Footnote 1:  The Privacy Act of 1974 protects “records” of individuals from unauthorized release by federal agencies. Records are documents that contain information about the individual regarding “his education, financial transactions, medical history, and criminal or employment history and that contain his name or identifying number.” Subsequent legislation and regulatory guidance have built upon the Privacy Act’s notion of personally identifiable information. For example, the E-Government Act of 2002 uses the phrase information in “identifiable form,” which means information that permits the identity of the individual to be reasonably inferred, directly or indirectly. Further, on July 12, 2006, the Office of Management and Budget (OMB) issued Memorandum M-06-19, Reporting Incidents Involving Personally Identifiable Information and Incorporating the Cost for Security in Agency Information Technology Investments, which includes an expanded definition of personally identifiable information. For purposes of this audit, we have relied on the Privacy Act and the E-Government Act’s definitions, as well as OMB guidance relative to those statutes. Our audit report does not address the expanded definition in the recent OMB directive.

Footnote 2:  DRR’s Pro Forma Team is comprised of the Financial Manager, Pro Forma Team Leader, Pro Forma support staff, and a tax specialist. The purpose of the Pro Forma Team is to produce an accurate adjusted Statement of Condition of the failed institution.

Footnote 3:  This Act is division H of the Consolidated Appropriations Act, 2005.

Footnote 4:  The E-Government Act defines a PIA as “an analysis of how information is handled: (i) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; (ii) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and (iii) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.”

Footnote 5:  Under the National Archives and Records Administration Act of 1984, NARA is responsible for promulgating records management regulations related to the adequacy of documentation and records disposition. The Act and regulations promulgated thereunder are not legally binding on the FDIC, but the FDIC intends to follow them as a matter of policy.

Footnote 6:  The closings occurred from February 14, 2004 to June 25, 2004.

Footnote 7:  INTRALINKS is a private Internet-based company DRR engaged to assist in the marketing of failing institutions. The purpose of establishing a secure Web site is to provide information in an expeditious manner on failing financial institutions to potential acquirers.

Footnote 8:  Confidentiality agreements are executed documents whereby a contractor or third party must ensure the confidentiality of all the information, data, and systems provided by the FDIC or used or obtained by others under the agreement and prevent its inappropriate or unauthorized use or disclosure.