79 FR 102 pgs. 30661-30667 - Privacy Act of 1974: Systems of Records.
Type: NOTICEVolume: 79Number: 102Pages: 30661 - 30667
Pages: 30661, 30662, 30663, 30664, 30665, 30666, 30667Docket number: [Release No. PA-51; File No. S7-06-14]
FR document: [FR Doc. 2014-12234 Filed 5-27-14; 8:45 am]
Agency: Securities and Exchange Commission
Official PDF Version: PDF Version
[top]
SECURITIES AND EXCHANGE COMMISSION
[Release No. PA-51; File No. S7-06-14]
Privacy Act of 1974: Systems of Records.
AGENCY:
Securities and Exchange Commission.
ACTION:
Notice to establish a new system of records and to revise two existing systems of records.
SUMMARY:
In accordance with the requirements of the Privacy Act of 1974, as amended, 5 U.S.C. 552a, the Securities and Exchange Commission ("Commission" or "SEC") proposes to establish a new system of records, "General Information Technology Records (SEC-67)." Additionally, two existing systems of records are being revised: "Office of the Chief Accountant Working File (SEC-28)" last published in the Federal Register Volume 62, Number 176 on September 11, 1997; and "Office of Inspector General Investigative Files (SEC-43)", last published in the Federal Register Volume 71, Number 105 on Thursday, June 1, 2006.
DATES:
The proposed systems will become effective July 7, 2014 unless further notice is given. The Commission will publish a new notice if the effective date is delayed to review comments or if changes are made based on comments received. To be assured of consideration, comments should be received on or before June 27, 2014.
ADDRESSES:
Comments may be submitted by any of the following methods:
Electronic Comments
• Use the Commission's Internet comment form ( http://www.sec.gov/rules/other.shtml ); or
• Send an email to rule-comments@sec.gov. Please include File Number S7-06-14 on the subject line.
Paper Comments
Send paper comments in triplicate to Kevin M. O'Neill, Deputy Secretary, U.S. Securities and Exchange Commission, 100 F Street NE., Washington, DC 20549-1090. All submissions should refer to File Number S7-06-14. This file number should be included on the subject line if email is used. To help process and review your comments more efficiently, please use only one method. The Commission will post all comments on the Commission's Internet Web site ( http://www.sec.gov/rules/other.shtml ). Comments are also available for Web site viewing and printing in the Commission's Public Reference Room, 100 F Street NE., Washington, DC 20549, on official business days between the hours of 10:00 a.m. and 3:00 p.m. All comments received will be posted without change; we do not edit personal identifying information from submissions. You should submit only information that you wish to make available publicly.
FOR FURTHER INFORMATION CONTACT:
Todd Scharf, Acting Chief Privacy Officer, Office of Information Technology, 202-551-8800.
SUPPLEMENTARY INFORMATION:
[top] The Commission proposes to establish a new system of records, "General Information Technology Records (SEC-67)," and to revise two existing systems of records, "Office of the Chief Accountant Working Files (SEC-28)," and "Office of Inspector General Investigative Files (SEC-43)." The General Information Technology Records (SEC-67) system of records maintains records on all persons who are authorized to access SEC
The Office of the Chief Accountant Working Files (SEC-28) contain records related to Accountants; persons associated with accountants and accounting firms; persons associated with SEC registrants, including individuals that submit requests for consultation with the Office of the Chief Accountant and individuals involved with or subjects of SEC investigations; and SEC personnel assigned to work on relevant matters. The Office of the Chief Accountant uses the records in formulating and applying accounting or auditing policies for documents to be filed with the Commission; in determining appropriate recommendations to the Commission relating to the disqualification of accountants to appear and practice before the Commission; to respond to inquiries concerning accounting and auditing matters; and to assist in investigations of possible violations of the federal securities laws. Substantive changes to SEC-28 have been made to the following sections: (1) Categories of Individuals, to clarify specific individuals covered in the records; (2) Categories of Records, modifying to include specific data elements collected on individuals, to include name, mailing address, telephone number and email address; (3) Purpose, stating the purposes of the system; (4) Routine Uses, expanding to include seven new routine uses located at numbers 1, 12, 18-22; and (5) Exemption Claimed for the System, updating to include notice that certain records from this system of records are exempt from the certain provisions of the Privacy Act. This exemption was originally adopted in 40 FR 44068 (September 24, 1975).
The Office of Inspector General Investigative Files (SEC-43) records are compiled by the Office of the Inspector General with respect to individuals, including subjects, complainants, and witnesses, involved in investigations or inquiries relating to SEC programs and operations. The Office of Inspector General uses the records to effectively and efficiently conduct investigations relating to the programs and operations of the SEC, as authorized by the Inspector General Act of 1978, as amended. Substantive changes to SEC-43 have been made to the following sections: (1) System Location, modifying to reflect the addition of an off-site location for closed investigatory files; (2) Categories of Individuals, clarifying the types of files contained in the system; (3) Categories of Records, providing additional details about the management system and adding additional types of individually identifiable documents; (4) Purpose, clarifying the purpose; and (5) Routine Uses, deleting routine uses previously numbered 5, 13 and 14, revising routine use previously numbered 17, and expanding to include seven new routine uses located at numbers 1, 6, 7, 8, 10, 12, and 13.
The Commission has submitted a report of the new system of records and the amended existing systems of records to the appropriate Congressional Committees and to the Director of the Office of Management and Budget ("OMB") as required by 5 U.S.C. 552a(r) (Privacy Act of 1974) and guidelines issued by OMB on December 12, 2000 (65 FR 77677).
Accordingly, the Commission is proposing to establish one new system of records and revise two existing systems of records to read as follows:
SEC-28
SYSTEM NAME:
Office of the Chief Accountant Working Files.
SYSTEM LOCATION:
Securities and Exchange Commission, 100 F Street, NE., Washington, DC 20549.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Accountants and persons associated with accountants and accounting firms and persons associated with SEC registrants, including individuals that submit requests for consultation with the Office of the Chief Accountant and individuals involved with or subjects of SEC investigations; and SEC personnel assigned to work on relevant matters.
CATEGORIES OF RECORDS IN THE SYSTEM:
The records contain names, mailing addresses, telephone numbers, email addresses, and/or information pertaining to accounting and auditing practices, problems, issues, and opinions and information concerning the activities of individuals in connection with Commission enforcement actions or in proceedings pursuant to the Commission's rules of practice.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
15 U.S.C. 77a et seq., 78a et seq., 7201 et seq., and 17 CFR 200.22.
PURPOSE(S):
1. To assist the Office of the Chief Accountant in performing the functions assigned to it by the Commission including the formulation and application of accounting or auditing policies in the case of documents required to be filed with the Commission and the determination of appropriate recommendations to the Commission relating to the disqualification of accountants to appear and practice before the Commission.
2. To respond to inquiries from Members of Congress, the press, and the public concerning accounting and auditing matters.
3. To assist investigations of possible violations of the Federal securities laws.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records or information contained therein may specifically be disclosed outside the Commission as a routine use pursuant to 5 U.S.C. 552 a(b)(3) as follows:
1. To appropriate agencies, entities, and persons when (a) it is suspected or confirmed that the security or confidentiality of information in the system of records has been compromised; (b) the SEC has determined that, as a result of the suspected or confirmed compromise, there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the SEC or another agency or entity) that rely upon the compromised information; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the SEC's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.
2. To other federal, state, local, or foreign law enforcement agencies; securities self-regulatory organizations; and foreign financial regulatory authorities to assist in or coordinate regulatory or law enforcement activities with the SEC.
[top] 3. To national securities exchanges and national securities associations that are registered with the SEC, the Municipal Securities Rulemaking Board; the Securities Investor Protection Corporation; the Public Company Accounting Oversight Board; the federal banking authorities, including, but not limited to, the Board of Governors of the
4. By SEC personnel for purposes of investigating possible violations of, or to conduct investigations authorized by, the federal securities laws.
5. In any proceeding where the federal securities laws are in issue or in which the Commission, or past or present members of its staff, is a party or otherwise involved in an official capacity.
6. In connection with proceedings by the Commission pursuant to Rule 102(e) of its Rules of Practice, 17 CFR 201.102(e).
7. To a bar association, state accountancy board, or other federal, state, local, or foreign licensing or oversight authority; or professional association or self-regulatory authority to the extent that it performs similar functions (including the Public Company Accounting Oversight Board) for investigations or possible disciplinary action.
8. To a federal, state, local, tribal, foreign, or international agency, if necessary to obtain information relevant to the SEC's decision concerning the hiring or retention of an employee; the issuance of a security clearance; the letting of a contract; or the issuance of a license, grant, or other benefit.
9. To a federal, state, local, tribal, foreign, or international agency in response to its request for information concerning the hiring or retention of an employee; the issuance of a security clearance; the reporting of an investigation of an employee; the letting of a contract; or the issuance of a license, grant, or other benefit by the requesting agency, to the extent that the information is relevant and necessary to the requesting agency's decision on the matter.
10. To produce summary descriptive statistics and analytical studies, as a data source for management information, in support of the function for which the records are collected and maintained or for related personnel management functions or manpower studies; may also be used to respond to general requests for statistical information (without personal identification of individuals) under the Freedom of Information Act.
11. To any trustee, receiver, master, special counsel, or other individual or entity that is appointed by a court of competent jurisdiction, or as a result of an agreement between the parties in connection with litigation or administrative proceedings involving allegations of violations of the federal securities laws (as defined in section 3(a)(47) of the Securities Exchange Act of 1934, 15 U.S.C. 78c(a)(47)) or pursuant to the Commission's Rules of Practice, 17 CFR 201.100-900 or the Commission's Rules of Fair Fund and Disgorgement Plans, 17 CFR 201.1100-1106, or otherwise, where such trustee, receiver, master, special counsel, or other individual or entity is specifically designated to perform particular functions with respect to, or as a result of, the pending action or proceeding or in connection with the administration and enforcement by the Commission of the federal securities laws or the Commission's Rules of Practice or the Rules of Fair Fund and Disgorgement Plans.
12. To any persons during the course of any inquiry, examination, or investigation conducted by the SEC's staff, or in connection with civil litigation, if the staff has reason to believe that the person to whom the record is disclosed may have further information about the matters related therein, and those matters appeared to be relevant at the time to the subject matter of the inquiry.
13. To interns, grantees, experts, contractors, and others who have been engaged by the Commission to assist in the performance of a service related to this system of records and who need access to the records for the purpose of assisting the Commission in the efficient administration of its programs, including by performing clerical, stenographic, or data analysis functions, or by reproduction of records by electronic or other means. Recipients of these records shall be required to comply with the requirements of the Privacy Act of 1974, as amended, 5 U.S.C. 552a.
14. In reports published by the Commission pursuant to authority granted in the federal securities laws (as such term is defined in section 3(a)(47) of the Securities Exchange Act of 1934, 15 U.S.C. 78c(a)(47)), which authority shall include, but not be limited to, section 21(a) of the Securities Exchange Act of 1934, 15 U.S.C. 78u(a).
15. To members of advisory committees that are created by the Commission or by Congress to render advice and recommendations to the Commission or to Congress, to be used solely in connection with their official designated functions.
16. To any person who is or has agreed to be subject to the Commission's Rules of Conduct, 17 CFR 200.735-1 to 200.735-18, and who assists in the investigation by the Commission of possible violations of the federal securities laws (as such term is defined in section 3(a)(47) of the Securities Exchange Act of 1934, 15 U.S.C. 78c(a)(47), in the preparation or conduct of enforcement actions brought by the Commission for such violations, or otherwise in connection with the Commission's enforcement or regulatory functions under the federal securities laws.
17. To a Congressional office from the record of an individual in response to an inquiry from the Congressional office made at the request of that individual.
18. To members of Congress, the press, and the public in response to inquiries relating to particular Registrants and their activities, and other matters under the Commission's jurisdiction.
19. To prepare and publish information relating to violations of the federal securities laws as provided in 15 U.S.C. 78c(a)(47), as amended.
20. To respond to subpoenas in any litigation or other proceeding.
21. To a trustee in bankruptcy.
22. To members of Congress, the Government Accountability Office, or others charged with monitoring the work of the Commission or conducting records management inspections.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Records are maintained in electronic and paper format. Electronic records are stored in computerized databases, magnetic disc, tape and/or digital media. Paper records and records on computer disc are stored in locked file rooms and/or file cabinets.
RETRIEVABILITY:
Paper records are searchable by name, subject, firm, date, and/or internal file number. Electronic records are searchable through routine word searches to include searches by name, subject, firm and/or keyword.
SAFEGUARDS:
[top] Access to SEC facilities, data centers, and information or information systems is limited to authorized personnel with official duties requiring access. SEC facilities are equipped with security cameras and 24-hour security guard service. The records are kept in limited access areas during duty hours and in locked file cabinets and/or locked offices or file rooms at all other times. Computerized records are safeguarded in a secured environment. Security
RETENTION AND DISPOSAL:
These records will be maintained until they become inactive, at which time they will be retired or destroyed in accordance with records schedules of the United States Securities and Exchange Commission and as approved by the National Archives and Records Administration.
SYSTEM MANAGER(S) AND ADDRESS:
Chief Accountant, Office of the Chief Accountant, Securities and Exchange Commission, 100 F Street NE., Washington, DC 20549.
NOTIFICATION PROCEDURE:
All requests to determine whether this system of records contains a record pertaining to the requesting individual may be directed to the FOIA/PA Officer, Securities and Exchange Commission, 100 F Street NE., Washington, DC 20549-5100.
RECORD ACCESS PROCEDURES:
Persons wishing to obtain information on the procedures for gaining access to or contesting the contents of these records may contact the FOIA/PA Officer, Securities and Exchange Commission, 100 F Street NE., Washington, DC 20549-5100.
CONTESTING RECORD PROCEDURES:
See Record access procedures above.
RECORD SOURCE CATEGORIES:
The information contained in the system is derived from official SEC records, letters and inquiries from the public, SEC staff memoranda, which may include information derived from investigations, litigation, and other submissions, and professional auditing and accounting literature and information received from individuals including where practicable those to whom the records relate.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
Under 5 U.S.C. 552a(k)(2), this system of records is exempted from the following provisions of the Privacy Act, 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (H), and (I), and (f) and 17 CFR 200.303, 200.304, and 200.306, insofar as it contains investigatory materials compiled for law enforcement purposes. This exemption is contained in 17 CFR 200.312(a)(3).
SEC-43
SYSTEM NAME:
Office of Inspector General Investigative Files.
SYSTEM LOCATION:
Office of the Inspector General, Securities and Exchange Commission (SEC), 100 F Street NE., Washington, DC 20549. Closed investigatory files may be stored at a federal records center in accordance with the SEC's records retention schedule.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
This system of records contains records on individuals, including subjects, complainants, and witnesses, in connection with the Office of Inspector General's investigations or inquiries relating to programs and operations of the SEC.
CATEGORIES OF RECORDS IN THE SYSTEM:
Records include: a case management system that contains a unique control number, descriptive information, and supporting documents for each investigation or preliminary inquiry; incoming complaints and complaint logs; preliminary inquiry files and indexes; correspondence relating to investigations; internal staff memoranda concerning investigations; copies of all subpoenas issued during investigations; subpoena logs; affidavits, declarations and statements from witnesses; transcripts of interviews conducted or testimony taken in the investigation and accompanying exhibits; documents and records obtained during investigations; working papers of the staff and other documents and records relating to the investigation; investigative plans, operation plans, status reports, reports of investigation, and closing memoranda; information and documents relating to grand jury proceedings; arrest and search warrant affidavits; information and documents relating to criminal, civil, and administrative actions; information and documents received from other law enforcement entities; personnel information for witnesses and subjects; and investigative peer review files.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Inspector General Act of 1978, as amended, Pub. L. 95-452, 5 U.S.C. App.
PURPOSE(S):
The purpose of this system of records is to enable the Office of Inspector General to effectively and efficiently conduct investigations relating to the programs and operations of the SEC, as authorized by the Inspector General Act of 1978, as amended.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records or information contained therein may specifically be disclosed outside the Commission as a routine use pursuant to 5 U.S.C. 552 a(b)(3) as follows:
1. To appropriate agencies, entities, and persons when (a) it is suspected or confirmed that the security or confidentiality of information in the system of records has been compromised; (b) the SEC has determined that, as a result of the suspected or confirmed compromise, there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the SEC or another agency or entity) that rely upon the compromised information; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the SEC's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.
2. Where there is an indication of a violation or a potential violation of law, whether civil, criminal or regulatory in nature, to the appropriate agency, whether Federal, foreign, state, or local, or to a securities self-regulatory organization, charged with enforcing or implementing the statute, or rule, regulation or order.
3. To Federal, foreign, state, or local authorities in order to obtain information or records relevant to an Office of Inspector General investigation or inquiry.
[top] 4. To non-governmental parties where those parties may have information the Office of Inspector General seeks to
5. To respond to subpoenas in any litigation or other proceeding.
6. In connection with proceedings by the Commission pursuant to Rule 102(e) of its Rules of Practice, 17 CFR 201.102(e).
7. To a bar association, state accountancy board, or other federal, state, local, or foreign licensing or oversight authority; or professional association or self-regulatory authority to the extent that it performs similar functions (including the Public Company Accounting Oversight Board) for investigations or possible disciplinary action.
8. To a federal, state, local, tribal, foreign, or international agency, if necessary to obtain information relevant to the SEC's decision concerning the hiring or retention of an employee; the issuance of a security clearance; the letting of a contract; or the issuance of a license, grant, or other benefit.
9. To a federal, state, local, tribal, foreign, or international agency in response to its request for information concerning the hiring or retention of an employee; the issuance of a security clearance; the reporting of an investigation of an employee; the letting of a contract; or the issuance of a license, grant, or other benefit by the requesting agency, to the extent that the information is relevant and necessary to the requesting agency's decision on the matter.
10. To produce summary descriptive statistics and analytical studies, as a data source for management information, in support of the function for which the records are collected and maintained or for related personnel management functions or manpower studies; may also be used to respond to general requests for statistical information (without personal identification of individuals) under the Freedom of Information Act.
11. To inform complainants, victims, and witnesses of the results of an investigation or inquiry.
12. To any persons during the course of any inquiry, audit, or investigation conducted by the SEC's staff, or in connection with civil litigation, if the staff has reason to believe that the person to whom the record is disclosed may have further information about the matters related therein, and those matters appeared to be relevant at the time to the subject matter of the inquiry.
13. To interns, grantees, experts, contractors, and others who have been engaged by the Commission to assist in the performance of a service related to this system of records and who need access to the records for the purpose of assisting the Commission in the efficient administration of its programs, including by performing clerical, stenographic, or data analysis functions, or by reproduction of records by electronic or other means. Recipients of these records shall be required to comply with the requirements of the Privacy Act of 1974, as amended, 5 U.S.C. 552a.
14. To qualified individuals or organizations in connection with the performance of a peer review or other study of the Office of Inspector General's audit or investigative functions.
15. To a Federal agency responsible for considering debarment or suspension action if the record would be relevant to such action.
16. To the Department of Justice for the purpose of obtaining its advice on Freedom of Information Act matters.
17. To a Congressional office from the record of an individual in response to an inquiry from the Congressional office made at the request of that individual.
18. To the Office of Government Ethics (OGE) to comply with agency reporting requirements established by OGE in 5 CFR 2638, subpart F.
19. To the Department of Justice and/or the Office of General Counsel of the SEC when the defendant in litigation is: (a) Any component of the SEC or any employee of the SEC or any employee of the SEC in his or her official capacity; (b) the United States where the SEC determines that the claim, if successful, is likely to directly affect the operations of the SEC; or (c) any SEC employee in his or her individual capacity where the Department of Justice and/or the Office of General Counsel of the SEC agree to represent such employee.
20. To the news media and the public when there exists a legitimate public interest ( e.g., to provide information on events in the criminal process, such as an indictment).
21. To the Council of the Inspectors General on Integrity and Efficiency, another Federal Office of Inspector General, or other Federal law enforcement office in connection with an allegation of wrongdoing by the Inspector General or staff members of the Office of Inspector General.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Records are maintained in electronic and paper format. Electronic records are stored in computerized databases, magnetic disc, tape and/or digital media. Paper records and records on computer disc are stored in locked file rooms and/or file cabinets.
RETRIEVABILITY:
The records may be retrieved by the name of the complainant, subject, witness, or victim; the investigative staff name for the investigation or inquiry; or other indexed information.
SAFEGUARDS:
Access to SEC facilities, data centers, and information or information systems is limited to authorized personnel with official duties requiring access. SEC facilities are equipped with security cameras and 24-hour security guard service. The records are kept in limited access areas during duty hours and in locked file cabinets and/or locked offices or file rooms at all other times. Computerized records are safeguarded in a secured environment. Security protocols meet the promulgating guidance as established by the National Institute of Standards and Technology (NIST) Security Standards from Access Control to Data Encryption and Security Assessment & Authorization (SA&A). Records are maintained in a secure, password-protected electronic system that will utilize commensurate safeguards that may include: firewalls, intrusion detection and prevention systems, and role-based access controls. Additional safeguards will vary by program. All records are protected from unauthorized access through appropriate administrative, operational, and technical safeguards. These safeguards include: restricting access to authorized personnel who have a "need to know"; using locks; and password protection identification features. Contractors and other recipients providing services to the Commission shall be required to maintain equivalent safeguards.
RETENTION AND DISPOSAL:
These records will be maintained until they become inactive, at which time they will be retired or destroyed in accordance with the SEC's records retention schedule, as approved by the National Archives and Records Administration.
SYSTEM MANAGER(S) AND ADDRESS:
Inspector General, Office of Inspector General, Securities and Exchange Commission, 100 F Street NE., Washington, DC 20549.
NOTIFICATION PROCEDURE:
[top] All requests to determine whether this system of records contains a record pertaining to the requesting individual may be directed to the FOIA/PA Officer, Securities and Exchange Commission,
RECORD ACCESS PROCEDURES:
Persons wishing to obtain information on the procedures for gaining access to or contesting the contents of these records may contact the FOIA/PA Officer, Securities and Exchange Commission, 100 F Street NE., Washington, DC 20549-2736.
CONTESTING RECORD PROCEDURES:
See record access procedures above.
RECORD SOURCE CATEGORIES:
Information in these records is supplied by: Individuals including, where practicable, those to whom the information relates; witnesses, corporations and other entities; records of individuals and of the SEC; records of other entities; Federal, foreign, state or local bodies and law enforcement agencies; documents and correspondence relating to litigation; transcripts of testimony; and miscellaneous other sources.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
Pursuant to 5 U.S.C. 552a(j)(2) and 17 CFR 200.313(a), this system of records, is exempt from the provisions of the Privacy Act of 1974, 5 U.S.C. 552a, except subsections (b), (c)(1) and (2), (e)(4)(A) through (F), (e)(6), (7), (9), (10), and (11), and (i), and 17 CFR 200.303, 200.403, 200.306, 200.307, 200.308, 200.309, and 200.310, insofar as the system contains information pertaining to criminal law enforcement investigations.
Pursuant to 5 U.S.C. 552a(k)(2) and 17 CFR 200.313(b), this system of records is exempt from 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (H), and (I), and (f), and 17 CFR 200.303, 200.304, and 200.306, insofar as the system contains investigatory materials compiled for law enforcement purposes.
SEC-67
SYSTEM NAME:
General Information Technology Records
SYSTEM LOCATION:
Securities and Exchange Commission, Headquarters, 100 F Street NE., Washington, DC 20549 and the SEC's Regional Offices.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Records are maintained on all individuals who are authorized to access SEC information or information systems; including: employees, contractors, students, interns, volunteers, affiliates, others working on behalf of the SEC, and individuals formerly in any of these positions. Records may also include individuals who voluntarily join an SEC-owned and operated web portal for collaboration purposes; individuals who request access but are denied, and/or who have had access revoked.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system of records may include: users' names; social security numbers; business telephone numbers; cellular phone numbers; pager numbers; levels of access; physical and email addresses; titles; departments; division; contractor/employee status; computer logon addresses; password hashes; user identification codes; dates and times of access; IP addresses; logs of internet activity; types of access/permissions required; failed access data; archived transaction data; historical data; and justifications for access to SEC computers, networks, or systems. For individuals who telecommute from home or a telework center, the records may contain the Internet Protocol (IP) address and telephone number at that location. For contractors, the system may contain the company name, contract number, and contract expiration date. The system may also contain details regarding: programs; databases; functions; and sites accessed and/or used, dates and times of use, information products created, received, or altered during use, and access or functionality problems reported for technical support and resolution.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. § 302, Delegation of Authority; 44 U.S.C. § 3534; Federal Information Security Act (Pub. L. 104-106, section 5113); Electronic Government Act (Pub. L. 104-347, section 203); and E.O. 9397 (SSN), as amended by E.O. 13487.
PURPOSE(S):
The purpose of this system is to (1) provide authentication and authorization to individuals with access to SEC-controlled information and information system networks; (2) collect, review, and maintain any logs, audit trails, or other such security data regarding the use of SEC information or information systems; and (3) to enable the Commission to detect, report, and take appropriate action against improper or unauthorized access to SEC-controlled information and information systems networks. The records will also enable the SEC to provide individuals access to certain programs and meeting attendance and, where appropriate, allow for sharing of information between individuals in the same operational program to facilitate collaboration. SEC management personnel may use statistical data, with all personal identifiers removed or masked, for system efficiency, workload calculation, or reporting purposes.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records or information contained therein may specifically be disclosed outside the Commission as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
1. To appropriate agencies, entities, and persons when (a) it is suspected or confirmed that the security or confidentiality of information in the system of records has been compromised; (b) the SEC has determined that, as a result of the suspected or confirmed compromise, there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the SEC or another agency or entity) that rely upon the compromised information; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the SEC's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.
2. To other federal, state, local, or foreign law enforcement agencies; securities self-regulatory organizations; and foreign financial regulatory authorities to assist in or coordinate regulatory or law enforcement activities with the SEC.
3. In any proceeding where the federal securities laws are in issue or in which the Commission, or past or present members of its staff, is a party or otherwise involved in an official capacity.
4. To a federal, state, local, tribal, foreign, or international agency, if necessary to obtain information relevant to the SEC's decision concerning the hiring or retention of an employee; the issuance of a security clearance; the letting of a contract; or the issuance of a license, grant, or other benefit
[top] 5. To a federal, state, local, tribal, foreign, or international agency in response to its request for information concerning the hiring or retention of an employee; the issuance of a security clearance; the reporting of an investigation of an employee; the letting of a contract; or the issuance of a
6. To produce summary descriptive statistics and analytical studies, as a data source for management information, in support of the function for which the records are collected and maintained or for related personnel management functions or manpower studies; may also be used to respond to general requests for statistical information (without personal identification of individuals) under the Freedom of Information Act
7. To any persons during the course of any inquiry, examination, or investigation conducted by the SEC's staff, or in connection with civil litigation, if the staff has reason to believe that the person to whom the record is disclosed may have further information about the matters related therein, and those matters appeared to be relevant at the time to the subject matter of the inquiry.
8. To interns, grantees, experts, contractors, and others who have been engaged by the Commission to assist in the performance of a service related to this system of records and who need access to the records for the purpose of assisting the Commission in the efficient administration of its programs, including by performing clerical, stenographic, or data analysis functions, or by reproduction of records by electronic or other means. Recipients of these records shall be required to comply with the requirements of the Privacy Act of 1974, as amended, 5 U.S.C. § 552a.
9. To respond to subpoenas in any litigation or other proceeding.
10. To a Congressional office from the record of an individual in response to an inquiry from the Congressional office made at the request of that individual.
11. To members of Congress, the Government Accountability Office, or others charged with monitoring the work of the Commission or conducting records management inspections.
12. To a commercial contractor in connection with benefit programs administered by the contractor on the Commission's behalf, including, but not limited to, supplemental health, dental, disability, life and other benefit programs.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Records are maintained in electronic and paper format. Electronic records are stored in computerized databases, magnetic disc, tape and/or digital media. Paper records and records on computer disc are stored in locked file rooms and/or file cabinets.
RETRIEVABILITY:
Information may be retrieved, sorted, and/or searched by an identification number assigned by the computer, the last 2 digits of a social security number, email address, or by the name of the individual, or other employee data fields previously identified in this SORN.
SAFEGUARDS:
Access to SEC facilities, data centers, and information or information systems is limited to authorized personnel with official duties requiring access. SEC facilities are equipped with security cameras and 24-hour security guard service. The records are kept in limited access areas during duty hours and in locked file cabinets and/or locked offices or file rooms at all other times. Computerized records are safeguarded in a secured environment. Security protocols meet the promulgating guidance as established by the National Institute of Standards and Technology (NIST) Security Standards from Access Control to Data Encryption and Security Assessment & Authorization (SA&A). Records are maintained in a secure, password-protected electronic system that will utilize commensurate safeguards that may include: firewalls, intrusion detection and prevention systems, and role-based access controls. Additional safeguards will vary by program. All records are protected from unauthorized access through appropriate administrative, operational, and technical safeguards. These safeguards include: restricting access to authorized personnel who have a "need to know"; using locks; and password protection identification features. Contractors and other recipients providing services to the Commission shall be required to maintain equivalent safeguards.
RETENTION AND DISPOSAL:
These records will be maintained until they become inactive, at which time they will be retired or destroyed in accordance with the SEC's records retention schedule, as approved by the National Archives and Records Administration.
SYSTEM MANAGER(S) AND ADDRESS:
Chief Information Officer, Securities and Exchange Commission, 100 F Street NE., Washington, DC 20549-2736.
NOTIFICATION PROCEDURE:
All requests to determine whether this system of records contains a record pertaining to the requesting individual may be directed to the FOIA/PA Officer, Securities and Exchange Commission, 100 F Street NE., Washington, DC 20549-2736.
RECORD ACCESS PROCEDURES:
Persons wishing to obtain information on the procedures for gaining access to or contesting the contents of these records may contact the FOIA/PA Officer, Securities and Exchange Commission, 100 F Street NE., Washington, DC 20549-2736.
CONTESTING RECORD PROCEDURES:
See Record access procedures above.
RECORD SOURCE CATEGORIES:
Information is supplied by the record subject, their supervisors, and the personnel security staff. Logs and details about access times and functions used are provided by the system.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
By the Commission.
Dated: May 21, 2014.
Kevin M. O'Neill,
Deputy Secretary.
[FR Doc. 2014-12234 Filed 5-27-14; 8:45 am]
BILLING CODE 8011-01-P