Office of Human Resources Management; SES Performance Review Board, 82611-82612 [2024-23586]
Download as PDF
<![CDATA[
ddrumheller on DSK120RN23PROD with NOTICES1
Federal Register / Vol. 89, No. 198 / Friday, October 11, 2024 / Notices
distinct data security breaches over the
course of several years. Starwood
informed customers of the first breach
just four days after the announcement of
Marriott’s acquisition of Starwood. This
breach allowed intruders to compromise
Starwood’s point-of-sale systems and
gain access to more than 40,000
customer payment cards over the course
of 14 months.
The second breach began on or
around July 28, 2014, and involved a
breach of a Starwood guest reservation
database. This breach went undetected
for four years—during which Marriott
had responsibility for Starwood’s
information security practices and
network following the acquisition.
Forensic examiners, retained by
Marriott in September 2018, identified
similar failures that resulted in the first
breach, including: inadequate firewall
controls, unencrypted payment card
information stored outside of the secure
cardholder data environment, lack of
multifactor authentication, and
inadequate monitoring and logging
practices. As a result of the second
breach, intruders compromised the
personal information of 339 million
Starwood guest records and 5.25 million
unencrypted passport numbers
worldwide. Additional compromised
information from the Starwood guest
reservation database included: names,
dates of birth, payment card numbers,
addresses, email addresses, telephone
numbers, usernames, Starwood loyalty
numbers, and partner loyalty program
numbers.
As to the third breach, Marriott
announced in March 2020 that
malicious actors had compromised the
credentials of employees at a Marriottfranchised property to gain access to
Marriott’s own network The intruders
began accessing and exporting
consumers’ personal information
without detection from September
2018—the same month that Marriott
became aware of the second breach—to
December 2018 and resumed in January
2020 and continued until they were
ultimately discovered in February 2020.
The intruders were able to access more
than 5.2 million guest records,
including 1.8 million records related to
U.S. consumers, that contained
significant amounts of personal
information, including: names, mailing
addresses, email addresses, phone
numbers, affiliated companies, gender,
month and day of birth, Marriott loyalty
account information, partner loyalty
program numbers, and hotel stay and
room preferences. Marriott’s internal
investigation confirmed that the
malicious actors’ main purpose for
searching, accessing, and exporting
VerDate Sep<11>2014
17:15 Oct 10, 2024
Jkt 265001
guest records was to identify loyalty
accounts with sufficient loyalty points
to be either used or redeemed, including
for booking stays at hotel properties.
The Commission’s proposed twocount complaint alleges that
Respondents violated section 5(a) of the
FTC Act by: (1) deceiving customers by
representing in each of their privacy
policies that they used reasonable and
appropriate safeguards to protect
consumers’ personal and financial
information; and (2) failing to employ
reasonable security measures to protect
consumers’ personal information. With
respect to these counts, the proposed
complaint alleges that Respondents:
• failed to implement appropriate
password controls, which resulted in
employees often using default, blank or
weak passwords;
• failed to patch outdated software
and systems in a timely manner;
• failed to adequately monitor and log
network environments, limiting the
ability to detect malicious actors and
distinguish between authorized and
unauthorized activity;
• failed to implement appropriate
access controls;
• failed to implement appropriate
firewall controls;
• failed to implement appropriate
network segmentation to prevent
attackers from moving freely across its
networks and databases; and
• failed to apply adequate multifactor
authentication to protect sensitive
information.
The proposed complaint alleges, with
respect to the second count above, that
Respondents’ failure to employ
reasonable security measures to protect
consumers’ personal information
caused, or is likely to cause, substantial
injury to consumers that is not
outweighed by countervailing benefits
to consumers or competition and is not
reasonably avoidable by consumers
themselves. Such practices constitute
unfair acts or practices under section 5
of the FTC Act.
The Proposed Order contains
injunctive relief designed to prevent
Respondents from engaging in the same
or similar acts or practices in the future.
Part I prohibits Respondents from
misrepresenting in any manner,
expressly or by implication: (1)
Respondents’ collection, maintenance,
use, deletion, or disclose consumers’
personal information; and (2) the extent
to which Respondents protect the
privacy, security, availability,
confidentiality, or integrity of
consumers’ personal information. Part II
requires that Respondents establish,
implement, and document a
comprehensive information security
PO 00000
Frm 00047
Fmt 4703
Sfmt 4703
82611
program. The program must include
specific safeguards tailored to
Respondents’ previous data security
shortcomings.
Parts III–VI require Respondents to
obtain initial and biennial information
security assessments by an independent,
third-party professional for 20 years
(part III), cooperate with the
independent assessor (part IV), provide
the Commission with a certification of
compliance with the Order from
Respondents’ CEO (part V), and submit
reports to the Commission if they suffer
additional data incidents (part VI).
Part VII requires Respondents to
provide a Clear and Conspicuous
method by which U.S. consumers can
request that Respondents review the
deletion of personal information
associated with an email address and/or
Loyalty Rewards Program account
number. Part VIII requires Respondents
to provide a link on their website and
mobile app where all U.S. consumers
may request deletion of Personal
Information associated with an email
address and/or Loyalty Rewards
Program account number.
Parts IX–XII are reporting and
compliance provisions, which include
recordkeeping requirements and
provisions requiring Respondents to
provide information or documents
necessary for the Commission to
monitor compliance. Part XIII states that
the Proposed Order will remain in effect
for 20 years, with certain exceptions.
The purpose of this analysis is to
facilitate public comment on the
Proposed Order, and it is not intended
to constitute an official interpretation of
the complaint or Proposed Order, or to
modify the Proposed Order’s terms in
any way.
By direction of the Commission,
Commissioners Holyoak and Ferguson
recused.
April J. Tabor,
Secretary.
[FR Doc. 2024–23283 Filed 10–10–24; 8:45 am]
BILLING CODE 6750–01–P
GENERAL SERVICES
ADMINISTRATION
[Notice—C0A–2024–01; Docket No. 2024–
0002; Sequence No 43]
Office of Human Resources
Management; SES Performance
Review Board
Office of Human Resources
Management (OHRM), General Services
Administration (GSA).
ACTION: Notice.
AGENCY:
E:\FR\FM\11OCN1.SGM
11OCN1
82612
Federal Register / Vol. 89, No. 198 / Friday, October 11, 2024 / Notices
Notice is hereby given of the
appointment of new members to the
GSA Senior Executive Service
Performance Review Board. The
Performance Review Board assures
consistency, stability, and objectivity in
the performance appraisal process.
SUMMARY:
DATES:
Applicable: October 11, 2024.
Mr.
Nathaniel Williams, Acting Director,
Executive Resources Division, Office of
Human Resources Management, GSA,
1800 F Street NW, Washington, DC
20405, or via telephone at (571) 513–
9451.
FOR FURTHER INFORMATION CONTACT:
Section
4314(c)(1) through (5) of title 5 U.S.C
requires each agency to establish, in
accordance with regulation prescribed
by the Office of Personnel Management,
one or more SES performance review
board(s). The board is responsible for
making recommendations to the
appointing and awarding authority on
the performance appraisal ratings and
performance awards for employees in
the Senior Executive Service.
The following have been designated
as members of the Performance Review
Board of GSA:
• Katy Kale, Deputy Administrator—
PRB Chair.
• Christopher Bennethum, Assistant
Commissioner for Assisted Acquisition
Services, Federal Acquisition Service.
• Lesley Briante, Associate Chief
Information Officer of Digital
Management, Office of GSA IT.
• Aluanda Drain, Associate
Administrator for Civil Rights, Office of
Civil Rights.
• Andrew Heller, Deputy
Commissioner for Enterprise Strategy,
Public Buildings Service.
• Arron Helm, Chief Human Capital
Officer, Office of Human Resources
Management.
• Dena McLaughlin, Executive
Director, Catalog and Solicitation
Management Program Management
Office, Federal Acquisition Service.
• Tanisha Palermo, Regional
Commissioner, Public Buildings
Service, Rocky Mountain Region.
• Flavio Peres, Assistant
Commissioner for Real Property
Disposition, Public Buildings Service.
• Camille Sabbakhan, Deputy General
Counsel, Office of the General Counsel.
ddrumheller on DSK120RN23PROD with NOTICES1
SUPPLEMENTARY INFORMATION:
Robin Carnahan,
Administrator, General Services
Administration.
[FR Doc. 2024–23586 Filed 10–10–24; 8:45 am]
BILLING CODE 6820–FM–P
VerDate Sep<11>2014
17:15 Oct 10, 2024
Jkt 265001
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Dated: October 8, 2024.
Eric Flamm,
Acting Associate Commissioner for Policy.
Food and Drug Administration
[FR Doc. 2024–23629 Filed 10–10–24; 8:45 am]
BILLING CODE 4164–01–P
[Docket No. FDA–2018–N–1262]
Notice of Approval of Product Under
Voucher: Rare Pediatric Disease
Priority Review Voucher; TREMFYA
(guselkumab)
AGENCY:
Food and Drug Administration,
HHS.
ACTION:
Notice.
The Food and Drug
Administration (FDA) is announcing the
issuance of approval of a product
redeeming a priority review voucher.
The Federal Food, Drug, and Cosmetic
Act (FD&C Act) authorizes FDA to
award priority review vouchers to
sponsors of approved rare pediatric
disease product applications that meet
certain criteria. FDA is required to
publish notice of the issuance of priority
review vouchers as well as the approval
of products redeeming a priority review
voucher. FDA has determined that the
supplemental application for TREMFYA
(guselkumab), approved September 11,
2024, meets the criteria for redeeming a
priority review voucher.
SUMMARY:
FOR FURTHER INFORMATION CONTACT:
Cathryn Lee, Center for Drug Evaluation
and Research, Food and Drug
Administration, 10903 New Hampshire
Ave., Silver Spring, MD 20993–0002,
301–796–1394, email: Cathryn.Lee@
fda.hhs.gov.
FDA is
announcing the approval of a product
redeeming a rare pediatric disease
priority review voucher. Under section
529 of the FD&C Act (21 U.S.C. 360ff),
FDA will report the issuance of rare
pediatric disease priority review
vouchers and the approval of products
for which a voucher was redeemed.
FDA has determined that the
supplemental application for TREMFYA
(guselkumab) meets the redemption
criteria.
For further information about the Rare
Pediatric Disease Priority Review
Voucher Program and for a link to the
full text of section 529 of the FD&C Act,
go to https://www.fda.gov/ForIndustry/
DevelopingProductsforRareDiseases
Conditions/RarePediatricDiseasePriority
VoucherProgram/default.htm. For
further information about TREMFYA
(guselkumab), go to the ‘‘Drugs@FDA’’
website at https://www.accessdata.
fda.gov/scripts/cder/daf/.
SUPPLEMENTARY INFORMATION:
PO 00000
Frm 00048
Fmt 4703
Sfmt 4703
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Food and Drug Administration
[Docket No. FDA–2012–N–1021]
Notice to Public of Website Location of
Center for Devices and Radiological
Health Fiscal Year 2025 Proposed
Guidance Development
AGENCY:
Food and Drug Administration,
HHS.
ACTION:
Notice.
The Food and Drug
Administration (FDA or the Agency) is
announcing the website location where
the Agency will post two lists of
guidance documents that the Center for
Devices and Radiological Health (CDRH)
intends to publish in fiscal year (FY)
2025. In addition, FDA has established
a docket where interested parties may
comment on the priority of topics for
guidance, provide comments and/or
propose draft language for those topics,
suggest topics for new or different
guidance documents, comment on the
applicability of guidance documents
that have issued previously, and
provide any other comments that could
benefit the CDRH guidance program and
its engagement with interested parties.
This feedback is critical to the CDRH
guidance program to ensure that we
meet the needs of interested parties.
DATES: Either electronic or written
comments on the notice must be
submitted by December 10, 2024.
ADDRESSES: You may submit comments
as follows. Please note that late,
untimely filed comments will not be
considered. The https://
www.regulations.gov electronic filing
system will accept comments until
11:59 p.m. Eastern Time at the end of
December 10, 2024. Comments received
by mail/hand delivery/courier (for
written/paper submissions) will be
considered timely if they are received
on or before that date.
SUMMARY:
Electronic Submissions
Submit electronic comments in the
following way:
• Federal eRulemaking Portal:
https://www.regulations.gov. Follow the
instructions for submitting comments.
Comments submitted electronically,
including attachments, to https://
www.regulations.gov will be posted to
E:\FR\FM\11OCN1.SGM
11OCN1
]]>Agencies
[Federal Register Volume 89, Number 198 (Friday, October 11, 2024)]
[Notices]
[Pages 82611-82612]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-23586]
=======================================================================
-----------------------------------------------------------------------
GENERAL SERVICES ADMINISTRATION
[Notice--C0A-2024-01; Docket No. 2024-0002; Sequence No 43]
Office of Human Resources Management; SES Performance Review
Board
AGENCY: Office of Human Resources Management (OHRM), General Services
Administration (GSA).
ACTION: Notice.
-----------------------------------------------------------------------
[[Page 82612]]
SUMMARY: Notice is hereby given of the appointment of new members to
the GSA Senior Executive Service Performance Review Board. The
Performance Review Board assures consistency, stability, and
objectivity in the performance appraisal process.
DATES: Applicable: October 11, 2024.
FOR FURTHER INFORMATION CONTACT: Mr. Nathaniel Williams, Acting
Director, Executive Resources Division, Office of Human Resources
Management, GSA, 1800 F Street NW, Washington, DC 20405, or via
telephone at (571) 513-9451.
SUPPLEMENTARY INFORMATION: Section 4314(c)(1) through (5) of title 5
U.S.C requires each agency to establish, in accordance with regulation
prescribed by the Office of Personnel Management, one or more SES
performance review board(s). The board is responsible for making
recommendations to the appointing and awarding authority on the
performance appraisal ratings and performance awards for employees in
the Senior Executive Service.
The following have been designated as members of the Performance
Review Board of GSA:
Katy Kale, Deputy Administrator--PRB Chair.
Christopher Bennethum, Assistant Commissioner for Assisted
Acquisition Services, Federal Acquisition Service.
Lesley Briante, Associate Chief Information Officer of
Digital Management, Office of GSA IT.
Aluanda Drain, Associate Administrator for Civil Rights,
Office of Civil Rights.
Andrew Heller, Deputy Commissioner for Enterprise
Strategy, Public Buildings Service.
Arron Helm, Chief Human Capital Officer, Office of Human
Resources Management.
Dena McLaughlin, Executive Director, Catalog and
Solicitation Management Program Management Office, Federal Acquisition
Service.
Tanisha Palermo, Regional Commissioner, Public Buildings
Service, Rocky Mountain Region.
Flavio Peres, Assistant Commissioner for Real Property
Disposition, Public Buildings Service.
Camille Sabbakhan, Deputy General Counsel, Office of the
General Counsel.
Robin Carnahan,
Administrator, General Services Administration.
[FR Doc. 2024-23586 Filed 10-10-24; 8:45 am]
BILLING CODE 6820-FM-P
