[Billing Code: 6750-01P]
FEDERAL TRADE COMMISSION
Privacy Act Notice
AGENCY: Federal Trade Commission (FTC).
ACTION: Notice of proposed new Privacy Act system of records.
SUMMARY: The FTC proposes a new system of records subject to the Privacy Act of 1974, as amended. This system, if adopted, would include telephone numbers and other information pertaining to individuals who have informed the Commission that they do not wish to receive telemarketing calls. System records would be disclosed to telemarketers so they may comply with the do-not-call provisions of the Commission's Telemarketing Sales Rule.
DATES: Comments must be submitted by March 29, 2002.
ADDRESSES: Submit comments to the Office of the Secretary, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580, "Telemarketing Rulemaking--Comment," FTC File No. R411011. Please indicate that your comment pertains to "Proposed Privacy Act System, Do-Not-Call Registry-FTC." Comments may also be submitted by electronic mail to email@example.com. The Commission will make this notice and, to the extent possible, all papers and comments received in electronic form in response to this notice available to the public through its Web site on the Internet: www.ftc.gov.
FOR FURTHER INFORMATION CONTACT: Alex Tang, Attorney, Office of the General Counsel, FTC, 600 Pennsylvania Avenue, NW, Washington, DC 20580, (202) 326-2447, firstname.lastname@example.org. For information about the proposed amendments to the Commission's Telemarketing Sales Rule relating to this proposed records system, contact Catherine Harrington-McBride, (202) 326-2452 (email: email@example.com), Karen Leonard, (202) 326-3597 (email: firstname.lastname@example.org), Michael Goodman, (202) 326-3071 (email: email@example.com), or Carole Danielson, (202) 326-3115 (email: firstname.lastname@example.org), Division of Marketing Practices, Bureau of Consumer Protection, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
SUPPLEMENTARY INFORMATION: In accordance with the Privacy Act of 1974, as amended, 5 U.S.C. 552a, the FTC is publishing this notice of a proposed new agency system of records, to be designated as FTC-IV-3, "Do-Not-Call Registry System-FTC." The system is intended to improve enforcement of and compliance with the requirements of the Commission's Telemarketing Sales Rule, 16 CFR Part 310, which the Commission is currently proposing to amend. See 67 FR 4491 (Jan. 30, 2002) (proposed amendments).
The purpose of the proposed records system, if adopted, would be to create a national registry of individuals who do not wish to receive telemarketing calls, and to make such information available to telemarketers so they may make any necessary additions, deletions, or other corrections to the do-not-call lists they keep in order to remain in compliance with the Rule. See proposed 16 CFR 310.4(b)(1)(iii)(B). The agency intends to compile and maintain these records in a secure electronic database designed, developed, operated, and serviced by agency and/or contractor personnel bound by the restrictions of the Privacy Act. See 5 U.S.C. 552a(m). The system would be under the general supervision of the Commission's Bureau of Consumer Protection, with technical support from the Commission's Division of Information and Technology Management, Office of the Executive Director.
The Commission anticipates that information collected and maintained in the proposed system would include, at minimum, telephone numbers of individuals who have notified the Commission, through certain means described below, that they do not wish to receive telemarketing calls. To the extent necessary or appropriate, other information collected and maintained in the system may include, for example: date(s) and time(s) that the individual's telephone number was placed on the registry; the individual's specific telemarketing preferences; and other identifying information that individuals may be asked to provide voluntarily (e.g., residential zip codes for system record sorting purposes).(1)
The agency expects to use automated methods to collect this information. These methods may involve, for example, a dial-in telephone system that relies on interactive voice response ("IVR" or "telephone menu") technology to answer incoming calls from individuals, coupled with automatic number identification ("ANI" or "caller identification") technology to verify the telephone number from which an individual is dialing before adding that number to the registry.
Likewise, the agency expects to use automated methods, in whole or part, to process requests from individuals seeking access to their records in the system. For example, such individuals may be seeking to confirm whether they previously registered their phone numbers with the Commission, to delete their numbers from the registry in order to permit telemarketing calls again, to modify their specific telemarketing preferences to the extent the system maintains such data, etc. In these cases, individuals will likely be asked to provide certain additional personal identifying information (e.g., name and postal or e-mail address) in order for the agency to acknowledge their access requests in writing.(2)
As described below, system records would be subject to appropriate safeguards to prevent unauthorized disclosure or tampering. The Commission is soliciting comment on whether telephone numbers or other information that may be maintained in the registry should be automatically deleted by the system after a certain period of time, even when the individual does not affirmatively delete such information from the system, or whether some other retention schedule or approach should be adopted.
Once the system is established, system records would be routinely disclosed to telemarketers or their authorized agents for purposes of correcting or supplementing their do-not-call lists, as noted earlier, so that individuals who have registered with the Commission do not receive unwanted telemarketing calls.(3) These disclosures are authorized by the Privacy Act, to the extent such disclosures are consistent with the purpose for which the Commission would be establishing the proposed system of records. See 5 U.S.C. 552a(a)(7), (b)(3) ("routine use"). In addition, the Commission intends that system records would be subject to certain "routine uses" that are generally applicable to other FTC records systems and are intended to facilitate Commission enforcement, administration, and compliance under applicable laws, statutes and orders.(4) These "routine uses" include, but are not limited to, the use of records, where appropriate, in law enforcement investigations or proceedings conducted by the Commission or by other agencies or authorities (e.g., to determine whether a telemarketer is complying with the do-not-call provisions of the FTC's Telemarketing Sales Rule), as well as other regulatory or compliance matters or proceedings.(5) Individuals should further be aware that Privacy Act records, like other agency records, may be subject to disclosure pursuant to court orders, requests filed by members of the public under the Freedom of Information Act (FOIA),(6) official requests by Congress or the General Accounting Office, and other uses and disclosures authorized by the Privacy Act. See generally 5 U.S.C. 552a(b).
Accordingly, the Commission seeks public comment on the proposed system of records as described above, including comment on which methods of collecting the do-not-call data from individuals would be most convenient, reliable, and appropriate, including the potential costs of such methods for the government, telemarketers, and the public; means for verifying the identity or telephone number of the individual who wishes to place that telephone number on the registry; the length of time that such records should be retained before they are deleted; suitable alternatives for providing written acknowledgments of requests to access system records; how much information is necessary or appropriate to maintain in the system; the "routine uses" proposed for these records; and any other issues raised by the proposed system.
Pursuant to 5 U.S.C. 552a(r), the Commission is providing notice of this proposal to the appropriate committees of the House of Representatives and the Senate, and to the Office of Management and Budget.
System Name: Do-Not-Call Registry System-FTC (FTC-IV-3)
Security Classification: Not applicable.
System Location: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580. System records may be maintained, in whole or part, off-site by contractors.
Categories of individuals covered by the system: Individuals who notify the Commission that they do not wish to receive telemarketing calls.
Categories of records in the system: Telephone numbers of individuals who do not wish to receive telemarketing calls; the system may also include the date and/or time that the telephone number was placed on or removed from the registry, the individual's telemarketing preferences, or other information that the individual may be asked to provide voluntarily.
Authority for maintenance of the system: Federal Trade Commission Act, 15 U.S.C. 41 et seq., Telemarketing and Consumer Fraud and Abuse Act, 15 U.S.C. 6101-6108.
Purpose(s): To maintain records of the telephone numbers of individuals who do not wish to receive telemarketing calls; to disclose such records to telemarketers and their agents in order for them to reconcile their do-not-call lists with the registry and comply with the do-not-call provisions of the Commission's Telemarketing Sales Rule, 16 CFR Part 310; to enable the Commission to determine whether a telemarketer is complying with the Rule; to provide statistical data that may lead to or be incorporated into law enforcement investigations and litigation; or for other law enforcement, regulatory or informational purposes.
Routine uses of records: Records from this system may be disclosed as permitted by 5 U.S.C. 552a(b), and, as authorized by 5 U.S.C. 552a(b)(3), in accordance with the routine uses announced by the Commission in Appendix I of its system notice applicable to all other agency Privacy Act systems of records (57 FR 45678). Additional routine uses for records in this system are as follows, provided that no routine use specified either herein or in Appendix I shall be construed to limit or waive any other routine use published for this system:
Disclosure to consumer reporting agencies: Not applicable.
Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:
Storage: Stored in a computer database maintained on magnetic disks and tape, or other electronic systems determined by the Commission in consultation with staff or contractors.
Retrievability: Indexed by area code and phone number of individuals who have informed the Commission that they do not wish to receive telemarketing calls. May also be retrieved by other data, if any, compiled or otherwise maintained with the record.
Safeguards: Access to computerized records by electronic security precautions. Access generally restricted to those agency personnel and contractors whose responsibilities require access, or to approved telemarketers or their agents.
Retention and disposal: Automated information retained indefinitely, until deleted pursuant to request by the subject individual, or deleted automatically after certain period of time, to be determined by the Commission.
System manager and address: Do-Not-Call Registry Program Manager, Division of Marketing Practices, Bureau of Consumer Protection, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
Notification procedure: To obtain notification of whether the system contains a record pertaining to that individual (i.e., the individual's telephone number), individuals may be required to use a dial-in registry or other system that will enable the identification and verification of their telephone numbers. Individuals filing written requests pursuant to 16 CFR 4.13 will be acknowledged and directed to use this system.
Record access procedures: See notification procedures above.
Contesting record procedures: See notification procedures above. Where an individual believes the system has erroneously recorded or omitted information that is collected and maintained by the system, the individual will be afforded the opportunity to register, change, or delete that information after the automated system identifies and verifies the telephone number from which the individual is calling.
Record source categories: Individuals who inform the Commission through the procedures established by the Commission that they do not wish to receive telemarketing calls.
Exemptions claimed for the system: None.
By direction of the Commission.
Donald S. Clark
1. To the extent that the Commission intends to collect only basic registration information from individuals, such activity is exempt from review or approval by the Office of Management and Budget under the Paperwork Reduction Act, 44 U.S.C. 3501-3518. See 5 CFR 1320.3(h)(1).
2. 5 U.S.C. 552a(d)(2)(A) (acknowledgment of requests). Identifying information submitted by individuals in connection with their requests would be treated and maintained as part of the Privacy Act requests and appeals system, and not the Do-Not-Call Registry system. See 57 FR 45678, 45701 (Oct. 2, 1992) (FTC system of records pertaining to Privacy Act requests and appeals), full text available at http://www.ftc.gov/foia/92sysnot-web.pdf.
3. Although the Commission may provide data to telemarketers electronically, this activity would not fall under the definition of a Privacy Act "matching program," 5 U.S.C. 552a(a)(8), or the provisions of the Act applicable to such programs, because the data would not involve payroll or other matters covered by such programs.
4. See 57 FR at 45706 (Appendix I to FTC system notice), cited supra note 2.
5. These routine uses, to the extent they are discussed in Appendix I, see supra note 4, are also discussed in the routine uses proposed for this system and described in this notice infra. To the extent these uses involve the sharing of records with other agencies or authorities, the Commission may, where feasible and appropriate, redact or otherwise obtain confidentiality agreements, protective orders, or make other arrangements in order to protect against the disclosure of personally identifiable information. Such information-sharing is subject to applicable procedures set forth in the Commission's Rules of Practice (see, e.g., 16 CFR 4.11) and are intended to be "routine uses" under subsection (b)(3) of the Privacy Act (i.e., consistent with the purpose for which the information is collected), and may be in addition to disclosures that the head of another agency may formally request for law enforcement purposes under the separate authority of subsection (b)(7) of the Act, 5 U.S.C. 552a(b)(7).
6. Although Privacy Act records can become the subject of a FOIA request, the FOIA does not mandate disclosure of such records if it would constitute a clearly unwarranted invasion of personal privacy. See 5 U.S.C. 552(b)(6); Department of the Air Force v. Rose, 425 U.S. 352 (1976).