Privacy Act of 1974; System of Records

AGENCY:

Commodity Futures Trading Commission.

ACTION:

Notice of a New System of Records.

SUMMARY:

The Commodity Futures Trading Commission (“CFTC” or “Commission”) is establishing a new system of records, CFTC-55, “Dental Benefits Records” to cover records pertaining to the administration of CFTC's dental benefits program. This includes the collection and management of records relating to dental procedures covered under the program, enrollment and claims forms, and communications with CFTC employees regarding their coverage, eligibility data, and billing.

DATES:

In accordance with 5 U.S.C. 552(e)(4) and (e)(11) this notice will go in to effect without further notice on December 18, 2020 unless otherwise revised pursuant to comments received. All routine uses will go in to effect on January 19, 2021. Comments must be received on or before January 19, 2021.

ADDRESSES:

You may submit comments identified as pertaining to “Dental Benefits Records” by any of the following methods:

• CFTC website: https://comments.cftc.gov. Follow the instructions for submitting comments through the Comments Online process on the website.
• Mail: Christopher Kirkpatrick, Secretary of the Commission, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.
• Hand Delivery/Courier: Same as Mail, above.
• Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.

Please submit your comments using only one method.

All comments must be submitted in English, or if not, accompanied by an English translation. Comments will be posted as received to https://www.cftc.gov. You should submit only information that you wish to make available publicly.

The Commission reserves the right, but shall have no obligation, to review, pre-screen, filter, redact, refuse, or remove any or all of a submission from https://www.cftc.gov that it may deem to be inappropriate for publication, such as obscene language. All submissions that have been redacted or removed that contain comments on the merits of the notice will be retained in the comment file and will be considered as required under all applicable laws, and may be accessible under the FOIA.

FOR FURTHER INFORMATION CONTACT:

Charlie Cutshall, Chief Privacy Officer, privacy@cftc.gov, 202-418-5833, Office of the Executive Director, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.

SUPPLEMENTARY INFORMATION:

I. Dental Benefits Program

As part of the Farm Security and Rural Investment Act of 2002 (FSRIA), CFTC received authority to implement pay and benefit parity with other Federal Financial Regulatory Agencies in order to better attract and retain employees. Following a study of pay and benefits, CFTC implemented a new dental insurance program for employees and their dependents effective July 11, 2004.

II. The Privacy Act

Under the Privacy Act of 1974, 5 U.S.C. 552a, a “system of records” is defined as any group of records under the control of a Federal government agency from which information about individuals is retrieved by name or by some identifying number, symbol, or other identifying particular assigned to the individual. The Privacy Act establishes the means by which government agencies must collect, maintain, and use information about an individual in a government system of records.

Each government agency is required to publish a notice in the Federal Register in which the agency identifies and describes each system of records it maintains, the reasons why the agency uses the information therein, the routine uses for which the agency will disclose such information outside the agency, and how individuals may exercise their rights under the Privacy Act.

In accordance with 5 U.S.C. 552a(r), CFTC has provided a report of this new system of records to the Office of Management and Budget and to Congress.

SYSTEM NAME AND NUMBER:

Dental Benefits Records; CFTC-55.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

This system is located at the Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. Records maintained as part of this system of records are also located at site of the benefits provider.

SYSTEM MANAGER(S):

Chief Human Capital Officer, benefits@cftc.gov, Office of the Executive Director, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

The collection of this information is authorized under 7 U.S.C. 2(a)(7) and the rules promulgated thereunder.

PURPOSE(S) OF THE SYSTEM:

These records are collected and maintained to administer the CFTC's dental benefits programs for its employees and their enrolled dependents, and to assist in personnel management.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

CFTC employees (but not retirees) and their enrolled dependents.

CATEGORIES OF RECORDS IN THE SYSTEM:

Records in the system may contain any or all of the following types of information on participating employees and their enrolled dependents: First name; last name; Social Security number; date of birth; phone number; email address; home address; member ID number; enrollee's employing agency; dental care procedure information regarding procedures performed on the individual; dental care diagnoses and treatments, including any prescribed drugs; and, provider charges, including amounts paid by the plan and amounts paid by the enrollee.

RECORD SOURCE CATEGORIES:

Information is provided by the individual to whom the record pertains, the benefit provider, and staff of the Human Resources Branch in the Office of the Executive Director.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

These records and information in these records may be disclosed:

(a) To contractors performing or working on a contract for the Federal government when necessary to accomplish an agency function.

(b) To the appropriate Federal, State, local, territorial, Tribal, or foreign law enforcement authority or other appropriate entity charged with the responsibility for investigating or prosecuting violations or potential violations of law whether criminal, civil, or regulatory in nature, or charged with enforcing or implementing such law.

(c) To the Merit Systems Protection Board or the Office of Special Counsel for the purpose of litigation, including administrative proceedings, appeals, special studies of the civil service and other merit systems.

(d) To a Federal agency in response to its request in connection with the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract or the issuance of a license, or a grant or other benefit by the requesting agency, to the extent that the information may be relevant to the requesting agency's decision on the matter.

(e) To the Department of Justice or in a proceeding before a court, adjudicative body, or other administrative body which the agency is authorized to appear, when

(1) the Commission, or any component thereof;

(2) any employee of the Commission in his or her official capacity;

(3) any Commission of the agency in his or her official capacity where the Department of Justice or the agency has agreed to represent the employee; or

(4) the United States, when the Commission determines that litigation is likely to affect the agency or any of its components;

Is a party to litigation or has an interest in such litigation, and the use of such records by the Department of Justice or the Commission is deemed by the agency to be relevant and necessary to the litigation provided, however, that in each case it has been determined that the disclosure is compatible with the purpose for which the records were collected.

(f) To appropriate agencies, entities, and persons when (1) the Commission suspects or has confirmed that there has been a breach of the system of records; (2) the Commission has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Commission (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Commission's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

(g) To another Federal agency or Federal entity, when the Commission determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records in this system of records are stored electronically or on paper in secure facilities. Electronic records are stored on secure networks maintained by the Commission and benefits provider, and on other electronic media as needed, such as encrypted hard drives and back-up media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Information covered by this system of records notice may be retrieved by a member's ID number or by an individual's name.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

The Records maintained by a health care facility or dispensary relating to an individual patient's personal medical history, physical condition, or any treatment or examination thereof for non-work-related purposes which come to be in the CFTC's possession are maintained in accordance with GRS 2.7-070, DAA-GRS-2017-0010-0012 and are destroyed 10 years after the most recent encounter.

Records of an individual's enrollment in an agency-sponsored dental plan are maintained in accordance with GRS 2.2-041, DAA-GRS-2017-0007-0005. These records are destroyed when superseded or obsolete, or upon separation or transfer of employee, whichever is earlier.

Records associated with the procurement of contracted services of an agency-sponsored dental benefit program are coved by GRS 1.1, 010, DAA-GRS-2013-0003-0001 and must be maintained for 6 years after final payment of the contract or cancellation of the contract then must be destroyed. The benefits provider has implemented policies and processes to securely destroy records in accordance with the applicable retention schedule or upon instruction from the Commission.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records are protected from unauthorized access and improper use through administrative, technical, and physical security measures employed by the CFTC and benefits provider. Administrative safeguards include maintenance of written policies, standards, and procedures reinforced by training and periodic auditing. Technical security safeguards include restrictions on computer access to authorized individuals who have a legitimate need to know the information; required use of strong passwords that are frequently changed; multi-factor authentication for remote access and access to many network components; use of encryption for certain data types and transfers; firewalls and intrusion detection applications; and regular review of security procedures and best practices to enhance security. Physical safeguards include restrictions on building access to authorized individuals, use of security guard services, and video surveillance.

RECORD ACCESS PROCEDURES:

Individuals seeking to determine whether this system of records contains information about themselves or seeking access to records about themselves in this system of records should address written inquiries to the Office of General Counsel, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. See 17 CFR 146.3 for full details on what to include in a Privacy Act access request.

CONTESTING RECORD PROCEDURES:

Individuals contesting the content of records about themselves contained in this system of records should address written inquiries to the Office of General Counsel, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. See 17 CFR 146.8 for full details on what to include in a Privacy Act amendment request.

NOTIFICATION PROCEDURES:

Individuals seeking notification of any records about themselves contained in this system of records should address written inquiries to the Office of General Counsel, Commodity Futures Trading Commission, Three Lafayette Centre, 1155 21st Street NW, Washington, DC 20581. See 17 CFR 146.3 for full details on what to include in a Privacy Act notification request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.