Privacy Act of 1974; System of Records, 55541-55543 [2018-24226]

Download as PDF Federal Register / Vol. 83, No. 215 / Tuesday, November 6, 2018 / Notices khammond on DSK30JT082PROD with NOTICES Website, unless you submit a confidentiality request that meets the requirements for such treatment under FTC Rule 4.9(c), and the General Counsel grants that request. Visit the FTC Website at http:// www.ftc.gov to read this Notice and the news release describing it. The FTC Act and other laws that the Commission administers permit the collection of public comments to consider and use in this proceeding, as appropriate. The Commission will consider all timely and responsive public comments that it receives on or before November 28, 2018. For information on the Commission’s privacy policy, including routine uses permitted by the Privacy Act, see https://www.ftc.gov/siteinformation/privacy-policy. Analysis of Proposed Consent Order To Aid Public Comment The Federal Trade Commission (‘‘Commission’’) has accepted, subject to final approval, an agreement containing a consent order from Social Finance, Inc. and SoFi Lending Corp. (collectively ‘‘SoFi’’). The proposed consent order has been placed on the public record for thirty (30) days for receipt of comments by interested persons. Comments received during this period will become part of the public record. After thirty (30) days, the Commission will again review the agreement and the comments received, and will decide whether it should withdraw from the agreement and take appropriate action or make final the agreement’s proposed order. SoFi is an online lender that offers, among other credit products, student loan refinancing. The Commission’s proposed complaint alleges that SoFi makes savings claims that, as detailed below, misrepresent how much money students have saved, will save, or will likely save by refinancing their student loans with SoFi. SoFi has prominently advertised that consumers who refinance their loans with SoFi have saved large average amounts of money over the lifetime of those loans or each month. These claims overstate consumers’ average savings. SoFi’s calculations of its members’ average savings selectively excludes large categories of consumers who would likely pay more money, instead of saving. Specifically, when SoFi calculates its members’ average lifetime savings it excludes all consumers who refinance into longer term loans, most of whom actually pay more over the lifetime of the loan. Further, when SoFi calculates its members’ average monthly savings it excludes all consumers who refinance into shorter term loans, most VerDate Sep<11>2014 17:05 Nov 05, 2018 Jkt 247001 of whom actually pay more on a monthly basis. As a result, SoFi’s representations significantly inflate the average savings consumers have actually achieved—sometimes even doubling the actual savings. Additionally, when a consumer submits an application to refinance his or her student loan(s) and is presented with loan options, SoFi misrepresents that the consumer will save zero dollars when the consumer is actually expected to lose money. Specifically, if, for a fixed rate loan option, the consumer is expected to lose money over the lifetime of the loan, then SoFi falsely states that the consumer’s lifetime savings will be ‘‘$0.00.’’ Likewise, if a consumer is expected to pay more on a monthly basis for a given loan option, then SoFi falsely states that the consumer’s monthly savings will be ‘‘$0.00.’’ The proposed order will prevent SoFi from engaging in similar acts or practices. Part I.A. would prohibit SoFi from misrepresenting that consumers who obtain a credit product have saved, will save, or will likely save money, or a specific amount of money, over the lifetime of a credit product or over any other time period (e.g., monthly), including by representing that the amount of money saved over a specific time period will be zero when consumers will instead pay more money over that specific time period. Part I.B. would also prohibit SoFi from making any of the savings claims covered by Part I.A., unless those claims are substantiated with competent and reliable evidence. Part I.C. would prohibit SoFi from misrepresenting any other material fact about the performance, benefits, or characteristics of any credit product when making a savings claim covered by Part I.A. Parts II through VI of the proposed order are reporting and compliance provisions. Part II is an order distribution provision that requires SoFi to provide the order to current and future principals, officers, and corporate directors, as well as current and future managers, employees, agents and representatives who participate in certain duties related to the subject matter of the proposed complaint and order, and to secure statements acknowledging receipt of the order. Part III requires SoFi to submit a compliance report one year after the order is entered. It also requires SoFi to notify the Commission of corporate changes that may affect compliance obligations within 14 days of such a change. Part IV requires SoFi to maintain and upon request make available certain compliance-related records, including certain consumer complaints and PO 00000 Frm 00028 Fmt 4703 Sfmt 4703 55541 unique advertisements. Part V requires SoFi to submit additional compliance reports within 10 business days of a written request by the Commission. Part VI is a provision ‘‘sunsetting’’ the order after twenty (20) years, with certain exceptions. The purpose of this analysis is to aid public comment on the proposed order. It is not intended to constitute an official interpretation of the complaint or proposed order, or to modify in any way the proposed order’s terms. By direction of the Commission. Donald S. Clark, Secretary. Statement of Commissioner Rohit Chopra Today, the Federal Trade Commission has issued for public comment a settlement with SoFi, an online student lender. According to the FTC’s complaint, SoFi’s widely disseminated advertisements have significantly exaggerated the average savings that student loan borrowers achieve when they refinance through the company. These advertisements were deceptive and I agree that SoFi’s actions were unlawful, so I have voted in favor. Our proposed resolution does not require SoFi to pay any money whatsoever for this misconduct. Ideally, SoFi would pay civil penalties for violating the law. Due to limitations in the FTC’s authority, the agency cannot seek civil penalties in matters like these. However, the Consumer Financial Protection Bureau and the State Attorneys General would be able to seek penalties from SoFi under existing federal law.1 In future matters where we are unable to obtain monetary remedies, we should carefully consider whether partnering with other law enforcement agencies can lead to better results for consumers and deter bad actors from violating the law. [FR Doc. 2018–24207 Filed 11–5–18; 8:45 am] BILLING CODE 6750–01–P FEDERAL TRADE COMMISSION Privacy Act of 1974; System of Records AGENCY: Federal Trade Commission (FTC). 1 SoFi’s alleged misconduct likely violated both the Federal Trade Commission Act’s ban on unfair or deceptive practices and the Consumer Financial Protection Act’s (CFPA) prohibition on unfair, deceptive, or abusive practices by those who offer or provide a consumer financial product or service. With some exceptions, States can enforce the CFPA and obtain remedies available under it. See 12 U.S.C. 5552(a). E:\FR\FM\06NON1.SGM 06NON1 55542 Federal Register / Vol. 83, No. 215 / Tuesday, November 6, 2018 / Notices Notice of modified systems of records; correction. ACTION: The FTC is making nonsubstantive technical corrections to Appendix I, which lists the authorized disclosures and routine uses applicable to all FTC Privacy Act systems of records. This action makes the notices for these systems of records clearer, more accurate, and up-to-date. DATES: This modified systems of records shall become final and effective on November 6, 2018. FOR FURTHER INFORMATION CONTACT: G. Richard Gold and Alex Tang, Attorneys (202–326–2424), Office of the General Counsel, FTC, 600 Pennsylvania Avenue NW, Washington, DC 20580. SUPPLEMENTARY INFORMATION: To inform the public, the FTC publishes in the Federal Register and posts on its website a ‘‘system of records notice’’ (SORN) for each system of records that the FTC currently maintains within the meaning of the Privacy Act of 1974, as amended, 5 U.S.C. 552a (‘‘Privacy Act’’ or ‘‘Act’’). See https://www.ftc.gov/ about-ftc/foia/foia-reading-rooms/ privacy-act-systems. The Privacy Act protects records about individuals in systems of records collected and maintained by Federal agencies. (A system is not a ‘‘system of records’’ under the Act unless the agency maintains and retrieves records in the system by the relevant individual’s name or other personally assigned identifier.) Each Federal agency, including the FTC, must publish a SORN that describes the records maintained in each of its Privacy Act systems, including the categories of individuals that the records in the system are about, where and how the agency maintains these records, and how individuals can find out whether an agency system contains any records about them or request access to such records, if any. The FTC, for example, maintains 40 systems of records under the Act. Some of these systems contain records about the FTC’s own employees, such as personnel and payroll files, while other FTC systems contain records about members of the public, such as public comments, consumer complaints, or phone numbers submitted to the FTC’s Do Not Call Registry. The FTC’s SORNs discussed in this notice apply only to the FTC’s own Privacy Act record systems. They do not cover Privacy Act records that other Federal agencies may collect and maintain in their own systems. Likewise, the FTC’s SORNs and the Privacy Act of 1974 do not cover records khammond on DSK30JT082PROD with NOTICES SUMMARY: VerDate Sep<11>2014 17:05 Nov 05, 2018 Jkt 247001 that private businesses or other non-FTC entities may collect about individuals, which may be covered by other privacy laws. On June 12, 2008, the FTC republished and updated all of its SORNs, describing all of the agency’s systems of records covered by the Privacy Act in a single document for ease of use and reference. 73 FR 33592. To ensure the SORNs remain accurate, FTC staff reviews each SORN on a periodic basis. As a result of this systematic review, the FTC made revisions to several of its SORNs on April 17, 2009 (74 FR 17863), August 27, 2010 (75 FR 52749), February 23, 2015 (80 FR 9460), and November 2, 2017 (82 FR 50871). Based on a periodic review of its SORNs, the FTC is publishing two technical non-substantive revisions to Appendix I, which lists the routine uses that apply to all FTC SORNs. First, the FTC is updating the number of routine uses stated in the Appendix from ‘‘(23)’’ to ‘‘(24).’’ This conforming amendment was inadvertently omitted when the FTC, following Office of Management and Budget guidance, added a new routine use to this Appendix, relating to data breach notification, earlier this year. See 83 FR 39095 (Aug. 8, 2018). Second, the FTC is removing the current reference in the Appendix to the ‘‘General Accounting Office’’ and, in its place, adding that agency’s current name, the ‘‘Government Accountability Office’’ (GAO). This correction reflects the change in GAO’s legal name made by Congress several years ago, Public Law 108–271, 118 Stat. 811 (2004). In the same legislation, Congress made a conforming amendment to the Privacy Act of 1974 to authorize disclosures of Privacy Act records to the ‘‘Government Accountability Office.’’ See 5 U.S.C. 552a(b)(10). The FTC is not substantively adding or amending any routine uses of its Privacy Act system records. The corrections to Appendix I described above are purely technical, and do not in any way modify the legal intent, operation, or effect of the routine uses set forth in that Appendix. Accordingly, the FTC is not required to provide prior public comment or notice to OMB or Congress for these technical amendments, which are final upon publication. See U.S.C. 552a(e)(11) and 552a(r); OMB Circular A–108, supra. The FTC is reprinting the entire text of Appendix I for the public’s benefit and convenience, to read as follows: PO 00000 Frm 00029 Fmt 4703 Sfmt 4703 APPENDIX I AUTHORIZED DISCLOSURES AND ROUTINE USES APPLICABLE TO ALL FTC PRIVACY ACT SYSTEMS OF RECORDS The Privacy Act allows the FTC to disclose its Privacy Act records in the following ways: (1) Within the FTC, to FTC officers and employees who need the record to perform their duties; (2) In response to a request for public disclosure under the Freedom of Information Act (FOIA); (3) For any ‘‘routine use’’ compatible with the purpose for which the record was collected, as set forth in each system of records notice and in paragraphs (13)–(24) of this Appendix below; (4) To the Bureau of the Census for purposes of planning or carrying out a census or survey or related activity under title 13 of the United States Code; (5) To a recipient who has provided the agency with advance adequate written assurance that the record will be used solely as a statistical research or reporting record, and the record is to be transferred in a form that is not individually identifiable; (6) To the National Archives and Records Administration as a record having sufficient historical or other value to warrant its continued preservation by the United States Government, or for evaluation by the Archivist of the United States or the designee of the Archivist to determine whether the record has such value; (7) To another agency or to an instrumentality of any governmental jurisdiction within or under the control of the United States for a civil or criminal law enforcement activity if the activity is authorized by law, and if the head of the agency or instrumentality has made a written request to the agency which maintains the record specifying the particular portion desired and the law enforcement activity for which the record is sought; (8) To a person pursuant to a showing of compelling circumstances affecting the health or safety of an individual if upon such disclosure notification is transmitted to the last known address of such individual; (9) To either House of Congress, or, to the extent of a matter within its jurisdiction, any committee or subcommittee thereof, any joint committee of Congress or subcommittee of any such joint committee; (10) to the Comptroller General, or any of his authorized representatives, in the course of the performance of the duties of the Government Accountability Office; E:\FR\FM\06NON1.SGM 06NON1 khammond on DSK30JT082PROD with NOTICES Federal Register / Vol. 83, No. 215 / Tuesday, November 6, 2018 / Notices (11) Under an order of a court of competent jurisdiction; and (12) To a consumer reporting agency, when trying to collect a claim of the Government, in accordance with 31 U.S.C. 3711(e). In addition, in accordance with paragraph (3) above, the ‘‘routine uses’’ set forth in paragraphs (13) through (24) below shall apply to all records in all FTC Privacy Act systems of records. Specifically, such records: (13) Where appropriately incorporated into the records maintained in FTC–II–6 (Discrimination Complaint System–FTC), may be disclosed under the routine uses published for that system; (14) May be disclosed to the National Archives and Records Administration for records management inspections conducted under authority of 44 U.S.C. 2904 and 2906; (15) May be disclosed to other agencies, offices, establishments, and authorities, whether federal, state, local, foreign, or self-regulatory (including, but not limited to organizations such as professional associations or licensing boards), authorized or with the responsibility to investigate, litigate, prosecute, enforce, or implement a statute, rule, regulation, or order, where the record or information by itself or in connection with other records or information: (a) Indicates a violation or potential violation of law, whether criminal, civil, administrative, or regulatory in nature, and whether arising by general statute or particular program statute, or by regulation, rule, or order issued pursuant thereto, or (b) Indicates a violation or potential violation of a professional, licensing, or similar regulation, rule, or order, or otherwise reflects on the qualifications or fitness of an individual who is licensed or seeking to be licensed; (16) May be disclosed to any source, private or governmental, to the extent necessary to secure from such source information relevant to and sought in furtherance of a legitimate investigation or audit; (17) May be disclosed to any authorized agency component of the Federal Trade Commission, Department of Justice, or other law enforcement authorities, and for disclosure by such parties: (a) To the extent relevant and necessary in connection with litigation in proceedings before a court or other adjudicative body, where (i) the United States is a party to or has an interest in the litigation, including where the agency, or an agency component, or an agency official or employee in his or her VerDate Sep<11>2014 17:05 Nov 05, 2018 Jkt 247001 official capacity, or an individual agency official or employee whom the Department of Justice has agreed to represent, is or may likely become a party, and (ii) the litigation is likely to affect the agency or any component thereof; or (b) To obtain advice, including advice concerning the accessibility of a record or information under the Privacy Act or the Freedom of Information Act; (18) May be disclosed to a congressional office in response to an inquiry from that office made at the written request of the subject individual, but only to the extent that the record would be legally accessible to that individual; (19) May be disclosed to debt collection contractors for the purpose of collecting debts owed to the government, as authorized under the Debt Collection Act of 1982, 31 U.S.C. 3718, and subject to applicable Privacy Act safeguards; (20) May be disclosed to a grand jury agent pursuant either to a federal or state grand jury subpoena, or to a prosecution request that such record be released for the purpose of its introduction to a grand jury, where the subpoena or request has been specifically approved by a court; (21) May be disclosed to the Office of Management and Budget (OMB) for the purpose of obtaining advice regarding agency obligations under the Privacy Act, or in connection with the review of private relief legislation pursuant to OMB Circular A–19; (22) To appropriate agencies, entities, and persons when (a) the FTC suspects or has confirmed that there has been a breach of the system of records; (b) the FTC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the FTC (including its information systems, programs, and operations), the Federal Government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the FTC’s efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. (23) To another Federal agency or Federal entity, when the FTC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or PO 00000 Frm 00030 Fmt 4703 Sfmt 4703 55543 national security, resulting from a suspected or confirmed breach. (24) May be disclosed to FTC contractors, volunteers, interns or other authorized individuals who have a need for the record in order to perform their officially assigned or designated duties for or on behalf of the FTC. The routine uses contained in this Appendix are in addition to any routine uses contained in the system of records notice (SORN) for each FTC Privacy Act records system. Some of the authorized disclosures and routine uses may overlap with one another. The FTC will treat a routine use as valid and still in effect, even if an overlapping routine use or disclosure is partly or fully invalidated or repealed. Heather Hippsley, Deputy General Counsel. [FR Doc. 2018–24226 Filed 11–5–18; 8:45 am] BILLING CODE 6750–01–P DEPARTMENT OF HEALTH AND HUMAN SERVICES Agency for Toxic Substance and Disease Registry [60Day–19–0048; Docket No. ATSDR–2018– 0009] Proposed Data Collection Submitted for Public Comment and Recommendations Agency for Toxic Substance and Disease Registry, Department of Health and Human Services (HHS) ACTION: Notice with comment period. AGENCY: The Agency for Toxic Substance and Disease Registry, as part of its continuing effort to reduce public burden and maximize the utility of government information, invites the general public and other Federal agencies the opportunity to comment on a proposed and/or continuing information collection, as required by the Paperwork Reduction Act of 1995. This notice invites comment on a proposed information collection project titled ATSDR Exposure Investigations (EIs) (OMB Control No. 0923–0048, Expiration Date 3/31/2019)— Extension—Agency for Toxic Substances and Disease Registry (ATSDR). To evaluate public health issues at a site resulting from environmental exposure, ATSDR EIs fill data gaps by conducting environmental and biological sampling. DATES: CDC must receive written comments on or before January 7, 2019. SUMMARY: E:\FR\FM\06NON1.SGM 06NON1

Agencies

[Federal Register Volume 83, Number 215 (Tuesday, November 6, 2018)]
[Notices]
[Pages 55541-55543]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-24226]


-----------------------------------------------------------------------

FEDERAL TRADE COMMISSION


Privacy Act of 1974; System of Records

AGENCY: Federal Trade Commission (FTC).

[[Page 55542]]


ACTION: Notice of modified systems of records; correction.

-----------------------------------------------------------------------

SUMMARY: The FTC is making non-substantive technical corrections to 
Appendix I, which lists the authorized disclosures and routine uses 
applicable to all FTC Privacy Act systems of records. This action makes 
the notices for these systems of records clearer, more accurate, and 
up-to-date.

DATES: This modified systems of records shall become final and 
effective on November 6, 2018.

FOR FURTHER INFORMATION CONTACT: G. Richard Gold and Alex Tang, 
Attorneys (202-326-2424), Office of the General Counsel, FTC, 600 
Pennsylvania Avenue NW, Washington, DC 20580.

SUPPLEMENTARY INFORMATION: To inform the public, the FTC publishes in 
the Federal Register and posts on its website a ``system of records 
notice'' (SORN) for each system of records that the FTC currently 
maintains within the meaning of the Privacy Act of 1974, as amended, 5 
U.S.C. 552a (``Privacy Act'' or ``Act''). See https://www.ftc.gov/about-ftc/foia/foia-reading-rooms/privacy-act-systems. The Privacy Act 
protects records about individuals in systems of records collected and 
maintained by Federal agencies. (A system is not a ``system of 
records'' under the Act unless the agency maintains and retrieves 
records in the system by the relevant individual's name or other 
personally assigned identifier.) Each Federal agency, including the 
FTC, must publish a SORN that describes the records maintained in each 
of its Privacy Act systems, including the categories of individuals 
that the records in the system are about, where and how the agency 
maintains these records, and how individuals can find out whether an 
agency system contains any records about them or request access to such 
records, if any. The FTC, for example, maintains 40 systems of records 
under the Act. Some of these systems contain records about the FTC's 
own employees, such as personnel and payroll files, while other FTC 
systems contain records about members of the public, such as public 
comments, consumer complaints, or phone numbers submitted to the FTC's 
Do Not Call Registry.
    The FTC's SORNs discussed in this notice apply only to the FTC's 
own Privacy Act record systems. They do not cover Privacy Act records 
that other Federal agencies may collect and maintain in their own 
systems. Likewise, the FTC's SORNs and the Privacy Act of 1974 do not 
cover records that private businesses or other non-FTC entities may 
collect about individuals, which may be covered by other privacy laws.
    On June 12, 2008, the FTC republished and updated all of its SORNs, 
describing all of the agency's systems of records covered by the 
Privacy Act in a single document for ease of use and reference. 73 FR 
33592. To ensure the SORNs remain accurate, FTC staff reviews each SORN 
on a periodic basis. As a result of this systematic review, the FTC 
made revisions to several of its SORNs on April 17, 2009 (74 FR 17863), 
August 27, 2010 (75 FR 52749), February 23, 2015 (80 FR 9460), and 
November 2, 2017 (82 FR 50871).
    Based on a periodic review of its SORNs, the FTC is publishing two 
technical non-substantive revisions to Appendix I, which lists the 
routine uses that apply to all FTC SORNs. First, the FTC is updating 
the number of routine uses stated in the Appendix from ``(23)'' to 
``(24).'' This conforming amendment was inadvertently omitted when the 
FTC, following Office of Management and Budget guidance, added a new 
routine use to this Appendix, relating to data breach notification, 
earlier this year. See 83 FR 39095 (Aug. 8, 2018). Second, the FTC is 
removing the current reference in the Appendix to the ``General 
Accounting Office'' and, in its place, adding that agency's current 
name, the ``Government Accountability Office'' (GAO). This correction 
reflects the change in GAO's legal name made by Congress several years 
ago, Public Law 108-271, 118 Stat. 811 (2004). In the same legislation, 
Congress made a conforming amendment to the Privacy Act of 1974 to 
authorize disclosures of Privacy Act records to the ``Government 
Accountability Office.'' See 5 U.S.C. 552a(b)(10).
    The FTC is not substantively adding or amending any routine uses of 
its Privacy Act system records. The corrections to Appendix I described 
above are purely technical, and do not in any way modify the legal 
intent, operation, or effect of the routine uses set forth in that 
Appendix. Accordingly, the FTC is not required to provide prior public 
comment or notice to OMB or Congress for these technical amendments, 
which are final upon publication. See U.S.C. 552a(e)(11) and 552a(r); 
OMB Circular A-108, supra.
    The FTC is reprinting the entire text of Appendix I for the 
public's benefit and convenience, to read as follows:

Appendix I
Authorized Disclosures and Routine Uses Applicable to All FTC Privacy 
Act Systems of Records
    The Privacy Act allows the FTC to disclose its Privacy Act records 
in the following ways:
    (1) Within the FTC, to FTC officers and employees who need the 
record to perform their duties;
    (2) In response to a request for public disclosure under the 
Freedom of Information Act (FOIA);
    (3) For any ``routine use'' compatible with the purpose for which 
the record was collected, as set forth in each system of records notice 
and in paragraphs (13)-(24) of this Appendix below;
    (4) To the Bureau of the Census for purposes of planning or 
carrying out a census or survey or related activity under title 13 of 
the United States Code;
    (5) To a recipient who has provided the agency with advance 
adequate written assurance that the record will be used solely as a 
statistical research or reporting record, and the record is to be 
transferred in a form that is not individually identifiable;
    (6) To the National Archives and Records Administration as a record 
having sufficient historical or other value to warrant its continued 
preservation by the United States Government, or for evaluation by the 
Archivist of the United States or the designee of the Archivist to 
determine whether the record has such value;
    (7) To another agency or to an instrumentality of any governmental 
jurisdiction within or under the control of the United States for a 
civil or criminal law enforcement activity if the activity is 
authorized by law, and if the head of the agency or instrumentality has 
made a written request to the agency which maintains the record 
specifying the particular portion desired and the law enforcement 
activity for which the record is sought;
    (8) To a person pursuant to a showing of compelling circumstances 
affecting the health or safety of an individual if upon such disclosure 
notification is transmitted to the last known address of such 
individual;
    (9) To either House of Congress, or, to the extent of a matter 
within its jurisdiction, any committee or subcommittee thereof, any 
joint committee of Congress or subcommittee of any such joint 
committee;
    (10) to the Comptroller General, or any of his authorized 
representatives, in the course of the performance of the duties of the 
Government Accountability Office;

[[Page 55543]]

    (11) Under an order of a court of competent jurisdiction; and
    (12) To a consumer reporting agency, when trying to collect a claim 
of the Government, in accordance with 31 U.S.C. 3711(e).
    In addition, in accordance with paragraph (3) above, the ``routine 
uses'' set forth in paragraphs (13) through (24) below shall apply to 
all records in all FTC Privacy Act systems of records. Specifically, 
such records:
    (13) Where appropriately incorporated into the records maintained 
in FTC-II-6 (Discrimination Complaint System-FTC), may be disclosed 
under the routine uses published for that system;
    (14) May be disclosed to the National Archives and Records 
Administration for records management inspections conducted under 
authority of 44 U.S.C. 2904 and 2906;
    (15) May be disclosed to other agencies, offices, establishments, 
and authorities, whether federal, state, local, foreign, or self-
regulatory (including, but not limited to organizations such as 
professional associations or licensing boards), authorized or with the 
responsibility to investigate, litigate, prosecute, enforce, or 
implement a statute, rule, regulation, or order, where the record or 
information by itself or in connection with other records or 
information:
    (a) Indicates a violation or potential violation of law, whether 
criminal, civil, administrative, or regulatory in nature, and whether 
arising by general statute or particular program statute, or by 
regulation, rule, or order issued pursuant thereto, or
    (b) Indicates a violation or potential violation of a professional, 
licensing, or similar regulation, rule, or order, or otherwise reflects 
on the qualifications or fitness of an individual who is licensed or 
seeking to be licensed;
    (16) May be disclosed to any source, private or governmental, to 
the extent necessary to secure from such source information relevant to 
and sought in furtherance of a legitimate investigation or audit;
    (17) May be disclosed to any authorized agency component of the 
Federal Trade Commission, Department of Justice, or other law 
enforcement authorities, and for disclosure by such parties:
    (a) To the extent relevant and necessary in connection with 
litigation in proceedings before a court or other adjudicative body, 
where (i) the United States is a party to or has an interest in the 
litigation, including where the agency, or an agency component, or an 
agency official or employee in his or her official capacity, or an 
individual agency official or employee whom the Department of Justice 
has agreed to represent, is or may likely become a party, and (ii) the 
litigation is likely to affect the agency or any component thereof; or
    (b) To obtain advice, including advice concerning the accessibility 
of a record or information under the Privacy Act or the Freedom of 
Information Act;
    (18) May be disclosed to a congressional office in response to an 
inquiry from that office made at the written request of the subject 
individual, but only to the extent that the record would be legally 
accessible to that individual;
    (19) May be disclosed to debt collection contractors for the 
purpose of collecting debts owed to the government, as authorized under 
the Debt Collection Act of 1982, 31 U.S.C. 3718, and subject to 
applicable Privacy Act safeguards;
    (20) May be disclosed to a grand jury agent pursuant either to a 
federal or state grand jury subpoena, or to a prosecution request that 
such record be released for the purpose of its introduction to a grand 
jury, where the subpoena or request has been specifically approved by a 
court;
    (21) May be disclosed to the Office of Management and Budget (OMB) 
for the purpose of obtaining advice regarding agency obligations under 
the Privacy Act, or in connection with the review of private relief 
legislation pursuant to OMB Circular A-19;
    (22) To appropriate agencies, entities, and persons when (a) the 
FTC suspects or has confirmed that there has been a breach of the 
system of records; (b) the FTC has determined that as a result of the 
suspected or confirmed breach there is a risk of harm to individuals, 
the FTC (including its information systems, programs, and operations), 
the Federal Government, or national security; and (c) the disclosure 
made to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the FTC's efforts to respond to the suspected 
or confirmed breach or to prevent, minimize, or remedy such harm.
    (23) To another Federal agency or Federal entity, when the FTC 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (a) responding to 
a suspected or confirmed breach or (b) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    (24) May be disclosed to FTC contractors, volunteers, interns or 
other authorized individuals who have a need for the record in order to 
perform their officially assigned or designated duties for or on behalf 
of the FTC.
    The routine uses contained in this Appendix are in addition to any 
routine uses contained in the system of records notice (SORN) for each 
FTC Privacy Act records system. Some of the authorized disclosures and 
routine uses may overlap with one another. The FTC will treat a routine 
use as valid and still in effect, even if an overlapping routine use or 
disclosure is partly or fully invalidated or repealed.

Heather Hippsley,
Deputy General Counsel.
[FR Doc. 2018-24226 Filed 11-5-18; 8:45 am]
 BILLING CODE 6750-01-P