[Federal Register Volume 79, Number 102 (Wednesday, May 28, 2014)]
[Notices]
[Pages 30661-30667]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2014-12234]
-----------------------------------------------------------------------
SECURITIES AND EXCHANGE COMMISSION
[Release No. PA-51; File No. S7-06-14]
Privacy Act of 1974: Systems of Records.
AGENCY: Securities and Exchange Commission.
ACTION: Notice to establish a new system of records and to revise two
existing systems of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the requirements of the Privacy Act of
1974, as amended, 5 U.S.C. 552a, the Securities and Exchange Commission
(``Commission'' or ``SEC'') proposes to establish a new system of
records, ``General Information Technology Records (SEC-67).''
Additionally, two existing systems of records are being revised:
``Office of the Chief Accountant Working File (SEC-28)'' last published
in the Federal Register Volume 62, Number 176 on September 11, 1997;
and ``Office of Inspector General Investigative Files (SEC-43)'', last
published in the Federal Register Volume 71, Number 105 on Thursday,
June 1, 2006.
DATES: The proposed systems will become effective July 7, 2014 unless
further notice is given. The Commission will publish a new notice if
the effective date is delayed to review comments or if changes are made
based on comments received. To be assured of consideration, comments
should be received on or before June 27, 2014.
ADDRESSES: Comments may be submitted by any of the following methods:
Electronic Comments
Use the Commission's Internet comment form (http://www.sec.gov/rules/other.shtml); or
Send an email to [email protected]. Please include
File Number S7-06-14 on the subject line.
Paper Comments
Send paper comments in triplicate to Kevin M. O'Neill, Deputy
Secretary, U.S. Securities and Exchange Commission, 100 F Street NE.,
Washington, DC 20549-1090. All submissions should refer to File Number
S7-06-14. This file number should be included on the subject line if
email is used. To help process and review your comments more
efficiently, please use only one method. The Commission will post all
comments on the Commission's Internet Web site (http://www.sec.gov/rules/other.shtml). Comments are also available for Web site viewing
and printing in the Commission's Public Reference Room, 100 F Street
NE., Washington, DC 20549, on official business days between the hours
of 10:00 a.m. and 3:00 p.m. All comments received will be posted
without change; we do not edit personal identifying information from
submissions. You should submit only information that you wish to make
available publicly.
FOR FURTHER INFORMATION CONTACT: Todd Scharf, Acting Chief Privacy
Officer, Office of Information Technology, 202-551-8800.
SUPPLEMENTARY INFORMATION: The Commission proposes to establish a new
system of records, ``General Information Technology Records (SEC-67),''
and to revise two existing systems of records, ``Office of the Chief
Accountant Working Files (SEC-28),'' and ``Office of Inspector General
Investigative Files (SEC-43).'' The General Information Technology
Records (SEC-67) system of records maintains records on all persons who
are authorized to access SEC
[[Page 30662]]
information or information systems. The purpose of SEC-67 is to provide
authentication and authorization to such individuals, to maintain logs,
audit trails, and similar data regarding the use of SEC information or
information systems, and to enable the Commission to detect, report,
and take appropriate action against improper or unauthorized access to
such information and systems.
The Office of the Chief Accountant Working Files (SEC-28) contain
records related to Accountants; persons associated with accountants and
accounting firms; persons associated with SEC registrants, including
individuals that submit requests for consultation with the Office of
the Chief Accountant and individuals involved with or subjects of SEC
investigations; and SEC personnel assigned to work on relevant matters.
The Office of the Chief Accountant uses the records in formulating and
applying accounting or auditing policies for documents to be filed with
the Commission; in determining appropriate recommendations to the
Commission relating to the disqualification of accountants to appear
and practice before the Commission; to respond to inquiries concerning
accounting and auditing matters; and to assist in investigations of
possible violations of the federal securities laws. Substantive changes
to SEC-28 have been made to the following sections: (1) Categories of
Individuals, to clarify specific individuals covered in the records;
(2) Categories of Records, modifying to include specific data elements
collected on individuals, to include name, mailing address, telephone
number and email address; (3) Purpose, stating the purposes of the
system; (4) Routine Uses, expanding to include seven new routine uses
located at numbers 1, 12, 18-22; and (5) Exemption Claimed for the
System, updating to include notice that certain records from this
system of records are exempt from the certain provisions of the Privacy
Act. This exemption was originally adopted in 40 FR 44068 (September
24, 1975).
The Office of Inspector General Investigative Files (SEC-43)
records are compiled by the Office of the Inspector General with
respect to individuals, including subjects, complainants, and
witnesses, involved in investigations or inquiries relating to SEC
programs and operations. The Office of Inspector General uses the
records to effectively and efficiently conduct investigations relating
to the programs and operations of the SEC, as authorized by the
Inspector General Act of 1978, as amended. Substantive changes to SEC-
43 have been made to the following sections: (1) System Location,
modifying to reflect the addition of an off-site location for closed
investigatory files; (2) Categories of Individuals, clarifying the
types of files contained in the system; (3) Categories of Records,
providing additional details about the management system and adding
additional types of individually identifiable documents; (4) Purpose,
clarifying the purpose; and (5) Routine Uses, deleting routine uses
previously numbered 5, 13 and 14, revising routine use previously
numbered 17, and expanding to include seven new routine uses located at
numbers 1, 6, 7, 8, 10, 12, and 13.
The Commission has submitted a report of the new system of records
and the amended existing systems of records to the appropriate
Congressional Committees and to the Director of the Office of
Management and Budget (``OMB'') as required by 5 U.S.C. 552a(r)
(Privacy Act of 1974) and guidelines issued by OMB on December 12, 2000
(65 FR 77677).
Accordingly, the Commission is proposing to establish one new
system of records and revise two existing systems of records to read as
follows:
SEC-28
SYSTEM NAME:
Office of the Chief Accountant Working Files.
SYSTEM LOCATION:
Securities and Exchange Commission, 100 F Street, NE., Washington,
DC 20549.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Accountants and persons associated with accountants and accounting
firms and persons associated with SEC registrants, including
individuals that submit requests for consultation with the Office of
the Chief Accountant and individuals involved with or subjects of SEC
investigations; and SEC personnel assigned to work on relevant matters.
CATEGORIES OF RECORDS IN THE SYSTEM:
The records contain names, mailing addresses, telephone numbers,
email addresses, and/or information pertaining to accounting and
auditing practices, problems, issues, and opinions and information
concerning the activities of individuals in connection with Commission
enforcement actions or in proceedings pursuant to the Commission's
rules of practice.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
15 U.S.C. 77a et seq., 78a et seq., 7201 et seq., and 17 CFR
200.22.
PURPOSE(S):
1. To assist the Office of the Chief Accountant in performing the
functions assigned to it by the Commission including the formulation
and application of accounting or auditing policies in the case of
documents required to be filed with the Commission and the
determination of appropriate recommendations to the Commission relating
to the disqualification of accountants to appear and practice before
the Commission.
2. To respond to inquiries from Members of Congress, the press, and
the public concerning accounting and auditing matters.
3. To assist investigations of possible violations of the Federal
securities laws.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, these records or information contained
therein may specifically be disclosed outside the Commission as a
routine use pursuant to 5 U.S.C. 552 a(b)(3) as follows:
1. To appropriate agencies, entities, and persons when (a) it is
suspected or confirmed that the security or confidentiality of
information in the system of records has been compromised; (b) the SEC
has determined that, as a result of the suspected or confirmed
compromise, there is a risk of harm to economic or property interests,
identity theft or fraud, or harm to the security or integrity of this
system or other systems or programs (whether maintained by the SEC or
another agency or entity) that rely upon the compromised information;
and (c) the disclosure made to such agencies, entities, and persons is
reasonably necessary to assist in connection with the SEC's efforts to
respond to the suspected or confirmed compromise and prevent, minimize,
or remedy such harm.
2. To other federal, state, local, or foreign law enforcement
agencies; securities self-regulatory organizations; and foreign
financial regulatory authorities to assist in or coordinate regulatory
or law enforcement activities with the SEC.
3. To national securities exchanges and national securities
associations that are registered with the SEC, the Municipal Securities
Rulemaking Board; the Securities Investor Protection Corporation; the
Public Company Accounting Oversight Board; the federal banking
authorities, including, but not limited to, the Board of Governors of
the
[[Page 30663]]
Federal Reserve System, the Comptroller of the Currency, and the
Federal Deposit Insurance Corporation; state securities regulatory
agencies or organizations; or regulatory authorities of a foreign
government in connection with their regulatory or enforcement
responsibilities.
4. By SEC personnel for purposes of investigating possible
violations of, or to conduct investigations authorized by, the federal
securities laws.
5. In any proceeding where the federal securities laws are in issue
or in which the Commission, or past or present members of its staff, is
a party or otherwise involved in an official capacity.
6. In connection with proceedings by the Commission pursuant to
Rule 102(e) of its Rules of Practice, 17 CFR 201.102(e).
7. To a bar association, state accountancy board, or other federal,
state, local, or foreign licensing or oversight authority; or
professional association or self-regulatory authority to the extent
that it performs similar functions (including the Public Company
Accounting Oversight Board) for investigations or possible disciplinary
action.
8. To a federal, state, local, tribal, foreign, or international
agency, if necessary to obtain information relevant to the SEC's
decision concerning the hiring or retention of an employee; the
issuance of a security clearance; the letting of a contract; or the
issuance of a license, grant, or other benefit.
9. To a federal, state, local, tribal, foreign, or international
agency in response to its request for information concerning the hiring
or retention of an employee; the issuance of a security clearance; the
reporting of an investigation of an employee; the letting of a
contract; or the issuance of a license, grant, or other benefit by the
requesting agency, to the extent that the information is relevant and
necessary to the requesting agency's decision on the matter.
10. To produce summary descriptive statistics and analytical
studies, as a data source for management information, in support of the
function for which the records are collected and maintained or for
related personnel management functions or manpower studies; may also be
used to respond to general requests for statistical information
(without personal identification of individuals) under the Freedom of
Information Act.
11. To any trustee, receiver, master, special counsel, or other
individual or entity that is appointed by a court of competent
jurisdiction, or as a result of an agreement between the parties in
connection with litigation or administrative proceedings involving
allegations of violations of the federal securities laws (as defined in
section 3(a)(47) of the Securities Exchange Act of 1934, 15 U.S.C.
78c(a)(47)) or pursuant to the Commission's Rules of Practice, 17 CFR
201.100-900 or the Commission's Rules of Fair Fund and Disgorgement
Plans, 17 CFR 201.1100-1106, or otherwise, where such trustee,
receiver, master, special counsel, or other individual or entity is
specifically designated to perform particular functions with respect
to, or as a result of, the pending action or proceeding or in
connection with the administration and enforcement by the Commission of
the federal securities laws or the Commission's Rules of Practice or
the Rules of Fair Fund and Disgorgement Plans.
12. To any persons during the course of any inquiry, examination,
or investigation conducted by the SEC's staff, or in connection with
civil litigation, if the staff has reason to believe that the person to
whom the record is disclosed may have further information about the
matters related therein, and those matters appeared to be relevant at
the time to the subject matter of the inquiry.
13. To interns, grantees, experts, contractors, and others who have
been engaged by the Commission to assist in the performance of a
service related to this system of records and who need access to the
records for the purpose of assisting the Commission in the efficient
administration of its programs, including by performing clerical,
stenographic, or data analysis functions, or by reproduction of records
by electronic or other means. Recipients of these records shall be
required to comply with the requirements of the Privacy Act of 1974, as
amended, 5 U.S.C. 552a.
14. In reports published by the Commission pursuant to authority
granted in the federal securities laws (as such term is defined in
section 3(a)(47) of the Securities Exchange Act of 1934, 15 U.S.C.
78c(a)(47)), which authority shall include, but not be limited to,
section 21(a) of the Securities Exchange Act of 1934, 15 U.S.C. 78u(a).
15. To members of advisory committees that are created by the
Commission or by Congress to render advice and recommendations to the
Commission or to Congress, to be used solely in connection with their
official designated functions.
16. To any person who is or has agreed to be subject to the
Commission's Rules of Conduct, 17 CFR 200.735-1 to 200.735-18, and who
assists in the investigation by the Commission of possible violations
of the federal securities laws (as such term is defined in section
3(a)(47) of the Securities Exchange Act of 1934, 15 U.S.C. 78c(a)(47),
in the preparation or conduct of enforcement actions brought by the
Commission for such violations, or otherwise in connection with the
Commission's enforcement or regulatory functions under the federal
securities laws.
17. To a Congressional office from the record of an individual in
response to an inquiry from the Congressional office made at the
request of that individual.
18. To members of Congress, the press, and the public in response
to inquiries relating to particular Registrants and their activities,
and other matters under the Commission's jurisdiction.
19. To prepare and publish information relating to violations of
the federal securities laws as provided in 15 U.S.C. 78c(a)(47), as
amended.
20. To respond to subpoenas in any litigation or other proceeding.
21. To a trustee in bankruptcy.
22. To members of Congress, the Government Accountability Office,
or others charged with monitoring the work of the Commission or
conducting records management inspections.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Records are maintained in electronic and paper format. Electronic
records are stored in computerized databases, magnetic disc, tape and/
or digital media. Paper records and records on computer disc are stored
in locked file rooms and/or file cabinets.
RETRIEVABILITY:
Paper records are searchable by name, subject, firm, date, and/or
internal file number. Electronic records are searchable through routine
word searches to include searches by name, subject, firm and/or
keyword.
SAFEGUARDS:
Access to SEC facilities, data centers, and information or
information systems is limited to authorized personnel with official
duties requiring access. SEC facilities are equipped with security
cameras and 24-hour security guard service. The records are kept in
limited access areas during duty hours and in locked file cabinets and/
or locked offices or file rooms at all other times. Computerized
records are safeguarded in a secured environment. Security
[[Page 30664]]
protocols meet the promulgating guidance as established by the National
Institute of Standards and Technology (NIST) Security Standards from
Access Control to Data Encryption and Security Assessment &
Authorization (SA&A). Records are maintained in a secure, password-
protected electronic system that will utilize commensurate safeguards
that may include: firewalls, intrusion detection and prevention
systems, and role-based access controls. Additional safeguards will
vary by program. All records are protected from unauthorized access
through appropriate administrative, operational, and technical
safeguards. These safeguards include: restricting access to authorized
personnel who have a ``need to know''; using locks; and password
protection identification features. Contractors and other recipients
providing services to the Commission shall be required to maintain
equivalent safeguards.
RETENTION AND DISPOSAL:
These records will be maintained until they become inactive, at
which time they will be retired or destroyed in accordance with records
schedules of the United States Securities and Exchange Commission and
as approved by the National Archives and Records Administration.
SYSTEM MANAGER(S) AND ADDRESS:
Chief Accountant, Office of the Chief Accountant, Securities and
Exchange Commission, 100 F Street NE., Washington, DC 20549.
NOTIFICATION PROCEDURE:
All requests to determine whether this system of records contains a
record pertaining to the requesting individual may be directed to the
FOIA/PA Officer, Securities and Exchange Commission, 100 F Street NE.,
Washington, DC 20549-5100.
RECORD ACCESS PROCEDURES:
Persons wishing to obtain information on the procedures for gaining
access to or contesting the contents of these records may contact the
FOIA/PA Officer, Securities and Exchange Commission, 100 F Street NE.,
Washington, DC 20549-5100.
CONTESTING RECORD PROCEDURES:
See Record access procedures above.
RECORD SOURCE CATEGORIES:
The information contained in the system is derived from official
SEC records, letters and inquiries from the public, SEC staff
memoranda, which may include information derived from investigations,
litigation, and other submissions, and professional auditing and
accounting literature and information received from individuals
including where practicable those to whom the records relate.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
Under 5 U.S.C. 552a(k)(2), this system of records is exempted from
the following provisions of the Privacy Act, 5 U.S.C. 552a(c)(3), (d),
(e)(1), (e)(4)(G), (H), and (I), and (f) and 17 CFR 200.303, 200.304,
and 200.306, insofar as it contains investigatory materials compiled
for law enforcement purposes. This exemption is contained in 17 CFR
200.312(a)(3).
SEC-43
SYSTEM NAME:
Office of Inspector General Investigative Files.
SYSTEM LOCATION:
Office of the Inspector General, Securities and Exchange Commission
(SEC), 100 F Street NE., Washington, DC 20549. Closed investigatory
files may be stored at a federal records center in accordance with the
SEC's records retention schedule.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
This system of records contains records on individuals, including
subjects, complainants, and witnesses, in connection with the Office of
Inspector General's investigations or inquiries relating to programs
and operations of the SEC.
CATEGORIES OF RECORDS IN THE SYSTEM:
Records include: a case management system that contains a unique
control number, descriptive information, and supporting documents for
each investigation or preliminary inquiry; incoming complaints and
complaint logs; preliminary inquiry files and indexes; correspondence
relating to investigations; internal staff memoranda concerning
investigations; copies of all subpoenas issued during investigations;
subpoena logs; affidavits, declarations and statements from witnesses;
transcripts of interviews conducted or testimony taken in the
investigation and accompanying exhibits; documents and records obtained
during investigations; working papers of the staff and other documents
and records relating to the investigation; investigative plans,
operation plans, status reports, reports of investigation, and closing
memoranda; information and documents relating to grand jury
proceedings; arrest and search warrant affidavits; information and
documents relating to criminal, civil, and administrative actions;
information and documents received from other law enforcement entities;
personnel information for witnesses and subjects; and investigative
peer review files.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Inspector General Act of 1978, as amended, Pub. L. 95-452, 5 U.S.C.
App.
PURPOSE(S):
The purpose of this system of records is to enable the Office of
Inspector General to effectively and efficiently conduct investigations
relating to the programs and operations of the SEC, as authorized by
the Inspector General Act of 1978, as amended.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, these records or information contained
therein may specifically be disclosed outside the Commission as a
routine use pursuant to 5 U.S.C. 552 a(b)(3) as follows:
1. To appropriate agencies, entities, and persons when (a) it is
suspected or confirmed that the security or confidentiality of
information in the system of records has been compromised; (b) the SEC
has determined that, as a result of the suspected or confirmed
compromise, there is a risk of harm to economic or property interests,
identity theft or fraud, or harm to the security or integrity of this
system or other systems or programs (whether maintained by the SEC or
another agency or entity) that rely upon the compromised information;
and (c) the disclosure made to such agencies, entities, and persons is
reasonably necessary to assist in connection with the SEC's efforts to
respond to the suspected or confirmed compromise and prevent, minimize,
or remedy such harm.
2. Where there is an indication of a violation or a potential
violation of law, whether civil, criminal or regulatory in nature, to
the appropriate agency, whether Federal, foreign, state, or local, or
to a securities self-regulatory organization, charged with enforcing or
implementing the statute, or rule, regulation or order.
3. To Federal, foreign, state, or local authorities in order to
obtain information or records relevant to an Office of Inspector
General investigation or inquiry.
4. To non-governmental parties where those parties may have
information the Office of Inspector General seeks to
[[Page 30665]]
obtain in connection with an investigation or inquiry.
5. To respond to subpoenas in any litigation or other proceeding.
6. In connection with proceedings by the Commission pursuant to
Rule 102(e) of its Rules of Practice, 17 CFR 201.102(e).
7. To a bar association, state accountancy board, or other federal,
state, local, or foreign licensing or oversight authority; or
professional association or self-regulatory authority to the extent
that it performs similar functions (including the Public Company
Accounting Oversight Board) for investigations or possible disciplinary
action.
8. To a federal, state, local, tribal, foreign, or international
agency, if necessary to obtain information relevant to the SEC's
decision concerning the hiring or retention of an employee; the
issuance of a security clearance; the letting of a contract; or the
issuance of a license, grant, or other benefit.
9. To a federal, state, local, tribal, foreign, or international
agency in response to its request for information concerning the hiring
or retention of an employee; the issuance of a security clearance; the
reporting of an investigation of an employee; the letting of a
contract; or the issuance of a license, grant, or other benefit by the
requesting agency, to the extent that the information is relevant and
necessary to the requesting agency's decision on the matter.
10. To produce summary descriptive statistics and analytical
studies, as a data source for management information, in support of the
function for which the records are collected and maintained or for
related personnel management functions or manpower studies; may also be
used to respond to general requests for statistical information
(without personal identification of individuals) under the Freedom of
Information Act.
11. To inform complainants, victims, and witnesses of the results
of an investigation or inquiry.
12. To any persons during the course of any inquiry, audit, or
investigation conducted by the SEC's staff, or in connection with civil
litigation, if the staff has reason to believe that the person to whom
the record is disclosed may have further information about the matters
related therein, and those matters appeared to be relevant at the time
to the subject matter of the inquiry.
13. To interns, grantees, experts, contractors, and others who have
been engaged by the Commission to assist in the performance of a
service related to this system of records and who need access to the
records for the purpose of assisting the Commission in the efficient
administration of its programs, including by performing clerical,
stenographic, or data analysis functions, or by reproduction of records
by electronic or other means. Recipients of these records shall be
required to comply with the requirements of the Privacy Act of 1974, as
amended, 5 U.S.C. 552a.
14. To qualified individuals or organizations in connection with
the performance of a peer review or other study of the Office of
Inspector General's audit or investigative functions.
15. To a Federal agency responsible for considering debarment or
suspension action if the record would be relevant to such action.
16. To the Department of Justice for the purpose of obtaining its
advice on Freedom of Information Act matters.
17. To a Congressional office from the record of an individual in
response to an inquiry from the Congressional office made at the
request of that individual.
18. To the Office of Government Ethics (OGE) to comply with agency
reporting requirements established by OGE in 5 CFR 2638, subpart F.
19. To the Department of Justice and/or the Office of General
Counsel of the SEC when the defendant in litigation is: (a) Any
component of the SEC or any employee of the SEC or any employee of the
SEC in his or her official capacity; (b) the United States where the
SEC determines that the claim, if successful, is likely to directly
affect the operations of the SEC; or (c) any SEC employee in his or her
individual capacity where the Department of Justice and/or the Office
of General Counsel of the SEC agree to represent such employee.
20. To the news media and the public when there exists a legitimate
public interest (e.g., to provide information on events in the criminal
process, such as an indictment).
21. To the Council of the Inspectors General on Integrity and
Efficiency, another Federal Office of Inspector General, or other
Federal law enforcement office in connection with an allegation of
wrongdoing by the Inspector General or staff members of the Office of
Inspector General.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Records are maintained in electronic and paper format. Electronic
records are stored in computerized databases, magnetic disc, tape and/
or digital media. Paper records and records on computer disc are stored
in locked file rooms and/or file cabinets.
RETRIEVABILITY:
The records may be retrieved by the name of the complainant,
subject, witness, or victim; the investigative staff name for the
investigation or inquiry; or other indexed information.
SAFEGUARDS:
Access to SEC facilities, data centers, and information or
information systems is limited to authorized personnel with official
duties requiring access. SEC facilities are equipped with security
cameras and 24-hour security guard service. The records are kept in
limited access areas during duty hours and in locked file cabinets and/
or locked offices or file rooms at all other times. Computerized
records are safeguarded in a secured environment. Security protocols
meet the promulgating guidance as established by the National Institute
of Standards and Technology (NIST) Security Standards from Access
Control to Data Encryption and Security Assessment & Authorization
(SA&A). Records are maintained in a secure, password-protected
electronic system that will utilize commensurate safeguards that may
include: firewalls, intrusion detection and prevention systems, and
role-based access controls. Additional safeguards will vary by program.
All records are protected from unauthorized access through appropriate
administrative, operational, and technical safeguards. These safeguards
include: restricting access to authorized personnel who have a ``need
to know''; using locks; and password protection identification
features. Contractors and other recipients providing services to the
Commission shall be required to maintain equivalent safeguards.
RETENTION AND DISPOSAL:
These records will be maintained until they become inactive, at
which time they will be retired or destroyed in accordance with the
SEC's records retention schedule, as approved by the National Archives
and Records Administration.
SYSTEM MANAGER(S) AND ADDRESS:
Inspector General, Office of Inspector General, Securities and
Exchange Commission, 100 F Street NE., Washington, DC 20549.
NOTIFICATION PROCEDURE:
All requests to determine whether this system of records contains a
record pertaining to the requesting individual may be directed to the
FOIA/PA Officer, Securities and Exchange Commission,
[[Page 30666]]
100 F Street NE., Washington, DC 20549-2736.
RECORD ACCESS PROCEDURES:
Persons wishing to obtain information on the procedures for gaining
access to or contesting the contents of these records may contact the
FOIA/PA Officer, Securities and Exchange Commission, 100 F Street NE.,
Washington, DC 20549-2736.
CONTESTING RECORD PROCEDURES:
See record access procedures above.
RECORD SOURCE CATEGORIES:
Information in these records is supplied by: Individuals including,
where practicable, those to whom the information relates; witnesses,
corporations and other entities; records of individuals and of the SEC;
records of other entities; Federal, foreign, state or local bodies and
law enforcement agencies; documents and correspondence relating to
litigation; transcripts of testimony; and miscellaneous other sources.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
Pursuant to 5 U.S.C. 552a(j)(2) and 17 CFR 200.313(a), this system
of records, is exempt from the provisions of the Privacy Act of 1974, 5
U.S.C. 552a, except subsections (b), (c)(1) and (2), (e)(4)(A) through
(F), (e)(6), (7), (9), (10), and (11), and (i), and 17 CFR 200.303,
200.403, 200.306, 200.307, 200.308, 200.309, and 200.310, insofar as
the system contains information pertaining to criminal law enforcement
investigations.
Pursuant to 5 U.S.C. 552a(k)(2) and 17 CFR 200.313(b), this system
of records is exempt from 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G),
(H), and (I), and (f), and 17 CFR 200.303, 200.304, and 200.306,
insofar as the system contains investigatory materials compiled for law
enforcement purposes.
SEC-67
SYSTEM NAME:
General Information Technology Records
SYSTEM LOCATION:
Securities and Exchange Commission, Headquarters, 100 F Street NE.,
Washington, DC 20549 and the SEC's Regional Offices.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Records are maintained on all individuals who are authorized to
access SEC information or information systems; including: employees,
contractors, students, interns, volunteers, affiliates, others working
on behalf of the SEC, and individuals formerly in any of these
positions. Records may also include individuals who voluntarily join an
SEC-owned and operated web portal for collaboration purposes;
individuals who request access but are denied, and/or who have had
access revoked.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system of records may include: users' names; social security
numbers; business telephone numbers; cellular phone numbers; pager
numbers; levels of access; physical and email addresses; titles;
departments; division; contractor/employee status; computer logon
addresses; password hashes; user identification codes; dates and times
of access; IP addresses; logs of internet activity; types of access/
permissions required; failed access data; archived transaction data;
historical data; and justifications for access to SEC computers,
networks, or systems. For individuals who telecommute from home or a
telework center, the records may contain the Internet Protocol (IP)
address and telephone number at that location. For contractors, the
system may contain the company name, contract number, and contract
expiration date. The system may also contain details regarding:
programs; databases; functions; and sites accessed and/or used, dates
and times of use, information products created, received, or altered
during use, and access or functionality problems reported for technical
support and resolution.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. Sec. 302, Delegation of Authority; 44 U.S.C. Sec. 3534;
Federal Information Security Act (Pub. L. 104-106, section 5113);
Electronic Government Act (Pub. L. 104-347, section 203); and E.O. 9397
(SSN), as amended by E.O. 13487.
PURPOSE(S):
The purpose of this system is to (1) provide authentication and
authorization to individuals with access to SEC-controlled information
and information system networks; (2) collect, review, and maintain any
logs, audit trails, or other such security data regarding the use of
SEC information or information systems; and (3) to enable the
Commission to detect, report, and take appropriate action against
improper or unauthorized access to SEC-controlled information and
information systems networks. The records will also enable the SEC to
provide individuals access to certain programs and meeting attendance
and, where appropriate, allow for sharing of information between
individuals in the same operational program to facilitate
collaboration. SEC management personnel may use statistical data, with
all personal identifiers removed or masked, for system efficiency,
workload calculation, or reporting purposes.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, these records or information contained
therein may specifically be disclosed outside the Commission as a
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
1. To appropriate agencies, entities, and persons when (a) it is
suspected or confirmed that the security or confidentiality of
information in the system of records has been compromised; (b) the SEC
has determined that, as a result of the suspected or confirmed
compromise, there is a risk of harm to economic or property interests,
identity theft or fraud, or harm to the security or integrity of this
system or other systems or programs (whether maintained by the SEC or
another agency or entity) that rely upon the compromised information;
and (c) the disclosure made to such agencies, entities, and persons is
reasonably necessary to assist in connection with the SEC's efforts to
respond to the suspected or confirmed compromise and prevent, minimize,
or remedy such harm.
2. To other federal, state, local, or foreign law enforcement
agencies; securities self-regulatory organizations; and foreign
financial regulatory authorities to assist in or coordinate regulatory
or law enforcement activities with the SEC.
3. In any proceeding where the federal securities laws are in issue
or in which the Commission, or past or present members of its staff, is
a party or otherwise involved in an official capacity.
4. To a federal, state, local, tribal, foreign, or international
agency, if necessary to obtain information relevant to the SEC's
decision concerning the hiring or retention of an employee; the
issuance of a security clearance; the letting of a contract; or the
issuance of a license, grant, or other benefit
5. To a federal, state, local, tribal, foreign, or international
agency in response to its request for information concerning the hiring
or retention of an employee; the issuance of a security clearance; the
reporting of an investigation of an employee; the letting of a
contract; or the issuance of a
[[Page 30667]]
license, grant, or other benefit by the requesting agency, to the
extent that the information is relevant and necessary to the requesting
agency's decision on the matter.
6. To produce summary descriptive statistics and analytical
studies, as a data source for management information, in support of the
function for which the records are collected and maintained or for
related personnel management functions or manpower studies; may also be
used to respond to general requests for statistical information
(without personal identification of individuals) under the Freedom of
Information Act
7. To any persons during the course of any inquiry, examination, or
investigation conducted by the SEC's staff, or in connection with civil
litigation, if the staff has reason to believe that the person to whom
the record is disclosed may have further information about the matters
related therein, and those matters appeared to be relevant at the time
to the subject matter of the inquiry.
8. To interns, grantees, experts, contractors, and others who have
been engaged by the Commission to assist in the performance of a
service related to this system of records and who need access to the
records for the purpose of assisting the Commission in the efficient
administration of its programs, including by performing clerical,
stenographic, or data analysis functions, or by reproduction of records
by electronic or other means. Recipients of these records shall be
required to comply with the requirements of the Privacy Act of 1974, as
amended, 5 U.S.C. Sec. 552a.
9. To respond to subpoenas in any litigation or other proceeding.
10. To a Congressional office from the record of an individual in
response to an inquiry from the Congressional office made at the
request of that individual.
11. To members of Congress, the Government Accountability Office,
or others charged with monitoring the work of the Commission or
conducting records management inspections.
12. To a commercial contractor in connection with benefit programs
administered by the contractor on the Commission's behalf, including,
but not limited to, supplemental health, dental, disability, life and
other benefit programs.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Records are maintained in electronic and paper format. Electronic
records are stored in computerized databases, magnetic disc, tape and/
or digital media. Paper records and records on computer disc are stored
in locked file rooms and/or file cabinets.
RETRIEVABILITY:
Information may be retrieved, sorted, and/or searched by an
identification number assigned by the computer, the last 2 digits of a
social security number, email address, or by the name of the
individual, or other employee data fields previously identified in this
SORN.
SAFEGUARDS:
Access to SEC facilities, data centers, and information or
information systems is limited to authorized personnel with official
duties requiring access. SEC facilities are equipped with security
cameras and 24-hour security guard service. The records are kept in
limited access areas during duty hours and in locked file cabinets and/
or locked offices or file rooms at all other times. Computerized
records are safeguarded in a secured environment. Security protocols
meet the promulgating guidance as established by the National Institute
of Standards and Technology (NIST) Security Standards from Access
Control to Data Encryption and Security Assessment & Authorization
(SA&A). Records are maintained in a secure, password-protected
electronic system that will utilize commensurate safeguards that may
include: firewalls, intrusion detection and prevention systems, and
role-based access controls. Additional safeguards will vary by program.
All records are protected from unauthorized access through appropriate
administrative, operational, and technical safeguards. These safeguards
include: restricting access to authorized personnel who have a ``need
to know''; using locks; and password protection identification
features. Contractors and other recipients providing services to the
Commission shall be required to maintain equivalent safeguards.
RETENTION AND DISPOSAL:
These records will be maintained until they become inactive, at
which time they will be retired or destroyed in accordance with the
SEC's records retention schedule, as approved by the National Archives
and Records Administration.
SYSTEM MANAGER(S) AND ADDRESS:
Chief Information Officer, Securities and Exchange Commission, 100
F Street NE., Washington, DC 20549-2736.
NOTIFICATION PROCEDURE:
All requests to determine whether this system of records contains a
record pertaining to the requesting individual may be directed to the
FOIA/PA Officer, Securities and Exchange Commission, 100 F Street NE.,
Washington, DC 20549-2736.
RECORD ACCESS PROCEDURES:
Persons wishing to obtain information on the procedures for gaining
access to or contesting the contents of these records may contact the
FOIA/PA Officer, Securities and Exchange Commission, 100 F Street NE.,
Washington, DC 20549-2736.
CONTESTING RECORD PROCEDURES:
See Record access procedures above.
RECORD SOURCE CATEGORIES:
Information is supplied by the record subject, their supervisors,
and the personnel security staff. Logs and details about access times
and functions used are provided by the system.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
By the Commission.
Dated: May 21, 2014.
Kevin M. O'Neill,
Deputy Secretary.
[FR Doc. 2014-12234 Filed 5-27-14; 8:45 am]
BILLING CODE 8011-01-P