[Federal Register Volume 78, Number 101 (Friday, May 24, 2013)]
[Notices]
[Pages 31528-31530]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2013-12414]
[[Page 31528]]
-----------------------------------------------------------------------
DEPARTMENT OF DEFENSE
Office of the Secretary
[Docket ID DoD-2013-OS-0104]
Privacy Act of 1974; System of Records
AGENCY: Defense Commissary Agency, DoD.
ACTION: Notice to alter a System of Records.
-----------------------------------------------------------------------
SUMMARY: The Defense Commissary Agency proposes to alter a system of
records in its inventory of record systems subject to the Privacy Act
of 1974 (5 U.S.C. 552a), as amended.
DATES: This proposed action will be effective on June 24, 2013 unless
comments are received which result in a contrary determination.
Comments will be accepted on or before June 24, 2013.
ADDRESSES: You may submit comments, identified by docket number and
title, by any of the following methods:
* Federal Rulemaking Portal: http://www.regulations.gov. Follow the
instructions for submitting comments.
* Mail: Federal Docket Management System Office, 4800 Mark Center
Drive, East Tower, 2nd Floor, Suite 02G09, Alexandria, VA 22350-3100.
Instructions: All submissions received must include the agency name
and docket number for this Federal Register document. The general
policy for comments and other submissions from members of the public is
to make these submissions available for public viewing on the Internet
at http://www.regulations.gov as they are received without change,
including any personal identifiers or contact information.
FOR FURTHER INFORMATION CONTACT: Mr. Thomas Rathgeb, Deputy General
Counsel--Litigation, FOIA and Privacy Act, Office of the General
Counsel, Defense Commissary Agency, 1300 E. Avenue, Fort Lee, VA 23801-
1800; telephone (804) 734-800, x48116.
SUPPLEMENTARY INFORMATION: The Department of the Navy's notices for
systems of records subject to the Privacy Act of 1974 (5 U.S.C. 552a),
as amended, have been published in the Federal Register and are
available from the address in FOR FURTHER INFORMATION CONTACT or from
the Defense Privacy and Civil Liberties Office Web site at http://dpclo.defense.gov/privacy/SORNs/component/deca/index.html.
The proposed system report, as required by 5 U.S.C. 552a(r) of the
Privacy Act of 1974, as amended, was submitted on May 6, 2013, to the
House Committee on Oversight and Government Reform, the Senate
Committee on Governmental Affairs, and the Office of Management and
Budget (OMB) pursuant to paragraph 4c of Appendix I to OMB Circular No.
A-130, ``Federal Agency Responsibilities for Maintaining Records About
Individuals,'' dated February 8, 1996 (February 20, 1996, 61 FR 6427).
Dated: May 7, 2013.
Aaron Siegel,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
Z0035-01
System Name:
Financial Transaction Data (December 28, 2007, 72 FR 73781)
Changes:
* * * * *
System name:
Delete entry and replace with ``Commissary Retail Sales Transaction
Data.''
System location:
Delete entry and replace with ``Defense Commissary Agency, 1300 E
Avenue, Fort Lee, VA 23801-1800.
An official listing of locations can be obtained from the Office of
the Deputy Director/Chief Operating Office.''
Categories of individuals covered by the system:
Delete entry and replace with ``Members of the uniformed services
on active duty, members of the uniformed services entitled to retired
pay, dependents of such members; persons authorized to use the system
under chapter 54 of Title 10, U.S.C.; and other personnel listed in
Department of Defense Instruction 1330.17, Armed Services Commissary
Operations, such as recipients of the Medal of Honor, selected military
personnel of foreign nations, and personnel of other organizations and
activities, to include the American Red Cross, the United Service
Organizations.''
Categories of records in the system:
Delete entry and replace with ``Personal Information: Individual's
name; address(es); zip code; ship-to address(es); email address(es);
telephone number(s); date of birth; Social Security Number (SSN);
Department of Defense Identification Number (DoD ID Number) and ID card
bar code value; internet and mobile ordering web login username and
password.
Financial Transactions Information:
Store point-of-sale terminal number, date of transaction,
transaction number, merchandise purchased, universal product codes
(UPCs), global trade item numbers (GTINs), quantity, unit price, total
purchase, on-line orders; method of payment information; account/card
holder name, check number, financial institution routing number,
financial institution bank account number, Magnetic Ink Character
Recognition Number (MICR), credit and debit/ATM card number, expiration
date, Card Verification Value 2 (CVV2), Card Validation Code (CVC), or
Card Identifier (CID); smart card and other chip-based card payment
information; issuer, card holder name, bank, credit or debit account
and account limits; electronic benefit transfer card (Women, Infants
and Children Program (WIC) and Supplemental Nutritional Assistance
Program (SNAP))information; issuer, account/card holder name, account
number, purchases and refunds, account balance; prepaid/preloaded/
stored value card information, issuer, account number, account limits,
and account balance; gift card/certificate information; gift card/
certificate number, amount, limits, and balance; coupon information;
brand, product, and value; loyalty card, rewards card, points card,
advantage card or club card information; card holder name, card number,
digital coupons available, buying preferences, and demographic data
concerning the patron; other similar methods of payment information
initiated by mobile device applications to include Near Field
Communications (NFC).
Commissary Patron Demographic Information: age, military status
(active, reserve, retired, civilian, officer, enlisted, family member,
survivor, foreign), military rank, branch of service, household size,
distance from nearest commissary, frequency of grocery shopping trips,
and income range; shopper preference information; preferred brand
names, price, quality, size, availability of discounts, promotions or
coupons; and commissary patron profile information; social media (e.g.
Facebook, Twitter, Flickr, YouTube) username; compilation of commissary
patron comments, inquiries, complaints, and feedback concerning
commissary merchandise and the patron's commissary shopping experience
posted by the commissary patron in the social media environment; and
the commissary patron's publically viewable social media profile
information.''
[[Page 31529]]
Authority for maintenance of the system:
Delete entry and replace with ``5 U.S.C. 301, Departmental
regulations; 10 U.S.C. 136, Under Secretary of Defense for Personnel
and Readiness; 10 U.S.C. Sec. 2481, Defense Commissary and Exchange
Systems; Existence and Purpose; 10 U.S.C. Sec. 2484, Commissary
Stores: Merchandise That May Be Sold; Uniform Surcharges and Pricing;
10 U.S.C. Sec. 2485, Commissary Stores: Operation; Department of
Defense Directive 5105.55, Defense Commissary Agency (DeCA); Department
of Defense Instruction 1330.17, Armed Services Commissary Operations;
Department of Defense 7000.14-R, Department of Defense Financial
Management Regulations (FMRs), Volume 4, Chapter 3, Receivables; Volume
6A, Reporting Policy and Procedures, Volume 11A, Reimbursable
Operations, Policy and Procedures, Volume 11B, Reimbursable Operations,
Policy and Procedures--Working Capital Funds.''
Purpose(s):
Delete entry and replace with ``To enable the Defense Commissary
Agency to carry out its mission to enhance the quality of life of
members of the uniformed services, retired members, and dependents of
such members, and to support military readiness, recruitment and
retention, by providing a world-wide system of commissaries similar to
commercial grocery stores and selling merchandise and household goods
similar to that sold in commercial grocery stores.
To enable the authentication of authorized patrons, record
purchases and purchase prices, calculate the total amount owed by the
customer, and accept payment by various media.
To enable the collection of debts due the United States in the
event a patron's medium of payment is declined or returned unpaid.
To enable the monitoring of purchases of restricted items outside
the United States, its territories and possessions, as necessary to
prevent black marketing in violation of treaties or agreements, and to
comply with age restrictions applicable to certain purchases by minors
or those under allowable ages.
To enable authorized patrons to order commissary retail products
on-line by home computer or mobile device and to pay for such purchases
electronically either at the time of ordering or at the time of pick
up.
To enable authorized patrons to create a commissary patron profile
for the purposes of determining aggregate patron demographic data,
patron shopping preference information, the compilation of individual
patron comments, inquiries, complaints, requests, and feedback posted
to social media pages.
For use in responding to individual patron inquiries, assessing
aggregate patron satisfaction with the delivery of the commissary
benefit, and in determining appropriate product availability meeting
the commissary customers' current and future needs and wants.''
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Delete entry and replace with ``In addition to those disclosures
generally permitted under 5 U.S.C. 552a(b) of the Privacy Act of 1974,
as amended, these records contained therein may specifically be
disclosed outside the DoD as a routine use pursuant to 5 U.S.C.
552a(b)(3) as follows:
To the Department of Treasury and its designated contractors for
electronic check processing and electronic funds transfers related to
credit/debit card charges;
To a loyalty card, rewards card, points card, advantage card or
club card or digital coupon program coupon contractor that will use the
information to verify a commissary customer's enrollment in a loyalty,
rewards, points, advantage, club or digital coupon program, and to
provide discounts, digital coupons or other incentives to be applied to
the customers' commissary purchases.
To the on-line ordering fulfillment contractor to allow for the
confirmation by email of orders received, fulfilled, and closed.
To purchasers of commissary sales transaction data pursuant to 10
U.S.C. Sec. 2485(h), Release of certain commercially valuable
information to the public.
The DoD Blanket Routine Uses published at the beginning of the
Defense Commissary Agency's compilation of systems of records notices
may apply to this system of records.
Disclosures pursuant to 5 U.S.C. 552a(b)(12) may be made from this
system to ``consumer reporting agencies'' as defined in the Fair Credit
Reporting Act (14 U.S.C. 1681a(f)) or the Federal Claims Collection Act
of 1966 (31 U.S.C. 3701(a)(3)). The purpose of this disclosure is to
aid in the collection of outstanding debts owed to the Federal
government, typically to provide an incentive for debtors to repay
delinquent Federal government debts by making these debts part of their
credit records.
The disclosure is limited to information necessary to establish the
identity of the individual, including name, address, and SSN, DoD ID
Number, DoD barcode value, credit card or debit/ATM card number, the
amount, status, and history of the claim; and the agency or program
under which the claim arose for the sole purpose of allowing the
consumer reporting agency to prepare a commercial credit report.''
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
* * * * *
Retrievability:
Delete entry and replace with ``By individual's name, store, point-
of-sale terminal number, transaction date, order date, merchandise
purchased, transaction number, SSN, Military Card Identification
Number, DoD ID Number, DoD ID Bar Code value, financial institution
routing number, financial institution account number, Magnetic Ink
Character Recognition Number (MICR), loyalty, rewards, points,
advantage, club or digital coupon card number, credit or debit/ATM card
number, address(es)/email address(es), telephone number, zip code,
military status, military rank, family size, income group, and shopping
preferences.''
Safeguards:
Delete entry and replace with ``Access to records is limited to the
custodian of the records or by persons responsible for servicing the
records in the performance of their official duties. Records are stored
in locked cabinets or rooms and controlled by personnel screening.
Computer terminals are located in supervised areas. Access to
computerized data is controlled by password or other user
authentication code systems. All electronic data is transmitted using
approved, secured methods to ensure the data is protected while in
transit, such as encryption and through the use of Secure File Transfer
Protocol (FTP) using Secure Sockets Layer (SSL). Credit/debit card
numbers are masked. Name, SSN, or DoD ID number is not collected for
credit card purchases. PINs are automatically encrypted when entered by
a patron at the point of sale using a touch-screen keyboard. Credit
card information is also subject to the Data Security Standards (DSS)
promulgated by the Payment Card Industry (PCI) Security Council.''
Retention and disposal:
Delete entry and replace with ``Records of commissary retail
transactions are maintained for 6 years and 3 months. Records of
demographic
[[Page 31530]]
information, shopper preferences and customer profiles are maintained
for 3 years. Paper records containing Personally Identifiable
Information (PII) are shredded to a level where the information cannot
be reconstructed. Electronic records, including metadata, are
permanently deleted by Records Managers with administrator privileges
from applicable information systems upon verification of disposal
status.''
System manager(s) and address:
Delete entry and replace with ``Deputy Director/Chief Operating
Officer, Defense Commissary Agency, 1300 E Avenue, Fort Lee, VA 23801-
1800.''
Notification procedure:
Delete entry and replace with ``Individuals seeking to determine
whether information about themselves is contained in this system of
records should address written inquiries to the Defense Commissary
Agency, ATTN: Privacy Officer, 1300 E Avenue, Fort Lee, VA 23801-1800.
Requests should contain individual's name and address, telephone
number, email address, SSN, DoD ID Number, and DoD ID Bar Code value.''
Record access procedures:
Delete entry and replace with ``Individuals seeking access to
information about themselves contained in this system of records should
address written inquiries the Defense Commissary Agency, ATTN: Privacy
Officer, 1300 E Avenue, Fort Lee, VA 23801-1800.
Requests should contain individual's name and address, telephone
number, email address, SSN, DoD ID Number, and DoD ID Bar Code value.''
Contesting record procedures:
Delete entry and replace with ``The Defense Commissary Agency rules
for accessing records, for contesting contents, and for appealing
initial agency determination can be obtained from the Privacy Act
Officer, 1300 E. Avenue, Fort Lee, VA 23801-1800.''
Record source categories:
Delete entry and replace with ``Individual, Defense Enrollment
Eligibility System (DEERS), US Treasury Over the Counter Network
(OTCNet), Commissary Advanced Retail Transaction System (CARTS),
Defense Commissary Agency Enterprise Data Warehouse (EDW)''
* * * * *
[FR Doc. 2013-12414 Filed 5-23-13; 8:45 am]
BILLING CODE 5001-06-P