Privacy Act System of Records

AGENCY:

Federal Communications Commission.

ACTION:

Notice of a modified system of records.

SUMMARY:

The Federal Communications Commission (FCC, Commission, or Agency) proposes to modify an existing system of records, FCC/CGB–3, National Deaf-Blind Equipment Distribution Program (NDBEDP), subject to the Privacy Act of 1974, as amended. This action is necessary to meet the requirements of the Privacy Act to publish in the Federal Register notice of the existence and character of records maintained by the agency. The Commission uses the information, including personally identifiable information (PII), that is submitted by the certified equipment distribution program in each state, as required by the NDBEDP, to maintain each state's certification to participate in the NDBEDP to support the distribution of specialized customer premises equipment (CPE) and the provision of associated services. State equipment distribution programs, other public programs, and private entities may apply to the Commission for certification for the state to participate in the NDBEDP and receive reimbursement for its activities. This modification makes various necessary changes and updates, including formatting changes required by the Office of Management and Budget (OMB) Circular A–108 since its previous publication, the addition of new routine uses, as well as the revision of existing routine uses.

DATES:

This modified system of records will become effective on September 1, 2023. Written comments on the routine uses are due by October 2, 2023. The new or revised routine uses in this action will become effective on October 2, 2023 unless comments are received that require a contrary determination.

ADDRESSES:

Send comments to Katherine C. Clark, FCC, 45 L Street NE, Washington, DC 20554, or to privacy@fcc.gov.

FOR FURTHER INFORMATION CONTACT:

Katherine C. Clark, (202) 418–1773 or privacy@fcc.gov (and to obtain a copy of the Narrative Statement and the Supplementary Document, which includes details of the proposed alterations to this system of records).

SUPPLEMENTARY INFORMATION:

As required by the Privacy Act of 1974, as amended, 5 U.S.C. 552a(e)(4) and (e)(11), this document sets forth notice of the proposed modification of a system of records maintained by the FCC. The FCC previously provided notice of the system of records FCC/CGB–3 by publication in the Federal Register on January 19, 2012 (77 FR 2721). This notice serves to modify FCC/CGB–3 to make various necessary changes and updates, including clarification of the purpose of the system, format changes required by OMB Circular A–108 since its previous publication, the addition of new routine uses and the revision of existing routine uses, which include converting a single existing routine use into multiple revised routine uses. The substantive changes and modifications to the previously published version of the FCC/CGB–3 system of records include:

1. Updating the language in the Security Classification to follow OMB guidance;

2. Modifying the language in the Categories of Individuals and Categories of Records to be consistent with the language and phrasing now used in FCC SORNs;

3. Updating and/or revising language in the following routine uses: (4) Law Enforcement and Investigation; (5) Litigation; (6) Adjudication; (7) Congressional Inquiries; (8) Government-wide Program Management and Oversight; and (9) Breach Notification, the revision of which is as required by OMB Memorandum No. M–17–12;

4. Adding two new routine uses: (10) Assistance to Federal Agencies and Entities Related to Breaches—to assist with other Federal agencies' data breach situations, which is required by OMB Memorandum No. M–17–12; and (11) Non-Federal Personnel—to allow access to information to contractors, other vendors, grantees, and volunteers who have been engaged to assist the FCC in the performance of a contract, service, grant, or cooperative agreement; and

5. Deleting former routine use (6) Department of Justice, which is duplicative of current routine use (5) Litigation.

The system of records is also updated to reflect various administrative changes related to the system managers and system addresses; policy and practices for storage and retrieval of the information; administrative, technical, and physical safeguards; and updated notification, records access, and contesting records procedures.

SYSTEM NAME AND NUMBER:

FCC/CGB–3, National Deaf-Blind Equipment Distribution Program (NDBEDP).

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Consumer and Governmental Affairs Bureau (CGB), FCC, 45 L Street NE, Washington, DC 20554.

SYSTEM MANAGER(S):

CGB, FCC, 45 L Street NE, Washington, DC 20554.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

47 U.S.C. 154, 201, 218, 222, 225, 226, 228, 254(k), and 620; Telecommunications Act of 1996, Public Law 014–104, 110 Stat. 56; Twenty-First Century Communications and Video Accessibility Act of 2010, as amended, Public Law 111–265, 124 Stat 2795.

PURPOSE(S) OF THE SYSTEM:

This system collects records submitted by the certified equipment distribution program in each state, as required by the NDBEDP, to maintain each state's certification to participate in this program. Collecting and maintaining the required types of information allows staff access to documents necessary for key activities discussed in this SORN, including maintaining information regarding certified program participants; analyzing effectiveness and efficiency of this and related FCC programs; informing future rule and policy-making activity; and improving staff efficiency. Records in this system are available for public inspection, e.g., in response to requests under the Freedom of Information Act (FOIA), after redaction of information that could identify a complainant or correspondent, such as the complainant's name, address, telephone number, fax number, and/or email address.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

1. Individuals who request or receive the NDBEDP equipment;

2. Individuals who attest to the disability of the individual receiving the NDBEDP equipment and/or matters related to the eligibility requirements, qualifications, and regulations, etc., for those seeking to participate in the NDBEDP;

3. Individuals who may file complaints, and parties named in or involved with the complaint, including, but not limited to, both formal and informal complaints, and inquiries on behalf of themselves or NDBEDP participants and matters related to NDBEDP rules and regulations; and

4. Certain non-Federal personnel performing services or activities related to this system of records, including, but not limited to, representatives of equipment distribution programs.

CATEGORIES OF RECORDS IN THE SYSTEM:

1. The name and contact information, including street address, email address, and phone number for the individuals requesting or receiving the NDBEDP equipment;

2. The name and contact information, including street and email addresses, phone number(s), and fax number(s) for the individuals attesting to the disability of the individual who is deaf-blind;

3. Other miscellaneous PII related to the individuals who participate in this program, e.g., response data for equipment requests, users' complaints, evaluation of the users' needs, user training data, outreach activities, equipment request denial data, and medical attestations or records regarding disability qualifications and eligibility requirements;

4. The name and contact information, including street and email addresses, phone number(s), and fax number(s) for certain non-Federal personnel performing services or activities related to this system of records, including, but not limited to, representatives of equipment distribution programs;

5. The name and contact information, including street and email addresses, phone number(s), and fax number(s) for individuals who make or have made formal and informal complaints and inquiries (including related supporting information), and parties named in or involved with the complaint or inquiry, in any format (including but not limited to paper, telephone, TTY, recording, Braille, and electronic submissions, such as email, internet, etc.) on behalf of themselves or NDBEDP participants; and

6. Commission correspondence, e.g., letters and related communications regarding formal and informal complaints and inquiries (which may include PII and related information) that pertain to the NDBEDP programs, NDBEDP participants, involved parties, and the certification and participation of each entity approved by the Commission to participate in the NDBEDP.

RECORD SOURCE CATEGORIES:

Information in this system is provided by individuals who request or receive the NDBEDP equipment; individuals, groups, and other entities who attest to the disability of the individual requesting or receiving the equipment; and other individuals, groups, and other entities who have a connection to the NDBEDP and its participants, e.g., those filing or involved with formal and informal complaints or inquiries on behalf of the participants or otherwise performing services or activities related to this system of records

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

Information about individuals in this system of records may routinely be disclosed under the following conditions:

1. Formal or Informal Complaints—When a record in this system involves a formal or informal complaint, and/or inquiry filed against an NDBEDP certified program and related entities, the complaint or inquiry may be forwarded to the subject certified program for that state, the appropriate State and Federal medical boards, certifying associations, and related groups, and personal physicians (who may determine whether an individual meets the eligibility criteria for participation in the NDBEDP) for a response.

2. Medical Records—A medical attestation or record (including but not limited to third-party attestations, certifications, and declarations of disability) from this system may be disclosed to appropriate entities, including, but not limited to, the subject certified program for that state, the appropriate State and Federal medical boards, certifying associations, and related groups, and personal physicians for the purposes of determining whether an individual meets the eligibility criteria of being deaf-blind required to participate in the NDBEDP.

3. Income Eligibility Records—A record from this system may be disclosed to appropriate entities, including but not limited to the subject certified program for that state, as well as the appropriate State and Federal certifying boards and authorities, for the purposes of determining whether an individual meets the income eligibility criteria required to participate in the NDBEDP.

4. Law Enforcement and Investigation—To disclose pertinent information to appropriate Federal, State, Tribal, or local agencies, authorities, and officials responsible for investigating, prosecuting, enforcing, or implementing a statute, rule, regulation, order, or other requirement when the FCC becomes aware of an indication of a violation or potential violation of a civil or criminal statute, law, regulation, order, or other requirement.

5. Litigation—To disclose records to the Department of Justice (DOJ) when: (a) the FCC or any component thereof; (b) any employee of the FCC in his or her official capacity; (c) any employee of the FCC in his or her individual capacity where the DOJ or the FCC has agreed to represent the employee; or (d) the United States Government is a party to litigation or has an interest in such litigation, and by careful review, the FCC determines that the records are both relevant and necessary to the litigation, and the use of such records by the Department of Justice is for a purpose that is compatible with the purpose for which the FCC collected the records.

6. Adjudication—To disclose records in a proceeding before a court or adjudicative body, when: (a) the FCC or any component thereof; or (b) any employee of the FCC in his or her official capacity; or (c) any employee of the FCC in his or her individual capacity; or (d) the United States Government, is a party to litigation or has an interest in such litigation, and by careful review, the FCC determines that the records are both relevant and necessary to the litigation, and that the use of such records is for a purpose that is compatible with the purpose for which the agency collected the records.

7. Congressional Inquiries—To provide information to a Congressional office from the record of an individual in response to an inquiry from that Congressional office made at the written request of that individual.

8. Government-wide Program Management and Oversight—To DOJ to obtain that department's advice regarding disclosure obligations under the Freedom of Information Act (FOIA); or to the Office of Management and Budget (OMB) to obtain that office's advice regarding obligations under the Privacy Act.

9. Breach Notification—To appropriate agencies, entities, and persons when: (a) the Commission suspects or has confirmed that there has been a breach of PII maintained in the system of records; (b) the Commission has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Commission (including its information system, programs, and operations), the Federal Government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Commission's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

10. Assistance to Federal Agencies and Entities Related to Breaches—To another Federal agency or Federal entity, when the Commission determines that information from this system is reasonably necessary to assist the recipient agency or entity in: (a) responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, program, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

11. Non-Federal Personnel—To disclose information to non-Federal personnel, including contractors, other vendors ( e.g., identity verification services), grantees, and volunteers who have been engaged to assist the FCC in the performance of a contract, service, grant, cooperative agreement, or other activity related to this system of records and who need to have access to the records in order to perform their activity.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

This electronic system of records resides on the FCC's network or on an FCC vendor's network.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records in this system of records can be retrieved by any category field, e.g., the individual's contact information, including the individual's name(s), street address, email address(es), landline phone and cell phone number(s), complainant(s), and description fields.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

The information in this system is maintained and disposed of in accordance with the National Archives and Records Administration (NARA) General Records Schedule DAA–0173–2017–0002.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

The electronic records, files, and data are stored within FCC or a vendor's accreditation boundaries and maintained in a database housed in the FCC's or vendor's computer network databases. Access to the electronic files is restricted to authorized employees and contractors; and to IT staff, contractors, and vendors who maintain the IT networks and services. Other employees and contractors may be granted access on a need-to-know basis. The electronic files and records are protected by the FCC and third-party privacy safeguards, a comprehensive and dynamic set of IT safety and security protocols and features that are designed to meet all Federal privacy standards, including those required by the Federal Information Security Modernization Act of 2014 (FISMA), OMB, and the National Institute of Standards and Technology (NIST).

RECORD ACCESS PROCEDURES:

Individuals wishing to request access to and/or amendment of records about themselves should follow the Notification Procedure below.

CONTESTING RECORD PROCEDURES:

Individuals wishing to request access to and/or amendment of records about themselves should follow the Notification Procedure below.

NOTIFICATION PROCEDURES:

Individuals wishing to determine whether this system of records contains information about themselves may do so by writing to privacy@fcc.gov. Individuals requesting access must also comply with the FCC's Privacy Act regulations regarding verification of identity to gain access to records as required under 47 CFR part 0, subpart E.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

77 FR 2721 (January 19, 2012).