Privacy Act of 1974; System of Records, 55541-55543 [2018-24226]
Download as PDF
<![CDATA[
Federal Register / Vol. 83, No. 215 / Tuesday, November 6, 2018 / Notices
khammond on DSK30JT082PROD with NOTICES
Website, unless you submit a
confidentiality request that meets the
requirements for such treatment under
FTC Rule 4.9(c), and the General
Counsel grants that request.
Visit the FTC Website at https://
www.ftc.gov to read this Notice and the
news release describing it. The FTC Act
and other laws that the Commission
administers permit the collection of
public comments to consider and use in
this proceeding, as appropriate. The
Commission will consider all timely
and responsive public comments that it
receives on or before November 28,
2018. For information on the
Commission’s privacy policy, including
routine uses permitted by the Privacy
Act, see https://www.ftc.gov/siteinformation/privacy-policy.
Analysis of Proposed Consent Order To
Aid Public Comment
The Federal Trade Commission
(‘‘Commission’’) has accepted, subject to
final approval, an agreement containing
a consent order from Social Finance,
Inc. and SoFi Lending Corp.
(collectively ‘‘SoFi’’).
The proposed consent order has been
placed on the public record for thirty
(30) days for receipt of comments by
interested persons. Comments received
during this period will become part of
the public record. After thirty (30) days,
the Commission will again review the
agreement and the comments received,
and will decide whether it should
withdraw from the agreement and take
appropriate action or make final the
agreement’s proposed order.
SoFi is an online lender that offers,
among other credit products, student
loan refinancing. The Commission’s
proposed complaint alleges that SoFi
makes savings claims that, as detailed
below, misrepresent how much money
students have saved, will save, or will
likely save by refinancing their student
loans with SoFi.
SoFi has prominently advertised that
consumers who refinance their loans
with SoFi have saved large average
amounts of money over the lifetime of
those loans or each month. These claims
overstate consumers’ average savings.
SoFi’s calculations of its members’
average savings selectively excludes
large categories of consumers who
would likely pay more money, instead
of saving. Specifically, when SoFi
calculates its members’ average lifetime
savings it excludes all consumers who
refinance into longer term loans, most of
whom actually pay more over the
lifetime of the loan. Further, when SoFi
calculates its members’ average monthly
savings it excludes all consumers who
refinance into shorter term loans, most
VerDate Sep<11>2014
17:05 Nov 05, 2018
Jkt 247001
of whom actually pay more on a
monthly basis. As a result, SoFi’s
representations significantly inflate the
average savings consumers have
actually achieved—sometimes even
doubling the actual savings.
Additionally, when a consumer
submits an application to refinance his
or her student loan(s) and is presented
with loan options, SoFi misrepresents
that the consumer will save zero dollars
when the consumer is actually expected
to lose money. Specifically, if, for a
fixed rate loan option, the consumer is
expected to lose money over the lifetime
of the loan, then SoFi falsely states that
the consumer’s lifetime savings will be
‘‘$0.00.’’ Likewise, if a consumer is
expected to pay more on a monthly
basis for a given loan option, then SoFi
falsely states that the consumer’s
monthly savings will be ‘‘$0.00.’’
The proposed order will prevent SoFi
from engaging in similar acts or
practices. Part I.A. would prohibit SoFi
from misrepresenting that consumers
who obtain a credit product have saved,
will save, or will likely save money, or
a specific amount of money, over the
lifetime of a credit product or over any
other time period (e.g., monthly),
including by representing that the
amount of money saved over a specific
time period will be zero when
consumers will instead pay more money
over that specific time period. Part I.B.
would also prohibit SoFi from making
any of the savings claims covered by
Part I.A., unless those claims are
substantiated with competent and
reliable evidence. Part I.C. would
prohibit SoFi from misrepresenting any
other material fact about the
performance, benefits, or characteristics
of any credit product when making a
savings claim covered by Part I.A.
Parts II through VI of the proposed
order are reporting and compliance
provisions. Part II is an order
distribution provision that requires SoFi
to provide the order to current and
future principals, officers, and corporate
directors, as well as current and future
managers, employees, agents and
representatives who participate in
certain duties related to the subject
matter of the proposed complaint and
order, and to secure statements
acknowledging receipt of the order. Part
III requires SoFi to submit a compliance
report one year after the order is
entered. It also requires SoFi to notify
the Commission of corporate changes
that may affect compliance obligations
within 14 days of such a change.
Part IV requires SoFi to maintain and
upon request make available certain
compliance-related records, including
certain consumer complaints and
PO 00000
Frm 00028
Fmt 4703
Sfmt 4703
55541
unique advertisements. Part V requires
SoFi to submit additional compliance
reports within 10 business days of a
written request by the Commission. Part
VI is a provision ‘‘sunsetting’’ the order
after twenty (20) years, with certain
exceptions.
The purpose of this analysis is to aid
public comment on the proposed order.
It is not intended to constitute an
official interpretation of the complaint
or proposed order, or to modify in any
way the proposed order’s terms.
By direction of the Commission.
Donald S. Clark,
Secretary.
Statement of Commissioner Rohit
Chopra
Today, the Federal Trade Commission
has issued for public comment a
settlement with SoFi, an online student
lender. According to the FTC’s
complaint, SoFi’s widely disseminated
advertisements have significantly
exaggerated the average savings that
student loan borrowers achieve when
they refinance through the company.
These advertisements were deceptive
and I agree that SoFi’s actions were
unlawful, so I have voted in favor.
Our proposed resolution does not
require SoFi to pay any money
whatsoever for this misconduct. Ideally,
SoFi would pay civil penalties for
violating the law. Due to limitations in
the FTC’s authority, the agency cannot
seek civil penalties in matters like these.
However, the Consumer Financial
Protection Bureau and the State
Attorneys General would be able to seek
penalties from SoFi under existing
federal law.1
In future matters where we are unable
to obtain monetary remedies, we should
carefully consider whether partnering
with other law enforcement agencies
can lead to better results for consumers
and deter bad actors from violating the
law.
[FR Doc. 2018–24207 Filed 11–5–18; 8:45 am]
BILLING CODE 6750–01–P
FEDERAL TRADE COMMISSION
Privacy Act of 1974; System of
Records
AGENCY:
Federal Trade Commission
(FTC).
1 SoFi’s alleged misconduct likely violated both
the Federal Trade Commission Act’s ban on unfair
or deceptive practices and the Consumer Financial
Protection Act’s (CFPA) prohibition on unfair,
deceptive, or abusive practices by those who offer
or provide a consumer financial product or service.
With some exceptions, States can enforce the CFPA
and obtain remedies available under it. See 12
U.S.C. 5552(a).
E:\FR\FM\06NON1.SGM
06NON1
55542
Federal Register / Vol. 83, No. 215 / Tuesday, November 6, 2018 / Notices
Notice of modified systems of
records; correction.
ACTION:
The FTC is making nonsubstantive technical corrections to
Appendix I, which lists the authorized
disclosures and routine uses applicable
to all FTC Privacy Act systems of
records. This action makes the notices
for these systems of records clearer,
more accurate, and up-to-date.
DATES: This modified systems of records
shall become final and effective on
November 6, 2018.
FOR FURTHER INFORMATION CONTACT: G.
Richard Gold and Alex Tang, Attorneys
(202–326–2424), Office of the General
Counsel, FTC, 600 Pennsylvania
Avenue NW, Washington, DC 20580.
SUPPLEMENTARY INFORMATION: To inform
the public, the FTC publishes in the
Federal Register and posts on its
website a ‘‘system of records notice’’
(SORN) for each system of records that
the FTC currently maintains within the
meaning of the Privacy Act of 1974, as
amended, 5 U.S.C. 552a (‘‘Privacy Act’’
or ‘‘Act’’). See https://www.ftc.gov/
about-ftc/foia/foia-reading-rooms/
privacy-act-systems. The Privacy Act
protects records about individuals in
systems of records collected and
maintained by Federal agencies. (A
system is not a ‘‘system of records’’
under the Act unless the agency
maintains and retrieves records in the
system by the relevant individual’s
name or other personally assigned
identifier.) Each Federal agency,
including the FTC, must publish a
SORN that describes the records
maintained in each of its Privacy Act
systems, including the categories of
individuals that the records in the
system are about, where and how the
agency maintains these records, and
how individuals can find out whether
an agency system contains any records
about them or request access to such
records, if any. The FTC, for example,
maintains 40 systems of records under
the Act. Some of these systems contain
records about the FTC’s own employees,
such as personnel and payroll files,
while other FTC systems contain
records about members of the public,
such as public comments, consumer
complaints, or phone numbers
submitted to the FTC’s Do Not Call
Registry.
The FTC’s SORNs discussed in this
notice apply only to the FTC’s own
Privacy Act record systems. They do not
cover Privacy Act records that other
Federal agencies may collect and
maintain in their own systems.
Likewise, the FTC’s SORNs and the
Privacy Act of 1974 do not cover records
khammond on DSK30JT082PROD with NOTICES
SUMMARY:
VerDate Sep<11>2014
17:05 Nov 05, 2018
Jkt 247001
that private businesses or other non-FTC
entities may collect about individuals,
which may be covered by other privacy
laws.
On June 12, 2008, the FTC
republished and updated all of its
SORNs, describing all of the agency’s
systems of records covered by the
Privacy Act in a single document for
ease of use and reference. 73 FR 33592.
To ensure the SORNs remain accurate,
FTC staff reviews each SORN on a
periodic basis. As a result of this
systematic review, the FTC made
revisions to several of its SORNs on
April 17, 2009 (74 FR 17863), August
27, 2010 (75 FR 52749), February 23,
2015 (80 FR 9460), and November 2,
2017 (82 FR 50871).
Based on a periodic review of its
SORNs, the FTC is publishing two
technical non-substantive revisions to
Appendix I, which lists the routine uses
that apply to all FTC SORNs. First, the
FTC is updating the number of routine
uses stated in the Appendix from ‘‘(23)’’
to ‘‘(24).’’ This conforming amendment
was inadvertently omitted when the
FTC, following Office of Management
and Budget guidance, added a new
routine use to this Appendix, relating to
data breach notification, earlier this
year. See 83 FR 39095 (Aug. 8, 2018).
Second, the FTC is removing the current
reference in the Appendix to the
‘‘General Accounting Office’’ and, in its
place, adding that agency’s current
name, the ‘‘Government Accountability
Office’’ (GAO). This correction reflects
the change in GAO’s legal name made
by Congress several years ago, Public
Law 108–271, 118 Stat. 811 (2004). In
the same legislation, Congress made a
conforming amendment to the Privacy
Act of 1974 to authorize disclosures of
Privacy Act records to the ‘‘Government
Accountability Office.’’ See 5 U.S.C.
552a(b)(10).
The FTC is not substantively adding
or amending any routine uses of its
Privacy Act system records. The
corrections to Appendix I described
above are purely technical, and do not
in any way modify the legal intent,
operation, or effect of the routine uses
set forth in that Appendix. Accordingly,
the FTC is not required to provide prior
public comment or notice to OMB or
Congress for these technical
amendments, which are final upon
publication. See U.S.C. 552a(e)(11) and
552a(r); OMB Circular A–108, supra.
The FTC is reprinting the entire text
of Appendix I for the public’s benefit
and convenience, to read as follows:
PO 00000
Frm 00029
Fmt 4703
Sfmt 4703
APPENDIX I
AUTHORIZED DISCLOSURES AND ROUTINE USES
APPLICABLE TO ALL FTC PRIVACY ACT SYSTEMS
OF RECORDS
The Privacy Act allows the FTC to
disclose its Privacy Act records in the
following ways:
(1) Within the FTC, to FTC officers
and employees who need the record to
perform their duties;
(2) In response to a request for public
disclosure under the Freedom of
Information Act (FOIA);
(3) For any ‘‘routine use’’ compatible
with the purpose for which the record
was collected, as set forth in each
system of records notice and in
paragraphs (13)–(24) of this Appendix
below;
(4) To the Bureau of the Census for
purposes of planning or carrying out a
census or survey or related activity
under title 13 of the United States Code;
(5) To a recipient who has provided
the agency with advance adequate
written assurance that the record will be
used solely as a statistical research or
reporting record, and the record is to be
transferred in a form that is not
individually identifiable;
(6) To the National Archives and
Records Administration as a record
having sufficient historical or other
value to warrant its continued
preservation by the United States
Government, or for evaluation by the
Archivist of the United States or the
designee of the Archivist to determine
whether the record has such value;
(7) To another agency or to an
instrumentality of any governmental
jurisdiction within or under the control
of the United States for a civil or
criminal law enforcement activity if the
activity is authorized by law, and if the
head of the agency or instrumentality
has made a written request to the agency
which maintains the record specifying
the particular portion desired and the
law enforcement activity for which the
record is sought;
(8) To a person pursuant to a showing
of compelling circumstances affecting
the health or safety of an individual if
upon such disclosure notification is
transmitted to the last known address of
such individual;
(9) To either House of Congress, or, to
the extent of a matter within its
jurisdiction, any committee or
subcommittee thereof, any joint
committee of Congress or subcommittee
of any such joint committee;
(10) to the Comptroller General, or
any of his authorized representatives, in
the course of the performance of the
duties of the Government
Accountability Office;
E:\FR\FM\06NON1.SGM
06NON1
khammond on DSK30JT082PROD with NOTICES
Federal Register / Vol. 83, No. 215 / Tuesday, November 6, 2018 / Notices
(11) Under an order of a court of
competent jurisdiction; and
(12) To a consumer reporting agency,
when trying to collect a claim of the
Government, in accordance with 31
U.S.C. 3711(e).
In addition, in accordance with
paragraph (3) above, the ‘‘routine uses’’
set forth in paragraphs (13) through (24)
below shall apply to all records in all
FTC Privacy Act systems of records.
Specifically, such records:
(13) Where appropriately
incorporated into the records
maintained in FTC–II–6 (Discrimination
Complaint System–FTC), may be
disclosed under the routine uses
published for that system;
(14) May be disclosed to the National
Archives and Records Administration
for records management inspections
conducted under authority of 44 U.S.C.
2904 and 2906;
(15) May be disclosed to other
agencies, offices, establishments, and
authorities, whether federal, state, local,
foreign, or self-regulatory (including,
but not limited to organizations such as
professional associations or licensing
boards), authorized or with the
responsibility to investigate, litigate,
prosecute, enforce, or implement a
statute, rule, regulation, or order, where
the record or information by itself or in
connection with other records or
information:
(a) Indicates a violation or potential
violation of law, whether criminal, civil,
administrative, or regulatory in nature,
and whether arising by general statute
or particular program statute, or by
regulation, rule, or order issued
pursuant thereto, or
(b) Indicates a violation or potential
violation of a professional, licensing, or
similar regulation, rule, or order, or
otherwise reflects on the qualifications
or fitness of an individual who is
licensed or seeking to be licensed;
(16) May be disclosed to any source,
private or governmental, to the extent
necessary to secure from such source
information relevant to and sought in
furtherance of a legitimate investigation
or audit;
(17) May be disclosed to any
authorized agency component of the
Federal Trade Commission, Department
of Justice, or other law enforcement
authorities, and for disclosure by such
parties:
(a) To the extent relevant and
necessary in connection with litigation
in proceedings before a court or other
adjudicative body, where (i) the United
States is a party to or has an interest in
the litigation, including where the
agency, or an agency component, or an
agency official or employee in his or her
VerDate Sep<11>2014
17:05 Nov 05, 2018
Jkt 247001
official capacity, or an individual
agency official or employee whom the
Department of Justice has agreed to
represent, is or may likely become a
party, and (ii) the litigation is likely to
affect the agency or any component
thereof; or
(b) To obtain advice, including advice
concerning the accessibility of a record
or information under the Privacy Act or
the Freedom of Information Act;
(18) May be disclosed to a
congressional office in response to an
inquiry from that office made at the
written request of the subject
individual, but only to the extent that
the record would be legally accessible to
that individual;
(19) May be disclosed to debt
collection contractors for the purpose of
collecting debts owed to the
government, as authorized under the
Debt Collection Act of 1982, 31 U.S.C.
3718, and subject to applicable Privacy
Act safeguards;
(20) May be disclosed to a grand jury
agent pursuant either to a federal or
state grand jury subpoena, or to a
prosecution request that such record be
released for the purpose of its
introduction to a grand jury, where the
subpoena or request has been
specifically approved by a court;
(21) May be disclosed to the Office of
Management and Budget (OMB) for the
purpose of obtaining advice regarding
agency obligations under the Privacy
Act, or in connection with the review of
private relief legislation pursuant to
OMB Circular A–19;
(22) To appropriate agencies, entities,
and persons when (a) the FTC suspects
or has confirmed that there has been a
breach of the system of records; (b) the
FTC has determined that as a result of
the suspected or confirmed breach there
is a risk of harm to individuals, the FTC
(including its information systems,
programs, and operations), the Federal
Government, or national security; and
(c) the disclosure made to such
agencies, entities, and persons is
reasonably necessary to assist in
connection with the FTC’s efforts to
respond to the suspected or confirmed
breach or to prevent, minimize, or
remedy such harm.
(23) To another Federal agency or
Federal entity, when the FTC
determines that information from this
system of records is reasonably
necessary to assist the recipient agency
or entity in (a) responding to a
suspected or confirmed breach or (b)
preventing, minimizing, or remedying
the risk of harm to individuals, the
recipient agency or entity (including its
information systems, programs, and
operations), the Federal Government, or
PO 00000
Frm 00030
Fmt 4703
Sfmt 4703
55543
national security, resulting from a
suspected or confirmed breach.
(24) May be disclosed to FTC
contractors, volunteers, interns or other
authorized individuals who have a need
for the record in order to perform their
officially assigned or designated duties
for or on behalf of the FTC.
The routine uses contained in this
Appendix are in addition to any routine
uses contained in the system of records
notice (SORN) for each FTC Privacy Act
records system. Some of the authorized
disclosures and routine uses may
overlap with one another. The FTC will
treat a routine use as valid and still in
effect, even if an overlapping routine
use or disclosure is partly or fully
invalidated or repealed.
Heather Hippsley,
Deputy General Counsel.
[FR Doc. 2018–24226 Filed 11–5–18; 8:45 am]
BILLING CODE 6750–01–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Agency for Toxic Substance and
Disease Registry
[60Day–19–0048; Docket No. ATSDR–2018–
0009]
Proposed Data Collection Submitted
for Public Comment and
Recommendations
Agency for Toxic Substance
and Disease Registry, Department of
Health and Human Services (HHS)
ACTION: Notice with comment period.
AGENCY:
The Agency for Toxic
Substance and Disease Registry, as part
of its continuing effort to reduce public
burden and maximize the utility of
government information, invites the
general public and other Federal
agencies the opportunity to comment on
a proposed and/or continuing
information collection, as required by
the Paperwork Reduction Act of 1995.
This notice invites comment on a
proposed information collection project
titled ATSDR Exposure Investigations
(EIs) (OMB Control No. 0923–0048,
Expiration Date 3/31/2019)—
Extension—Agency for Toxic
Substances and Disease Registry
(ATSDR). To evaluate public health
issues at a site resulting from
environmental exposure, ATSDR EIs fill
data gaps by conducting environmental
and biological sampling.
DATES: CDC must receive written
comments on or before January 7, 2019.
SUMMARY:
E:\FR\FM\06NON1.SGM
06NON1
]]>Agencies
[Federal Register Volume 83, Number 215 (Tuesday, November 6, 2018)]
[Notices]
[Pages 55541-55543]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-24226]
-----------------------------------------------------------------------
FEDERAL TRADE COMMISSION
Privacy Act of 1974; System of Records
AGENCY: Federal Trade Commission (FTC).
[[Page 55542]]
ACTION: Notice of modified systems of records; correction.
-----------------------------------------------------------------------
SUMMARY: The FTC is making non-substantive technical corrections to
Appendix I, which lists the authorized disclosures and routine uses
applicable to all FTC Privacy Act systems of records. This action makes
the notices for these systems of records clearer, more accurate, and
up-to-date.
DATES: This modified systems of records shall become final and
effective on November 6, 2018.
FOR FURTHER INFORMATION CONTACT: G. Richard Gold and Alex Tang,
Attorneys (202-326-2424), Office of the General Counsel, FTC, 600
Pennsylvania Avenue NW, Washington, DC 20580.
SUPPLEMENTARY INFORMATION: To inform the public, the FTC publishes in
the Federal Register and posts on its website a ``system of records
notice'' (SORN) for each system of records that the FTC currently
maintains within the meaning of the Privacy Act of 1974, as amended, 5
U.S.C. 552a (``Privacy Act'' or ``Act''). See https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems. The Privacy Act
protects records about individuals in systems of records collected and
maintained by Federal agencies. (A system is not a ``system of
records'' under the Act unless the agency maintains and retrieves
records in the system by the relevant individual's name or other
personally assigned identifier.) Each Federal agency, including the
FTC, must publish a SORN that describes the records maintained in each
of its Privacy Act systems, including the categories of individuals
that the records in the system are about, where and how the agency
maintains these records, and how individuals can find out whether an
agency system contains any records about them or request access to such
records, if any. The FTC, for example, maintains 40 systems of records
under the Act. Some of these systems contain records about the FTC's
own employees, such as personnel and payroll files, while other FTC
systems contain records about members of the public, such as public
comments, consumer complaints, or phone numbers submitted to the FTC's
Do Not Call Registry.
The FTC's SORNs discussed in this notice apply only to the FTC's
own Privacy Act record systems. They do not cover Privacy Act records
that other Federal agencies may collect and maintain in their own
systems. Likewise, the FTC's SORNs and the Privacy Act of 1974 do not
cover records that private businesses or other non-FTC entities may
collect about individuals, which may be covered by other privacy laws.
On June 12, 2008, the FTC republished and updated all of its SORNs,
describing all of the agency's systems of records covered by the
Privacy Act in a single document for ease of use and reference. 73 FR
33592. To ensure the SORNs remain accurate, FTC staff reviews each SORN
on a periodic basis. As a result of this systematic review, the FTC
made revisions to several of its SORNs on April 17, 2009 (74 FR 17863),
August 27, 2010 (75 FR 52749), February 23, 2015 (80 FR 9460), and
November 2, 2017 (82 FR 50871).
Based on a periodic review of its SORNs, the FTC is publishing two
technical non-substantive revisions to Appendix I, which lists the
routine uses that apply to all FTC SORNs. First, the FTC is updating
the number of routine uses stated in the Appendix from ``(23)'' to
``(24).'' This conforming amendment was inadvertently omitted when the
FTC, following Office of Management and Budget guidance, added a new
routine use to this Appendix, relating to data breach notification,
earlier this year. See 83 FR 39095 (Aug. 8, 2018). Second, the FTC is
removing the current reference in the Appendix to the ``General
Accounting Office'' and, in its place, adding that agency's current
name, the ``Government Accountability Office'' (GAO). This correction
reflects the change in GAO's legal name made by Congress several years
ago, Public Law 108-271, 118 Stat. 811 (2004). In the same legislation,
Congress made a conforming amendment to the Privacy Act of 1974 to
authorize disclosures of Privacy Act records to the ``Government
Accountability Office.'' See 5 U.S.C. 552a(b)(10).
The FTC is not substantively adding or amending any routine uses of
its Privacy Act system records. The corrections to Appendix I described
above are purely technical, and do not in any way modify the legal
intent, operation, or effect of the routine uses set forth in that
Appendix. Accordingly, the FTC is not required to provide prior public
comment or notice to OMB or Congress for these technical amendments,
which are final upon publication. See U.S.C. 552a(e)(11) and 552a(r);
OMB Circular A-108, supra.
The FTC is reprinting the entire text of Appendix I for the
public's benefit and convenience, to read as follows:
Appendix I
Authorized Disclosures and Routine Uses Applicable to All FTC Privacy
Act Systems of Records
The Privacy Act allows the FTC to disclose its Privacy Act records
in the following ways:
(1) Within the FTC, to FTC officers and employees who need the
record to perform their duties;
(2) In response to a request for public disclosure under the
Freedom of Information Act (FOIA);
(3) For any ``routine use'' compatible with the purpose for which
the record was collected, as set forth in each system of records notice
and in paragraphs (13)-(24) of this Appendix below;
(4) To the Bureau of the Census for purposes of planning or
carrying out a census or survey or related activity under title 13 of
the United States Code;
(5) To a recipient who has provided the agency with advance
adequate written assurance that the record will be used solely as a
statistical research or reporting record, and the record is to be
transferred in a form that is not individually identifiable;
(6) To the National Archives and Records Administration as a record
having sufficient historical or other value to warrant its continued
preservation by the United States Government, or for evaluation by the
Archivist of the United States or the designee of the Archivist to
determine whether the record has such value;
(7) To another agency or to an instrumentality of any governmental
jurisdiction within or under the control of the United States for a
civil or criminal law enforcement activity if the activity is
authorized by law, and if the head of the agency or instrumentality has
made a written request to the agency which maintains the record
specifying the particular portion desired and the law enforcement
activity for which the record is sought;
(8) To a person pursuant to a showing of compelling circumstances
affecting the health or safety of an individual if upon such disclosure
notification is transmitted to the last known address of such
individual;
(9) To either House of Congress, or, to the extent of a matter
within its jurisdiction, any committee or subcommittee thereof, any
joint committee of Congress or subcommittee of any such joint
committee;
(10) to the Comptroller General, or any of his authorized
representatives, in the course of the performance of the duties of the
Government Accountability Office;
[[Page 55543]]
(11) Under an order of a court of competent jurisdiction; and
(12) To a consumer reporting agency, when trying to collect a claim
of the Government, in accordance with 31 U.S.C. 3711(e).
In addition, in accordance with paragraph (3) above, the ``routine
uses'' set forth in paragraphs (13) through (24) below shall apply to
all records in all FTC Privacy Act systems of records. Specifically,
such records:
(13) Where appropriately incorporated into the records maintained
in FTC-II-6 (Discrimination Complaint System-FTC), may be disclosed
under the routine uses published for that system;
(14) May be disclosed to the National Archives and Records
Administration for records management inspections conducted under
authority of 44 U.S.C. 2904 and 2906;
(15) May be disclosed to other agencies, offices, establishments,
and authorities, whether federal, state, local, foreign, or self-
regulatory (including, but not limited to organizations such as
professional associations or licensing boards), authorized or with the
responsibility to investigate, litigate, prosecute, enforce, or
implement a statute, rule, regulation, or order, where the record or
information by itself or in connection with other records or
information:
(a) Indicates a violation or potential violation of law, whether
criminal, civil, administrative, or regulatory in nature, and whether
arising by general statute or particular program statute, or by
regulation, rule, or order issued pursuant thereto, or
(b) Indicates a violation or potential violation of a professional,
licensing, or similar regulation, rule, or order, or otherwise reflects
on the qualifications or fitness of an individual who is licensed or
seeking to be licensed;
(16) May be disclosed to any source, private or governmental, to
the extent necessary to secure from such source information relevant to
and sought in furtherance of a legitimate investigation or audit;
(17) May be disclosed to any authorized agency component of the
Federal Trade Commission, Department of Justice, or other law
enforcement authorities, and for disclosure by such parties:
(a) To the extent relevant and necessary in connection with
litigation in proceedings before a court or other adjudicative body,
where (i) the United States is a party to or has an interest in the
litigation, including where the agency, or an agency component, or an
agency official or employee in his or her official capacity, or an
individual agency official or employee whom the Department of Justice
has agreed to represent, is or may likely become a party, and (ii) the
litigation is likely to affect the agency or any component thereof; or
(b) To obtain advice, including advice concerning the accessibility
of a record or information under the Privacy Act or the Freedom of
Information Act;
(18) May be disclosed to a congressional office in response to an
inquiry from that office made at the written request of the subject
individual, but only to the extent that the record would be legally
accessible to that individual;
(19) May be disclosed to debt collection contractors for the
purpose of collecting debts owed to the government, as authorized under
the Debt Collection Act of 1982, 31 U.S.C. 3718, and subject to
applicable Privacy Act safeguards;
(20) May be disclosed to a grand jury agent pursuant either to a
federal or state grand jury subpoena, or to a prosecution request that
such record be released for the purpose of its introduction to a grand
jury, where the subpoena or request has been specifically approved by a
court;
(21) May be disclosed to the Office of Management and Budget (OMB)
for the purpose of obtaining advice regarding agency obligations under
the Privacy Act, or in connection with the review of private relief
legislation pursuant to OMB Circular A-19;
(22) To appropriate agencies, entities, and persons when (a) the
FTC suspects or has confirmed that there has been a breach of the
system of records; (b) the FTC has determined that as a result of the
suspected or confirmed breach there is a risk of harm to individuals,
the FTC (including its information systems, programs, and operations),
the Federal Government, or national security; and (c) the disclosure
made to such agencies, entities, and persons is reasonably necessary to
assist in connection with the FTC's efforts to respond to the suspected
or confirmed breach or to prevent, minimize, or remedy such harm.
(23) To another Federal agency or Federal entity, when the FTC
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (a) responding to
a suspected or confirmed breach or (b) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
(24) May be disclosed to FTC contractors, volunteers, interns or
other authorized individuals who have a need for the record in order to
perform their officially assigned or designated duties for or on behalf
of the FTC.
The routine uses contained in this Appendix are in addition to any
routine uses contained in the system of records notice (SORN) for each
FTC Privacy Act records system. Some of the authorized disclosures and
routine uses may overlap with one another. The FTC will treat a routine
use as valid and still in effect, even if an overlapping routine use or
disclosure is partly or fully invalidated or repealed.
Heather Hippsley,
Deputy General Counsel.
[FR Doc. 2018-24226 Filed 11-5-18; 8:45 am]
BILLING CODE 6750-01-P
