87 FR 12 pgs. 2777-2779 - Privacy Act of 1974; System of Records
Type: NOTICEVolume: 87Number: 12Pages: 2777 - 2779
Pages: 2777, 2778, 2779FR document: [FR Doc. 2022-00924 Filed 1-18-22; 8:45 am]
Agency: Energy Department
Sub Agency: Federal Energy Regulatory Commission
Official PDF Version: PDF Version
[top]
DEPARTMENT OF ENERGY
Federal Energy Regulatory Commission
Privacy Act of 1974; System of Records
AGENCY:
Federal Energy Regulatory Commission, DOE.
ACTION:
Notice of a modified system of records.
SUMMARY:
The Federal Energy Regulatory Commission (FERC) is publishing notice of modifications to an existing FERC system of records, FERC-56 titled Management, Administrative, and Payroll System (MAPS) Financials System, and reissuing this system of records under its new name titled FERC-56-PeopleSoft Financials. In accordance with the Privacy Act of 1974, and to comply with the Office of Management and Budget (OMB) Memorandum M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information, January 3, 2017, this notice will create 13 new routine uses, including two new routine uses that will permit FERC to disclose information as necessary in response to an actual or suspected breach that pertains to a breach of its own records or to assist another agency in its efforts to respond to a breach. This System of Records Notice (SORN) also describes the Commission's financial management application name change, and the inclusion of new breach response routine uses.
DATES:
In accordance with 5 U.S.C. 552a(e)(4) and (11), this system of records notice is effective upon publication, with the exception of the routine uses, which will go into effect February 18, 2022, unless comments have been received from interested members of the public requiring modification and republication of the notice. Please submit any comments by February 18, 2022.
ADDRESSES:
Any person interested in commenting on the establishment of this modified system of records may do so by submitting comments electronically to: Privacy@ferc.gov (Include reference to "PeopleSoft Financials-FERC-56" in the subject line of the message.)
For United States Postal Service-delivered mail: Director, Office of External Affairs, Federal Energy Regulatory Commission, 888 First Street NE, Room 4A-05, Washington, DC 20426.
For hand-delivered or courier-delivered mail: Director, Office of External Affairs, Federal Energy Regulatory Commission, 12225 Wilkins Avenue, Rockville, Maryland 20852.
FOR FURTHER INFORMATION CONTACT:
Mittal Desai, Chief Information Officer & Senior Agency Official for Privacy, Office of the Executive Director, Federal Energy Regulatory Commission, 888 First Street NE, Washington, DC 20426, (202) 502-6432.
SUPPLEMENTARY INFORMATION:
FERC maintains the PeopleSoft Financials system, the Commission's official financial management system that is used to account for and control appropriated resources and to maintain accounting and financial information associated with the operations of FERC. There are several changes to this System of Records Notice since its last publication.
[top] First, the Management, Administrative, and Payroll System (MAPS) Financials System (FERC-56) System of Records Notice was last published in the Federal Register on September 23, 2009 (74 FR 48530). This notice is being modified to inform the public that this system has undergone a name change and will no longer be called Management, Administrative, and Payroll System Financials System. This system is now called PeopleSoft Financials. Second, FERC is modifying the existing routine uses for this system to include, among others, routine uses that allow FERC the ability to disclose records in response to a breach involving its own records or to assist another agency in its efforts to respond to a breach, in compliance with Office
SYSTEM NAME AND NUMBER:
PeopleSoft Financials-FERC-56
SECURITY CLASSIFICATION:
Unclassified
SYSTEM LOCATION:
Federal Energy Regulatory Commission, Office of the Executive Director, 888 First Street NE, Washington, DC 20426.
Third-Party Service Provider: Accenture Federal Services, 800 N Glebe Rd., #300, Arlington, VA 22203.
SYSTEM MANAGER(S):
System Manager/Project Manager, Federal Energy Regulatory Commission, Office of the Executive Director, Financial Information Technology and Travel Division, 888 First Street NE, Washington, DC 20426.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Title 31 U.S.C. 3511, Prescribing accounting requirements and developing accounting systems.
PURPOSE(S) OF THE SYSTEM:
The PeopleSoft Financials system is the official financial management system for FERC to account for and control appropriated resources and to maintain accounting and financial information associated with the normal operation of a U.S. government organization. The information in this system is used to make authorized payments for goods and services to companies or individuals doing business with FERC, to make authorized reimbursement payments to an employee, to prepare Internal Revenue Service (IRS) -1099 tax reports, and to account for regulatory fees owed to FERC. The system is also used to provide the Commission with advanced analytics and dashboard reports for financial, Human Resource (HR), and payroll data.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Peoplesoft Financials maintains records on salaried employees, non-salaried employees, current employees, former employees, vendors, consultants, legal representatives, representatives of regulated entities.
CATEGORIES OF RECORDS IN THE SYSTEM:
PeopleSoft Financials contains financial and Human Resources records on current and former employees, such as names, home addresses, bank account number, credit card numbers, invoices, claims for reimbursement, claims based on a legal settlement, Social Security Numbers (SSNs)/Taxpayer Identification Numbers (TINs), as well as HR actions (SF-50) and employee identifier. PeopleSoft Financials also contain financial records on vendors, consultants, legal representatives, as part of a contract or reimbursement claim, which include names, home or business addresses, vendor IDs, SSNs/TINs, bank account numbers for electronic fund transfer of payments, invoices, and claims for reimbursement.
RECORD SOURCE CATEGORIES:
Information is obtained from current and former employees seeking reimbursement from FERC for expenses incurred while on official travel or for training; current and former employees for the purposes of collecting receivables for FERC; current and former employees for the payment of legal settlements; current and former employees for the purposes of generating and maintaining payroll records and associated reporting on benefits and retirement data; and vendors and individual points of contact for a vendor seeking reimbursement for goods or services provided to FERC.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, information maintained in this system may be disclosed to authorized entities outside FERC for purposes determined to be relevant and necessary as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
1. To appropriate agencies, entities, and persons when: (1) FERC suspects or has confirmed that there has been a breach of the system of records; (2) FERC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Commission (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Commission's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
2. To another Federal agency or Federal entity, when FERC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in: (1) Responding to a suspected or confirmed breach; or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
3. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of that individual.
4. To the Equal Employment Opportunity Commission (EEOC) when requested in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or other functions of the Commission as authorized by law or regulation.
5. To the Federal Labor Relations Authority or its General Counsel when requested in connection with investigations of allegations of unfair labor practices or matters before the Federal Service Impasses Panel.
6. To disclose information to another Federal agency, to a court, or a party in litigation before a court or in an administrative proceeding being conducted by a Federal agency, where the record is relevant and necessary to the proceeding and the Government is a party to the judicial or administrative proceeding. In those cases where the Government is not a party to the proceeding, records may be disclosed if a subpoena has been signed by a judge.
7. To the Department of Justice (DOJ) for its use in providing legal advice to FERC or in representing FERC in a proceeding before a court, adjudicative body, or other administrative body, where the use of such information by the DOJ is deemed by FERC to be relevant and necessary to the advice or proceeding, and such proceeding names as a party in interest: (a) FERC; (b) Any employee of FERC in his or her official capacity; (c) Any employee of FERC in his or her individual capacity where DOJ has agreed to represent the employee; or (d) The United States, where FERC determines that litigation is likely to affect FERC or any of its components;
8. To non-Federal Personnel, such as Contractors, agents, or other authorized individuals performing work on a contract, service, cooperative agreement, job, or other activity on behalf of FERC or Federal Government and who have a need to access the information in the performance of their duties or activities;
[top] 9. To the National Archives and Records Administration in records management inspections and its role as Archivist, as permitted by 44 U.S.C. 2904 and 2906.
10. To appropriate Federal, State, or local agency responsible for investigating, prosecuting, enforcing, or implementing a statute, rule, regulation, or order, if the information may be relevant to a potential violation of civil or criminal law, rule, regulation, order.
11. To the Department of Treasury Users to issue authorized payments to companies and individuals or to issue authorized reimbursement payments to employees.
12. To IRS Users and companies or individuals who have received qualifying payments during the tax year as recipients of IRS-1099 reporting.
13. To disclose information to Government Services Administration (GSA), Department of the Interior, and other Federal Agencies under contractual obligations with FERC to assist in the management and transmittal of payroll and reimbursements.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained in electronic format, on a FedRAMP-authorized cloud service provider. In addition, all FERC employees and contractors with authorized access have undergone a thorough background security investigation. Data access is restricted to agency personnel or contractors whose responsibilities require access. Access to electronic records is controlled by "User ID" and password combination and/or other network access or security controls ( e.g., firewalls). Role based access is used to restrict electronic data access and the organization employs the principle of least privilege, allowing only authorized users with access (or processes acting on behalf of users) necessary to accomplish assigned tasks in accordance with organizational missions and business functions.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records may be retrieved by name of employee or name of vendor, and vendor ID (system unique) for both employees and vendors.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained in accordance with the applicable National Archives and Records Administration schedules, General Records Schedule (GRS) 5.2: Transitory and Intermediary Records (GRS 5.2 Item 020 Intermediary Records: https://www.archives.gov/files/records-mgmt/grs/grs05-2.pdf )." Materials, including hard copy printouts derived from electronic records created on an ad hoc basis for reference purposes or to meet day-today business needs, are destroyed when the Commission determines that they are no longer needed for administrative, legal, audit, or other operational purposes. Additionally, PeopleSoft Financials system of records is retained as defined by the NARA approved Records Control Schedule, for financial records ( https://www.archives.gov/files/records-mgmt/grs/grs01-1.pdf ), and https://www.archives.gov/files/records-mgmt/grs/grs02-2.pdf for Human Resources records.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Physical access to FERC is controlled by security guards and admission is limited to those individuals possessing a valid identification card or individuals under proper escort. All personnel are required to go through a background check prior to being granted access to the system. The system utilizes role-based access controls to restrict access to PII based on job function and role. Data-at-rest encryption is applied as a safeguard to all files containing PII Data. The system is secured with the safeguards required by FedRAMP and NIST SP 800-53.
RECORD ACCESS PROCEDURES:
Submit a Privacy Act Request
The Privacy Act permits access to records about yourself that are maintained by FERC in a Privacy Act system of records. In addition, you may request that incorrect or incomplete information be changed or amended.
Privacy requests follow FERC's Freedom of Information Act (FOIA) request process. You may access the FOIA website at https://www.ferc.gov/freedom-information-act-foia-and-privacy-act.
For questions: Contact the FOIA Service Center at 202-502-6088 or by email at foia-ceii@ferc.gov. Written request for access to records should be directed to:
For United States Postal Service-delivered mail: Director, Office of External Affairs, Federal Energy Regulatory Commission, 888 First Street NE, Washington, DC 20426.
For hand-delivered or courier-delivered mail: Director, Office of External Affairs, Federal Energy Regulatory Commission, 12225 Wilkins Avenue, Rockville, Maryland 20852.
CONTESTING RECORD PROCEDURES:
The Privacy Act permits access to records about yourself that are maintained by FERC in a Privacy Act system of records. In addition, you may request that incorrect or incomplete information be changed or amended.
Privacy requests follow FERC's Freedom of Information Act (FOIA) request process. You may access the FOIA website at https://www.ferc.gov/freedom-information-act-foia-and-privacy-act.
For questions: Contact the FOIA Service Center at 202-502-6088 or by email at foia-ceii@ferc.gov.
Written request to contest records should be directed to:
For United States Postal Service-delivered mail: Director, Office of External Affairs, Federal Energy Regulatory Commission, 888 First Street NE, Washington, DC 20426.
For hand-delivered or courier-delivered mail: Director, Office of External Affairs, Federal Energy Regulatory Commission, 12225 Wilkins Avenue, Rockville, Maryland 20852.
NOTIFICATION PROCEDURES:
The Privacy Act permits access to records about yourself that are maintained by FERC in a Privacy Act system of records. In addition, you may request that incorrect or incomplete information be changed or amended.
Privacy requests follow FERC's Freedom of Information Act (FOIA) request process. You may access the FOIA website at https://www.ferc.gov/freedom-information-act-foia-and-privacy-act.
For questions: Contact the FOIA Service Center at 202-502-6088 or by email at foia-ceii@ferc.gov.
Written request for access to records should be directed to:
For United States Postal Service-delivered mail: Director, Office of External Affairs, Federal Energy Regulatory Commission, 888 First Street NE, Washington, DC 20426.
For hand-delivered or courier-delivered mail: Director, Office of External Affairs, Federal Energy Regulatory Commission, 12225 Wilkins Avenue, Rockville, Maryland 20852.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
Peoplesoft Financials was previously published in the Federal Register as Management, Administrative, and Payroll System (MAPS) Financials System. The previous Federal Register notice citation is Federal Register Vol.74, No. 183, Wednesday, September 23, 2009.
Issued: January 12, 2022.
Kimberly D. Bose,
Secretary.
[FR Doc. 2022-00924 Filed 1-18-22; 8:45 am]
BILLING CODE 6717-01-P