Privacy Act of 1974; System of Records, 54214-54216 [2022-19042]

Agencies

• FEDERAL DEPOSIT INSURANCE CORPORATION

[Federal Register Volume 87, Number 170 (Friday, September 2, 2022)]
[Notices]
[Pages 54214-54216]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-19042]


=======================================================================
-----------------------------------------------------------------------

FEDERAL DEPOSIT INSURANCE CORPORATION


Privacy Act of 1974; System of Records

AGENCY: Federal Deposit Insurance Corporation (FDIC).

ACTION: Notice of new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as 
amended, the Federal Deposit Insurance Corporation (FDIC) gives notice 
of the establishment of a new system of records titled ``FDIC-039, E-
Rulemaking System of Records.'' FDIC's E-Rulemaking system allows the 
public to search, review, download and comment on FDIC rulemaking and 
notice documents via FDIC's website (https://www.fdic.gov/resources/regulations/federal-register-publications/). This system of records 
notice covers the records maintained by the FDIC relating to comments 
and other written input submitted to the Corporation in response to 
proposed FDIC rulemakings, notices, or other requests for comments.

DATES: This action will become effective on September 2, 2022. The 
routine uses in this action will become effective on October 3, 2022, 
unless the FDIC makes changes based on comments received. Written 
comments should be submitted on or before October 3, 2022.

ADDRESSES: Interested parties are invited to submit written comments 
identified by Privacy Act Systems of Records by any of the following 
methods:
     Agency Website: https://www.fdic.gov/resources/regulations/federal-register-publications/. Follow the instructions for 
submitting comments on the FDIC website.
     Email: [email protected]. Include ``SORN'' on the subject 
line of the message.
     Mail: James P. Sheesley, Assistant Executive Secretary, 
Attention: Comments SORN, Legal Division, Office of the Executive 
Secretary, Federal Deposit Insurance Corporation, 550 17th Street NW, 
Washington, DC 20429.
     Hand Delivery: Comments may be hand-delivered to the guard 
station at the rear of the 17th Street NW building (located on F Street 
NW) on business days between 7:00 a.m. and 5:00 p.m.
     Public Inspection: Comments received, including any 
personal information provided, may be posted without change to https://www.fdic.gov/resources/regulations/federal-register-publications/. 
Commenters should submit only information that the commenter wishes to 
make available publicly. The FDIC may review, redact, or refrain from 
posting all or any portion of any comment that it may deem to be 
inappropriate for publication, such as irrelevant or obscene material. 
The FDIC may post only a single representative example of identical or 
substantially identical comments, and in such cases will generally 
identify the number of identical or substantially identical comments 
represented by the posted example. All comments that have been 
redacted, as well as those that have not been posted, that contain 
comments on the merits of this document will be retained in the public 
comment file and will be considered as required under all applicable 
laws. All comments may be accessible under the Freedom of Information 
Act.

FOR FURTHER INFORMATION CONTACT: Shannon Dahn, Chief, Privacy Program, 
703-516-5500, [email protected].

SUPPLEMENTARY INFORMATION:

I. Background

    Pursuant to the Privacy Act of 1974, 5 U.S.C. 552a, FDIC is 
establishing a new system of records, FDIC-039, E-Rulemaking System of 
Records. FDIC collects comments on rulemakings and other regulatory 
actions, which it publishes on its website to provide transparency in 
the informal rulemaking process under the Administrative Procedure Act 
(APA), 5 U.S.C. 553, and in the regulatory processes established by the 
Federal Deposit Insurance Act, 12 U.S.C. 1811. FDIC also may solicit 
comments or other input from the public that may not be associated with 
statutory or regulatory notice and comment requirements.
    The E-Rulemaking system collects and stores comments and input 
received by the Corporation. Specifically, the system includes an 
option on https://www.fdic.gov/resources/regulations/federal-register-publications/ that allows individuals to electronically submit their 
comments or input to FDIC. The system collects the email address of the 
commenter, along with any additional information that the commenter 
elects to include in their submission, such as their name, 
organization, and contact information. Once submitted, the system 
stores this information in the E-Rulemaking database. Any comments 
received by fax, postal mail, or email are uploaded by authorized FDIC 
personnel into this database, collecting all comments into one central 
repository. The commenter's email address, name, organization, work 
contact information, and comment are published to https://www.fdic.gov/resources/regulations/federal-register-publications/. The commenter's 
personal contact information, or other additional personal information 
voluntarily submitted, is generally not published online. The FDIC may 
review, redact, or refrain from posting all or any portion of any 
comment that it may deem to be inappropriate for publication, such as 
irrelevant or obscene material. During a proposed

[[Page 54215]]

rulemaking or other statutory or regulatory notice and comment process, 
FDIC personnel may manually remove a comment from publication if the 
commenter withdraws the comment before the comment period has closed. 
However, comments that are removed from publication will be retained by 
the FDIC for consideration as required by the APA, or as part of the 
FDIC's documentation of a requested comment withdrawal.

II. The Privacy Act

    Under the Privacy Act of 1974, 5 U.S.C. 552a, a ``system of 
records'' is defined as any group of records under the control of a 
Federal government agency from which information about individuals is 
retrieved by name or by some identifying number, symbol, or other 
identifying particular assigned to the individual. The Privacy Act 
establishes the means by which government agencies must collect, 
maintain, and use information about an individual in a government 
system of records.
    Each government agency is required to publish a notice in the 
Federal Register in which the agency identifies and describes each 
system of records it maintains, the reasons why the agency uses the 
information therein, the routine uses for which the agency will 
disclose such information outside the agency, and how individuals may 
exercise their rights under the Privacy Act.
    In accordance with 5 U.S.C. 552a(r), FDIC has provided a report of 
this system of records to the Office of Management and Budget (OMB) and 
to Congress.

SYSTEM NAME AND NUMBER:
    E-Rulemaking System of Records, FDIC-039.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Records are maintained at FDIC facilities in Washington, DC; 
Arlington, VA; and regional offices. Original and duplicate systems may 
exist, in whole or in part, at secure sites and on secure servers 
maintained by third-party service providers for the FDIC.

SYSTEM MANAGER(S):
    Legal Division, Office of the Executive Secretary, FDIC, 550 17th 
Street NW, Washington, DC 20429.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Section 206(d) of the E-Government Act of 2002 (Pub. L. 107-347, 44 
U.S.C. 3501 note); Section 553 of the Administrative Procedure Act (5 
U.S.C. 553); and the Federal Deposit Insurance Act (12 U.S.C. 1811) and 
rules and regulations promulgated thereunder.

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system is to collect, review, and maintain 
feedback from the public on proposed FDIC rulemakings, notices, and 
other FDIC regulatory actions. FDIC may use any submitted contact 
information to seek clarification about a comment, respond to a comment 
when warranted, and for other purposes associated with the rulemaking 
or notice process.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals providing comments or other input to the FDIC in 
response to an FDIC rulemaking, notice, or other request for comment, 
as well as individuals who may be discussed or identified in the body 
of a comment.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records in this system include comments and other written input 
received by FDIC in response to proposed rules, notices, or other 
requests for comments associated with Corporation rules, regulations, 
policies, or procedures. Comments or input submitted through https://www.fdic.gov/resources/regulations/federal-register-publications 
include the commenter's email address and any supplemental information 
that the commenter chooses to provide in their submission to FDIC, such 
as their full name, job title, organization name, representative name, 
mailing address, telephone number, fax number, and supporting 
documentation.
    The comments or input provided may contain other personal 
information, although the comment submission instructions advise 
commenters not to include any information that the commenter does not 
wish to make available publicly, as all comments, including personal 
information, may be posted without change. The system may also contain 
summaries or memorializations of general communications input by FDIC 
personnel related to the proposed rule, statutory or regulatory 
provision, or Corporation activity.

RECORD SOURCE CATEGORIES:
    The FDIC receives records from individuals and organizations 
providing comments to FDIC, including members of the public; 
representatives of Federal, State, or local government; non-
governmental organizations; and the private sector.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside the FDIC 
as a routine use as follows:
    (1) To appropriate Federal, State, local, and foreign authorities 
responsible for investigating or prosecuting a violation of, or for 
enforcing or implementing a statute, rule, regulation, or order issued, 
when the information indicates a violation or potential violation of 
law, whether civil, criminal, or regulatory in nature, and whether 
arising by general statute or particular program statute, or by 
regulation, rule, or order issued pursuant thereto;
    (2) To a court, magistrate, or other administrative body in the 
course of presenting evidence, including disclosures to counsel or 
witnesses in the course of civil discovery, litigation, or settlement 
negotiations or in connection with criminal proceedings, when the FDIC 
is a party to the proceeding or has a significant interest in the 
proceeding, to the extent that the information is determined to be 
relevant and necessary;
    (3) To a congressional office in response to an inquiry made by the 
congressional office at the request of the individual who is the 
subject of the record;
    (4) To appropriate agencies, entities, and persons when (a) the 
FDIC suspects or has confirmed that there has been a breach of the 
system of records; (b) the FDIC has determined that as a result of the 
suspected or confirmed breach there is a risk of harm to individuals, 
the FDIC (including its information systems, programs, and operations), 
the Federal Government, or national security; the FDIC and (c) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with the FDIC's efforts to respond to 
the suspected or confirmed breach or to prevent, minimize, or remedy 
such harm;
    (5) To another Federal agency or Federal entity, when the FDIC 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (a) responding to 
a suspected or confirmed breach; or (b) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or

[[Page 54216]]

national security, resulting from a suspected or confirmed breach;
    (6) To appropriate Federal, State, and local authorities in 
connection with hiring or retaining an individual; conducting a 
background security or suitability investigation; adjudication of 
liability; or eligibility for a license, contract, grant, or other 
benefit;
    (7) To appropriate Federal, State, and local authorities, agencies, 
arbitrators, and other parties responsible for processing any personnel 
actions or conducting administrative hearings or corrective actions or 
grievances or appeals, or if needed in the performance of other 
authorized duties;
    (8) To appropriate Federal agencies and other public authorities 
for use in records management inspections;
    (9) To contractors, grantees, volunteers, and others performing or 
working on a contract, service, grant, cooperative agreement, or 
project for the FDIC, the Office of Inspector General, or the Federal 
Government for use in carrying out their obligations under such 
contract, grant, agreement or project;
    (10) To Federal, State, and local agencies for use in meeting their 
statutory or regulatory requirements; and
    (11) To the public or certain stakeholders in the form of FDIC 
documents, such as final rules or reports, that use, consider, discuss, 
or publish comments received by the FDIC.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored in paper and electronic media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    FDIC may retrieve records by a variety of fields, including but not 
limited to, keyword, name of individual or entity submitting a comment, 
contact information or any data elements submitted in or as part of a 
comment, document title, Code of Federal Regulations (CFR) (search for 
a specific title within the CFR), CFR citation (search for the part or 
parts within the CFR title being searched), document type, document 
subtype, or date (e.g., date comment received or posted, Federal 
Register publication date, comment period end date).

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Public comments received in response to rulemakings are temporary 
records that are destroyed/deleted 15 years after the rule or 
regulation becomes effective, in accordance with approved records 
retention schedules.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records are protected from unauthorized access and improper use 
through administrative, technical, and physical security measures. 
Administrative safeguards include written guidelines on handling 
personal information including agency-wide procedures for safeguarding 
personally identifiable information. In addition, all FDIC staff are 
required to take annual privacy and security training. Technical 
security measures within FDIC include restrictions on computer access 
to authorized individuals who have a legitimate need to know the 
information; required use of strong passwords that are frequently 
changed; multi-factor authentication for remote access and access to 
many FDIC network components; use of encryption for certain data types 
and transfers; firewalls and intrusion detection applications; and 
regular review of security procedures and best practices to enhance 
security. Physical safeguards include restrictions on building access 
to authorized individuals, 24-hour security guard service, and 
maintenance of records in lockable offices and filing cabinets.

RECORD ACCESS PROCEDURES:
    Individuals wishing to request access to records about them in this 
system of records must submit their request in writing to the FDIC FOIA 
& Privacy Act Group, 550 17th Street NW, Washington, DC 20429, or email 
[email protected]. Requests must include full name, address, and 
verification of identity in accordance with FDIC regulations at 12 CFR 
part 310.

CONTESTING RECORD PROCEDURES:
    Individuals wishing to contest or request an amendment to their 
records in this system of records must submit their request in writing 
to the FDIC FOIA & Privacy Act Group, 550 17th Street NW, Washington, 
DC 20429, or email [email protected]. Requests must specify the 
information being contested, the reasons for contesting it, and the 
proposed amendment to such information in accordance with FDIC 
regulations at 12 CFR part 310.

NOTIFICATION PROCEDURES:
    Individuals wishing to know whether this system contains 
information about them must submit their request in writing to the FDIC 
FOIA & Privacy Act Group, 550 17th Street NW, Washington, DC 20429, or 
email [email protected]. Requests must include full name, address, and 
verification of identity in accordance with FDIC regulations at 12 CFR 
part 310.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

Federal Deposit Insurance Corporation.

    Dated at Washington, DC, on July 26, 2022.
James P. Sheesley,
Assistant Executive Secretary.
[FR Doc. 2022-19042 Filed 9-1-22; 8:45 am]
BILLING CODE 6714-01-P