Privacy Act of 1974; System of Records, 53874-53875 [2023-16973]

Agencies

• DEPARTMENT OF ENERGY
• Federal Energy Regulatory Commission

[Federal Register Volume 88, Number 152 (Wednesday, August 9, 2023)]
[Notices]
[Pages 53874-53875]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-16973]



[[Page 53874]]

-----------------------------------------------------------------------

DEPARTMENT OF ENERGY

Federal Energy Regulatory Commission


Privacy Act of 1974; System of Records

AGENCY: Federal Energy Regulatory Commission, Department of Energy.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: The Federal Energy Regulatory Commission (FERC) is publishing 
notice of a new FERC system of records, titled ``FERC-65--Agencywide 
Notification System.'' This system of records covers emergency contact 
information collection of current FERC employees, contractors and 
interns to be used in the event of an emergency. This notice has 12 
routine uses, including two prescribed by the Office of Management and 
Budget (OMB) Memorandum M-17-12, Preparing for and Responding to a 
Breach of Personally Identifiable Information, January 3, 2017, that 
will permit FERC to disclose information as necessary in response to an 
actual or suspected breach of its own records or to assist another 
agency in its efforts to respond to a breach.

DATES: Comments on this new system of records must be received no later 
than 30 days after the date of publication in the Federal Register. If 
no public comment is received during this period or unless otherwise 
published in the Federal Register by FERC, the new system of records 
will become effective a minimum of 30 days after the date of 
publication in the Federal Register. If FERC receives public comments, 
FERC shall review the comments to determine whether any changes to the 
notice are necessary.

ADDRESSES: Comments may be submitted in writing to Federal Energy 
Regulatory Commission, 888 First Street NE, Washington, DC 20426 or 
electronically to [email protected]. Comments should indicate that they 
are submitted in response to include reference to ``FERC-65--Agencywide 
Notification System.''

FOR FURTHER INFORMATION CONTACT: Mittal Desai, Chief Information 
Officer & Senior Agency Official for Privacy, Office of the Executive 
Director, 888 First Street, NE, Washington, DC 20426, (202) 502-6432.

SUPPLEMENTARY INFORMATION: The Federal Energy Regulatory Commission 
(FERC) is publishing notice of a new FERC system of records. The new 
system of records covers records collected to provide emergency 
notification messages to all FERC personnel, including current 
employees, contractors, and interns. The notifications may be sent to 
work/home emails, work/home phones, work/personnel cell phones as well 
as via other voluntarily provided personal contact information.

SYSTEM NAME AND NUMBER:
    Agencywide Notification System (FERC--65)

SECURITY CLASSIFICATION:
    Unclassified

SYSTEM LOCATION:
    Federal Energy Regulatory Commission, Office of the Chief Security 
Officer, Continuity of Operations, Mission Integrity Division, 888 
First Street NE, Washington, DC 20426.

SYSTEM MANAGER(S):
    Federal Energy Regulatory Commission, Manager, Office of the Chief 
Security Officer, Continuity of Operations, Mission Integrity Division, 
888 First Street NE, Washington, DC 20426.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    15 U.S.C. 717o; 16 U.S.C. 825h; 42 U.S.C. 7172(a)(2); 44 U.S.C. 
3101; 5 U.S.C. 301; and 18 CFR 376.209; Federal Continuity Directive 1 
(FCD 1), Federal Executive Branch National Continuity Program and 
Requirements. January 17, 2017; Federal Continuity Directive 2 (FCD 2), 
Federal Executive Branch Mission Essential Functions and Candidate 
Mission Essential Functions Identification and Submission Process, June 
13, 2017; National Security and Homeland Security Presidential 
Directive (National Security Presidential Directive NSPD 51/Homeland 
Security Presidential Directive) HSPD-20, May 4, 2007.

PURPOSE(S) OF THE SYSTEM:
    Records in this system of records are maintained for the following 
purpose(s): to maintain contact information for FERC personnel, 
including employees, contractors, and interns to notify them of 
emergencies, system outages, IT problems, or to send any mass 
communication that needs to reach all FERC personnel. The system 
provides for high-speed messages to FERC personnel in response to 
alerts issued by FERC, the Department of Homeland Security, local 
officials, and other emergency officials regarding emergencies that may 
disrupt the operations and/or accessibility of a worksite. The system 
also enables the FERC emergency responders and others to account for 
FERC personnel during an emergency.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Records maintained in this system include, but are not limited to, 
current FERC employees and individuals authorized to perform or use 
services provided in FERC facilities including contractors and interns.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records maintained in this system include, but are not limited to, 
contact information such as full name, email address, home address, 
telephone number, and personal mobile number. Individuals may 
voluntarily provide additional contact information through a user 
portal relating to their nongovernment contact information, such as 
home telephone number, personal mobile number, and personal email 
address.

RECORD SOURCE CATEGORIES:
    Information in this system is obtained from the individual to whom 
the records pertain.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, information maintained in this system may 
be disclosed to authorized entities outside FERC for purposes 
determined to be relevant and necessary as a routine use pursuant to 5 
U.S.C. 552a(b)(3) as follows:
    1. To appropriate agencies, entities, and persons when (1) FERC 
suspects or has confirmed that there has been a breach of the system of 
records; (2) FERC has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, the Commission 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the Commission's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    2. To another Federal agency or Federal entity, when FERC 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or

[[Page 53875]]

entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    3. To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of that individual.
    4. To the Equal Employment Opportunity Commission (EEOC) when 
requested in connection with investigations of alleged or possible 
discriminatory practices, examination of Federal affirmative employment 
programs, or other functions of the Commission as authorized by law or 
regulation.
    5. To the Federal Labor Relations Authority or its General Counsel 
when requested in connection with investigations of allegations of 
unfair labor practices or matters before the Federal Service Impasses 
Panel.
    6. To disclose information to another Federal agency, to a court, 
or a party in litigation before a court or in an administrative 
proceeding being conducted by a Federal agency, when the Government is 
a party to the judicial or administrative proceeding. In those cases 
where the Government is not a party to the proceeding, records may be 
disclosed if a subpoena has been signed by a judge.
    7. To the Department of Justice (DOJ) for its use in providing 
legal advice to FERC or in representing FERC in a proceeding before a 
court, adjudicative body, or other administrative body, where the use 
of such information by the DOJ is deemed by FERC to be relevant and 
necessary to the advice or proceeding, and such proceeding names as a 
party in interest: (a) FERC; (b) any employee of FERC in his or her 
official capacity; (c) any employee of FERC in his or her individual 
capacity where DOJ has agreed to represent the employee; or (d) the 
United States, where FERC determines that litigation is likely to 
affect FERC or any of its components.
    8. To non-Federal Personnel, such as contractors, agents, or other 
authorized individuals performing work on a contract, service, 
cooperative agreement, job, or other activity on behalf of FERC or 
Federal Government and who have a need to access the information in the 
performance of their duties or activities.
    9. To the National Archives and Records Administration in records 
management inspections and its role as Archivist.
    10. To the Merit Systems Protection Board or the Board's Office of 
the Special Counsel, when relevant information is requested in 
connection with appeals, special studies of the civil service and other 
merit systems, review of OPM rules and regulations, and investigations 
of alleged or possible prohibited personnel practices.
    11. To appropriate Federal, State, Tribal or local agency 
responsible for investigating, prosecuting, enforcing, or implementing 
a statute, rule, regulation, or order, if the information may be 
relevant to a potential violation of civil or criminal law, rule, 
regulation, order.
    12. To appropriate agencies, entities, and person(s) that are a 
party to a dispute, when FERC determines that information from this 
system of records is reasonably necessary for the recipient to assist 
with the resolution of the dispute; the name, address, telephone 
number, email address, and affiliation; of the agency, entity, and/or 
person(s) seeking and/or participating in dispute resolution services, 
where appropriate.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are maintained in electronic format, on a FedRAMP-
authorized cloud service provider. Data access is restricted to agency 
personnel or contractors whose responsibilities require access. In 
addition, all FERC employees and contractors with authorized access 
have undergone a thorough background security investigation. Access to 
electronic records is controlled by User ID and password combination 
and/or the organizations Single Sign-On and Multi-Factor Authentication 
solution. Role based access is used to restrict electronic data access 
and the organization employs the principle of least privilege, allowing 
only authorized users with access (or processes acting on behalf of 
users) necessary to accomplish assigned tasks in accordance with 
organizational missions and business functions. The system is secured 
with the safeguards required by FedRAMP and NIST SP 800-53.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by individual's name or username.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are retained and disposed of in accordance with the 
schedule approved under the National Archives and Records 
Administration (NARA)'s General Records Schedule 5.3: Continuity and 
Emergency Planning Records; Disposition Authority: DAA-GRS-2016-0004- 
0002. Destroy when superseded or obsolete, or upon separation or 
transfer of employee, contractor, or intern.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    All FERC employees and contractors with authorized access have 
undergone a thorough background security investigation. Data access is 
restricted to agency personnel or contractors whose responsibilities 
require access. Access to electronic records is controlled by multi-
factor authentication combination and network access or security 
controls. The system is secured with the safeguards required by FedRAMP 
and NIST SP 800-53. See also Policies and Practices for Storage of 
Records.

RECORD ACCESS PROCEDURES:
    Individuals requesting access to the contents of records must 
submit a request through the Freedom of Information Act (FOIA) office. 
The FOIA website is located at https://ferc.gov/freedom-information-act-foia-and-privacy-act. Requests may be submitted by email to [email protected]. Written request for access to records should be directed 
to: Federal Energy Regulatory Commission, Office of External Affair, 
Director, 888 First Street NE, Washington, DC 20426.

CONTESTING RECORD PROCEDURES:
    See Records Access Procedures.

NOTIFICATION PROCEDURES:
    Generalized notice is provided by the publication of this notice. 
For specific notice, see Records Access Procedure, above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM: None.
HISTORY: Not applicable. This is a new SORN.

    Dated: August 2, 2023.
Kimberly D. Bose,
Secretary.
[FR Doc. 2023-16973 Filed 8-8-23; 8:45 am]
BILLING CODE 6717-01-P