Privacy Act of 1974; System of Records, 27509-27511 [2023-09204]
Download as PDF
<![CDATA[
Federal Register / Vol. 88, No. 84 / Tuesday, May 2, 2023 / Notices
27509
b A ‘‘Consolidated Report’’ is required for all multi-establishment employers. A ‘‘Consolidated Report’’ must contain demographic data for all the
multi-establishment employer’s employees (i.e., employees at headquarters and all establishments), categorized by job category and sex and
race or ethnicity. The ‘‘Consolidated Report’’ is auto-populated and auto-generated within the EEOC’s electronic web-based EEO–1 Component
1 Online Filing System (OFS) for all multi-establishment employers with data from their ‘‘Headquarters Report’’ and ‘‘Establishment-Level Report(s).’’ Therefore, there is no associated burden.
c A ‘‘Headquarters Report’’ must be submitted by all multi-establishment employers. The report must contain demographic data for all the multiestablishment employer’s headquarters employees, categorized by job category and sex and race or ethnicity.
d An ‘‘Establishment-Level Report’’ must be submitted by all multi-establishment employers for each non-headquarters establishment. An ‘‘Establishment-Level Report’’ must contain establishment-level demographic data for all employees at each of the multi-establishment employer’s
non-headquarters establishments categorized by job category and sex and race or ethnicity. One ‘‘Establishment-Level Report’’ must be submitted for each non-headquarters establishment. For example, if a multi-establishment employer has 10 non-headquarters establishments, the
multi-establishment employer must submit 10 ‘‘Establishment-Level Reports.’’ Beginning with the 2022 EEO–1 Component 1 data collection,
multi-establishment employers will no longer be required to file a separate ‘‘type’’ of establishment report based on the size of an individual nonheadquarters establishment (i.e., establishments with 50 or more employees or establishments with fewer than 50 employees). Rather, a multiestablishment employer will submit an ‘‘Establishment-Level Report’’ to report establishment-level employee demographic data for each of its
non-headquarters establishment(s) regardless of size.
ddrumheller on DSK120RN23PROD with NOTICES1
An estimate of the total number of
respondents and the amount of time
estimated for an average respondent to
respond: The estimated number of
respondents that must file EEO–1
Component 1 data for the next three
reporting years (i.e., 2022, 2023, and
2024) is 110,000 filers each year. Each
filer is required to respond to the EEO–
1 Component 1 once annually. The
burden estimate is based on data from
prior administrations of the EEO–1
Component 1 data collection. The EEOC
estimates the 110,000 filers will submit
a total of 2,235,938 reports annually.
About 40% of EEO–1 Component 1
filers (i.e., 44,257 single-establishment
employers) will submit one report (i.e.,
a ‘‘Single-Establishment Employer
Report’’) on a single establishment. It is
estimated these single-establishment
employers will take an average of 45
minutes per reporting year to complete
their EEO–1 Component 1 report. About
60% of EEO–1 Component 1 filers (i.e.,
65,743 multi-establishment employers)
will report data on multiple
establishments. For each reporting year,
all multi-establishment employers must
submit a ‘‘Consolidated Report,’’ a
‘‘Headquarters Report,’’ and an
‘‘Establishment-Level Report’’ for each
establishment, resulting in an estimated
total of 2,191,681 reports submitted.35
While the actual submission time for
each single-establishment employer and
multi-establishment employer varies, for
purposes of this Notice the EEOC
estimates that it will take a singleestablishment employer 45 minutes and
the modal (i.e., most common) multiestablishment employer 200 minutes
(i.e., 3.33 hours) to complete their EEO–
1 Component 1 report(s).36
35 This total includes the 65,743 ‘‘Consolidated
Reports’’ submitted by multi-establishment
employers, which are auto-populated and autogenerated by the EEO–1 Component 1 Online Filing
System (OFS). While these reports contribute to the
total report count, they have no associated burden.
36 Burden for single-establishment employers is
based on a single report. Burden for multiestablishment employers is cumulative and is based
on the report type combination. The completion
time for the ‘‘Consolidated Report’’ is 0 minutes
VerDate Sep<11>2014
18:14 May 01, 2023
Jkt 259001
An estimate of the total public burden
(in hours) associated with the collection:
The collection of EEO–1 Component 1
data for reporting years 2022, 2023, and
2024 is estimated to impose 5,238,467
annual burden hours for 2,235,938
EEO–1 Component 1 reports filed each
reporting year.
Dated: April 24, 2023.
For the Commission.
Charlotte A. Burrows,
Chair.
[FR Doc. 2023–09216 Filed 5–1–23; 8:45 am]
BILLING CODE P
FEDERAL DEPOSIT INSURANCE
CORPORATION
Privacy Act of 1974; System of
Records
Federal Deposit Insurance
Corporation (FDIC).
ACTION: Notice of a new system of
records.
AGENCY:
In accordance with the
Privacy Act of 1974, as amended, the
FDIC proposes to establish a new FDIC
system of records titled FDIC–041,
‘‘Personal Information Allowing
Network Operations (PIANO).’’ This
SUMMARY:
since this report is auto-populated and autogenerated within the EEOC’s electronic web-based
EEO–1 Component 1 Online Filing System (OFS) for
all multi-establishment employers with data from
their ‘‘Headquarters Report’’ and ‘‘EstablishmentLevel Report(s).’’ The completion of the
‘‘Headquarters Report’’ adds 50 minutes to the
burden, and the completion of each ‘‘EstablishmentLevel Report’’ adds 150 minutes to the burden.
Given the modal (i.e., most common) multiestablishment employer submitted one
‘‘Consolidated Report,’’ one ‘‘Headquarters Report,’’
and only one ‘‘Establishment-Level Report,’’ the
modal multi-establishment employer will have a
total burden of 200 minutes, or 3.33 hours (0
minutes for the ‘‘Consolidated Report,’’ 50 minutes
for the ‘‘Headquarters Report,’’ and 150 minutes for
the one ‘‘Establishment-Level Report’’). Please note
that the ‘‘modal’’ multi-establishment employer
referenced here is based on the number of reports
submitted by multi-establishment employers during
the EEOC’s most recent EEO–1 Component 1 data
collection (i.e., 2021), which closed in summer
2022.
PO 00000
Frm 00079
Fmt 4703
Sfmt 4703
system of records maintains information
collected from individuals that interact
with FDIC information technology
resources, including FDIC employees,
FDIC contractors, FDIC volunteers, FDIC
interns, Federal and State financial
regulator employees, financial
institution employees, and other
members of the public. FDIC collects
and maintains the information
necessary in this system of records to
support and facilitate the approval,
monitoring, and disabling of access by
individuals that interact with FDIC
information technology resources. We
hereby publish this notice for comment
on the proposed action.
DATES: This action will become effective
on May 2, 2023. The routine uses in this
action will become effective June 1,
2023, unless the FDIC makes changes
based on comments received. Written
comments should be submitted on or
before June 1, 2023.
ADDRESSES: Interested parties are
invited to submit written comments
identified by Privacy Act Systems of
Records (FDIC–041) by any of the
following methods:
• Agency Website: https://
www.fdic.gov/resources/regulations/
federal-register-publications/. Follow
the instructions for submitting
comments on the FDIC website.
• Email: comments@fdic.gov. Include
‘‘Comments-SORN (FDIC–041)’’ in the
subject line of communication.
• Mail: James P. Sheesley, Assistant
Executive Secretary, Attention:
Comments-SORN (FDIC–041), Legal
Division, Office of the Executive
Secretary, Federal Deposit Insurance
Corporation, 550 17th Street NW,
Washington, DC 20429.
• Hand Delivery: Comments may be
hand-delivered to the guard station at
the rear of the 17th Street NW building
(located on F Street NW), on business
days between 7:00 a.m. and 5:00 p.m.
• Public Inspection: Comments
received, including any personal
information provided, may be posted
without change to https://www.fdic.gov/
resources/regulations/federal-register-
E:\FR\FM\02MYN1.SGM
02MYN1
27510
Federal Register / Vol. 88, No. 84 / Tuesday, May 2, 2023 / Notices
publications/. Commenters should
submit only information that the
commenter wishes to make available
publicly. The FDIC may review, redact,
or refrain from posting all or any portion
of any comment that it may deem to be
inappropriate for publication, such as
irrelevant or obscene material. The FDIC
may post only a single representative
example of identical or substantially
identical comments, and in such cases
will generally identify the number of
identical or substantially identical
comments represented by the posted
example. All comments that have been
redacted, as well as those that have not
been posted, that contain comments on
the merits of this document will be
retained in the public comment file and
will be considered as required under all
applicable laws. All comments may be
accessible under the Freedom of
Information Act (FOIA).
FOR FURTHER INFORMATION CONTACT:
Shannon Dahn, Chief, Privacy Program,
703–516–5500, privacy@fdic.gov.
SUPPLEMENTARY INFORMATION: FDIC
conducts much of its business
electronically and must ensure that its
information technology resources
operate in a secure and proper manner,
which includes controlling and
monitoring access to its information
technology resources to ensure that
access is restricted to authorized
individuals. Accordingly, FDIC collects
and maintains information in this
system of records to support and
facilitate the approval, monitoring, and
disabling of access for individuals that
interact with FDIC information
technology resources, which includes
FDIC employees, FDIC contractors, FDIC
volunteers, FDIC interns, Federal and
State financial regulator employees,
financial institution employees, and
other members of the public. This newly
established system will be included in
FDIC’s inventory of record systems.
information already in other FDIC
records systems.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
Section 9, Corporate Powers, of the
Federal Deposit Insurance Act (12
U.S.C. 1819).
PURPOSE(S) OF THE SYSTEM:
The information in the system is
being collected to support and facilitate
the approval, monitoring, and disabling
of access for individuals that interact
with FDIC information technology
resources.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
Categories of individuals covered by
this system of records include all
individuals that interact with FDIC
information technology resources,
including FDIC employees, FDIC
contractors, FDIC volunteers, FDIC
interns, Federal and State financial
regulator employees, financial
institution employees, and other
members of the public.
CATEGORIES OF RECORDS IN THE SYSTEM:
Records are centrally maintained at
FDIC, 550 17th Street NW, Washington,
DC 20429. There are instances where
records may be maintained at other
secure locations, as well as on secure
servers maintained by third-party
service providers for the FDIC.
Records in this system include:
Records related to the authentication
and verification of a user, which
includes name, email address,
government issued identification
numbers, photographs of governmentissued IDs, to include all personal
information and images on the IDs,
Social Security number (SSN), phone
number, postal address, verification
transaction ID, verification pass/fail
indicator, date and time of verification
transaction, user roles, justification for
access, date of separation, trainings
status and other prerequisites, and
status codes associated with the
verification transaction data, names,
phone numbers of other contacts, and
positions or business/organizational
affiliations and titles of individuals who
can verify that the individual seeking
access has a need for access as well as
other contact information provided to
FDIC that is derived from other sources
to facilitate access to FDIC information
technology resources. Logs of activity
when interacting with FDIC information
technology resources, including, but not
limited to, network user ID, password,
date and time of access, internet
Protocol (IP) address of the device used
for access, Media Access Control (MAC)
address of the device used for access,
hash files, and equipment used to access
FDIC’s network.
SYSTEM MANAGER(S):
RECORD SOURCE CATEGORIES:
Deputy Director, Infrastructure and
Operations Services Branch, Division of
Information in this system is obtained
from individuals, entities, and/or
SYSTEM NAME AND NUMBER:
Personal Information Allowing
Network Operations, FDIC–041.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
ddrumheller on DSK120RN23PROD with NOTICES1
Information Technology, FDIC, 3501
Fairfax Drive, Arlington, VA 22226.
VerDate Sep<11>2014
18:14 May 01, 2023
Jkt 259001
PO 00000
Frm 00080
Fmt 4703
Sfmt 4703
In addition to those disclosures
generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a
portion of the records or information
contained in this system may be
disclosed outside the FDIC as a routine
use as follows:
(1) To appropriate Federal, State, local
and foreign authorities responsible for
investigating or prosecuting a violation
of, or for enforcing or implementing a
statute, rule, regulation, or order issued,
when the information indicates a
violation or potential violation of law,
whether civil, criminal, or regulatory in
nature, and whether arising by general
statute or particular program statute, or
by regulation, rule, or order issued
pursuant thereto;
(2) To a court, magistrate, or other
administrative body in the course of
presenting evidence, including
disclosures to counsel or witnesses in
the course of civil discovery, litigation,
or settlement negotiations or in
connection with criminal proceedings,
when the FDIC is a party to the
proceeding or has a significant interest
in the proceeding, to the extent that the
information is determined to be relevant
and necessary;
(3) To a congressional office in
response to an inquiry made by the
congressional office at the request of the
individual who is the subject of the
record;
(4) To appropriate agencies, entities,
and persons when (a) the FDIC suspects
or has confirmed that there has been a
breach of the system of records; (b) the
FDIC has determined that as a result of
the suspected or confirmed breach there
is a risk of harm to individuals, the
FDIC (including its information systems,
programs, and operations), the Federal
Government, or national security; and
(c) the disclosure made to such
agencies, entities, and persons is
reasonably necessary to assist in
connection with the FDIC’s efforts to
respond to the suspected or confirmed
breach or to prevent, minimize, or
remedy such harm;
(5) To another Federal agency or
Federal entity, when the FDIC
determines that information from this
system of records is reasonably
necessary to assist the recipient agency
or entity in (a) responding to a
suspected or confirmed breach, or (b)
preventing, minimizing, or remedying
the risk of harm to individuals, the
recipient agency or entity (including its
E:\FR\FM\02MYN1.SGM
02MYN1
Federal Register / Vol. 88, No. 84 / Tuesday, May 2, 2023 / Notices
information systems, programs, and
operations), the Federal Government, or
national security, resulting from a
suspected or confirmed breach;
(6) To contractors, agents, or other
authorized individuals performing work
on a contract, service, cooperative
agreement, job, or other activity on
behalf of the FDIC or Federal
Government and who have a need to
access the information in the
performance of their duties or activities;
(7) To third parties providing remote
or in-person authentication and identity
proofing services, as necessary to
authenticate and/or identity proof an
individual for access to an FDIC service
or application.
(8) To sponsors, employers,
contractors, facility operators, experts,
and consultants in connection with
establishing an access account for an
individual or maintaining appropriate
points of contact and when necessary to
accomplish a FDIC need related to this
system of records;
(9) To Federal agencies such as Office
of Personnel Management, the Merit
Systems Protection Board, the Office of
Management and Budget, Federal Labor
Relations Authority, Government
Accountability Office, and the Equal
Employment Opportunity Commission
in the fulfillment of these agencies’
official duties.
(10) To international, Federal, State
and local, Tribal, or private entities for
the purpose of the regular exchange of
business contact information in order to
facilitate collaboration for official
business.
(11) To a Federal agency,
organization, or individual for the
purpose of performing audit or oversight
operations as authorized by law.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
Records are stored in electronic media
and in paper format in secure facilities.
ddrumheller on DSK120RN23PROD with NOTICES1
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
Records may be maintained for as
long as six years following the
termination of an individual’s FDIC user
account in accordance with approved
records retention schedules.
18:14 May 01, 2023
Jkt 259001
Records are protected from
unauthorized access and improper use
through administrative, technical, and
physical security measures.
Administrative safeguards include
written guidelines on handling personal
information, including agency-wide
procedures for safeguarding personally
identifiable information. In addition, all
FDIC staff are required to take annual
privacy and security training. Technical
security measures within FDIC include
restrictions on computer access to
authorized individuals who have a
legitimate need to know the
information; required use of strong
passwords that are frequently changed;
multi-factor authentication for remote
access and access to many FDIC
network components; use of encryption
for certain data types and transfers;
firewalls and intrusion detection
applications; and regular review of
security procedures and best practices
to enhance security. Physical safeguards
include restrictions on building access
to authorized individuals, security
guard service, and maintenance of
records in lockable offices and filing
cabinets.
RECORD ACCESS PROCEDURES:
Individuals wishing to request access
to records about them in this system of
records should submit their request
online through https://www.secure
release.us/. Individuals will be required
to provide proof of identity, a detailed
description of the records they seek,
including the time period when the
records were created and other
supporting information where possible.
Alternatively, individuals may provide
a request in writing to the FDIC FOIA
& Privacy Act Group, 550 17th Street
NW, Washington, DC 20429, or email
efoia@fdic.gov. Requests must include
full name, address, and verification of
identity in accordance with FDIC
regulations at 12 CFR part 310.
CONTESTING RECORD PROCEDURES:
Records are indexed and may be
retrieved by a variety of fields,
including, but not limited to, name,
username, email address, business
affiliation, or other data fields
previously identified in this SORN.
VerDate Sep<11>2014
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
Individuals wishing to contest or
request an amendment to their records
in this system of records should submit
their request online through https://
www.securerelease.us/. Individuals will
be required to provide proof of identity,
a detailed description of the records
they seek, including the time period
when the records were created and
other supporting information where
possible, and the reason for amendment
or correction. Alternatively, individuals
can provide a request in writing to the
FDIC FOIA & Privacy Act Group, 550
17th Street NW, Washington, DC 20429,
PO 00000
Frm 00081
Fmt 4703
Sfmt 4703
27511
or email efoia@fdic.gov. Requests must
specify the information being contested,
the reasons for contesting it, and the
proposed amendment to such
information in accordance with FDIC
regulations at 12 CFR part 310.
NOTIFICATION PROCEDURES:
Individuals wishing to know whether
this system contains information about
them should submit their request online
through https://www.securerelease.us/.
Individuals will be required to provide
proof of identity, a detailed description
of the records they seek, including the
time period when the records were
created and other supporting
information where possible.
Alternatively, individuals can provide a
request in writing to the FDIC FOIA &
Privacy Act Group, 550 17th Street NW,
Washington, DC 20429, or email efoia@
fdic.gov. Requests must include full
name, address, and verification of
identity in accordance with FDIC
regulations at 12 CFR part 310.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
Federal Deposit Insurance Corporation.
Dated at Washington, DC, on April 25,
2023.
James P. Sheesley,
Assistant Executive Secretary.
[FR Doc. 2023–09204 Filed 5–1–23; 8:45 am]
BILLING CODE 6714–01–P
FEDERAL MARITIME COMMISSION
[Docket No. 23–01]
Samsung Electronics America, Inc.,
Complainant v. SM Line Corporation,
Respondent; NOTICE OF FILING OF
COMPLAINT AND ASSIGNMENT;
Served: April 19, 2023
Notice is given that a complaint has
been filed with the Federal Maritime
Commission (Commission) by Samsung
Electronics America, Inc., hereinafter
‘‘Complainant,’’ against SM Line
Corporation, (hereinafter
‘‘Respondent.’’) Complainant is a
corporation organized and existing
under the laws of the State of New York,
with a principal place of business in
New Jersey. Complainant identifies SM
Line Corporation as a vessel-operating
common carrier with its corporate office
in Korea, and its principal corporate
office in Arizona.
Complainant alleges that Respondent
violated 46 U.S.C. 41102(c),
41104(a)(14), and 41104(a)(15) and 46
E:\FR\FM\02MYN1.SGM
02MYN1
]]>Agencies
[Federal Register Volume 88, Number 84 (Tuesday, May 2, 2023)]
[Notices]
[Pages 27509-27511]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-09204]
=======================================================================
-----------------------------------------------------------------------
FEDERAL DEPOSIT INSURANCE CORPORATION
Privacy Act of 1974; System of Records
AGENCY: Federal Deposit Insurance Corporation (FDIC).
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the Privacy Act of 1974, as amended, the
FDIC proposes to establish a new FDIC system of records titled FDIC-
041, ``Personal Information Allowing Network Operations (PIANO).'' This
system of records maintains information collected from individuals that
interact with FDIC information technology resources, including FDIC
employees, FDIC contractors, FDIC volunteers, FDIC interns, Federal and
State financial regulator employees, financial institution employees,
and other members of the public. FDIC collects and maintains the
information necessary in this system of records to support and
facilitate the approval, monitoring, and disabling of access by
individuals that interact with FDIC information technology resources.
We hereby publish this notice for comment on the proposed action.
DATES: This action will become effective on May 2, 2023. The routine
uses in this action will become effective June 1, 2023, unless the FDIC
makes changes based on comments received. Written comments should be
submitted on or before June 1, 2023.
ADDRESSES: Interested parties are invited to submit written comments
identified by Privacy Act Systems of Records (FDIC-041) by any of the
following methods:
Agency Website: https://www.fdic.gov/resources/regulations/federal-register-publications/. Follow the instructions for
submitting comments on the FDIC website.
Email: [email protected]. Include ``Comments-SORN (FDIC-
041)'' in the subject line of communication.
Mail: James P. Sheesley, Assistant Executive Secretary,
Attention: Comments-SORN (FDIC-041), Legal Division, Office of the
Executive Secretary, Federal Deposit Insurance Corporation, 550 17th
Street NW, Washington, DC 20429.
Hand Delivery: Comments may be hand-delivered to the guard
station at the rear of the 17th Street NW building (located on F Street
NW), on business days between 7:00 a.m. and 5:00 p.m.
Public Inspection: Comments received, including any
personal information provided, may be posted without change to https://
www.fdic.gov/resources/regulations/federal-register-
[[Page 27510]]
publications/. Commenters should submit only information that the
commenter wishes to make available publicly. The FDIC may review,
redact, or refrain from posting all or any portion of any comment that
it may deem to be inappropriate for publication, such as irrelevant or
obscene material. The FDIC may post only a single representative
example of identical or substantially identical comments, and in such
cases will generally identify the number of identical or substantially
identical comments represented by the posted example. All comments that
have been redacted, as well as those that have not been posted, that
contain comments on the merits of this document will be retained in the
public comment file and will be considered as required under all
applicable laws. All comments may be accessible under the Freedom of
Information Act (FOIA).
FOR FURTHER INFORMATION CONTACT: Shannon Dahn, Chief, Privacy Program,
703-516-5500, [email protected].
SUPPLEMENTARY INFORMATION: FDIC conducts much of its business
electronically and must ensure that its information technology
resources operate in a secure and proper manner, which includes
controlling and monitoring access to its information technology
resources to ensure that access is restricted to authorized
individuals. Accordingly, FDIC collects and maintains information in
this system of records to support and facilitate the approval,
monitoring, and disabling of access for individuals that interact with
FDIC information technology resources, which includes FDIC employees,
FDIC contractors, FDIC volunteers, FDIC interns, Federal and State
financial regulator employees, financial institution employees, and
other members of the public. This newly established system will be
included in FDIC's inventory of record systems.
SYSTEM NAME AND NUMBER:
Personal Information Allowing Network Operations, FDIC-041.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Records are centrally maintained at FDIC, 550 17th Street NW,
Washington, DC 20429. There are instances where records may be
maintained at other secure locations, as well as on secure servers
maintained by third-party service providers for the FDIC.
SYSTEM MANAGER(S):
Deputy Director, Infrastructure and Operations Services Branch,
Division of Information Technology, FDIC, 3501 Fairfax Drive,
Arlington, VA 22226.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Section 9, Corporate Powers, of the Federal Deposit Insurance Act
(12 U.S.C. 1819).
PURPOSE(S) OF THE SYSTEM:
The information in the system is being collected to support and
facilitate the approval, monitoring, and disabling of access for
individuals that interact with FDIC information technology resources.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Categories of individuals covered by this system of records include
all individuals that interact with FDIC information technology
resources, including FDIC employees, FDIC contractors, FDIC volunteers,
FDIC interns, Federal and State financial regulator employees,
financial institution employees, and other members of the public.
CATEGORIES OF RECORDS IN THE SYSTEM:
Records in this system include: Records related to the
authentication and verification of a user, which includes name, email
address, government issued identification numbers, photographs of
government-issued IDs, to include all personal information and images
on the IDs, Social Security number (SSN), phone number, postal address,
verification transaction ID, verification pass/fail indicator, date and
time of verification transaction, user roles, justification for access,
date of separation, trainings status and other prerequisites, and
status codes associated with the verification transaction data, names,
phone numbers of other contacts, and positions or business/
organizational affiliations and titles of individuals who can verify
that the individual seeking access has a need for access as well as
other contact information provided to FDIC that is derived from other
sources to facilitate access to FDIC information technology resources.
Logs of activity when interacting with FDIC information technology
resources, including, but not limited to, network user ID, password,
date and time of access, internet Protocol (IP) address of the device
used for access, Media Access Control (MAC) address of the device used
for access, hash files, and equipment used to access FDIC's network.
RECORD SOURCE CATEGORIES:
Information in this system is obtained from individuals, entities,
and/or information already in other FDIC records systems.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside the FDIC
as a routine use as follows:
(1) To appropriate Federal, State, local and foreign authorities
responsible for investigating or prosecuting a violation of, or for
enforcing or implementing a statute, rule, regulation, or order issued,
when the information indicates a violation or potential violation of
law, whether civil, criminal, or regulatory in nature, and whether
arising by general statute or particular program statute, or by
regulation, rule, or order issued pursuant thereto;
(2) To a court, magistrate, or other administrative body in the
course of presenting evidence, including disclosures to counsel or
witnesses in the course of civil discovery, litigation, or settlement
negotiations or in connection with criminal proceedings, when the FDIC
is a party to the proceeding or has a significant interest in the
proceeding, to the extent that the information is determined to be
relevant and necessary;
(3) To a congressional office in response to an inquiry made by the
congressional office at the request of the individual who is the
subject of the record;
(4) To appropriate agencies, entities, and persons when (a) the
FDIC suspects or has confirmed that there has been a breach of the
system of records; (b) the FDIC has determined that as a result of the
suspected or confirmed breach there is a risk of harm to individuals,
the FDIC (including its information systems, programs, and operations),
the Federal Government, or national security; and (c) the disclosure
made to such agencies, entities, and persons is reasonably necessary to
assist in connection with the FDIC's efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such
harm;
(5) To another Federal agency or Federal entity, when the FDIC
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (a) responding to
a suspected or confirmed breach, or (b) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its
[[Page 27511]]
information systems, programs, and operations), the Federal Government,
or national security, resulting from a suspected or confirmed breach;
(6) To contractors, agents, or other authorized individuals
performing work on a contract, service, cooperative agreement, job, or
other activity on behalf of the FDIC or Federal Government and who have
a need to access the information in the performance of their duties or
activities;
(7) To third parties providing remote or in-person authentication
and identity proofing services, as necessary to authenticate and/or
identity proof an individual for access to an FDIC service or
application.
(8) To sponsors, employers, contractors, facility operators,
experts, and consultants in connection with establishing an access
account for an individual or maintaining appropriate points of contact
and when necessary to accomplish a FDIC need related to this system of
records;
(9) To Federal agencies such as Office of Personnel Management, the
Merit Systems Protection Board, the Office of Management and Budget,
Federal Labor Relations Authority, Government Accountability Office,
and the Equal Employment Opportunity Commission in the fulfillment of
these agencies' official duties.
(10) To international, Federal, State and local, Tribal, or private
entities for the purpose of the regular exchange of business contact
information in order to facilitate collaboration for official business.
(11) To a Federal agency, organization, or individual for the
purpose of performing audit or oversight operations as authorized by
law.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are stored in electronic media and in paper format in
secure facilities.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are indexed and may be retrieved by a variety of fields,
including, but not limited to, name, username, email address, business
affiliation, or other data fields previously identified in this SORN.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records may be maintained for as long as six years following the
termination of an individual's FDIC user account in accordance with
approved records retention schedules.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Records are protected from unauthorized access and improper use
through administrative, technical, and physical security measures.
Administrative safeguards include written guidelines on handling
personal information, including agency-wide procedures for safeguarding
personally identifiable information. In addition, all FDIC staff are
required to take annual privacy and security training. Technical
security measures within FDIC include restrictions on computer access
to authorized individuals who have a legitimate need to know the
information; required use of strong passwords that are frequently
changed; multi-factor authentication for remote access and access to
many FDIC network components; use of encryption for certain data types
and transfers; firewalls and intrusion detection applications; and
regular review of security procedures and best practices to enhance
security. Physical safeguards include restrictions on building access
to authorized individuals, security guard service, and maintenance of
records in lockable offices and filing cabinets.
RECORD ACCESS PROCEDURES:
Individuals wishing to request access to records about them in this
system of records should submit their request online through https://www.securerelease.us/. Individuals will be required to provide proof of
identity, a detailed description of the records they seek, including
the time period when the records were created and other supporting
information where possible. Alternatively, individuals may provide a
request in writing to the FDIC FOIA & Privacy Act Group, 550 17th
Street NW, Washington, DC 20429, or email [email protected]. Requests must
include full name, address, and verification of identity in accordance
with FDIC regulations at 12 CFR part 310.
CONTESTING RECORD PROCEDURES:
Individuals wishing to contest or request an amendment to their
records in this system of records should submit their request online
through https://www.securerelease.us/. Individuals will be required to
provide proof of identity, a detailed description of the records they
seek, including the time period when the records were created and other
supporting information where possible, and the reason for amendment or
correction. Alternatively, individuals can provide a request in writing
to the FDIC FOIA & Privacy Act Group, 550 17th Street NW, Washington,
DC 20429, or email [email protected]. Requests must specify the
information being contested, the reasons for contesting it, and the
proposed amendment to such information in accordance with FDIC
regulations at 12 CFR part 310.
NOTIFICATION PROCEDURES:
Individuals wishing to know whether this system contains
information about them should submit their request online through
https://www.securerelease.us/. Individuals will be required to provide
proof of identity, a detailed description of the records they seek,
including the time period when the records were created and other
supporting information where possible. Alternatively, individuals can
provide a request in writing to the FDIC FOIA & Privacy Act Group, 550
17th Street NW, Washington, DC 20429, or email [email protected]. Requests
must include full name, address, and verification of identity in
accordance with FDIC regulations at 12 CFR part 310.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
Federal Deposit Insurance Corporation.
Dated at Washington, DC, on April 25, 2023.
James P. Sheesley,
Assistant Executive Secretary.
[FR Doc. 2023-09204 Filed 5-1-23; 8:45 am]
BILLING CODE 6714-01-P
