Agency Information Collection Activities; Submission for OMB Review; Comment Request, 18845-18846 [2019-08909]

Download as PDF khammond on DSKBBV9HB2PROD with NOTICES Federal Register / Vol. 84, No. 85 / Thursday, May 2, 2019 / Notices 18845 records for applicants who are hired may be maintained in accordance with the System of Records entitled BGFRS– 41 ‘‘FRB—Ethics Program Records.’’ Onboarding records for hires who become employees of the Board are maintained in accordance with the respective Board system of records for the records including BGFRS–4 ‘‘FRB— General Personnel Records,’’ BGFRS–7 ‘‘FRB—Payroll and Leave Records,’’ BGFRS–24 ‘‘FRB—EEO General Files,’’ and BGFRS–34 ‘‘FRB—ESS Staff Identification Card File.’’ seeking to access or amend his/her Privacy Act records. You may submit your Privacy Act request to the—Secretary of the Board, Board of Governors of the Federal Reserve System, 20th Street and Constitution Avenue NW, Washington, DC 20551. You may also submit your Privacy Act request electronically through the Board’s FOIA ‘‘Electronic Request Form’’ located here: https:// www.federalreserve.gov/secure/forms/ efoiaform.aspx. Board of Governors of the Federal Reserve System, April 29, 2019. Ann Misback, Secretary of the Board. ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: CONTESTING RECORD PROCEDURES: (FTC). Paper records are secured by lock and key and electronic files are stored on secure servers. The system has the ability to track individual user actions within the system. The audit and accountability controls are based on NIST and Board standards which, in turn, are based on applicable laws and regulations. The controls assist in detecting security violations and performance or other issues in the system. Access to the system is restricted to authorized users within the Board who require access for official business purposes. Users are classified into different roles and common access and usage rights are established for each role. User roles are used to delineate between the different types of access requirements such that users are restricted to data that is required in the performance of their duties. Periodic assessments and reviews are conducted to determine whether users still require access, have the appropriate role, and whether there have been any unauthorized changes. The Privacy Act allows individuals to seek amendment of information that is erroneous, irrelevant, untimely, or incomplete and is maintained in a system of records that pertains to them. To request an amendment to your record, you should clearly mark the request as a ‘‘Privacy Act Amendment Request.’’ You have the burden of proof for demonstrating the appropriateness of the requested amendment and you must provide relevant and convincing evidence in support of your request. Your request for amendment must: (1) Provide the name of the specific Board system of records containing the record you seek to amend; (2) identify the specific portion of the record you seek to amend; (3) describe the nature of and reasons for each requested amendment; (4) explain why you believe the record is not accurate, relevant, timely, or complete; and (5) unless you have already done so in a related Privacy Act request for access or amendment, provide the necessary information to verify your identity. ACTION: RECORD ACCESS PROCEDURES: NOTIFICATION PROCEDURES: The Privacy Act allows individuals the right to access records maintained about them in a Board system of records. Your request for access must: (1) Contain a statement that the request is made pursuant to the Privacy Act of 1974; (2) provide either the name of the Board system of records expected to contain the record requested or a concise description of the system of records; (3) provide the information necessary to verify your identity; and (4) provide any other information that may assist in the rapid identification of the record you seek. Current or former Board employees may make a request for access by contacting the Board office that maintains the record. The Board handles all Privacy Act requests as both a Privacy Act request and as a Freedom of Information Act request. The Board does not charge fees to a requestor Same as ‘‘Access procedures’’ above. You may also follow this procedure in order to request an accounting of previous disclosures of records pertaining to you as provided for by 5 U.S.C. 552a(c). VerDate Sep<11>2014 18:51 May 01, 2019 Jkt 247001 EXEMPTIONS PROMULGATED FOR THE SYSTEM: Certain portions of this system of records may be exempt from 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (H), and (I), and (f) of the Privacy Act pursuant to subsections 5 U.S.C. 552a(k)(2) and (k)(5). HISTORY: This SORN was previously published in the Federal Register at 81 FR 39923 (June 20, 2016) and 73 FR 24984 at 24987 (May 6, 2008). The SORN was also amended to incorporate two new routine uses required by OMB at 83 FR 43872 (August 28, 2018). PO 00000 Frm 00083 Fmt 4703 Sfmt 4703 [FR Doc. 2019–08978 Filed 5–1–19; 8:45 am] BILLING CODE P FEDERAL TRADE COMMISSION Agency Information Collection Activities; Submission for OMB Review; Comment Request AGENCY: Federal Trade Commission Notice and request for comment. The FTC requests that the Office of Management and Budget (OMB) extend for three years the current PRA clearance for information collection requirements contained in the agency’s Health Breach Notification Rule. The existing clearance expires on May 31, 2019. The public should address comments to this notice to the OMB. DATES: Comments must be received by June 3, 2019. ADDRESSES: Comments in response to this notice should be submitted to the OMB Desk Officer for the Federal Trade Commission within 30 days of this notice. You may submit comments using any of the following methods: Electronic: Write ‘‘Health Breach Notification Rule: PRA Comment, P072108,’’ on your comment and file your comment online at https:// www.regulations.gov, by following the instructions on the web-based form. Email: Wendy_L._Liberante@ omb.eop.gov. Fax: (202) 395–5806. Mail: Office of Information and Regulatory Affairs, Office of Management and Budget, Attention: Desk Officer for the Federal Trade Commission, New Executive Office Building, Docket Library, Room 10102, 725 17th Street NW, Washington, DC 20503. SUMMARY: FOR FURTHER INFORMATION CONTACT: Robin Wetherill, 202–326–2220, Attorney, Privacy & Identity Protection, Bureau of Consumer Protection, 600 Pennsylvania Ave. NW, Washington, DC 20580. SUPPLEMENTARY INFORMATION: Title: Health Breach Notification Rule. OMB Control Number: 3084–0150. Type of Review: Extension of a currently approved collection. Abstract: The Health Breach Notification Rule (Rule), 16 CFR part 318, requires vendors of personal health records and PHR related entities to E:\FR\FM\02MYN1.SGM 02MYN1 18846 Federal Register / Vol. 84, No. 85 / Thursday, May 2, 2019 / Notices provide: (1) Notice to consumers whose unsecured personally identifiable health information has been breached; and (2) notice to the Commission. The Rule only applies to electronic health records and does not include recordkeeping requirements. The Rule requires third party service providers (i.e., those companies that provide services such as billing or data storage) to vendors of personal health records and PHR related entities to provide notification to such vendors and PHR related entities following the discovery of a breach. To notify the FTC of a breach, the Commission developed a simple, twopage form requesting minimal information and consisting mainly of check boxes, which is posted at www.ftc.gov/healthbreach. On February 8, 2019, the FTC sought comment on the information collection requirements associated with the Rule. 84 FR 2868. The FTC received seven non-germane comments that did not address either the burden associated with the Rule or any of the other issues raised by the public comment request. Pursuant to OMB regulations, 5 CFR part 1320, that implement the PRA, 44 U.S.C. 3501 et seq., the FTC is providing this second opportunity for public comment while seeking OMB approval to renew the pre-existing clearance for the Rule. For more details about the Rule requirements and the basis for the calculations summarized below, see 84 FR 2868. Likely Respondents: Vendors of personal health records, PHR related entities and third party service providers. Estimated Annual Hours Burden: 4,779. Estimated Frequency: 25,000 singleperson breaches per year and 0.33 major breaches per year. Total Annual Labor Cost: $96,656.1 Total Annual Capital or Other NonLabor Cost: $29,952.2 khammond on DSKBBV9HB2PROD with NOTICES 1 Hourly wages throughout this document are updated from the 60-Day Federal Register notice and are based on mean hourly wages found at http://www.bls.gov/news.release/ocwage.htm (‘‘Occupational Employment and Wages–May 2018,’’ U.S. Department of Labor, released March 2019, Table 1 (‘‘National employment and wage data from the Occupational Employment Statistics survey by occupation, May 2018’’). The breakdown of labor hours and costs is as follows: 50 hours of computer and information systems managerial time at approximately $73 per hour; 12 hours of marketing manager time at $71 per hour; 33 hours of computer programmer time at $43 per hour; and 5 hours of legal staff time at $69 per hour. The cost of telephone operators is estimated at $19/hour. 2 Average wages for information security analysts are estimated at $49/hour. VerDate Sep<11>2014 18:51 May 01, 2019 Jkt 247001 Request for Comment Your comment—including your name and your state—will be placed on the public record of this proceeding at the https://www.regulations.gov website. Because your comment will be made public, you are solely responsible for making sure that your comment does not include any sensitive personal information, such as anyone’s Social Security number; date of birth; driver’s license number or other state identification number, or foreign country equivalent; passport number; financial account number; or credit or debit card number. You are also solely responsible for making sure that your comment does not include any sensitive health information, such as medical records or other individually identifiable health information. In addition, your comment should not include any ‘‘trade secret or any commercial or financial information which . . . is privileged or confidential’’—as provided by Section 6(f) of the FTC Act, 15 U.S.C. 46(f), and FTC Rule 4.10(a)(2), 16 CFR 4.10(a)(2)— including in particular competitively sensitive information such as costs, sales statistics, inventories, formulas, patterns, devices, manufacturing processes, or customer names. Heather Hippsley, Deputy General Counsel. [FR Doc. 2019–08909 Filed 5–1–19; 8:45 am] BILLING CODE 6750–01–P DEPARTMENT OF HEALTH AND HUMAN SERVICES Centers for Disease Control and Prevention [30Day–19–19LI] Agency Forms Undergoing Paperwork Reduction Act Review In accordance with the Paperwork Reduction Act of 1995, the Centers for Disease Control and Prevention (CDC) has submitted the information collection request titled Long-term sequela of Rocky Mountain spotted fever (RMSF) to the Office of Management and Budget (OMB) for review and approval. CDC previously published a ‘‘Proposed Data Collection Submitted for Public Comment and Recommendations’’ notice on February 7, 2019 to obtain comments from the public and affected agencies. CDC did not receive comments related to the previous notice. This notice serves to allow an additional 30 days for public and affected agency comments. PO 00000 Frm 00084 Fmt 4703 Sfmt 4703 CDC will accept all comments for this proposed information collection project. The Office of Management and Budget is particularly interested in comments that: (a) Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility; (b) Evaluate the accuracy of the agencies estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used; (c) Enhance the quality, utility, and clarity of the information to be collected; (d) Minimize the burden of the collection of information on those who are to respond, including, through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses; and (e) Assess information collection costs. To request additional information on the proposed project or to obtain a copy of the information collection plan and instruments, call (404) 639–7570 or send an email to omb@cdc.gov. Direct written comments and/or suggestions regarding the items contained in this notice to the Attention: CDC Desk Officer, Office of Management and Budget, 725 17th Street NW, Washington, DC 20503 or by fax to (202) 395–5806. Provide written comments within 30 days of notice publication. Proposed Project Long-term sequela of Rocky Mountain spotted fever (RMSF)—New ICR— National Center for Emerging and Zoonotic Infectious Diseases (NCEZID), Centers for Disease Control and Prevention (CDC). Background and Brief Description Data collection for this investigation was initiated in July 2018 following OMB approval on 7/22/2018, with a second approval on 11/15/2018 under the Emergency Epidemic Investigations (EEI) Generic ICR (OMB Control Number 0920–1011, exp 1/31/2020). A full OMB package is being submitted to allow for continuation of the project. CDC is seeking three years of OMB approval. Rocky Mountain spotted fever (RMSF), a life-threatening and rapidly progressive tickborne disease, is caused by infection with the bacterium Rickettsia rickettsii. Infection begins E:\FR\FM\02MYN1.SGM 02MYN1

Agencies

[Federal Register Volume 84, Number 85 (Thursday, May 2, 2019)]
[Notices]
[Pages 18845-18846]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-08909]


=======================================================================
-----------------------------------------------------------------------

FEDERAL TRADE COMMISSION


Agency Information Collection Activities; Submission for OMB 
Review; Comment Request

AGENCY: Federal Trade Commission (FTC).

ACTION: Notice and request for comment.

-----------------------------------------------------------------------

SUMMARY: The FTC requests that the Office of Management and Budget 
(OMB) extend for three years the current PRA clearance for information 
collection requirements contained in the agency's Health Breach 
Notification Rule. The existing clearance expires on May 31, 2019. The 
public should address comments to this notice to the OMB.

DATES: Comments must be received by June 3, 2019.

ADDRESSES: Comments in response to this notice should be submitted to 
the OMB Desk Officer for the Federal Trade Commission within 30 days of 
this notice. You may submit comments using any of the following 
methods:
    Electronic: Write ``Health Breach Notification Rule: PRA Comment, 
P072108,'' on your comment and file your comment online at https://www.regulations.gov, by following the instructions on the web-based 
form.
    Email: [email protected].
    Fax: (202) 395-5806.
    Mail: Office of Information and Regulatory Affairs, Office of 
Management and Budget, Attention: Desk Officer for the Federal Trade 
Commission, New Executive Office Building, Docket Library, Room 10102, 
725 17th Street NW, Washington, DC 20503.

FOR FURTHER INFORMATION CONTACT: Robin Wetherill, 202-326-2220, 
Attorney, Privacy & Identity Protection, Bureau of Consumer Protection, 
600 Pennsylvania Ave. NW, Washington, DC 20580.

SUPPLEMENTARY INFORMATION:
    Title: Health Breach Notification Rule.
    OMB Control Number: 3084-0150.
    Type of Review: Extension of a currently approved collection.
    Abstract: The Health Breach Notification Rule (Rule), 16 CFR part 
318, requires vendors of personal health records and PHR related 
entities to

[[Page 18846]]

provide: (1) Notice to consumers whose unsecured personally 
identifiable health information has been breached; and (2) notice to 
the Commission. The Rule only applies to electronic health records and 
does not include recordkeeping requirements. The Rule requires third 
party service providers (i.e., those companies that provide services 
such as billing or data storage) to vendors of personal health records 
and PHR related entities to provide notification to such vendors and 
PHR related entities following the discovery of a breach. To notify the 
FTC of a breach, the Commission developed a simple, two-page form 
requesting minimal information and consisting mainly of check boxes, 
which is posted at www.ftc.gov/healthbreach.
    On February 8, 2019, the FTC sought comment on the information 
collection requirements associated with the Rule. 84 FR 2868. The FTC 
received seven non-germane comments that did not address either the 
burden associated with the Rule or any of the other issues raised by 
the public comment request. Pursuant to OMB regulations, 5 CFR part 
1320, that implement the PRA, 44 U.S.C. 3501 et seq., the FTC is 
providing this second opportunity for public comment while seeking OMB 
approval to renew the pre-existing clearance for the Rule. For more 
details about the Rule requirements and the basis for the calculations 
summarized below, see 84 FR 2868.
    Likely Respondents: Vendors of personal health records, PHR related 
entities and third party service providers.
    Estimated Annual Hours Burden: 4,779.
    Estimated Frequency: 25,000 single-person breaches per year and 
0.33 major breaches per year.
    Total Annual Labor Cost: $96,656.\1\
---------------------------------------------------------------------------

    \1\ Hourly wages throughout this document are updated from the 
60-Day Federal Register notice and are based on mean hourly wages 
found at http://www.bls.gov/news.release/ocwage.htm (``Occupational 
Employment and Wages-May 2018,'' U.S. Department of Labor, released 
March 2019, Table 1 (``National employment and wage data from the 
Occupational Employment Statistics survey by occupation, May 
2018'').
    The breakdown of labor hours and costs is as follows: 50 hours 
of computer and information systems managerial time at approximately 
$73 per hour; 12 hours of marketing manager time at $71 per hour; 33 
hours of computer programmer time at $43 per hour; and 5 hours of 
legal staff time at $69 per hour. The cost of telephone operators is 
estimated at $19/hour.
---------------------------------------------------------------------------

    Total Annual Capital or Other Non-Labor Cost: $29,952.\2\
---------------------------------------------------------------------------

    \2\ Average wages for information security analysts are 
estimated at $49/hour.
---------------------------------------------------------------------------

Request for Comment

    Your comment--including your name and your state--will be placed on 
the public record of this proceeding at the https://www.regulations.gov 
website. Because your comment will be made public, you are solely 
responsible for making sure that your comment does not include any 
sensitive personal information, such as anyone's Social Security 
number; date of birth; driver's license number or other state 
identification number, or foreign country equivalent; passport number; 
financial account number; or credit or debit card number. You are also 
solely responsible for making sure that your comment does not include 
any sensitive health information, such as medical records or other 
individually identifiable health information. In addition, your comment 
should not include any ``trade secret or any commercial or financial 
information which . . . is privileged or confidential''--as provided by 
Section 6(f) of the FTC Act, 15 U.S.C. 46(f), and FTC Rule 4.10(a)(2), 
16 CFR 4.10(a)(2)--including in particular competitively sensitive 
information such as costs, sales statistics, inventories, formulas, 
patterns, devices, manufacturing processes, or customer names.

Heather Hippsley,
Deputy General Counsel.
[FR Doc. 2019-08909 Filed 5-1-19; 8:45 am]
BILLING CODE 6750-01-P