Privacy Act of 1974; System of Records

AGENCY:

Federal Deposit Insurance Corporation (FDIC).

ACTION:

Notice of new system of records.

SUMMARY:

Pursuant to the provisions of the Privacy Act of 1974, as amended, the Federal Deposit Insurance Corporation (FDIC) gives notice of the establishment of a new system of records titled “FDIC-039, E-Rulemaking System of Records.” FDIC's E-Rulemaking system allows the public to search, review, download and comment on FDIC rulemaking and notice documents via FDIC's website ( https://www.fdic.gov/resources/regulations/federal-register-publications/ ). This system of records notice covers the records maintained by the FDIC relating to comments and other written input submitted to the Corporation in response to proposed FDIC rulemakings, notices, or other requests for comments.

DATES:

This action will become effective on September 2, 2022. The routine uses in this action will become effective on October 3, 2022, unless the FDIC makes changes based on comments received. Written comments should be submitted on or before October 3, 2022.

ADDRESSES:

Interested parties are invited to submit written comments identified by Privacy Act Systems of Records by any of the following methods:

• Agency Website: https://www.fdic.gov/resources/regulations/federal-register-publications/. Follow the instructions for submitting comments on the FDIC website.

• Email: comments@fdic.gov. Include “SORN” on the subject line of the message.

• Mail: James P. Sheesley, Assistant Executive Secretary, Attention: Comments SORN, Legal Division, Office of the Executive Secretary, Federal Deposit Insurance Corporation, 550 17th Street NW, Washington, DC 20429.

• Hand Delivery: Comments may be hand-delivered to the guard station at the rear of the 17th Street NW building (located on F Street NW) on business days between 7:00 a.m. and 5:00 p.m.

• Public Inspection: Comments received, including any personal information provided, may be posted without change to https://www.fdic.gov/resources/regulations/federal-register-publications/. Commenters should submit only information that the commenter wishes to make available publicly. The FDIC may review, redact, or refrain from posting all or any portion of any comment that it may deem to be inappropriate for publication, such as irrelevant or obscene material. The FDIC may post only a single representative example of identical or substantially identical comments, and in such cases will generally identify the number of identical or substantially identical comments represented by the posted example. All comments that have been redacted, as well as those that have not been posted, that contain comments on the merits of this document will be retained in the public comment file and will be considered as required under all applicable laws. All comments may be accessible under the Freedom of Information Act.

FOR FURTHER INFORMATION CONTACT:

Shannon Dahn, Chief, Privacy Program, 703-516-5500, privacy@fdic.gov.

SUPPLEMENTARY INFORMATION:

I. Background

Pursuant to the Privacy Act of 1974, 5 U.S.C. 552a, FDIC is establishing a new system of records, FDIC-039, E-Rulemaking System of Records. FDIC collects comments on rulemakings and other regulatory actions, which it publishes on its website to provide transparency in the informal rulemaking process under the Administrative Procedure Act (APA), 5 U.S.C. 553, and in the regulatory processes established by the Federal Deposit Insurance Act, 12 U.S.C. 1811. FDIC also may solicit comments or other input from the public that may not be associated with statutory or regulatory notice and comment requirements.

The E-Rulemaking system collects and stores comments and input received by the Corporation. Specifically, the system includes an option on https://www.fdic.gov/resources/regulations/federal-register-publications/ that allows individuals to electronically submit their comments or input to FDIC. The system collects the email address of the commenter, along with any additional information that the commenter elects to include in their submission, such as their name, organization, and contact information. Once submitted, the system stores this information in the E-Rulemaking database. Any comments received by fax, postal mail, or email are uploaded by authorized FDIC personnel into this database, collecting all comments into one central repository. The commenter's email address, name, organization, work contact information, and comment are published to https://www.fdic.gov/resources/regulations/federal-register-publications/. The commenter's personal contact information, or other additional personal information voluntarily submitted, is generally not published online. The FDIC may review, redact, or refrain from posting all or any portion of any comment that it may deem to be inappropriate for publication, such as irrelevant or obscene material. During a proposed rulemaking or other statutory or regulatory notice and comment process, FDIC personnel may manually remove a comment from publication if the commenter withdraws the comment before the comment period has closed. However, comments that are removed from publication will be retained by the FDIC for consideration as required by the APA, or as part of the FDIC's documentation of a requested comment withdrawal.

II. The Privacy Act

Under the Privacy Act of 1974, 5 U.S.C. 552a, a “system of records” is defined as any group of records under the control of a Federal government agency from which information about individuals is retrieved by name or by some identifying number, symbol, or other identifying particular assigned to the individual. The Privacy Act establishes the means by which government agencies must collect, maintain, and use information about an individual in a government system of records.

Each government agency is required to publish a notice in the Federal Register in which the agency identifies and describes each system of records it maintains, the reasons why the agency uses the information therein, the routine uses for which the agency will disclose such information outside the agency, and how individuals may exercise their rights under the Privacy Act.

In accordance with 5 U.S.C. 552a(r), FDIC has provided a report of this system of records to the Office of Management and Budget (OMB) and to Congress.

SYSTEM NAME AND NUMBER:

E-Rulemaking System of Records, FDIC-039.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Records are maintained at FDIC facilities in Washington, DC; Arlington, VA; and regional offices. Original and duplicate systems may exist, in whole or in part, at secure sites and on secure servers maintained by third-party service providers for the FDIC.

SYSTEM MANAGER(S):

Legal Division, Office of the Executive Secretary, FDIC, 550 17th Street NW, Washington, DC 20429.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Section 206(d) of the E-Government Act of 2002 (Pub. L. 107-347, 44 U.S.C. 3501 note); Section 553 of the Administrative Procedure Act (5 U.S.C. 553); and the Federal Deposit Insurance Act (12 U.S.C. 1811) and rules and regulations promulgated thereunder.

PURPOSE(S) OF THE SYSTEM:

The purpose of this system is to collect, review, and maintain feedback from the public on proposed FDIC rulemakings, notices, and other FDIC regulatory actions. FDIC may use any submitted contact information to seek clarification about a comment, respond to a comment when warranted, and for other purposes associated with the rulemaking or notice process.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals providing comments or other input to the FDIC in response to an FDIC rulemaking, notice, or other request for comment, as well as individuals who may be discussed or identified in the body of a comment.

CATEGORIES OF RECORDS IN THE SYSTEM:

Records in this system include comments and other written input received by FDIC in response to proposed rules, notices, or other requests for comments associated with Corporation rules, regulations, policies, or procedures. Comments or input submitted through https://www.fdic.gov/resources/regulations/federal-register-publications include the commenter's email address and any supplemental information that the commenter chooses to provide in their submission to FDIC, such as their full name, job title, organization name, representative name, mailing address, telephone number, fax number, and supporting documentation.

The comments or input provided may contain other personal information, although the comment submission instructions advise commenters not to include any information that the commenter does not wish to make available publicly, as all comments, including personal information, may be posted without change. The system may also contain summaries or memorializations of general communications input by FDIC personnel related to the proposed rule, statutory or regulatory provision, or Corporation activity.

RECORD SOURCE CATEGORIES:

The FDIC receives records from individuals and organizations providing comments to FDIC, including members of the public; representatives of Federal, State, or local government; non-governmental organizations; and the private sector.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside the FDIC as a routine use as follows:

(1) To appropriate Federal, State, local, and foreign authorities responsible for investigating or prosecuting a violation of, or for enforcing or implementing a statute, rule, regulation, or order issued, when the information indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature, and whether arising by general statute or particular program statute, or by regulation, rule, or order issued pursuant thereto;

(2) To a court, magistrate, or other administrative body in the course of presenting evidence, including disclosures to counsel or witnesses in the course of civil discovery, litigation, or settlement negotiations or in connection with criminal proceedings, when the FDIC is a party to the proceeding or has a significant interest in the proceeding, to the extent that the information is determined to be relevant and necessary;

(3) To a congressional office in response to an inquiry made by the congressional office at the request of the individual who is the subject of the record;

(4) To appropriate agencies, entities, and persons when (a) the FDIC suspects or has confirmed that there has been a breach of the system of records; (b) the FDIC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the FDIC (including its information systems, programs, and operations), the Federal Government, or national security; the FDIC and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the FDIC's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm;

(5) To another Federal agency or Federal entity, when the FDIC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach; or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach;

(6) To appropriate Federal, State, and local authorities in connection with hiring or retaining an individual; conducting a background security or suitability investigation; adjudication of liability; or eligibility for a license, contract, grant, or other benefit;

(7) To appropriate Federal, State, and local authorities, agencies, arbitrators, and other parties responsible for processing any personnel actions or conducting administrative hearings or corrective actions or grievances or appeals, or if needed in the performance of other authorized duties;

(8) To appropriate Federal agencies and other public authorities for use in records management inspections;

(9) To contractors, grantees, volunteers, and others performing or working on a contract, service, grant, cooperative agreement, or project for the FDIC, the Office of Inspector General, or the Federal Government for use in carrying out their obligations under such contract, grant, agreement or project;

(10) To Federal, State, and local agencies for use in meeting their statutory or regulatory requirements; and

(11) To the public or certain stakeholders in the form of FDIC documents, such as final rules or reports, that use, consider, discuss, or publish comments received by the FDIC.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are stored in paper and electronic media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

FDIC may retrieve records by a variety of fields, including but not limited to, keyword, name of individual or entity submitting a comment, contact information or any data elements submitted in or as part of a comment, document title, Code of Federal Regulations (CFR) (search for a specific title within the CFR), CFR citation (search for the part or parts within the CFR title being searched), document type, document subtype, or date ( e.g., date comment received or posted, Federal Register publication date, comment period end date).

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Public comments received in response to rulemakings are temporary records that are destroyed/deleted 15 years after the rule or regulation becomes effective, in accordance with approved records retention schedules.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records are protected from unauthorized access and improper use through administrative, technical, and physical security measures. Administrative safeguards include written guidelines on handling personal information including agency-wide procedures for safeguarding personally identifiable information. In addition, all FDIC staff are required to take annual privacy and security training. Technical security measures within FDIC include restrictions on computer access to authorized individuals who have a legitimate need to know the information; required use of strong passwords that are frequently changed; multi-factor authentication for remote access and access to many FDIC network components; use of encryption for certain data types and transfers; firewalls and intrusion detection applications; and regular review of security procedures and best practices to enhance security. Physical safeguards include restrictions on building access to authorized individuals, 24-hour security guard service, and maintenance of records in lockable offices and filing cabinets.

RECORD ACCESS PROCEDURES:

Individuals wishing to request access to records about them in this system of records must submit their request in writing to the FDIC FOIA & Privacy Act Group, 550 17th Street NW, Washington, DC 20429, or email efoia@fdic.gov. Requests must include full name, address, and verification of identity in accordance with FDIC regulations at 12 CFR part 310.

CONTESTING RECORD PROCEDURES:

Individuals wishing to contest or request an amendment to their records in this system of records must submit their request in writing to the FDIC FOIA & Privacy Act Group, 550 17th Street NW, Washington, DC 20429, or email efoia@fdic.gov. Requests must specify the information being contested, the reasons for contesting it, and the proposed amendment to such information in accordance with FDIC regulations at 12 CFR part 310.

NOTIFICATION PROCEDURES:

Individuals wishing to know whether this system contains information about them must submit their request in writing to the FDIC FOIA & Privacy Act Group, 550 17th Street NW, Washington, DC 20429, or email efoia@fdic.gov. Requests must include full name, address, and verification of identity in accordance with FDIC regulations at 12 CFR part 310.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.