[Federal Register Volume 80, Number 9 (Wednesday, January 14, 2015)]
[Notices]
[Pages 1988-1991]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2015-00403]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Privacy Act of 1974; Systems of Records
AGENCY: Department of the Treasury.
ACTION: Notice of proposed Privacy Act of 1974 system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the Privacy Act of 1974, as amended, 5
U.S.C. 552a, the Department of the Treasury (``Treasury'') proposes to
establish a new Privacy Act system of records titled ``Treasury .015--
General Information Technology Access Account Records.'' This system
will allow Treasury to collect a discrete set of personally
identifiable information in order to allow authorized individuals
access to, or interaction with, Treasury information technology
resources and allow Treasury to track use of its information technology
resources.
DATES: Submit comments on or before February 13, 2015. This new system
will be effective February 23, 2015 unless comments are received which
result in a contrary determination.
ADDRESSES: You may submit comments, identified by one of the following
methods:
Fax: 202-622-3895.
Mail: Helen Goff Foster, Deputy Assistant Secretary for
Privacy, Transparency, and Records, Office of Privacy, Transparency,
and Records, Department of the Treasury, 1500 Pennsylvania Avenue NW.,
Washington, DC 20220.
Instructions: All submissions received must include the agency name
for this rulemaking. All comments received will be posted without
change to http://www.regulations.gov, including any personal
information you provide with your submission. For access to background
documents or comments received, go to http://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: For general questions and for privacy
issues please contact: Deputy Assistant Secretary for Privacy,
Transparency, and Records, Office of Privacy, Transparency, and Records
(202-622-0790), Department of the Treasury, 1500 Pennsylvania Ave. NW.,
Washington, DC 20220.
SUPPLEMENTARY INFORMATION: In accordance with the Privacy Act of 1974,
5 U.S.C. 552a, the Department of the Treasury proposes to establish a
new system of records titled, ``Treasury .015--General Information
Technology Access Account Records.'' The proposed system of records is
published in its entirety below.
In accordance with 5 U.S.C. 552a(r), Treasury provided a report of
this system of records to the Office of Management and Budget and
Congress.
Dated: December 22, 2014.
Helen Goff Foster,
Deputy Assistant Secretary for Privacy, Transparency, and Records.
TREASURY .015
System name:
Treasury .015--General Information Technology Access Account
Records System of Records.
System location:
The records are located at Main Treasury and in other Treasury
bureaus and offices, both in Washington, DC and at field locations as
follows:
(1) Departmental Offices: 1500 Pennsylvania Ave. NW., Washington,
DC 20220;
(2) Alcohol and Tobacco Tax and Trade Bureau: 1310 G St. NW.,
Washington, DC 20220.
(3) Office of the Comptroller of the Currency: Constitution Center,
400 Seventh St. SW., Washington, DC 20024;
(4) Fiscal Service: Liberty Center Building, 401 14th St. SW.,
Washington, DC 20227;
(5) Internal Revenue Service: 1111 Constitution Ave. NW.,
Washington, DC 20224;
(6) United States Mint: 801 Ninth St. NW., Washington, DC 20220;
(7) Bureau of Engraving and Printing: Eastern Currency Facility,
14th and C Streets SW., Washington, DC 20228 and Western Currency
Facility, 9000 Blue Mound Rd., Fort Worth, TX 76131;
(8) Financial Crimes Enforcement Network: Vienna, VA 22183;
(9) Special Inspector General for the Troubled Asset Relief
Program: 1801 L St. NW., Washington, DC 20220;
[[Page 1989]]
(10) Office of Inspector General: 740 15th St. NW., Washington, DC
20220; and
(11) Office of the Treasury Inspector General for Tax
Administration: 1125 15th St. NW., Suite 700A, Washington, DC 20005.
Categories of individuals covered by the system:
All persons who are authorized to access Treasury
information technology resources, including employees, contractors,
grantees, fiscal agents, financial agents, interns, detailees, and any
lawfully designated representative of the above as well as
representatives of federal, state, territorial, tribal, local,
international, or foreign government agencies or entities, in
furtherance of the Treasury mission.
Individuals who serve on Treasury boards and committees;
Individuals who provide personal information in order to
facilitate access to Treasury information technology resources;
Industry points-of-contact providing business contact
information for conducting business with government agencies;
Industry points-of-contact emergency contact information
in case of an injury or medical notification;
Individuals who voluntarily join a Treasury-owned and
operated web portal for collaboration purposes; and
Individuals who request access but are denied, or who have
had their access to Treasury information systems revoked.
Categories of records in the system:
Social Security number;
Business name;
Job title;
Business contact information;
Personal contact information;
Pager numbers;
Others phone numbers or contact information provided by
individuals while on travel or otherwise away from the office or home;
Citizenship;
Level of access;
Home addresses;
Business addresses;
Personal and business electronic mail addresses of senders
and recipients;
Justification for access to Treasury computers, networks,
or systems;
Verification of training requirements or other
prerequisite requirements for access to Treasury computers, networks,
or systems;
Records on the authentication of a request for access to a
Treasury IT resource, including names, phone numbers of other contacts,
and positions or business/organizational affiliations and titles of
individuals who can verify that the individual seeking access has a
need for access to a Treasury IT resource.
Records on access to Treasury computers and networks
including user IDs and passwords;
Registration numbers or IDs associated with Treasury
information technology resources;
Date and time of access to Treasury IT resources;
Tax returns and tax return information;
Logs of activity when accessing and using Treasury
information technology resources;
Internet Protocol address of visitors to Treasury Web
sites (a unique number identifying the computer from which a member of
the public or others access Treasury IT resources); and
Logs of individuals' internet activity while using
Treasury IT resources.
Authority for maintenance of the system:
44 U.S.C. 3101; EO 9397, as amended by EO 13487; and 44 U.S.C.
3534.
Purposes:
This system will allow Treasury to collect a discrete set of
personally identifiable information in order to allow authorized
individuals access to, or interactions with, Treasury information
technology resources, and allow Treasury to track use of its
information technology resources. The system enables Treasury to
maintain: account information required for approved access to
information technology; lists of individuals who are appropriate
organizational points of contact; and lists of individuals who are
emergency points of contact. The system will also enable Treasury to
provide individuals access to certain meetings and programs where
additional information is required and, where appropriate, facilitate
collaboration by allowing individuals in the same operational program
to share information.
Routine uses of records maintained in the system, including categories
of users and the purposes of such uses:
Disclosure of tax returns and tax return information may be made
only as allowed by 26 U.S.C. 6103. In addition to those disclosures
generally permitted under 5 U.S.C. 552a (b) of the Privacy Act, all or
a portion of the records or information contained in this system may be
disclosed outside Treasury as a routine use pursuant to 5 U.S.C. 552a
(b) (3), as follows:
A. To the Department of Justice (including United States Attorneys'
Offices) or other federal agencies conducting litigation or in
proceedings before any court or adjudicative or administrative body,
when it is relevant or necessary to the litigation and one of the
following is a party to the litigation or has an interest in such
litigation:
1. Treasury or any component thereof;
2. Any employee of Treasury in his/her official capacity;
3. Any employee of Treasury in his/her individual capacity where
the Department of Justice or Treasury has agreed to represent the
employee; or
4. The United States or any agency thereof.
B. To a congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of the individual to whom the record pertains.
C. To the National Archives and Records Administration or General
Services Administration pursuant to records management inspections
being conducted under the authority of 44 U.S.C. 2904 and 2906.
D. To an agency or organization for the purpose of performing audit
or oversight operations as authorized by law, but only such information
as is necessary and relevant to such audit or oversight function.
E. To appropriate agencies, entities, and persons when:
1. Treasury suspects or has confirmed that the security or
confidentiality of information in the system of records has been
compromised;
2. The disclosure made to such agencies, entities, and persons as
is reasonably necessary to assist in connection with Treasury's efforts
to respond to the suspected or confirmed compromise and prevent,
minimize, or remedy such harm.
F. To contractors and their agents, grantees, experts, consultants,
fiscal agent, financial agents, and others performing or working on a
contract, service, grant, cooperative agreement, or other assignment
for Treasury, when necessary to accomplish an agency function related
to this system of records. Individuals provided information under this
routine use are subject to the same Privacy Act requirements and
limitations on disclosure as are applicable to Treasury officers and
employees.
G. To an appropriate federal, state, tribal, local, international,
or foreign law enforcement agency or other appropriate authority
charged with investigating or prosecuting a violation or enforcing or
implementing a law, rule, regulation, or order, where a record, either
on its face
[[Page 1990]]
or in conjunction with other information, indicates a violation or
potential violation of law, which includes criminal, civil, or
regulatory violations and such disclosure is proper and consistent with
the official duties of the person making the disclosure.
H. To sponsors, employers, contractors, facility operators,
grantees, experts, fiscal agents, financial agents, and consultants in
connection with establishing an access account for an individual or
maintaining appropriate points of contact and when necessary to
accomplish a Treasury mission function or objective related to this
system of records.
I. To other individuals in the same operational program supported
by an information technology resource, where appropriate notice to the
individual has been made that his or her contact information will be
shared with other members of the same operational program in order to
facilitate collaboration.
J. To federal agencies such as the Office of Personnel Management,
the Merit Systems Protection Board, the Office of Management and
Budget, the Federal Labor Relations Authority, the Government
Accountability Office, and the Equal Employment Opportunity Commission
in the fulfillment of these agencies' official duties.
K. To international, federal, state, local, tribal, or private
entities for the purpose of the regular exchange of business contact
information in order to facilitate collaboration for official business.
L. To the news media and the public, with the approval of the
Senior Agency Official for Privacy, or her designee, in consultation
with counsel, when there exists a legitimate public interest in the
disclosure of the information or when disclosure is necessary to
preserve confidence in the integrity of Treasury or is necessary to
demonstrate the accountability of Treasury's officers, employees, or
individuals covered by the system, except to the extent it is
determined that release of the specific information in the context of a
particular case would constitute an unwarranted invasion of personal
privacy.
Policies and practices for storing, retrieving, accessing, retaining,
and disposing of records in the system:
Storage:
Records in this system are on paper and/or in digital or other
electronic form. Digital and other electronic images are stored on a
storage area network in a secured environment. Records, whether paper
or electronic, may be stored at the Treasury Headquarters or at the
bureau or office level.
Retrievability:
Information may be retrieved, sorted, and/or searched by an
identification number assigned by computer, by facility, by business
affiliation, email address, or by the name of the individual, or other
employee data fields previously identified in this System of Records
Notice.
Safeguards:
Information in this system is safeguarded in accordance with
applicable laws, rules and policies, including Treasury Directive 85-
01, Department of the Treasury Information Technology (IT) Security
Program. Further, Treasury .015--General Information Technology Access
Account Records system of records security protocols will meet multiple
National Institute of Standards and Technology security standards from
authentication to certification and authorization. Records in the
Treasury .015--General Information Technology Access Account Records
system of records will be maintained in a secure, password protected
electronic system that will utilize security hardware and software to
include: multiple firewalls, active intruder detection, and role-based
access controls. Additional safeguards will vary by component and
program. All records are protected from unauthorized access through
appropriate administrative, physical, and technical safeguards. These
safeguards include restricting access to authorized personnel who have
a ``need to know,'' using locks, and password protection identification
features. Treasury file areas are locked after normal duty hours and
the facilities are protected by security personnel who monitor access
to and egress from Treasury facilities.
Retention and disposal:
Records are securely retained and disposed of in accordance with
the National Archives and Records Administration's General Records
Schedule 24, section 6, ``User Identification, Profiles,
Authorizations, and Password Files.'' Inactive records will be
destroyed or deleted 6 years after the user account is terminated or
password is altered, or when no longer needed for investigative or
security purposes, whichever is later.
System manager(s) and address:
DASIT/CIO, Department of the Treasury, 1500 Pennsylvania Ave. NW.,
Washington, DC 20220.
Notification procedure:
Individuals seeking notification of and access to any record
contained in this system of records, or seeking to contest its content,
may submit a request in writing, in accordance with Treasury's Privacy
Act regulations (located at 31 CFR 1.26), to the Freedom of Information
Act (FOIA) and Transparency Liaison, whose contact information can be
found at http://www.treasury.gov/FOIA/Pages/index.aspx under ``FOIA
Requester Service Centers and FOIA Liaison.'' If an individual believes
more than one bureau maintains Privacy Act records concerning him or
her, the individual may submit the request to the Office of Privacy,
Transparency, and Records, FOIA and Transparency, Department of the
Treasury, 1500 Pennsylvania Ave. NW., Washington, DC 20220.
No specific form is required, but a request must be written and:
Be signed and either notarized or submitted under 28
U.S.C. 1746, a law that permits statements to be made under penalty of
perjury as a substitute for notarization
State that the request is made pursuant to the FOIA and/or
Privacy Act disclosure regulations;
Include information that will enable the processing office
to determine the fee category of the user;
Addressed to the bureau that maintains the record (in
order for a request to be properly received by the Department, the
request must be received in the appropriate bureau's disclosure
office);
Reasonably describe the records;
Give the address where the determination letter is to be
sent;
State whether or not the requester wishes to inspect the
records or have a copy made without first inspecting them; and
Include a firm agreement from the requester to pay fees
for search, duplication, or review, as appropriate. In the absence of a
firm agreement to pay, the requester may submit a request for a waiver
or reduction of fees, along with justification of how such a waiver
request meets the criteria for a waiver or reduction of fees found in
the FOIA statute at 5 U.S.C. 552(a)(4)(A)(iii).
You may also submit your request online at https://rdgw.treasury.gov/foia/pages/gofoia.aspx and call 1-202-622-0930 with
questions.
Record access procedures:
See ``Notification procedure'' above.
Contesting record procedures:
See ``Notification procedure'' above.
[[Page 1991]]
Record source categories:
Information contained in this system is obtained from affected
individuals, organizations, and facilities; public source data; other
government agencies; and information already in other Treasury records
systems.
Exemptions claimed for the system:
None.
[FR Doc. 2015-00403 Filed 1-13-15; 8:45 am]
BILLING CODE 4810-25-P