Federal Register, Volume 78 Issue 47 (Monday, March 11, 2013)

[Federal Register Volume 78, Number 47 (Monday, March 11, 2013)]
[Notices]
[Pages 15407-15408]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2013-05513]


-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Internal Revenue Service


Privacy Act of 1974, as Amended

AGENCY: Internal Revenue Service, Treasury.

ACTION: Notice of proposed alteration of a Privacy Act system of 
records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, as amended, 5 U.S.C. 552a, the Department of the Treasury, 
Internal Revenue Service (IRS), gives notice of proposed alteration of 
the system of records entitled Treasury/IRS 34.037, Audit Trail and 
Security Records.

DATES: Comments must be received no later than April 10, 2013. The 
proposed altered system will become effective April 22, 2013, unless 
the IRS receives comments which cause reconsideration of this action.

ADDRESSES: Comments should be sent to the Office of Privacy, 
Governmental Liaison and Disclosure, Internal Revenue Service, 1111 
Constitution Avenue NW., Washington, DC 20224. Comments will be 
available for inspection and copying in the IRS Freedom of Information 
Reading Room (Room 1621) at the above address. The telephone number for 
the Reading Room is (202) 622-5164 (not a toll-free number).

FOR FURTHER INFORMATION CONTACT: David Silverman, Management and 
Program Analyst, IRS Office of Privacy, Governmental Liaison and 
Disclosure, (202) 622-5625 (not a toll-free number).

SUPPLEMENTARY INFORMATION: The IRS is proposing to alter the Privacy 
Act system of records entitled Treasury/IRS34.037, Audit Trail and 
Security Records, to add records for the monitoring of electronic 
communications exiting IRS computer networks to detect sensitive but 
unclassified (SBU) information that is being transmitted in violation 
of IRS security policy (e.g., to ensure the information is secured by 
an adequate level of encryption). The monitoring will allow the IRS to 
comply with Office of Management and Budget (OMB) Mandates 6-16, 6-19 
and 7-16, Treasury Mandate TCIO-M-09-04/S-SDP 6 & S-SDP 7, and Treasury 
Inspector General for Tax Administration (TIGTA) audit findings 
recommending such action.
    The IRS will review detections of potential violations to determine 
whether there has been an actual violation of security policy. The 
records will include items such as suspected and actual policy 
violations, violation match count (volume), sender, recipient, computer 
network protocol, and the date and time of the suspected or actual 
violation.
    Corrective action may be taken in accordance with established 
processes including but not limited to: notification of potential 
violation to employee and/or supervisor; retention of violation data 
for statistics and further evaluation; and corrective action according 
to established labor relations processes and policies.
    A notice describing Treasury/IRS 34.037 was most recently published 
at

[[Page 15408]]

Volume 77, Number 155 (Friday, August 10, 2(12). The IRS proposes to 
alter the system of records to include these monitoring records.
TREASURY/IRS 34.037

System name:
    Audit Trail and Security Records--Treasury/IRS 34.037.
* * * * *

Categories of individuals covered by the system:
    Description of changes: The categories of individuals will be 
altered to include IRS employees, contractors, and other individuals 
whose communications are monitored to detect violations of IRS security 
policies with electronic mail and to include individuals whose records 
were accessed.
    When altered as proposed, the Categories of individuals covered by 
the system section will read as follows:
    Individuals who have accessed, by any means, information contained 
within IRS electronic or paper records or who have otherwise used any 
IRS computing equipment/resources, including access to Internet sites; 
individuals whose information is accessed using IRS computing 
equipment/resources; and IRS employees and contractors who use IRS 
equipment to send electronic communications.
* * * * *

Categories of records in the system:
    Description of changes: The Categories of records will be altered 
to include information about individuals who send electronic 
communications using IRS systems and other individuals who have or may 
have knowledge of such incidents, and to include records about 
individuals whose records were accessed.
    When altered as proposed, the Categories of records in the system 
section will read as follows:
    Records concerning the use of IRS computing equipment or other 
resources by employees, contractors, or other individuals to access IRS 
information; records concerning individuals whose information was 
accessed using IRS computing equipment/resources; records identifying 
what information was accessed; records concerning the use of IRS 
computing equipment and other resources to send electronic 
communications; and records concerning the investigation of such 
incidents.
* * * * *

Purpose:
    Description of changes: The purpose of the system will be altered 
to include monitoring for security violations in addition to the 
current purpose of detecting unauthorized access.
    When altered as proposed, the Purpose section will read as follows:
    To identify and track any unauthorized accesses to SBU and 
potential breaches or unauthorized disclosures of such information or 
inappropriate use of government computers to access Internet sites for 
any purpose forbidden by IRS policy (e.g., gambling, playing computer 
games, or engaging in illegal activity), or to detect electronic 
communications sent using IRS systems in violation of IRS security 
policy.
* * * * *

Retrievability:
    Description of changes: The retrievability will be altered to add 
new identifiers used to retrieve information in the system.
    When altered as proposed the retrievability section will read as 
follows:
    By name, Social Security Number (SSN), or the employee 
identification number (SEID) of employee, contractor, or other 
individual who has been granted access to IRS information, or to IRS 
equipment and resources, and by incident number. Also by name, SSN or 
Taxpayer Identification Number (TIN) of entities whose records were 
accessed.
    The report of the altered system of records, as required by 5 
U.S.C. 552a(r) of the Privacy Act, has been submitted to the Committee 
on Oversight and Government Reform of the House of Representatives, the 
Committee on Homeland Security and Governmental Affairs of the Senate 
and the Office of Management and Budget.

    Dated: February 22, 2013.
Veronica Marco,
Acting Deputy Assistant Secretary for Privacy, Transparency, and 
Records.
[FR Doc. 2013-05513 Filed 3-8-13; 8:45 am]
BILLING CODE 4830-01-P