Federal Housing Finance Board.
Interim final rule with request for comments.
As part of a comprehensive review of agency practices related to the collection, use, and protection of personally identifiable information, the Federal Housing Finance Board Start Printed Page 60811(Finance Board) is updating both its systems of records and implementing rule under the Privacy Act of 1974 (Privacy Act). This interim final rule revises the agency's Privacy Act regulation to include new sections concerning security of systems of records, use and collection of social security numbers, and employee responsibilities under the Privacy Act. Elsewhere in this issue of the Federal Register, the Finance Board is publishing a notice concerning updates to the Finance Board's Privacy Act systems of records.
The Finance Board also is amending the fee schedule in its Freedom of Information Act (FOIA) regulation to take into account increased salary and operating costs. The Finance Board determines the amount of the fee it charges to duplicate records under the Privacy Act in accordance with the FOIA fee schedule.
The interim final rule will become effective on October 17, 2006. The Finance Board will accept comments on the interim final rule in writing on or before November 16, 2006.
Comments: Submit comments to the Finance Board only once, using any one of the following methods:
Mail/Hand Delivery: Federal Housing Finance Board, 1625 Eye Street NW., Washington DC 20006, Attention: Public Comments.
Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments. If you submit your comment to the Federal eRulemaking Portal, please also send it by e-mail to the Finance Board at email@example.com to ensure timely receipt by the agency. Include the following information in the subject line of your submission: Federal Housing Finance Board. Interim Final Rule: Privacy Act and Freedom of Information Act; Implementation. RIN Number 3069-AB32. Docket Number 2006-19.
We will post all public comments we receive without change, including any personal information you provide, such as your name and address, on the Finance Board Web site at http://www.fhfb.gov/Default.aspx?Page=93&Top=93.Start Further Info
FOR FURTHER INFORMATION CONTACT:
Janice A. Kaye, Privacy Act Official and Senior Attorney-Advisor, Office of General Counsel, firstname.lastname@example.org or 202-408-2505; or David A. Lee, Chief Privacy Officer and Deputy Director, Office of Management, email@example.com or 202-408-2514. You can send regular mail to the Federal Housing Finance Board, 1625 Eye Street NW., Washington DC 20006.End Further Info End Preamble Start Supplemental Information
I. Background and Analysis of the Interim Final Rule
In light of the recent theft of sensitive personal information from various federal agencies and in response to the Office of Management and Budget's memorandum (M-06-15 (May 22, 2006)) directing agencies to review privacy policies and processes, the Finance Board has undertaken a comprehensive review of agency practices related to the collection, use, and protection of personally identifiable information. As a result of that review, the Finance Board has enhanced the safeguards for sensitive information by adding two-factor authentication and data encryption to the agency's network infrastructure and is beginning to implement government-wide personal identity verification management standards that will result in issuance of new ID cards for all employees and contractors that may include full name, date of birth, image (photograph), fingerprints, organization affiliation (e.g., employee or contractor), organization/office of assignment, grade, e-mail address, United States citizenship status, and results of background investigation. The Finance Board also is updating both its Privacy Act systems of records and implementing rule.
The current Privacy Act rule, codified at 12 CFR part 913, was last revised in 2003. See Resolution Number 2003-08, published at 68 FR 39810 (July 3, 2003) (interim final rule), and Resolution Number 2003-25, published at 68 FR 59309 (Oct. 15, 2003) (final rule) (available electronically in the FOIA Reading Room on the Finance Board Web site at: http://www.fhfb.gov/Default.aspx?Page=59&Top=4). The substantive amendments this interim final rule makes include the addition of new sections concerning security of systems of records, use and collection of social security numbers, and employee responsibilities under the Privacy Act. These amendments are modeled after the U.S. Department of Justice Privacy Act implementing rule, and are intended to enhance the agency's ability to protect personally identifiable information.
Elsewhere in this issue of the Federal Register, the Finance Board is publishing a notice updating the agency's Privacy Act systems of records to reflect the new office address, changes to certain records retention periods, and the shift in responsibility for records related to appointed Federal Home Loan Bank directors from the Office of the Chairman to the Office of Supervision. We are revising the system of records concerning Office of Inspector General (OIG) records to cover both audit and investigative files and, at the request of the OIG, adding several routine uses. We also are adding two new systems of records. The first covers examination work papers a Finance Board examiner uses to determine whether a Federal Home Loan Bank's Affordable Housing Program (AHP) complies with applicable laws and regulations. The second covers a Personal Identity Verification (PIV) Management System as a result of new, government-wide identification requirements for all federal employees.
The Finance Board also is amending the fee schedule in its FOIA regulation to take into account increased salary and operating costs. The Finance Board determines the amount of the fee it charges to duplicate records under the Privacy Act in accordance with the FOIA fee schedule. More specifically, the Finance Board is increasing the hourly search charge for clerical staff from $28.00 to $31.00, for supervisory/professional staff from $53.00 to $72.00, and for computer operators from $48.00 to $59.00. The hourly charge to review records increases from $53.00 to $72.00.
II. Notice and Public Participation
The Finance Board is promulgating these changes as an interim final rule because it is in the public interest to enhance the agency's ability to protect personally identifiable information. Accordingly, the Finance Board for good cause finds that the notice and publication requirements of the Administrative Procedure Act are unnecessary. See 5 U.S.C. 553(b)(3)(B). However, because this type of rulemaking generally requires notice and receipt of public comment, the Finance Board will accept written comments on the interim final rule on or before November 16, 2006.
III. Effective Date
For the reasons stated in part II above, the Finance Board for good cause finds that the interim final rule should become effective on October 17, 2006. See 5 U.S.C. 553(d)(3).
IV. Regulatory Flexibility Act
The Finance Board is adopting the amendments to parts 910 and 913 in the form of an interim final rule and not as a proposed rule. Therefore, the provisions of the Regulatory Flexibility Act do not apply. See 5 U.S.C. 601(2), 603(a).Start Printed Page 60812
V. Paperwork Reduction Act
The interim final rule does not contain any collections of information under the Paperwork Reduction Act of 1995. See 44 U.S.C. 3501 et seq. Consequently, the Finance Board has not submitted any information to the Office of Management and Budget for review.Start List of Subjects
List of Subjects
- Administrative practice and procedure
- Archives and records
- Confidential business information
- Federal home loan banks
- Freedom of information
For the reasons stated in the preamble, the Finance Board revisesEnd Amendment Part Start Part
PART 910—FREEDOM OF INFORMATION ACT REGULATIONEnd Part Start Amendment Part
1. The authority citation for part 910 continues to read as follows:End Amendment Part Start Amendment Part
2. Revise the definition of the terms “FOIA Officer” in § 910.1 to read as follows:End Amendment Part
FOIA Officer means the Finance Board employee who is authorized to make determinations as provided in this part. The mailing address for the FOIA Officer is: Freedom of Information Act Office, Federal Housing Finance Board, 1625 Eye Street NW., Washington DC 20006.
3. Revise §§ 910.9(f)(2) and (g) to read as follows:End Amendment Part
(f) * * *
(2) To pay fees and interest assessed under this section, a requester shall deliver to the Office of Management, located at the Federal Housing Finance Board, 1625 Eye Street NW., Washington DC 20006, a check or money order made payable to the “Federal Housing Finance Board.”
(g) Fee schedule. The Finance Board shall assess fees in accordance with the following schedule:
Supervisory/Professional Staff—$72.00 per hour.
Clerical Staff—$31.00 per hour.
Computer Operator—$59.00 per hour.
Review—$72.00 per hour.
Photocopies—$.10 per page.
Diskettes—$.50 per diskette.
CD-ROMs—$1.00 per CD.
Transcription of audio tape—$4.50 per page.
Certification, seal and attestation—$5.00 per document.
Facsimile transmission (long distance)—long distance charges plus $.25 per page.
Facsimile transmission (local)—$.25 per call plus $.25 per page.
Express delivery service—actual cost.
PART 913—PRIVACY ACT REGULATIONEnd Part Start Amendment Part
4. The authority citation for part 913 continues to read as follows:End Amendment Part Start Amendment Part
5. Revise the definition of the terms “Privacy Act Official” and “system of records” in § 913.1 to read as follows:End Amendment Part
Privacy Act Official means the Finance Board employee who is authorized to make determinations as provided in this part. The mailing address for the Privacy Act Official is: Privacy Act Office, Federal Housing Finance Board, 1625 Eye Street, NW., Washington DC 20006.
System of records means a group of records the Finance Board maintains or controls from which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to the individual. You can find a description of the Finance Board's systems of records as part of the “Privacy Act Compilation” published by the Federal Register. You can access the “Privacy Act Compilation” in most large reference and university libraries or electronically at the Government Printing Office's Web site at http://www.gpoaccess.gov/privacyact/index.html. You also can request a copy of the Finance Board's systems of records from the Privacy Act Official.
6. Revise § 913.2(a) to read as follows:End Amendment Part
(a) This part 913 contains the rules the Finance Board follows under the Privacy Act. You should read these rules together with the Privacy Act, which provides additional information about records maintained on individuals. The rules apply to all records in systems of records the Finance Board maintains that are retrieved by an individual's name or personal identifier. They describe the procedures by which individuals may request access to records, request amendment or correction of those records, and request an accounting of disclosures of those records by the Finance Board. Whenever it is appropriate to do so, the Finance Board automatically processes a Privacy Act request for access to records under both the Privacy Act and the FOIA, following the rules contained in part 910 of this chapter and this part 913. The Finance Board processes a request under both the Privacy Act and the FOIA so you will receive the maximum amount of information available to you by law.
7. Revise § 913.3(e)(1) and (2)(i) to read as follows:End Amendment Part
(e) Verification of identity. * * *
(1) Verifying your own identity. You must state your full name, current address, and date and place of birth. In order to help identify and locate the records you request, you also may, at your option, include your social security number. If you make your request in person and your identity is not known to the Privacy Act Official, you must provide either 2 forms of identification with photographs, or 1 form of identification with a photograph and a properly authenticated birth certificate. If you make your request by mail, your signature either must be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. You may fulfill this requirement by having your signature on your request letter witnessed by a notary, or including the following statement just before the signature on your request letter: “I declare under penalty of perjury that the foregoing is true and correct. Executed on [date].”
(2) Verification of guardianship. * * *
(i) The identity of the individual who is the subject of the record, by stating the individual's name, current address and date and place of birth, and, at your option, the social security number of the individual;
8. Revise § 913.4(a) and (b) to read as follows:End Amendment Part
(a) When will the Finance Board respond to my request? The Privacy Act Official generally will respond to you in writing within 10 working days of receipt of a request that meets the requirements of § 913.3. The Privacy Act Official may extend the response time in unusual circumstances, such as the need to consult with another agency about a record or to retrieve a record shipped offsite for storage. If you make your request in person, the Privacy Act Official may disclose records to you directly with a written record made of the grant of the request. If you are accompanied by another person, we will require your written authorization before discussing the records in the presence of the other person.
(b) What will the Finance Board's response include? The written response will include the Privacy Act Official's determination whether to grant or deny your request in whole or in part, a brief explanation of the reasons for the determination, and the amount of the fee charged, if any, under § 913.6. If you requested access to records, the Privacy Act Official will make the records, if any, available to you. If you requested amendment or correction of a record, the response will describe any amendments or corrections made and advise you of your right to obtain a copy of the amended or corrected record, in disclosable form, under this part.
9. Revise § 913.5(e)(1) and (3) to read as follows:End Amendment Part
(e) Statements of Disagreement. (1) What is a Statement of Disagreement? A Statement of Disagreement is a concise written statement in which you clearly identify each part of any record that you dispute and explain your reason(s) for disagreeing with the Finance Board's denial in whole or in part of your appeal requesting amendment or correction.
(3) What will the Finance Board do with my Statement of Disagreement? The Finance Board will place your Statement of Disagreement in the system(s) of records in which the disputed record is maintained. The Finance Board also may append a concise statement of its reason(s) for denying the request to amend or correct the record. The Finance Board will notify all persons, organizations, or agencies to which it previously disclosed the record, if an accounting of that disclosure was made, that the record has been amended or corrected. We will provide a copy of your Statement of Disagreement and its explanation, if any, along with the record whenever the record is disclosed.
10. Revise § 913.7(b)(1) introductory text to read as follows:End Amendment Part
(b) Which records are exempt? (1) Office of Inspector General Audit and Investigative Records. Pursuant to 5 U.S.C. 552a(k)(2) and (5), a record contained in the system of records titled “Office of Inspector General Audit and Investigative Records” (FHFB-6) is exempt from 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (e)(4)(H), (e)(4)(I), and (f), to the extent that the record consists of audit or investigatory material compiled:
11. Add a new § 913.8 to read as follows:End Amendment Part
(a) Controls. Each Finance Board office must establish administrative and physical controls to prevent unauthorized access to its systems of records, unauthorized or inadvertent disclosure of records, and physical damage to or destruction of records. The stringency of these controls should correspond to the sensitivity of the records that the controls protect. At a minimum, the administrative and physical controls must ensure that:
(1) Records are protected from public view;
(2) The area in which records are kept is supervised during business hours to prevent unauthorized persons from having access to them;
(3) Records are inaccessible to unauthorized persons outside of business hours; and
(4) Records are not disclosed to unauthorized persons or under unauthorized circumstances in either oral or written form.
(b) Limited access. Access to records is restricted only to individuals who require access in order to perform their official duties.
12. Add a new § 913.9 to read as follows:End Amendment Part
At least annually, the Privacy Act Official and/or Chief Privacy Officer will inform employees who are authorized to collect information that:
(a) Individuals may not be denied any right, benefit, or privilege as a result of refusing to provide their social security numbers, unless the collection is authorized either by a statute or by a regulation issued prior to 1975; and
(b) They must inform individuals who are asked to provide their social security numbers:
(1) If providing a social security number is mandatory or voluntary;
(2) If any statutory or regulatory authority authorizes collection of a social security number; and
(3) The uses that will be made of the social security number.
13. Add a new § 913.10 to read as follows:End Amendment Part
At least annually, the Privacy Act Official and/or Chief Privacy Officer will inform employees about the provisions of the Privacy Act, including the Act's civil liability and criminal penalty provisions. Unless otherwise permitted by law, a Finance Board employee shall:
(a) Collect from individuals only information that is relevant and necessary to discharge the Finance Board's responsibilities.
(b) Collect information about an individual directly from that individual whenever practicable.
(c) Inform each individual from whom information is collected of:
(1) The legal authority to collect the information and whether providing it is mandatory or voluntary;
(2) The principal purpose for which the Finance Board intends to use the information;
(3) The routine uses the Finance Board may make of the information; and
(4) The effects on the individual, if any, of not providing the information.
(d) Ensure that the employee's office does not maintain a system of records without public notice and notify appropriate officials of the existence or development of any system of records that is not the subject of a current or planned public notice.
(e) Maintain all records that are used in making any determination about an individual with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to ensure fairness to the individual in the determination.
(f) Except as to disclosures made to an agency or made under the FOIA, make reasonable efforts, prior to disseminating any record about an individual, to ensure that the record is accurate, relevant, timely, and complete.
(g) When required by the Privacy Act, maintain an accounting in the specified Start Printed Page 60814form of all disclosures of records by the Finance Board to persons, organizations, or agencies.
(h) Maintain and use records with care to prevent the unauthorized or inadvertent disclosure of a record to anyone.
(i) Notify the appropriate official of any record that contains information that the Privacy Act does not permit the Finance Board to maintain.
Dated: October 11, 2006.
By the Board of Directors of the Federal Housing Finance Board.
Ronald A. Rosenfeld,
[FR Doc. E6-17298 Filed 10-16-06; 8:45 am]
BILLING CODE 6725-01-P