Privacy Act of 1974; Systems of Records, 3436-3443 [2024-00859]

Agencies

• Pension Benefit Guaranty Corporation

[Federal Register Volume 89, Number 12 (Thursday, January 18, 2024)]
[Notices]
[Pages 3436-3443]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-00859]


=======================================================================
-----------------------------------------------------------------------

PENSION BENEFIT GUARANTY CORPORATION


Privacy Act of 1974; Systems of Records

AGENCY: Pension Benefit Guaranty Corporation.

ACTION: Notice of modified systems of records; notice of a new system 
of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974, the Pension Benefit 
Guaranty Corporation (PBGC), at the direction of the Office of 
Information and Regulatory Affairs, is merging all pertinent General 
Routine Uses from the Prefatory Statement of General Routine Uses into 
the Routine Uses sections of the following system of records notices 
(SORN): PBGC-17, Office of Inspector General Investigative File System, 
and PBGC-28, Physical Security and Facility Access. Additionally, PBGC 
is making administrative updates to the official addresses to reflect 
PBGC's new headquarters location and to pertinent system locations, 
updating the citation to the Contesting Records Procedures section, and 
updating the citation to the Privacy Act of 1974 to the following 
SORNs: PBGC-17 and PBGC-28. Moreover, PBGC is adding one routine use to 
PBGC-17, adding two routine uses to PBGC-28, and, lastly, establishing 
PBGC-30: Surveys and Complaints--PBGC.

DATES: Comments must be received on or before February 20, 2024 to be 
assured of consideration. The new systems of records described herein 
will become effective February 20, 2024, without further notice, unless 
comments result in a contrary determination and a notice is published 
to that effect.

ADDRESSES: You may submit written comments to PBGC by any of the 
following methods:
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the website instructions for submitting comments.
     Email: [email protected]. Refer to SORN in the subject 
line.
     Mail or Hand Delivery: Regulatory Affairs Division, Office 
of the General Counsel, Pension Benefit Guaranty Corporation, 445 12th 
Street SW, Washington, DC 20024-2101.
    Commenters are strongly encouraged to submit comments 
electronically. Commenters who submit comments on paper by mail should 
allow sufficient time for mailed comments to be received before the 
close of the comment period.
    All submissions must include the agency's name (Pension Benefit 
Guaranty Corporation, or PBGC) and reference this notice. Comments 
received will be posted without change to PBGC's website, https://www.pbgc.gov, including any personal information provided. Do not 
submit comments that include any personally identifiable information or 
confidential business information. Copies of comments may also be 
obtained by writing to the Disclosure Division, ([email protected]), 
Office of the General Counsel, Pension Benefit Guaranty Corporation, 
445 12th Street SW, Washington, DC 20024-2101; or calling 202-229-4040 
during normal business hours. If you are deaf or hard of hearing, or 
have a speech disability, please dial 7-1-1 to access 
telecommunications relay services.

FOR FURTHER INFORMATION CONTACT: Shawn Hartley, Chief Privacy Officer, 
Pension Benefit Guaranty Corporation, Office of the General Counsel, 
445 12th Street SW, Washington, DC 20024-2101, 202-229-6321. For access 
to any of PBGC's systems of records, write to the Disclosure Division, 
([email protected]), Office of the General Counsel, Pension Benefit 
Guaranty Corporation, 445 12th Street SW, Washington, DC 20024-2101, or 
by calling 202-229-4040 during normal business hours, or go to https://www.pbgc.gov/about/policies/pg/privacy-at-pbgc/system-of-records-notices.

SUPPLEMENTARY INFORMATION: 
    (1) At the direction of the Office of Information and Regulatory 
Affairs, PBGC is merging all pertinent General Routine Uses from the 
Prefatory Statement of General Routine Uses into the Routine Uses 
sections of SORNs 17 and 28.
    At the direction of the Office of Management and Budget's (OMB) 
Office of Information and Regulatory Affairs (OIRA), PBGC is proposing 
to merge all pertinent General Routine Uses from the Prefatory 
Statement of General Routine Uses, last published at 83 FR 6247 (Feb. 
13, 2018), into the routine uses sections

[[Page 3437]]

of the system of records notices (SORNs) 17 and 28. PBGC will merge 
General Routine Uses G1, G2, G4, G5, G7, and G9 through G14 (see 
Prefatory Statement of General Routine Uses at 83 FR 6247 (Feb. 13, 
2018)) into the routine uses section of PBGC-17, Office of Inspector 
General Investigative File System, thereby adding them as routine uses. 
PBGC will merge General Routine Uses G1 through G5 and G7 through G12 
(See Prefatory Statement of General Routine Uses at 83 FR 6247 (Feb. 
13, 2018)) into the routine uses section of PBGC-28, Physical Security 
and Facility Access.
    Additionally, as it merges General Routine Uses 4 and 5 into the 
SORNs, PBGC is incorporating OIRA's suggested language to clarify that 
any disclosures must be relevant and necessary to litigation. As it 
merges General Routine Use 14 into the SORNs, PBGC is rewriting the 
language to conform to OMB Memorandum A-130. All additional revisions 
will be incorporated into the merger of routine uses and renumbered 
accordingly.
    (2) PBGC is proposing, in all SORNs, to update the citations to the 
Contesting Records Procedures section and to the Privacy Act of 1974, 
and to update SORNs 17 and 28, to remove the citation to the Prefatory 
Statement of General Routine Uses and to update the Official Addresses 
and system locations.
    When PBGC reviewed and revised its SORNs in 2018, it omitted the 
citation to its regulations explaining the process to contest 
information contained in records maintained by PBGC. PBGC is adding the 
citation to 29 CFR 4902.5 to the Contesting Records Procedures section 
of all its SORNs. Additionally, upon review, it was noticed that the 
Routine Uses section of all SORNs contained a citation error. PBGC is 
amending the Privacy Act citation in the Routine Uses section of all 
its SORNs, changing it from 5 U.S.C. 522a(b) to 5 U.S.C. 552a(b). 
Additionally, PBGC is removing all citations to PBGC's Prefatory 
Statement of General Routine Uses in SORNs 17 and 28 to reflect that 
General Routine Uses were merged at the direction of OIRA. Lastly, PBGC 
is updating the Official Addresses of SORNs 17 and 28 to reflect PBGC's 
new Headquarters location and/or system locations where applicable.
    (3) PBGC is proposing to add one routine use to PBGC-17, Office of 
Inspector General Investigative File System.
    PBGC is proposing the addition of one routine use to PBGC-17 for 
disclosure to compare records maintained by the Office of Inspector 
General (OIG) against other records maintained in another Federal 
system of records or with non-Federal records. Pursuant to the 
Inspector General Empowerment Act of 2016, an Inspector General or an 
agency, in coordination with an Inspector General, may conduct a 
computerized comparison of two or more automated system of records or a 
comparison of a Federal system of records with other records or non-
Federal records without it creating a matching program as defined by 
the Computer Matching and Privacy Protection Act, as amended. This 
routine use is necessary to allow the OIG to investigate fraud and 
other matters under its jurisdiction more efficiently. New Routine Use 
27 will read, ``A record to compare such records in other Federal 
agencies' systems of records or to non-Federal records.''
    (4) PBGC is proposing to add two routine uses to PBGC-28, Physical 
Security and Facility Access.
    PBGC is also proposing to add to PBGC-28, a Routine Use 12 to read: 
``12. Records from this system may be disclosed to a third party for 
purposes of providing access to facilities leased by PBGC or on PBGC's 
behalf.'' This is to allow PBGC to provide physical access security and 
facility access via its landlord's facilities management provider.
    Additionally, PBGC is adding a new routine use that will read: 
``13. To Another Agency or Non-Federal Entity in Connection with an OIG 
Audit, Investigation, or Inspection: To another Federal agency or non-
Federal entity to compare such records in the agency's system of 
records or to non-Federal records in coordination with the Office of 
Inspector General (OIG) conducting an audit, investigation, inspection, 
or some other review as authorized by the Inspector General Act, as 
amended.'' Pursuant to the Inspector General Empowerment Act of 2016, 
an Inspector General or an agency, in coordination with an Inspector 
General, may conduct a computerized comparison of two or more automated 
system of records or a comparison of a Federal system of records with 
other records or non-Federal records without it creating a matching 
program as defined by the Computer Matching and Privacy Protection Act, 
as amended. PBGC's Inspector General requested that PBGC create a new 
routine use to reflect that information contained in a PBGC system of 
records may be used in a computerized comparison of two or more system 
of records or with non-Federal records in coordination with the OIG 
conducting an audit, investigation, inspection, or some other review as 
authorized by the Inspector General Act, as amended.
    (5) PBGC is proposing to establish a new SORN ``PBGC-30: Surveys 
and Complaints--PBGC'' to reflect its current practice of using 
surveys.
    PBGC is proposing to establish a new SORN--``PBGC-30: Surveys and 
Complaints--PBGC''--to reflect its current practice of using surveys to 
obtain internal agency feedback and for responding to complaints 
received by the PBGC departments that leverage PBGC's survey tool or 
other complaint procedures. PBGC previously relied upon a SORN 
published by the Department of the Interior (DOI), as PBGC utilized 
DOI's survey system and leveraged the applicable SORN. As PBGC is 
transitioning to a different system at DOI's direction, PBGC is seeking 
to establish its own system of records.
    Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to 
submit written comments on the proposed changes described in this 
notice. A report has been sent to Congress and the Office of Management 
and Budget for their evaluation.
    For the convenience of the public the amended and new systems of 
records are published in full below with changes italicized.

    Issued in Washington, DC.
Gordon Hartogensis,
Director, Pension Benefit Guaranty Corporation.

SYSTEM NAME AND NUMBER:
    PBGC-17: Office of Inspector General Investigative File System--
PBGC.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Office of Inspector General, Pension Benefit Guaranty Corporation 
(PBGC), 445 12th Street SW, Washington, DC, 20024-2101.

SYSTEM MANAGER(S):
    Office of the Inspector General, PBGC, 445 12th Street SW, 
Washington, DC, 20024-2101.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. App. 3, sections 2 and 4.

PURPOSE(S) OF THE SYSTEM:
    This system of records is used to supervise and conduct 
investigations relating to programs and operations of PBGC by the 
Inspector General.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals named in investigations conducted by the Office of 
Inspector General (OIG); complainants and subjects of complaints 
collected through

[[Page 3438]]

the operation of the OIG Hotline; other individuals, including 
witnesses, sources, and members of the general public who are named 
individuals in connection with investigations conducted by OIG.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Information within this system relates to OIG investigations 
carried out under applicable statutes, regulations, policies, and 
procedures. The investigations may relate to criminal, civil, or 
administrative matters. These OIG files may contain investigative 
reports; transcripts; internal staff memoranda; working drafts of 
papers to PBGC employees; investigative plans; litigation strategies; 
copies of personnel, financial, contractual, and property management 
records maintained by PBGC; information submitted by or about pension 
plan sponsors or plan participants; background data including arrest 
records, statements of informants and witnesses, and laboratory reports 
of evidence analysis; information and documentation received from other 
government agencies; search warrants, summonses and subpoenas; and 
other information related to investigations. Personal data in the 
system may consist of names, social security numbers, addresses, dates 
of birth and death, fingerprints, handwriting samples, reports of 
confidential informants, physical identifying data, voiceprints, 
polygraph tests, photographs, and individual personnel and payroll 
information.

RECORD SOURCE CATEGORIES:
    Subject individuals; individual complainants; witnesses; interviews 
conducted during investigations; Federal, state, tribal, and local 
government records; individual or company records; claim and payment 
files; employer medical records; insurance records; court records; 
articles from publications; financial data; bank information; telephone 
data; service providers; other law enforcement organizations; grantees 
and sub-grantees; contractors and subcontractors; pension plan sponsors 
and participants; and other sources.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Information about covered individuals may be disclosed without 
consent as permitted by the Privacy Act of 1974, 5 U.S.C. 552a(b) and:
    1. A record from this system may be disclosed to law enforcement in 
the event the record is connected to a violation or potential violation 
of law, whether civil, criminal, or regulatory in nature, and whether 
arising by general statute, regulation, rule, or order issued pursuant 
thereto. Such disclosure may be made to the appropriate agency, whether 
Federal, state, local, or tribal, or other public authority responsible 
for enforcing, investigating or prosecuting such violation or charged 
with enforcing or implementing the statute, or rule, regulation, or 
order issued pursuant thereto, if PBGC determines that the records are 
both relevant and necessary to any enforcement, regulatory, 
investigative or prospective responsibility of the receiving entity.
    2. A record from this system of records may be disclosed to a 
Federal, state, tribal or local agency or to another public or private 
source maintaining civil, criminal, or other relevant enforcement 
information or other pertinent information if, and to the extent 
necessary, to obtain information relevant to a PBGC decision concerning 
the hiring or retention of an employee, the retention of a security 
clearance, or the letting of a contract.
    3. A record from this system of records may be disclosed in a 
proceeding before a court or other adjudicative body in which PBGC, an 
employee of PBGC in his or her official capacity, an employee of PBGC 
in his or her individual capacity whom PBGC (or the Department of 
Justice (DOJ)) has agreed to represent is a party, or the United States 
or any other Federal agency is a party and PBGC determines that it has 
an interest in the proceeding, and if PBGC determines that the record 
is relevant and necessary to the litigation and that the use of the 
record is compatible with the purpose for which PBGC collected the 
information.
    4. When PBGC, an employee of PBGC in his or her official capacity, 
or an employee of PBGC in his or her individual capacity whom PBGC (or 
DOJ) has agreed to represent is a party to a proceeding before a court 
or other adjudicative body, or the United States or any other Federal 
agency is a party and PBGC determines that it has an interest in the 
proceeding, a record from this system of records may be disclosed to 
DOJ if PBGC is consulting with DOJ regarding the proceeding or has 
decided that DOJ will represent PBGC, or its interest, in the 
proceeding and PBGC determines that the record is relevant and 
necessary to the litigation and that the use of the record is 
compatible with the purpose for which PBGC collected the information.
    5. A record from this system of records may be disclosed to a 
congressional office in response to an inquiry from the congressional 
office made at the request of the individual.
    6. A record from this system of records may be disclosed to 
appropriate agencies, entities, and persons when (1) PBGC suspects or 
has confirmed that there has been a breach of the system of records; 
(2) PBGC has determined that as a result of the suspected or confirmed 
breach there is a risk of harm to individuals, PBGC (including its 
information systems, programs and operations), the Federal Government, 
or national security; and (3) the disclosure made to such agencies, 
entities, and persons is reasonably necessary to assist in connection 
with PBGC's efforts to respond to the suspected or confirmed breach or 
to prevent, minimize, or remedy such harm.
    7. To contractors, experts, consultants, and the agents thereof, 
and others performing or working on a contract, service, cooperative 
agreement, or other assignment for PBGC when necessary to accomplish an 
agency function. Individuals provided information under this routine 
use are subject to the same Privacy Act requirements and limitations on 
disclosure as are applicable to PBGC employees.
    8. To the National Archives and Records Administration or to the 
General Services Administration for records management inspections 
conducted under 44 U.S.C. 2904 and 2906.
    9. To any source from which information is requested in the course 
of processing a grievance, investigation, arbitration, or other 
litigation, to the extent necessary to identify the individual, inform 
the source of the purpose(s) of the request, and identify the type of 
information requested.
    10. To disclose information to a Federal agency, in response to its 
request, in connection with hiring or retaining an employee, issuing a 
security clearance, conducting a security or suitability investigation 
of an individual, or classifying jobs, to the extent that the 
information is relevant and necessary to the requesting agency's 
decision on the matter.
    11. To another federal agency or federal entity, when information 
from this system of records is reasonably necessary to assist the 
recipient agency or entity in (1) responding to a suspected or 
confirmed breach or (2) preventing, minimizing, or remedying the risk 
of harm to individuals, the agency (including its information systems, 
programs, and operations), the Federal Government, or national 
security.

[[Page 3439]]

    12. A record relating to a person held in custody pending or during 
arraignment, trial, sentence, or extradition proceedings or after 
conviction may be disclosed to a Federal, state, local, tribal or 
foreign prison; probation, parole, or pardon authority; or any other 
agency or individual involved with the maintenance, transportation, or 
release of such a person.
    13. A record relating to a case or matter may be disclosed to an 
actual or potential party or his or her attorney for the purpose of 
negotiation or discussion on such matters as settlement of the case or 
matter, plea bargaining, or informal discovery proceedings.
    14. A record may be disclosed to any source, either private or 
governmental, when reasonably necessary to elicit information or obtain 
the cooperation of a witness or informant when conducting any official 
investigation or during a trial or hearing or when preparing for a 
trial or hearing.
    15. A record relating to a case or matter may be disclosed to a 
foreign country, through the United States Department of State or 
directly to the representative of such country, under an international 
treaty, convention, or executive agreement; or to the extent necessary 
to assist the U.S. Department of State, law enforcement officials, and 
such country in apprehending or returning a fugitive to a jurisdiction 
that seeks that individual's return.
    16. A record originating exclusively within this system of records 
may be disclosed to other Federal offices of inspectors general and 
councils comprising officials from other Federal offices of inspectors 
general, as required by the Inspector General Act of 1978, as amended. 
The purpose is to ensure that OIG investigative operations can be 
subject to integrity and efficiency peer reviews, and to permit other 
offices of inspectors general to investigate and report on allegations 
of misconduct by senior OIG officials as directed by a council, the 
President, or Congress. Records originating from any other PBGC systems 
of records, which may be duplicated in or incorporated into this 
system, also may be disclosed with all identifiable information 
redacted.
    17. A record may be disclosed to the Department of the Treasury and 
the Department of Justice when the OIG seeks an ex parte court order to 
obtain taxpayer information from the Internal Revenue Service.
    18. A record may be disclosed to any governmental, professional, or 
licensing authority when such record reflects on qualifications, either 
moral, educational or vocational, of an individual seeking to be 
licensed or to maintain a license.
    19. A record may be disclosed to any direct or indirect recipient 
of Federal funds, e.g., a contractor, where such record reflects 
problems with the personnel working for a recipient, and disclosure of 
the record is made to permit a recipient to take corrective action 
beneficial to the Government.
    20. A record may be disclosed where there is an indication of a 
violation or a potential violation of law, rule, regulation, or order 
whether civil, criminal, administrative or regulatory in nature, to the 
appropriate agency, whether Federal, state, tribal or local, or to a 
securities self-regulatory organization, charged with enforcing or 
implementing the statute, or rule, regulation, or order.
    21. A record may be disclosed to Federal, state, tribal or local 
authorities in order to obtain information or records relevant to an 
Office of Inspector General investigation or inquiry.
    22. A record may be disclosed to a bar association, state 
accountancy board, or other Federal, state, tribal, local, or foreign 
licensing or oversight authority; or professional association or self-
regulatory authority to the extent that it performs similar functions 
(including the Public Company Accounting Oversight Board) for 
investigations or possible disciplinary action.
    23. A record may be disclosed to inform complainants, victims, and 
witnesses of the results of an investigation or inquiry.
    24. A record may be disclosed to the Department of Justice for the 
purpose of obtaining advice on investigatory matters or to refer 
information for the purpose of prosecution.
    25. A record may be disclosed to contractors, interns and experts 
who have been engaged to assist in an OIG investigation or in the 
performance of a service related to this system of records and require 
access to these records for the purpose of assisting the OIG in the 
efficient administration of its duties. All recipients of these records 
will be required to comply with the requirements of the Privacy Act of 
1974, as amended.
    26. A record may be disclosed to the public when the matter under 
investigation has become public knowledge, or when the Inspector 
General determines that such disclosure is necessary to preserve 
confidence in the integrity of the OIG investigative process, to 
demonstrate the accountability of PBGC employees, or other individuals 
covered by this system, or when there exists a legitimate public 
interest, unless the Inspector General has determined that disclosure 
of specific information would constitute an unwarranted invasion of 
personal privacy.
    27. A record to compare such records in other Federal agencies' 
systems of records or to non-Federal records.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are maintained manually in paper and/or electronic form 
(including computer databases or discs). Records may also be maintained 
on back-up tapes, or on a PBGC or a contractor-hosted network.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by any one or more of the following: name; 
social security number; subject category; or assigned case number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained and destroyed in accordance with the 
National Archives and Record Administration's (NARA) Basic Laws and 
Authorities (44 U.S.C. 3301, et seq.) or a PBGC records disposition 
schedule approved by NARA. See General Record Schedule 4.2 Inspector 
General Item: 080. Records existing on paper are destroyed beyond 
recognition.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    PBGC has established security and privacy protocols that meet the 
required security and privacy standards issued by the National 
Institute of Standards and Technology (NIST). Records are maintained in 
a secure, password protected electronic system that utilizes security 
hardware and software to include multiple firewalls, active intruder 
detection, and role-based access controls. PBGC has adopted appropriate 
administrative, technical, and physical controls in accordance with 
PBGC's security program to protect the confidentiality, integrity, and 
availability of the information, and to ensure that records are not 
disclosed to or accessed by unauthorized individuals.
    Electronic records are stored on computer networks, which may 
include cloud-based systems, and protected by controlled access with 
Personal Identity Verification (PIV) cards, assigning user accounts to 
individuals needing access to the records and by passwords set by 
authorized users that must be changed periodically.

RECORD ACCESS PROCEDURES:
    This system is exempt from the notification and record access

[[Page 3440]]

requirements. However, consideration will be given to requests made in 
compliance with 29 CFR 4902.3 and 4902.4.

CONTESTING RECORD PROCEDURES:
    This system is exempt from amendment requirements. However, 
consideration will be given to requests made in compliance with 29 CFR 
4902.3 and 4902.5.

NOTIFICATION PROCEDURES:
    This system is exempt from the notification requirements. However, 
consideration will be given to inquiries made in compliance with 29 CFR 
4902.3.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    Pursuant to 5 U.S.C. 552a(j) and (k), PBGC has established 
regulations at 29 CFR 4902.11 that exempt records in this system 
depending on their purpose.

HISTORY:
    PBGC--17, Inspector General Investigative File System (last 
published at 83 FR 6268 (February 13, 2018)).

SYSTEM NAME AND NUMBER:
    PBGC--28: Physical Security and Facility Access

SECURITY CLASSIFICATION:
    Unclassified

SYSTEM LOCATION:
    Pension Benefit Guaranty Corporation (PBGC), 445 12th Street SW, 
Washington, DC, 20024-2101.

SYSTEM MANAGER(S):
    Director, Workplace Solutions Department, PBGC, 445 12th Street SW, 
Washington, DC, 20024-2101.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Executive Order 12977; 6 CFR part 37; Homeland Security 
Presidential Directive (HSPD) 12: Policy for a Common Identification 
Standard for Federal Employees and Contractors.

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system is to maintain information to allow PBGC 
to provide for its facilities: control of visitor, employee, and 
government contractor access; physical and operational security; and 
video surveillance. It can also be used to maintain information from 
issuing temporary facility access for employees and contractors who are 
not in possession of their Personal Identity Verification (PIV) card or 
office key.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Current PBGC employees, students, interns, government contractors, 
employees of other agencies, vendors, and other authorized visitors who 
access PBGC facilities.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system contains records relating to employee and government 
contractor access, visitor access, and facility security. This includes 
government Personal Identity Verification (PIV) cards, visitor, 
contractor, and employee access records, temporary access cards, 
biometric data, and video surveillance recordings. PIV card records 
include the following information: name, photo, type of access, 
employee affiliation, expiration date, activation date, credential 
serial number to include the full Card Holder Unique Identifier 
(CHUID), height, eye color, and hair color. Visitor access records 
include the following information: name, phone number, email address, 
digital photo, scan of government-issued photo identification, reason 
for visit, organization name, date and time of visit, floor visited, 
and temporary visitor badge number or barcode. Employee access records 
include date and time of room or facility access and fingerprint or 
other biometric data.

RECORD SOURCE CATEGORIES:
    Subject individuals, employees, visitors, contractors, vendors, and 
others visiting PBGC facilities.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Information about covered individuals may be disclosed without 
consent as permitted by the Privacy Act of 1974, 5 U.S.C. 552a(b), and:
    1. A record from this system may be disclosed to law enforcement in 
the event the record is connected to a violation or potential violation 
of law, whether civil, criminal or regulatory in nature, and whether 
arising by general statute, regulation, rule, or order issued pursuant 
thereto. Such disclosure may be made to the appropriate agency, whether 
Federal, state, local, or tribal, or other public authority responsible 
for enforcing, investigating or prosecuting such violation or charged 
with enforcing or implementing the statute, or rule, regulation, or 
order issued pursuant thereto, if PBGC determines that the records are 
both relevant and necessary to any enforcement, regulatory, 
investigative or prospective responsibility of the receiving entity.
    2. A record from this system of records may be disclosed to a 
Federal, state, tribal or local agency or to another public or private 
source maintaining civil, criminal, or other relevant enforcement 
information or other pertinent information if, and to the extent 
necessary, to obtain information relevant to a PBGC decision concerning 
the hiring or retention of an employee, the retention of a security 
clearance, or the letting of a contract.
    3. With the approval of the Director, Human Resources Department 
(or his or her designee), the fact that this system of records includes 
information relevant to a Federal agency's decision in connection with 
the hiring or retention of an employee, the retention of a security 
clearance, the letting of a contract, or the issuance of a license, 
grant, or other benefit may be disclosed to that Federal agency.
    4. A record from this system of records may be disclosed in a 
proceeding before a court or other adjudicative body in which PBGC, an 
employee of PBGC in his or her official capacity, an employee of PBGC 
in his or her individual capacity whom PBGC (or the Department of 
Justice (DOJ)) has agreed to represent is a party, or the United States 
or any other Federal agency is a party and PBGC determines that it has 
an interest in the proceeding, and if PBGC determines that the record 
is relevant and necessary to the litigation and that the use of the 
record is compatible with the purpose for which PBGC collected the 
information.
    5. When PBGC, an employee of PBGC in his or her official capacity, 
or an employee of PBGC in his or her individual capacity whom PBGC (or 
DOJ) has agreed to represent is a party to a proceeding before a court 
or other adjudicative body, or the United States or any other Federal 
agency is a party and PBGC determines that it has an interest in the 
proceeding, a record from this system of records may be disclosed to 
DOJ if PBGC is consulting with DOJ regarding the proceeding or has 
decided that DOJ will represent PBGC, or its interest, in the 
proceeding and PBGC determines that the record is relevant and 
necessary to the litigation and that the use of the record is 
compatible with the purpose for which PBGC collected the information.
    6. A record from this system of records may be disclosed to a 
congressional office in response to an inquiry from the congressional 
office made at the request of the individual.
    7. A record from this system of records may be disclosed to an 
official of a labor organization recognized under 5 U.S.C. ch. 71 when 
necessary for the labor organization to properly perform its duties as 
the collective bargaining representative of PBGC employees in the 
bargaining unit.

[[Page 3441]]

    8. A record from this system of records may be disclosed to 
appropriate agencies, entities, and persons when (1) PBGC suspects or 
has confirmed that there has been a breach of the system of records; 
(2) PBGC has determined that as a result of the suspected or confirmed 
breach there is a risk of harm to individuals, PBGC (including its 
information systems, programs and operations), the Federal Government, 
or national security; and (3) the disclosure made to such agencies, 
entities, and persons is reasonably necessary to assist in connection 
with PBGC's efforts to respond to the suspected or confirmed breach or 
to prevent, minimize, or remedy such harm.
    9. To contractors, experts, consultants, and the agents thereof, 
and others performing or working on a contract, service, cooperative 
agreement, or other assignment for PBGC when necessary to accomplish an 
agency function. Individuals provided information under this routine 
use are subject to the same Privacy Act requirements and limitations on 
disclosure as are applicable to PBGC employees.
    10. To the National Archives and Records Administration or to the 
General Services Administration for records management inspections 
conducted under 44 U.S.C. 2904 and 2906.
    11. To any source from which information is requested in the course 
of processing a grievance, investigation, arbitration, or other 
litigation, to the extent necessary to identify the individual, inform 
the source of the purpose(s) of the request, and identify the type of 
information requested.
    12. Records from this system may be disclosed to a third party for 
purposes of providing access to facilities leased by PBGC or on PBGC's 
behalf.
    13. To another Federal agency or non-Federal entity to compare such 
records in the agency's system of records or to non-Federal records in 
coordination with the Office of Inspector General conducting an audit, 
investigation, inspection, or some other review as authorized by the 
Inspector General Act, as amended.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are maintained manually in paper and/or electronic form 
(including computer databases or discs). Records may also be maintained 
on back-up tapes, or on a PBGC or a third-party physical access control 
system.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by any one of the following: employee or 
contractor name, PIV card number, temporary access card number, access 
clearance, key number, key removal date and time, visitor name, date 
and time of visit, organization, name of PBGC personnel escorting the 
visitor, visitor badge number, and reason for visit.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained and destroyed in accordance with the 
National Archives and Record Administration's (NARA) Basic Laws and 
Authorities (44 U.S.C. 3301, et seq.) or a PBGC records disposition 
schedule approved by NARA. Records existing on paper are destroyed 
beyond recognition. Records existing on computer storage media are 
destroyed according to the applicable PBGC media practice for physical 
security and access control systems and will be maintained in 
accordance with General Records Schedule 5.6 Security Records Items: 
010, 021, 100, 111, 120, 121, 130, and 240.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    PBGC has established security and privacy protocols that meet the 
required security and privacy standards issued by the National 
Institute of Standards and Technology (NIST). Records are maintained in 
a secure, password protected electronic system that utilizes security 
hardware and software to include multiple firewalls, active intruder 
detection, and role-based access controls. PBGC has adopted appropriate 
administrative, technical, and physical controls in accordance with 
PBGC's security program to protect the confidentiality, integrity, and 
availability of the information, and to ensure that records are not 
disclosed to or accessed by unauthorized individuals.
    Electronic records are stored on computer networks, which may 
include cloud-based systems, and protected by controlled access with 
PIV cards, assigning user accounts to individuals needing access to the 
records and by passwords set by authorized users that must be changed 
periodically.

RECORD ACCESS PROCEDURES:
    Individuals, or third parties with written authorization from the 
individual, wishing to request access to their records in accordance 
with 29 CFR 4902.4, should submit a written request to the Disclosure 
Officer, PBGC, 445 12th Street SW, Washington, DC, 20024-2101, or by 
emailing [email protected], providing their name, address, date of 
birth, and verification of their identity in accordance with 29 CFR 
4902.3(c).

CONTESTING RECORD PROCEDURES:
    Individuals, or third parties with written authorization from the 
individual, wishing to amend their records must submit a written 
request, in accordance with 29 CFR 4902.5, identifying the information 
they wish to correct in their file, following the requirements of 
Record Access Procedure above.

NOTIFICATION PROCEDURES:
    Individuals, or third parties with written authorization from the 
individual, wishing to learn whether this system of records contains 
information about them should submit a written request to the 
Disclosure Officer, PBGC, 445 12th Street SW, Washington, DC, 20024-
2101, or by emailing [email protected], providing their name, 
address, date of birth, and verification of their identity in 
accordance with 29 CFR 4902.3(c).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    PBGC--28, Physical Security and Facility Access (last published at 
87 FR 4668 (Jan. 28,2022)).

SYSTEM NAME AND NUMBER:
    PBGC-30: Surveys and Complaints--PBGC

SECURITY CLASSIFICATION:
    Unclassified

SYSTEM LOCATION:
    Pension Benefit Guaranty Corporation (PBGC), 445 12th Street SW, 
Washington, DC 20024-2101. (Records may be kept at an additional 
location of the commercial service provider of Qualtrics, 333 W. River 
Park Drive Provo, UT 84604, in the Amazon Web Services Government 
Commercial Cloud).

SYSTEM MANAGER(S):
    Office of the General Counsel (OGC), PBGC, 445 12th Street SW, 
Washington, DC, 20024-2101.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    29 U.S.C. 1055, 1056(d)(3), 1302, 1303, 1310, 1321, 1322a, 1341, 
1342, 1343, 1350; 1431, and 1432; 5 U.S.C. 301; 44 U.S.C. 3101 et seq.

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system of records is for all departments at 
PBGC to elicit

[[Page 3442]]

feedback through surveys and respond to complaints PBGC receives from 
communications contained within them. This includes a process for 
tracking, receiving, and responding to surveys, complaints, concerns, 
or questions from individuals about the organizational security and 
privacy practices. Names, addresses, and telephone numbers are used to 
survey customers to measure their satisfaction with PBGC's services and 
to track (for follow-up) those who do not respond to surveys. De-
identified, aggregated information from this system may be used for 
research and statistical purposes.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals who access a website operated by or on behalf of PBGC; 
and individuals who are the subject of or are otherwise connected to an 
inquiry, investigation, or complaint concerning PBGC's privacy or 
cybersecurity programs.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Responses to individual survey questions or complaint forms; IP 
addresses; cookies (session and persistent); email communications; and 
information pertaining to the individual's complaint such as their 
name, email address, phone number, and details about their experience 
using a PBGC website or their complaint.

RECORD SOURCE CATEGORIES:
    Subject individuals; pension plan participants, sponsors, 
administrators and third parties; current and former employees or 
contractors.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Information about covered individuals may be disclosed without 
consent as permitted by the Privacy Act of 1974, 5 U.S.C. 552a(b), and:
    1. A record from this system may be disclosed to law enforcement in 
the event the record is connected to a violation or potential violation 
of law, whether civil, criminal, or regulatory in nature, and whether 
arising by general statute, regulation, rule, or order issued pursuant 
thereto. Such disclosure may be made to the appropriate agency, whether 
Federal, state, local, or tribal, or other public authority responsible 
for enforcing, investigating or prosecuting such violation or charged 
with enforcing or implementing the statute, or rule, regulation, or 
order issued pursuant thereto, if PBGC determines that the records are 
both relevant and necessary to any enforcement, regulatory, 
investigative or prospective responsibility of the receiving entity.
    2. A record from this system of records may be disclosed to a 
Federal, state, tribal or local agency or to another public or private 
source maintaining civil, criminal, or other relevant enforcement 
information or other pertinent information if, and to the extent 
necessary, to obtain information relevant to a PBGC decision concerning 
the hiring or retention of an employee, the retention of a security 
clearance, or the letting of a contract.
    3. A record from this system of records may be disclosed in a 
proceeding before a court or other adjudicative body in which PBGC, an 
employee of PBGC in his or her official capacity, an employee of PBGC 
in his or her individual capacity whom PBGC (or the Department of 
Justice (DOJ)) has agreed to represent is a party, or the United States 
or any other Federal agency is a party and PBGC determines that it has 
an interest in the proceeding, and if PBGC determines that the record 
is relevant and necessary to the litigation and that the use of the 
record is compatible with the purpose for which PBGC collected the 
information.
    4. When PBGC, an employee of PBGC in his or her official capacity, 
or an employee of PBGC in his or her individual capacity whom PBGC (or 
DOJ) has agreed to represent is a party to a proceeding before a court 
or other adjudicative body, or the United States or any other Federal 
agency is a party and PBGC determines that it has an interest in the 
proceeding, a record from this system of records may be disclosed to 
DOJ if PBGC is consulting with DOJ regarding the proceeding or has 
decided that DOJ will represent PBGC, or its interest, in the 
proceeding and PBGC determines that the record is relevant and 
necessary to the litigation and that the use of the record is 
compatible with the purpose for which PBGC collected the information.
    5. A record from this system of records may be disclosed to OMB in 
connection with the review of private relief legislation as set forth 
in OMB Circular No. A-19 at any stage of the legislative coordination 
and clearance process as set forth in that Circular.
    6. A record from this system of records may be disclosed to a 
congressional office in response to an inquiry from the congressional 
office made at the request of the individual.
    7. A record from this system of records may be disclosed to an 
official of a labor organization recognized under 5 U.S.C. ch. 71 when 
necessary for the labor organization to properly perform its duties as 
the collective bargaining representative of PBGC employees in the 
bargaining unit.
    8. A record from this system of records may be disclosed to 
appropriate agencies, entities, and persons when (1) PBGC suspects or 
has confirmed that there has been a breach of the system of records; 
(2) PBGC has determined that as a result of the suspected or confirmed 
breach there is a risk of harm to individuals, PBGC (including its 
information systems, programs and operations), the Federal Government, 
or national security; and (3) the disclosure made to such agencies, 
entities, and persons is reasonably necessary to assist in connection 
with PBGC's efforts to respond to the suspected or confirmed breach or 
to prevent, minimize, or remedy such harm.
    9. To contractors, experts, consultants, and the agents thereof, 
and others performing or working on a contract, service, cooperative 
agreement, or other assignment for PBGC when necessary to accomplish an 
agency function. Individuals provided information under this routine 
use are subject to the same Privacy Act requirements and limitations on 
disclosure as are applicable to PBGC employees.
    10. To the National Archives and Records Administration or to the 
General Services Administration for records management inspections 
conducted under 44 U.S.C. 2904 and 2906.
    11. To any source from which information is requested in the course 
of processing a grievance, investigation, arbitration, or other 
litigation, to the extent necessary to identify the individual, inform 
the source of the purpose(s) of the request, and identify the type of 
information requested.
    12. To Another Agency or Non-Federal Entity in Connection with an 
OIG Audit, Investigation, or Inspection: To another Federal agency or 
non-Federal entity to compare such records in the agency's system of 
records or to non-Federal records in coordination with the Office of 
Inspector General conducting an audit, investigation, inspection, or 
some other review as authorized by the Inspector General Act, as 
amended.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are maintained in electronic databases. Records may also be 
maintained on back-up tapes, or on a PBGC or a contractor-hosted 
network.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Indexing surveys and complaints will be determined by individual 
system

[[Page 3443]]

implementations, but records are generally indexed by a generic, 
sequential survey or complaint record identifier. Records may be 
indexed by a combination of survey responses and contact information 
that is voluntarily provided through the survey or complaint form.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained and destroyed in accordance with the 
National Archives and Record Administration's (NARA) Basic Laws and 
Authorities (44 U.S.C. 3301, et seq.) or a PBGC records disposition 
schedule approved by NARA. Records existing on paper are destroyed 
beyond recognition. Records existing on computer storage media are 
destroyed according to the applicable PBGC media practice for systems 
that leverage this SORN and will be maintained in accordance with PBGC 
Records Schedule. See General Records Schedule (GRS) Items 6.5.010 and 
6.5.020: Public Customer Service Records; See also GRS 6.5.010: 
Complaints-Customer Service; see also GRS Items 4.2.06; Privacy 
complaint files. See also PBGC Records Schedule Item 1.2: 
Administrative Records--Privacy Act.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    PBGC has established security and privacy protocols that meet the 
required security and privacy standards issued by the National 
Institute of Standards and Technology (NIST). Records are maintained in 
a secure, password protected electronic system that utilizes security 
hardware and software to include multiple firewalls, active intruder 
detection, and role-based access controls. PBGC has adopted appropriate 
administrative, technical, and physical controls in accordance with 
PBGC's security program to protect the confidentiality, integrity, and 
availability of the information, and to ensure that records are not 
disclosed to or accessed by unauthorized individuals. Paper records are 
kept in file folders in areas of restricted access that are locked 
after office hours.
    Electronic records are stored on computer networks, which may 
include cloud-based systems, and protected by controlled access with 
Personal Identity Verification (PIV) cards, assigning user accounts to 
individuals needing access to the records and by passwords set by 
authorized users that must be changed periodically. Further, for 
certain systems covered by this notice, heightened security access is 
required. Such access is granted by the specific permissions group 
assigned to monitor that particular system and only authorized 
employees of the agency may retrieve, review or modify those records.

RECORD ACCESS PROCEDURES:
    Individuals, or third parties with written authorization from the 
individual, wishing to request access to their records in accordance 
with 29 CFR 4902.4, should submit a written request to the Disclosure 
Officer, PBGC, 445 12th Street SW, Washington, DC 20024-2101, or by 
emailing [email protected], providing their name, address, date of 
birth, and verification of their identity in accordance with 29 CFR 
4902.3(c).

CONTESTING RECORD PROCEDURES:
    Individuals, or third parties with written authorization from the 
individual, wishing to amend their records must submit a written 
request, in accordance with 29 CFR 4902.5, identifying the information 
they wish to correct in their file, in addition to following the 
requirements of the Record Access Procedure above.

NOTIFICATION PROCEDURES:
    Individuals, or third parties with written authorization from the 
individual, wishing to learn whether this system of records contains 
information about them should submit a written request to the 
Disclosure Officer, PBGC, 445 12th Street SW, Washington, DC 20024-
2101, or by emailing [email protected], providing their name, 
address, date of birth, and verification of their identity in 
accordance with 29 CFR 4902.3(c).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.
[FR Doc. 2024-00859 Filed 1-17-24; 8:45 am]
BILLING CODE 7709-02-P