[Federal Register Volume 78, Number 14 (Tuesday, January 22, 2013)]
[Notices]
[Pages 4408-4410]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2013-01079]
=======================================================================
-----------------------------------------------------------------------
FEDERAL DEPOSIT INSURANCE CORPORATION
Privacy Act of 1974, as Amended; System of Records
AGENCY: Federal Deposit Insurance Corporation.
ACTION: Notice of New System of Records.
-----------------------------------------------------------------------
SUMMARY: The Federal Deposit Insurance Corporation (FDIC) proposes to
add one new system of records to its existing inventory of systems
subject to the Privacy Act of 1974, as amended. This new system of
records is entitled FDIC 30-64-0035, Identity, Credential and Access
Management Records. We hereby publish this notice for comment on the
proposed system of records.
DATES: Comments on the proposed system of records must be received on
or before February 21, 2013. The proposed system of records will become
effective 45 days following publication in the Federal Register, unless
a superseding notice to the contrary is published before that date.
ADDRESSES: You may submit written comments by any of the following
methods:
Agency Web site: Located at www.fdic.gov/regulations/laws/federal/propose.html. Follow instructions for submitting comments on
this Web site.
Email: Send to [email protected]. Include ``Notice of New
FDIC System of Records'' in the subject line.
Mail: Send to Gary Jackson, Counsel, Attention: Comments,
FDIC System of Records, 550 17th Street NW., Washington, DC 20429.
All submissions should refer to ``Notice of New FDIC System of
Records.'' By prior appointment, comments may also be inspected and
photocopied in the FDIC Public Information Center, 3501 North Fairfax
Drive, Room E-1005, Arlington, Virginia 22226, between 9:00 a.m. and
4:00 p.m. (EST), Monday to Friday.
FOR FURTHER INFORMATION CONTACT: Gary Jackson, Counsel, FDIC, 550 17th
Street NW., Washington, DC 20429, (703) 562-2677.
SUPPLEMENTARY INFORMATION: In accordance with the Privacy Act of 1974,
as amended, the FDIC has conducted a review of its Privacy Act systems
of records and has determined that it needs to add one new system of
records. The FDIC's system notices were last published in the Federal
Register on December 13, 2011, Volume 76, Number 239 (76 FR 77626);
this last publication may be viewed at http://www.fdic.gov/about/privacy/ on the FDIC's Privacy Web page.
The Identity, Credential and Access Management Records system will
contain records collected or generated in the process of producing
Personal Identity Verification (PIV) cards issued by the FDIC. PIV
cards are required for granting and controlling access to FDIC and
other federal facilities.
A Report of New Systems of Records has been submitted to the
Committee on Oversight and Government Reform of the House of
Representatives, the Committee on Homeland Security and Governmental
Affairs of the Senate, and the Office of Management and Budget pursuant
to Appendix I to OMB Circular A-130, ``Federal Agency Responsibilities
for Maintaining Records About Individuals,'' dated November 30, 2000,
and the Privacy Act, 5 U.S.C. 552a(r).
More detailed information on the proposed new system of records may
be viewed in the complete text below.
FDIC-30-64-0035
SYSTEM NAME:
Identity, Credential and Access Management Records.
SECURITY CLASSIFICATION:
Unclassified but sensitive.
SYSTEM LOCATION:
The Division of Administration, FDIC, 550 17th Street NW.,
Washington, DC 20429, and the FDIC regional or area offices. (See
Appendix A for a list of the FDIC regional offices and their
addresses.) Duplicate systems may exist, in whole or in part, at secure
sites and on secure servers maintained by third-party service providers
for the FDIC.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
This system covers all FDIC employees, contractors, and other
individuals who have applied for, been issued, and/or used a Personal
Identity Verification (PIV) card for access to FDIC or other federal
facilities.
[[Page 4409]]
CATEGORIES OF RECORDS IN THE SYSTEM:
This system includes all information submitted during application
for the PIV card and any resulting investigative and adjudicative
documentation required to establish and verify the identity and
background of each individual issued a PIV card. The system includes,
but is not limited to, the applicant's name, social security number,
date and place of birth, hair and eye color, height, weight, ethnicity,
status as Federal or contractor employee, organization and office of
assignment, company name, employee ID number, telephone number(s),
email, biometric identifiers including fingerprints, digital color
photograph, signature, data from source documents used to positively
identify the applicant, including Form I-9 documents and OPM Forms SF-
85 or SF-86, network user name, user access rights, and PIV cardholder
history and transaction reports.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Section 9 of the Federal Deposit Insurance Act (12 U.S.C. 1819);
Executive Order 9397; Section 5113 of the Federal Information Security
Act (Pub. L. 104-106, sec. 5113); Section 203 of the Electronic
Government Act (Pub. L. 104-347, sec. 203); and Homeland Security
Presidential Directive (HSPD) 12, Policy for a Common Identification
Standard for Federal Employees and Contractors.
PURPOSE:
The primary purpose of the system is to manage the safety and
security of FDIC and other federal facilities, as well as the occupants
of those facilities.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under the
Privacy Act, 5 U.S.C. 552a(b), all or a portion of the records or
information contained in this system may be disclosed outside the FDIC
as a routine use as follows:
(1) To appropriate Federal, State, and local authorities
responsible for investigating or prosecuting a violation of, or for
enforcing or implementing a statute, rule, regulation, or order issued,
when the information indicates a violation or potential violation of
law, whether civil, criminal, or regulatory in nature, and whether
arising by general statute or particular program statute, or by
regulation, rule, or order issued pursuant thereto;
(2) To a court, magistrate, or other administrative body in the
course of presenting evidence, including disclosures to counsel or
witnesses in the course of civil discovery, litigation, or settlement
negotiations or in connection with criminal proceedings, when the FDIC
is a party to the proceeding or has a significant interest in the
proceeding, to the extent that the information is determined to be
relevant and necessary;
(3) To a congressional office in response to an inquiry made by the
congressional office at the request of the individual who is the
subject of the record;
(4) To appropriate Federal, State, and local authorities, and other
entities when (a) it is suspected or confirmed that the security or
confidentiality of information in the system has been compromised; (b)
there is a risk of harm to economic or property interests, identity
theft or fraud, or harm to the security or integrity of this system or
other systems or programs that rely upon the compromised information;
and (c) the disclosure is made to such agencies, entities, and persons
who are reasonably necessary to assist in efforts to respond to the
suspected or confirmed compromise and prevent, minimize, or remedy such
harm;
(5) To appropriate Federal, State, and local authorities in
connection with hiring or retaining an individual, conducting a
background security or suitability investigation, adjudication of
liability, or eligibility for a license, contract, grant, or other
benefit;
(6) To appropriate Federal, State, and local authorities, agencies,
arbitrators, and other parties responsible for processing any personnel
actions or conducting administrative hearings or corrective actions or
grievances or appeals, or if needed in the performance of other
authorized duties;
(7) To appropriate Federal agencies and other public authorities
for use in records management inspections;
(8) To officials of a labor organization when relevant and
necessary to their duties of exclusive representation concerning
personnel policies, practices, and matters affecting working
conditions;
(9) To contractors, grantees, volunteers, and others performing or
working on a contract, service, grant, cooperative agreement, or
project for the Federal Government;
(10) To notify another Federal agency when, or verify whether, a
PIV card is no longer valid.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM:
Storage: Records are stored in electronic media or in paper format
within individual file folders.
Retrievability: Records are indexed and retrieved by name, social
security number, other ID number, PIV card serial number, and/or by any
other unique individual identifier.
Safeguards: Electronic records are password protected and
accessible only by authorized personnel. Paper format records
maintained in individual file folders are stored in lockable file
cabinets and/or in secured vaults or warehouses and are accessible only
by authorized personnel.
Retention and Disposal: Records are retained in accordance with
National Archives and Records Administration and FDIC Records Retention
and Disposition Schedules. Disposal is by shredding or other
appropriate disposal systems. PIV cards are deactivated within 18 hours
of cardholder separation, loss of card, or expiration. PIV cards are
destroyed by shredding no later than 90 days after deactivation.
SYSTEM MANAGER(S) AND ADDRESS:
Deputy Director, Corporate Services Branch, Division of
Administration, FDIC, 3501 North Fairfax Drive, Arlington, VA 22226.
NOTIFICATION PROCEDURE:
Individuals wishing to determine if they are named in this system
of records or who are seeking access or amendment to records maintained
in this system of records must submit their request in writing to the
Legal Division, FOIA & Privacy Act Group, FDIC, 550 17th Street, NW.,
Washington, DC 20429, in accordance with FDIC regulations at 12 CFR
Part 310. Individuals requesting their records must provide their name,
address and a notarized statement attesting to their identity.
RECORD ACCESS PROCEDURES:
See ``Notification Procedure'' above.
CONTESTING RECORD PROCEDURES:
See ``Notification Procedure'' above. Individuals wishing to
contest or amend information maintained in this system of records
should specify the information being contested, their reasons for
contesting it, and the proposed amendment to such information in
accordance with FDIC regulations at 12 CFR Part 310.
RECORD SOURCE CATEGORIES:
Information is provided by the individual to whom the record
pertains, those authorized by the subject individuals to furnish
information, and the FDIC's personnel records. Information regarding
entry and egress from FDIC facilities or access to
[[Page 4410]]
information technology systems is obtained from use of the PIV card.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
Appendix A
------------------------------------------------------------------------
------------------------------------------------------------------------
FDIC Atlanta Regional Office, 10 Tenth FDIC Boston Area Office, 15
Street, NE., Suite 800, Atlanta, GA Braintree Hill Office Park,
30309-3906. Suite 100, Braintree, MA 02184-
8701.
FDIC Chicago Regional Office, 420 W. FDIC Dallas Regional Office,
VanBuren, Suite 1700, Chicago, IL 1601 Bryan Street, Dallas, TX
60606. 75201.
FDIC Kansas City Regional Office, 1100 FDIC Memphis Area Office, 6060
Walnut Street, Suite 2100, Kansas Primacy Parkway, Suite 300,
City, MO 64106. Memphis, TN 38139.
FDIC New York Regional Office, 350 FDIC San Francisco Regional
Fifth Avenue, Suite 1200, New York, NY Office, 25 Jessie Street at
10118-0110. Ecker Square, Suite 2300, San
Francisco, CA 94105-2780.
------------------------------------------------------------------------
Dated at Washington, DC, this 15th day of January, 2013.
Federal Deposit Insurance Corporation.
By order of the Board of Directors.
Robert E. Feldman,
Executive Secretary.
[FR Doc. 2013-01079 Filed 1-18-13; 8:45 am]
BILLING CODE 6714-01-P