Privacy Act of 1974; System of Records

AGENCY:

Federal Communications Commission.

ACTION:

Notice of a modified system of records.

SUMMARY:

The Federal Communications Commission (FCC, Commission, or Agency) has modified an existing system of records, FCC/OLA-1, Legislative Management Tracking System (LMTS), subject to the Privacy Act of 1974, as amended. This action is necessary to meet the requirements of the Privacy Act to publish in the Federal Register notice of the existence and character of records maintained by the agency. The FCC's Office of Legislative Affairs (OLA) uses this system to maintain the personally identifiable information (PII) contained in the Commission's Legislative Management Tracking System (LMTS).

DATES:

This modified system of records will become effective on July 9, 2024. Written comments on the routine uses are due by August 8, 2024. The routine uses in this action will become effective on August 8, 2024 unless comments are received that require a contrary determination.

ADDRESSES:

Send comments to Brendan McTaggart, Attorney-Advisor, Office of General Counsel, Federal Communications Commission, 45 L Street NE, Washington, DC 20554, or to privacy@fcc.gov.

FOR FURTHER INFORMATION CONTACT:

Brendan McTaggart, (202) 418-1738, or privacy@fcc.gov.

SUPPLEMENTARY INFORMATION:

This notice serves to update and modify FCC/OLA-1 as a result of the various necessary changes and updates. The substantive changes and modifications to the previously published version of the FCC/OLA-1 system of records include:

1. Adding five new routine uses: (1) Litigation; (2) Adjudication; (3) Law Enforcement and Investigation; (8) Assistance to Federal Agencies and Entities Related to Breaches, the addition of which is required by OMB M-17-12; and (9) Nonfederal Personnel.

2. Updating and/or revising language in three routine uses (listed by the routine use number provided in this notice): (4) Government-wide Program Management and Oversight; (5) Congressional Inquiries; and (7) Breach Notification, the modification of which is required by OMB M-17-12.

The system of records is also updated to reflect various administrative changes related to the system managers and system addresses; policy and practices for storage, retention, disposal and retrieval of the information; administrative, technical, and physical safeguards; and updated notification, records access, and contesting records procedures.

SYSTEM NAME AND NUMBER:

FCC/OLA-1, Legislative Management Tracking System (LMTS).

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

OLA, FCC, 45 L St. NE, Washington, DC 20554.

SYSTEM MANAGER(S):

OLA, FCC, 45 L St. NE, Washington, DC 20554.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S.C. 301; 44 U.S.C. 3101; 47 U.S.C. 154(i), (j), and (k), and 47 U.S.C. 155(a).

PURPOSE(S) OF THE SYSTEM:

OLA uses the LMTS to store, track, and manage correspondence to or from the members of the U.S. House of Representatives, the U.S. Senate, and the Vice President and President of the United States. This correspondence may include attachments that could contain PII from individuals (members of the public at large) who contacted their Congressional Representative(s), Senator(s), and/or the Vice President or President concerning various telecommunications issues affecting them, e.g., telephone and cable bills, etc. In addition, LMTS tracks correspondence regarding FCC employees who have requested Congressional assistance with their personal employment issues at the Commission, e.g., hiring and promotion matters, etc.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The categories of individuals in the Legislative Management Tracking System (LMTS) include members of the U.S. House of Representatives, Senators, and the Vice President and President of the United States; members of the public at large; and FCC employees.

CATEGORIES OF RECORDS IN THE SYSTEM:

The categories of records in the LMTS may include:

1. Members of the public at large: individual's name, home address, home telephone number(s), personal cell phone number(s), account number(s) for telephone, cell phone, cable television, and satellite television services, and other, miscellaneous information that an individual may include in his/her Congressional (constituent) complaint(s) and/or consumer complaints, etc.; and

2. FCC employees: individual's name, home address, home telephone number(s), personal cell phone number(s), FCC employment records, and other miscellaneous, information that a Commission employee may include in a complaint or request.

RECORD SOURCE CATEGORIES:

The sources for the information in the LMTS are Congressional and Executive Branch correspondence, including attachments, which may include complaints related to telephone, wireless, and cable billing or service; licensing inquiries; or other inquiries on issues under FCC jurisdiction, etc., submitted by constituents (members of the public at large); or personnel actions or complaints from constituents who are FCC employees.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

Information about individuals in this system of records may routinely be disclosed under the following conditions:

1. Litigation—Records may be disclosed to the Department of Justice (DOJ) when: (a) the FCC or any component thereof; (b) any employee of the FCC in his or her official capacity; (c) any employee of the FCC in his or her individual capacity where the DOJ or the FCC has agreed to represent the employee; or (d) the United States Government is a party to litigation or has an interest in such litigation, and by careful review, the FCC determines that the records are both relevant and necessary to the litigation, and the use of such records by the Department of Justice is for a purpose that is compatible with the purpose for which the FCC collected the records.

2. Adjudication—Records may be disclosed in a proceeding before a court or adjudicative body, when: (a) the FCC or any component thereof; or (b) any employee of the FCC in his or her official capacity; or (c) any employee of the FCC in his or her individual capacity; or (d) the United States Government, is a party to litigation or has an interest in such litigation, and by careful review, the FCC determines that the records are both relevant and necessary to the litigation, and that the use of such records is for a purpose that is compatible with the purpose for which the agency collected the records.

3. Law Enforcement and Investigation—When the FCC investigates any violation or potential violation of a civil or criminal law, regulation, policy, executed consent decree, order, or any other type of compulsory obligation and determines that a record in this system, either alone or in conjunction with other information, indicates a violation or potential violation of law, regulation, policy, consent decree, order, or other compulsory obligation, the FCC may disclose pertinent information as it deems necessary to the target of an investigation, as well as with the appropriate Federal, State, local, Tribal, international, or multinational agencies, or a component of such an agency, responsible for investigating, prosecuting, enforcing, or implementing a statute, rule, regulation, or order.

4. Government-wide Program Management and Oversight—Information may be disclosed to the Department of Justice (DOJ) to obtain that department's advice regarding disclosure obligations under the Freedom of Information Act (FOIA); or to the Office of Management and Budget (OMB) to obtain that office's advice regarding obligations under the Privacy Act.

5. Congressional Inquiries—Information may be provided to a Congressional office in response to an inquiry from that Congressional office made at the written request of the individual to whom the information pertains.

6. Executive Branch Inquiries—Records may be shared with other Federal agencies, including the White House and OMB, to assist individuals whose information is contained in this system.

7. Breach Notification—Records may be disclosed to appropriate agencies, entities, and persons when: (a) The Commission suspects or has confirmed that there has been a breach of the system of records; (b) the Commission has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Commission (including its information systems, programs, and operations), the Federal Government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Commission's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

8. Assistance to Federal Agencies and Entities Related to Breaches—Records may be disclosed to another Federal agency or Federal entity, when the Commission determines that information from this system is reasonably necessary to assist the recipient agency or entity in: (a) responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, program, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

9. Non-Federal Personnel—Information may be disclosed to non-Federal personnel, including contractors, other vendors ( e.g., identity verification services), grantees, and volunteers who have been engaged to assist the FCC in the performance of a service, grant, cooperative agreement, or other activity related to this system of records and who need to have access to the records in order to perform their activity.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Electronic records in this system reside on the FCC or a vendor's network.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Information in the LMTS is retrieved by the correspondence log-in file number, Congressional Representative's name, and/or type of complaint, etc. Regardless of the circumstances, OLA always redacts the Social Security Number and birthdate before entering a document into LMTS. Other personally identifiable information (PII) in an attachment may also be redacted prior to filing the correspondence if it is not relevant to the complaint or inquiry.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

The information in this system is maintained and disposed of in accordance with the National Archives and Records Administration (NARA) Records Schedules N1-173-92-002, Office of Legislative Affairs Records, and N1-173-96-001, Office of Legislative and Intergovernmental Affairs Records.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Electronic records, files, and data are stored within FCC or a vendor's accreditation boundaries and maintained in a database housed in the FCC's or vendor's computer network databases. Access to the electronic files is restricted to authorized employees and contractors; and to IT staff, contractors, and vendors who maintain the IT networks and services. Other employees and contractors may be granted access on a need-to-know basis. The electronic files and records are protected by the FCC and third-party privacy safeguards, a comprehensive and dynamic set of IT safety and security protocols and features that are designed to meet all Federal privacy standards, including those required by the Federal Information Security Modernization Act of 2014 (FISMA), the Office of Management and Budget (OMB), and the National Institute of Standards and Technology (NIST).

RECORD ACCESS PROCEDURES:

Individuals wishing to request access to and/or amendment of records about themselves should follow the Notification Procedures below.

CONTESTING RECORD PROCEDURES:

Individuals wishing to contest information pertaining to him or her in the system of records should follow the Notification Procedures below.

NOTIFICATION PROCEDURES:

Individuals wishing to determine whether this system of records contains information about themselves may do so by writing to privacy@fcc.gov. Individuals requesting record access or amendment must also comply with the FCC's Privacy Act regulations regarding verification of identity as required under 47 CFR part 0, subpart E.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

76 FR 23811 (April 28, 2011).