGER(S) AND ADDRESS:
    Inspector General, Office of Inspector General, Securities and 
Exchange Commission, 100 F Street NE., Washington, DC 20549.

NOTIFICATION PROCEDURE:
    All requests to determine whether this system of records contains a 
record pertaining to the requesting individual may be directed to the 
FOIA/PA Officer, Securities and Exchange Commission,

[[Page 30666]]

100 F Street NE., Washington, DC 20549-2736.

RECORD ACCESS PROCEDURES:
    Persons wishing to obtain information on the procedures for gaining 
access to or contesting the contents of these records may contact the 
FOIA/PA Officer, Securities and Exchange Commission, 100 F Street NE., 
Washington, DC 20549-2736.

CONTESTING RECORD PROCEDURES:
    See record access procedures above.

RECORD SOURCE CATEGORIES:
    Information in these records is supplied by: Individuals including, 
where practicable, those to whom the information relates; witnesses, 
corporations and other entities; records of individuals and of the SEC; 
records of other entities; Federal, foreign, state or local bodies and 
law enforcement agencies; documents and correspondence relating to 
litigation; transcripts of testimony; and miscellaneous other sources.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    Pursuant to 5 U.S.C. 552a(j)(2) and 17 CFR 200.313(a), this system 
of records, is exempt from the provisions of the Privacy Act of 1974, 5 
U.S.C. 552a, except subsections (b), (c)(1) and (2), (e)(4)(A) through 
(F), (e)(6), (7), (9), (10), and (11), and (i), and 17 CFR 200.303, 
200.403, 200.306, 200.307, 200.308, 200.309, and 200.310, insofar as 
the system contains information pertaining to criminal law enforcement 
investigations.
    Pursuant to 5 U.S.C. 552a(k)(2) and 17 CFR 200.313(b), this system 
of records is exempt from 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), 
(H), and (I), and (f), and 17 CFR 200.303, 200.304, and 200.306, 
insofar as the system contains investigatory materials compiled for law 
enforcement purposes.
SEC-67

SYSTEM NAME:
    General Information Technology Records

SYSTEM LOCATION:
    Securities and Exchange Commission, Headquarters, 100 F Street NE., 
Washington, DC 20549 and the SEC's Regional Offices.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Records are maintained on all individuals who are authorized to 
access SEC information or information systems; including: employees, 
contractors, students, interns, volunteers, affiliates, others working 
on behalf of the SEC, and individuals formerly in any of these 
positions. Records may also include individuals who voluntarily join an 
SEC-owned and operated web portal for collaboration purposes; 
individuals who request access but are denied, and/or who have had 
access revoked.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system of records may include: users' names; social security 
numbers; business telephone numbers; cellular phone numbers; pager 
numbers; levels of access; physical and email addresses; titles; 
departments; division; contractor/employee status; computer logon 
addresses; password hashes; user identification codes; dates and times 
of access; IP addresses; logs of internet activity; types of access/
permissions required; failed access data; archived transaction data; 
historical data; and justifications for access to SEC computers, 
networks, or systems. For individuals who telecommute from home or a 
telework center, the records may contain the Internet Protocol (IP) 
address and telephone number at that location. For contractors, the 
system may contain the company name, contract number, and contract 
expiration date. The system may also contain details regarding: 
programs; databases; functions; and sites accessed and/or used, dates 
and times of use, information products created, received, or altered 
during use, and access or functionality problems reported for technical 
support and resolution.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. Sec.  302, Delegation of Authority; 44 U.S.C. Sec.  3534; 
Federal Information Security Act (Pub. L. 104-106, section 5113); 
Electronic Government Act (Pub. L. 104-347, section 203); and E.O. 9397 
(SSN), as amended by E.O. 13487.

PURPOSE(S):
    The purpose of this system is to (1) provide authentication and 
authorization to individuals with access to SEC-controlled information 
and information system networks; (2) collect, review, and maintain any 
logs, audit trails, or other such security data regarding the use of 
SEC information or information systems; and (3) to enable the 
Commission to detect, report, and take appropriate action against 
improper or unauthorized access to SEC-controlled information and 
information systems networks. The records will also enable the SEC to 
provide individuals access to certain programs and meeting attendance 
and, where appropriate, allow for sharing of information between 
individuals in the same operational program to facilitate 
collaboration. SEC management personnel may use statistical data, with 
all personal identifiers removed or masked, for system efficiency, 
workload calculation, or reporting purposes.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, these records or information contained 
therein may specifically be disclosed outside the Commission as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    1. To appropriate agencies, entities, and persons when (a) it is 
suspected or confirmed that the security or confidentiality of 
information in the system of records has been compromised; (b) the SEC 
has determined that, as a result of the suspected or confirmed 
compromise, there is a risk of harm to economic or property interests, 
identity theft or fraud, or harm to the security or integrity of this 
system or other systems or programs (whether maintained by the SEC or 
another agency or entity) that rely upon the compromised information; 
and (c) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with the SEC's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.
    2. To other federal, state, local, or foreign law enforcement 
agencies; securities self-regulatory organizations; and foreign 
financial regulatory authorities to assist in or coordinate regulatory 
or law enforcement activities with the SEC.
    3. In any proceeding where the federal securities laws are in issue 
or in which the Commission, or past or present members of its staff, is 
a party or otherwise involved in an official capacity.
    4. To a federal, state, local, tribal, foreign, or international 
agency, if necessary to obtain information relevant to the SEC's 
decision concerning the hiring or retention of an employee; the 
issuance of a security clearance; the letting of a contract; or the 
issuance of a license, grant, or other benefit
    5. To a federal, state, local, tribal, foreign, or international 
agency in response to its request for information concerning the hiring 
or retention of an employee; the issuance of a security clearance; the 
reporting of an investigation of an employee; the letting of a 
contract; or the issuance of a

[[Page 30667]]

license, grant, or other benefit by the requesting agency, to the 
extent that the information is relevant and necessary to the requesting 
agency's decision on the matter.
    6. To produce summary descriptive statistics and analytical 
studies, as a data source for management information, in support of the 
function for which the records are collected and maintained or for 
related personnel management functions or manpower studies; may also be 
used to respond to general requests for statistical information 
(without personal identification of individuals) under the Freedom of 
Information Act
    7. To any persons during the course of any inquiry, examination, or 
investigation conducted by the SEC's staff, or in connection with civil 
litigation, if the staff has reason to believe that the person to whom 
the record is disclosed may have further information about the matters 
related therein, and those matters appeared to be relevant at the time 
to the subject matter of the inquiry.
    8. To interns, grantees, experts, contractors, and others who have 
been engaged by the Commission to assist in the performance of a 
service related to this system of records and who need access to the 
records for the purpose of assisting the Commission in the efficient 
administration of its programs, including by performing clerical, 
stenographic, or data analysis functions, or by reproduction of records 
by electronic or other means. Recipients of these records shall be 
required to comply with the requirements of the Privacy Act of 1974, as 
amended, 5 U.S.C. Sec.  552a.
    9. To respond to subpoenas in any litigation or other proceeding.
    10. To a Congressional office from the record of an individual in 
response to an inquiry from the Congressional office made at the 
request of that individual.
    11. To members of Congress, the Government Accountability Office, 
or others charged with monitoring the work of the Commission or 
conducting records management inspections.
    12. To a commercial contractor in connection with benefit programs 
administered by the contractor on the Commission's behalf, including, 
but not limited to, supplemental health, dental, disability, life and 
other benefit programs.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are maintained in electronic and paper format. Electronic 
records are stored in computerized databases, magnetic disc, tape and/
or digital media. Paper records and records on computer disc are stored 
in locked file rooms and/or file cabinets.

RETRIEVABILITY:
    Information may be retrieved, sorted, and/or searched by an 
identification number assigned by the computer, the last 2 digits of a 
social security number, email address, or by the name of the 
individual, or other employee data fields previously identified in this 
SORN.

SAFEGUARDS:
    Access to SEC facilities, data centers, and information or 
information systems is limited to authorized personnel with official 
duties requiring access. SEC facilities are equipped with security 
cameras and 24-hour security guard service. The records are kept in 
limited access areas during duty hours and in locked file cabinets and/
or locked offices or file rooms at all other times. Computerized 
records are safeguarded in a secured environment. Security protocols 
meet the promulgating guidance as established by the National Institute 
of Standards and Technology (NIST) Security Standards from Access 
Control to Data Encryption and Security Assessment & Authorization 
(SA&A). Records are maintained in a secure, password-protected 
electronic system that will utilize commensurate safeguards that may 
include: firewalls, intrusion detection and prevention systems, and 
role-based access controls. Additional safeguards will vary by program. 
All records are protected from unauthorized access through appropriate 
administrative, operational, and technical safeguards. These safeguards 
include: restricting access to authorized personnel who have a ``need 
to know''; using locks; and password protection identification 
features. Contractors and other recipients providing services to the 
Commission shall be required to maintain equivalent safeguards.

RETENTION AND DISPOSAL:
    These records will be maintained until they become inactive, at 
which time they will be retired or destroyed in accordance with the 
SEC's records retention schedule, as approved by the National Archives 
and Records Administration.

SYSTEM MANAGER(S) AND ADDRESS:
    Chief Information Officer, Securities and Exchange Commission, 100 
F Street NE., Washington, DC 20549-2736.

NOTIFICATION PROCEDURE:
    All requests to determine whether this system of records contains a 
record pertaining to the requesting individual may be directed to the 
FOIA/PA Officer, Securities and Exchange Commission, 100 F Street NE., 
Washington, DC 20549-2736.

RECORD ACCESS PROCEDURES:
    Persons wishing to obtain information on the procedures for gaining 
access to or contesting the contents of these records may contact the 
FOIA/PA Officer, Securities and Exchange Commission, 100 F Street NE., 
Washington, DC 20549-2736.

CONTESTING RECORD PROCEDURES:
    See Record access procedures above.

RECORD SOURCE CATEGORIES:
    Information is supplied by the record subject, their supervisors, 
and the personnel security staff. Logs and details about access times 
and functions used are provided by the system.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    None.

    By the Commission.

     Dated: May 21, 2014.
 Kevin M. O'Neill,
Deputy Secretary.
[FR Doc. 2014-12234 Filed 5-27-14; 8:45 am]
BILLING CODE 8011-01-P