Privacy Act of 1974; System of Records, 39095-39096 [2018-16935]

Download as PDF sradovich on DSK3GMQ082PROD with NOTICES Federal Register / Vol. 83, No. 153 / Wednesday, August 8, 2018 / Notices Transitions, 23 hours; Regulatory Capital Instruments, 54 hours; Operational Risk, 50 hours; MSR Valuation, 23 hours; Supplemental, 4 hours; Retail FVO/HFS, 15 hours; Counterparty, 514 hours; and Balances, 16 hours. FR Y–14M: 1st Lien Mortgage, 516 hours; Home Equity, 516 hours; and Credit Card, 512 hours. FR Y–14 Ongoing Automation Revisions, 480 hours. FR Y–14 Attestation On-going Audit and Review, 2,560 hours. General description of report: These collections of information are applicable to top-tier BHCs with total consolidated assets of $100 billion or more and U.S. IHCs. This family of information collections is composed of the following three reports: • The FR Y–14A collects quantitative projections of balance sheet, income, losses, and capital across a range of macroeconomic scenarios and qualitative information on methodologies used to develop internal projections of capital across scenarios either annually or semi-annually. • The quarterly FR Y–14Q collects granular data on various asset classes, including loans, securities, and trading assets, and PPNR for the reporting period. • The monthly FR Y–14M is comprised of three retail portfolio- and loan-level schedules, and one detailed address-matching schedule to supplement two of the portfolio and loan-level schedules. The data collected through the FR Y–14A/Q/M reports provide the Board with the information and perspective needed to help ensure that large firms have strong, firm-wide risk measurement and management processes supporting their internal assessments of capital adequacy and that their capital resources are sufficient given their business focus, activities, and resulting risk exposures. The annual Comprehensive Capital Analysis and Review (CCAR) exercise complements other Board supervisory efforts aimed at enhancing the continued viability of large firms, including continuous monitoring of firms’ planning and management of liquidity and funding resources, as well as regular assessments of credit, market and operational risks, and associated risk management practices. Information gathered in this data collection is also used in the supervision and regulation of these financial institutions. To fully evaluate the data submissions, the Board may conduct follow-up discussions with, or request responses to follow up questions from, respondents. Respondent firms are currently required to complete and VerDate Sep<11>2014 22:37 Aug 07, 2018 Jkt 244001 submit up to 18 filings each year: two semi-annual FR Y–14A filings, four quarterly FR Y–14Q filings, and 12 monthly FR Y–14M filings. Compliance with the information collection is mandatory. Proposed revisions: In December 2017, the Board approved modifications to the FR Y–14 series of reports and a notice was published in the Federal Register (December 15, 2017; 82 FR 59608). The proposal modified the FR Y–14Q, Schedule L (Counterparty) effective as of the March 31, 2018, report date. These changes included simplifying the ranking methodology required for reporting positions and combining the previously separate collections of counterparties as ranked by derivatives and securities financing transactions (SFTs), respectively. Following the finalization and adoption of these proposed changes, the Board became aware of unintended omissions from the report forms and instructions for the FR Y–14Q. The omitted items required respondents to report their total stressed net current exposure under the two supervisory stressed scenarios. To rectify the unintended changes, the Board is proposing to revise subschedule L.5 (Derivatives and SFT Profile) on the FR Y–14Q by adding the mistakenly omitted items. This modification would allow continued operationalization of supervisory modeling, and would provide for total stressed net current exposure reporting under the two supervisory stressed scenarios. With the addition of the total stressed net current exposure item, the instructions would be changed to modify the associated ranking methodologies for the yearly stressed/ CCAR submission in sub-schedule L.5 to require the top 25 counterparties to be reported as ranked by the total stressed net current exposure. This modification would ensure that top counterparties are properly rankordered by the total stressed net current exposure to be added on sub-schedule L.5 in a manner that captures both derivative and securities financing transaction exposures. The proposed revisions do not result in a change to the estimated burden for this series of reports, as the burden from the proposed revisions is already captured in the burden estimates associated with the FR Y–14Q report. PO 00000 Frm 00055 Fmt 4703 Sfmt 4703 39095 Board of Governors of the Federal Reserve System, August 2, 2018. Michele Taylor Fennell, Assistant Secretary of the Board. [FR Doc. 2018–16917 Filed 8–7–18; 8:45 am] BILLING CODE 6210–01–P FEDERAL TRADE COMMISSION Privacy Act of 1974; System of Records AGENCY: Federal Trade Commission (FTC). ACTION: Notice of modified systems of records. The FTC is publishing in final form a modification to all FTC Privacy Act system of records notices (SORNs) by amending and bifurcating an existing global routine use relating to assistance in data breach responses, to conform with Office of Management and Budget (OMB) guidance to federal agencies, OMB Memorandum 17–12. DATES: August 8, 2018, except that the new routine use shall be effective September 7, 2018. FOR FURTHER INFORMATION CONTACT: G. Richard Gold and Alex Tang, Attorneys, Office of the General Counsel, FTC, 600 Pennsylvania Avenue NW, Washington, DC 20580, (202) 326–2424. SUPPLEMENTARY INFORMATION: In a document previously published in the Federal Register, 83 FR 19560 (May 3, 2018), the Federal Trade Commission, as required by the Privacy Act, sought comments on a proposal to modify and bifurcate an existing routine use relating to assistance in data breach responses, which is applicable to all Federal Trade Commission SORNs, to conform with OMB Memorandum M–17–12, Preparing for and Responding to a Breach of Personally Identifiable Information (January 3, 2017). See 5 U.S.C. 552a(e)(4) and (11). The comment period closed on June 4, 2018, and the FTC received three comments to the proposal to modify and bifurcate an existing routine use relating to assistance in data breach responses. The commenters were Xyampza Kerz, Thomas Dickinson, and Dave Root. Xyampza Kerz’s comment expressed concerns about the privacy of homeowner’s personal information posted on the Web when they buy a home and about internet searches that allow a searcher to find out your age and possibly lead to discrimination. M/ M. Kerz also complains about the practices of an online entity and asks that the entity be shut down. These are important privacy issues but are not SUMMARY: E:\FR\FM\08AUN1.SGM 08AUN1 sradovich on DSK3GMQ082PROD with NOTICES 39096 Federal Register / Vol. 83, No. 153 / Wednesday, August 8, 2018 / Notices germane to the current public notice and comment process. We have referred M/M. Kerz’s comment to the FTC’s Consumer Response Center for entry into the Consumer Sentinel Network of complaints and related inquiries. The second commenter, Thomas Dickinson, also filed a comment that is non-germane to the current public notice and comment process. Mr. Dickinson asks the FTC to apply a ‘‘monitor’’ to individuals’ home phones that identifies violations of the Do-NotCall Rule and allows the FTC to take appropriate punitive actions. We have also referred Mr. Dickinson’s complaint to the FTC’s Consumer Response Center for entry into the Consumer Sentinel Network. The third commenter, Dave Root, commented that ‘‘due process and . . . [his] . . . privacy . . . [would] . . . be harmed by open access to sharing . . . [his] . . . personal info between all government agencies as outlined in this notice.’’ Mr. Root asked if there are ‘‘any safeguards against ‘political weaponization’ without any accountability, by any federal, state or local governmental agency having access to this information.’’ Mr. Root asked for ‘‘‘teeth’ in the rule for anyone . . . that purposefully uses this information incorrectly . . . [meaning] . . . seriously enforced jail time for anyone who fails to act in the investigation and prosecution process.’’ The revised routine use would not provide ‘‘open access’’ to ‘‘all government agencies’’ but would require that the FTC receive a request from another Federal agency or Federal entity that provides enough supporting information such that the FTC can determine that information from an FTC Privacy Act system or systems is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. The Privacy Act specifically provides civil remedies, 5 U.S.C. 552a(g), including damages, and criminal penalties, 5 U.S.C. 552a(i), for violations of the Act. In addition, an individual may be fined up to $5,000 for knowingly and willfully requesting or gaining access to a record about an individual under false pretenses. 5 U.S.C. 552a(i)(3). As stated in the Federal Register Notice dated May 3, 2018, the FTC VerDate Sep<11>2014 22:37 Aug 07, 2018 Jkt 244001 believes that the modified and bifurcated routine use on data breaches is compatible with the collection of information pertaining to individuals affected by a breach, and that the disclosure of such records will help prevent, minimize or remedy a data breach or compromise that may affect such individuals. By contrast, the FTC believes that failure to take reasonable steps to help prevent, minimize or remedy the harm that may result from such a breach or compromise would jeopardize, rather than promote, the privacy of such individuals. The FTC provided a public comment period and notice to OMB and Congress as required by the Privacy Act and implementing OMB guidelines.1 Accordingly, the FTC hereby amends Appendix I of its Privacy Act system notices, as published at 73 FR 33591, by revising item number (22), adding new item number (23), and re-designating the former item number (23) as (24) (without any other change) at the end of the existing routine uses set forth in that Appendix: * * * * * (22) To appropriate agencies, entities, and persons when (a) the FTC suspects or has confirmed that there has been a breach of the system of records; (b) the FTC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the FTC (including its information systems, programs, and operations), the Federal Government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the FTC’s efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. (23) To another Federal agency or Federal entity, when the FTC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. (24) May be disclosed to FTC contractors, volunteers, interns or other authorized individuals who have a need for the record in order to perform their officially assigned or designated duties for or on behalf of the FTC. 1 See U.S.C. 552a(e)(11) and 552a(r); OMB Circular A–108 (2016). PO 00000 Frm 00056 Fmt 4703 Sfmt 4703 HISTORY 73 FR 33591–33634 (June 12, 2008). By direction of the Commission. Donald S. Clark, Secretary. [FR Doc. 2018–16935 Filed 8–7–18; 8:45 am] BILLING CODE 6750–01–P FEDERAL TRADE COMMISSION Agency Information Collection Activities; Proposed Collection; Comment Request Federal Trade Commission (‘‘FTC’’ or ‘‘Commission’’). ACTION: Notice. AGENCY: The FTC intends to ask the Office of Management and Budget (‘‘OMB’’) to extend for an additional three years the current Paperwork Reduction Act (‘‘PRA’’) clearance for the information collection requirements in the FTC Red Flags, Card Issuers, and Address Discrepancies Rules 1 (‘‘Rules’’). That clearance expires on November 30, 2018. DATES: Comments must be submitted by October 9, 2018. ADDRESSES: Interested parties may file a comment online or on paper by following the instructions in the Request for Comment part of the SUPPLEMENTARY INFORMATION section below. Write ‘‘Red Flags Rule, PRA Comment, Project No. P095406’’ on your comment. File your comment online at https://ftcpublic.commentworks.com/ ftc/RedFlagsPRA by following the instructions on the web-based form. If you prefer to file your comment on paper, mail your comment to the following address: Federal Trade Commission, Office of the Secretary, 600 Pennsylvania Avenue NW, Suite CC–5610 (Annex J), Washington, DC 20580, or deliver your comment to the following address: Federal Trade Commission, Office of the Secretary, Constitution Center, 400 7th Street SW, 5th Floor, Suite 5610 (Annex J), Washington, DC 20024. FOR FURTHER INFORMATION CONTACT: Requests for additional information should be addressed to Mark Eichorn, Assistant Director, Division of Privacy and Identity Protection, Bureau of Consumer Protection, (202) 326–3053, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580. SUMMARY: 1 16 CFR 681.1 (Duties regarding the detection, prevention, and mitigation of identity theft); 16 CFR 681.2 (Duties of card issuers regarding changes of address); 16 CFR 641.1 (Duties of users of consumer reports regarding address discrepancies). E:\FR\FM\08AUN1.SGM 08AUN1

Agencies

[Federal Register Volume 83, Number 153 (Wednesday, August 8, 2018)]
[Notices]
[Pages 39095-39096]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-16935]


=======================================================================
-----------------------------------------------------------------------

FEDERAL TRADE COMMISSION


Privacy Act of 1974; System of Records

AGENCY: Federal Trade Commission (FTC).

ACTION: Notice of modified systems of records.

-----------------------------------------------------------------------

SUMMARY: The FTC is publishing in final form a modification to all FTC 
Privacy Act system of records notices (SORNs) by amending and 
bifurcating an existing global routine use relating to assistance in 
data breach responses, to conform with Office of Management and Budget 
(OMB) guidance to federal agencies, OMB Memorandum 17-12.

DATES: August 8, 2018, except that the new routine use shall be 
effective September 7, 2018.

FOR FURTHER INFORMATION CONTACT: G. Richard Gold and Alex Tang, 
Attorneys, Office of the General Counsel, FTC, 600 Pennsylvania Avenue 
NW, Washington, DC 20580, (202) 326-2424.

SUPPLEMENTARY INFORMATION: In a document previously published in the 
Federal Register, 83 FR 19560 (May 3, 2018), the Federal Trade 
Commission, as required by the Privacy Act, sought comments on a 
proposal to modify and bifurcate an existing routine use relating to 
assistance in data breach responses, which is applicable to all Federal 
Trade Commission SORNs, to conform with OMB Memorandum M-17-12, 
Preparing for and Responding to a Breach of Personally Identifiable 
Information (January 3, 2017). See 5 U.S.C. 552a(e)(4) and (11).
    The comment period closed on June 4, 2018, and the FTC received 
three comments to the proposal to modify and bifurcate an existing 
routine use relating to assistance in data breach responses. The 
commenters were Xyampza Kerz, Thomas Dickinson, and Dave Root. Xyampza 
Kerz's comment expressed concerns about the privacy of homeowner's 
personal information posted on the Web when they buy a home and about 
internet searches that allow a searcher to find out your age and 
possibly lead to discrimination. M/M. Kerz also complains about the 
practices of an online entity and asks that the entity be shut down. 
These are important privacy issues but are not

[[Page 39096]]

germane to the current public notice and comment process. We have 
referred M/M. Kerz's comment to the FTC's Consumer Response Center for 
entry into the Consumer Sentinel Network of complaints and related 
inquiries.
    The second commenter, Thomas Dickinson, also filed a comment that 
is non-germane to the current public notice and comment process. Mr. 
Dickinson asks the FTC to apply a ``monitor'' to individuals' home 
phones that identifies violations of the Do-Not-Call Rule and allows 
the FTC to take appropriate punitive actions. We have also referred Mr. 
Dickinson's complaint to the FTC's Consumer Response Center for entry 
into the Consumer Sentinel Network.
    The third commenter, Dave Root, commented that ``due process and . 
. . [his] . . . privacy . . . [would] . . . be harmed by open access to 
sharing . . . [his] . . . personal info between all government agencies 
as outlined in this notice.'' Mr. Root asked if there are ``any 
safeguards against `political weaponization' without any 
accountability, by any federal, state or local governmental agency 
having access to this information.'' Mr. Root asked for ```teeth' in 
the rule for anyone . . . that purposefully uses this information 
incorrectly . . . [meaning] . . . seriously enforced jail time for 
anyone who fails to act in the investigation and prosecution process.''
    The revised routine use would not provide ``open access'' to ``all 
government agencies'' but would require that the FTC receive a request 
from another Federal agency or Federal entity that provides enough 
supporting information such that the FTC can determine that information 
from an FTC Privacy Act system or systems is reasonably necessary to 
assist the recipient agency or entity in (a) responding to a suspected 
or confirmed breach or (b) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach.
    The Privacy Act specifically provides civil remedies, 5 U.S.C. 
552a(g), including damages, and criminal penalties, 5 U.S.C. 552a(i), 
for violations of the Act. In addition, an individual may be fined up 
to $5,000 for knowingly and willfully requesting or gaining access to a 
record about an individual under false pretenses. 5 U.S.C. 552a(i)(3).
    As stated in the Federal Register Notice dated May 3, 2018, the FTC 
believes that the modified and bifurcated routine use on data breaches 
is compatible with the collection of information pertaining to 
individuals affected by a breach, and that the disclosure of such 
records will help prevent, minimize or remedy a data breach or 
compromise that may affect such individuals. By contrast, the FTC 
believes that failure to take reasonable steps to help prevent, 
minimize or remedy the harm that may result from such a breach or 
compromise would jeopardize, rather than promote, the privacy of such 
individuals.
    The FTC provided a public comment period and notice to OMB and 
Congress as required by the Privacy Act and implementing OMB 
guidelines.\1\
---------------------------------------------------------------------------

    \1\ See U.S.C. 552a(e)(11) and 552a(r); OMB Circular A-108 
(2016).
---------------------------------------------------------------------------

    Accordingly, the FTC hereby amends Appendix I of its Privacy Act 
system notices, as published at 73 FR 33591, by revising item number 
(22), adding new item number (23), and re-designating the former item 
number (23) as (24) (without any other change) at the end of the 
existing routine uses set forth in that Appendix:
* * * * *
    (22) To appropriate agencies, entities, and persons when (a) the 
FTC suspects or has confirmed that there has been a breach of the 
system of records; (b) the FTC has determined that as a result of the 
suspected or confirmed breach there is a risk of harm to individuals, 
the FTC (including its information systems, programs, and operations), 
the Federal Government, or national security; and (c) the disclosure 
made to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the FTC's efforts to respond to the suspected 
or confirmed breach or to prevent, minimize, or remedy such harm.
    (23) To another Federal agency or Federal entity, when the FTC 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (a) responding to 
a suspected or confirmed breach or (b) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    (24) May be disclosed to FTC contractors, volunteers, interns or 
other authorized individuals who have a need for the record in order to 
perform their officially assigned or designated duties for or on behalf 
of the FTC.

History
    73 FR 33591-33634 (June 12, 2008).

    By direction of the Commission.
Donald S. Clark,
Secretary.
[FR Doc. 2018-16935 Filed 8-7-18; 8:45 am]
 BILLING CODE 6750-01-P