Department of the Treasury.
Notice of proposed Privacy Act of 1974 system of records.
In accordance with the Privacy Act of 1974, as amended, 5 U.S.C. 552a, the Department of the Treasury (“Treasury”) proposes to establish a new Privacy Act system of records titled “Treasury .015—General Information Technology Access Account Records.” This system will allow Treasury to collect a discrete set of personally identifiable information in order to allow authorized individuals access to, or interaction with, Treasury information technology resources and allow Treasury to track use of its information technology resources.
Submit comments on or before February 13, 2015. This new system will be effective February 23, 2015 unless comments are received which result in a contrary determination.
You may submit comments, identified by one of the following methods:
Mail: Helen Goff Foster, Deputy Assistant Secretary for Privacy, Transparency, and Records, Office of Privacy, Transparency, and Records, Department of the Treasury, 1500 Pennsylvania Avenue NW., Washington, DC 20220.
Instructions: All submissions received must include the agency name for this rulemaking. All comments received will be posted without change to http://www.regulations.gov, including any personal information you provide with your submission. For access to background documents or comments received, go to http://www.regulations.gov.
Start Further Info
FOR FURTHER INFORMATION CONTACT:
For general questions and for privacy issues please contact: Deputy Assistant Secretary for Privacy, Transparency, and Records, Office of Privacy, Transparency, and Records (202-622-0790), Department of the Treasury, 1500 Pennsylvania Ave. NW., Washington, DC 20220.
End Further Info
Start Supplemental Information
In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Department of the Treasury proposes to establish a new system of records titled, “Treasury .015—General Information Technology Access Account Records.” The proposed system of records is published in its entirety below.
In accordance with 5 U.S.C. 552a(r), Treasury provided a report of this system of records to the Office of Management and Budget and Congress.
Dated: December 22, 2014.
Helen Goff Foster,
Deputy Assistant Secretary for Privacy, Transparency, and Records.
Treasury .015—General Information Technology Access Account Records System of Records.
The records are located at Main Treasury and in other Treasury bureaus and offices, both in Washington, DC and at field locations as follows:
(1) Departmental Offices: 1500 Pennsylvania Ave. NW., Washington, DC 20220;
(2) Alcohol and Tobacco Tax and Trade Bureau: 1310 G St. NW., Washington, DC 20220.
(3) Office of the Comptroller of the Currency: Constitution Center, 400 Seventh St. SW., Washington, DC 20024;
(4) Fiscal Service: Liberty Center Building, 401 14th St. SW., Washington, DC 20227;
(5) Internal Revenue Service: 1111 Constitution Ave. NW., Washington, DC 20224;
(6) United States Mint: 801 Ninth St. NW., Washington, DC 20220;
(7) Bureau of Engraving and Printing: Eastern Currency Facility, 14th and C Streets SW., Washington, DC 20228 and Western Currency Facility, 9000 Blue Mound Rd., Fort Worth, TX 76131;
(8) Financial Crimes Enforcement Network: Vienna, VA 22183;
(9) Special Inspector General for the Troubled Asset Relief Program: 1801 L St. NW., Washington, DC 20220;Start Printed Page 1989
(10) Office of Inspector General: 740 15th St. NW., Washington, DC 20220; and
(11) Office of the Treasury Inspector General for Tax Administration: 1125 15th St. NW., Suite 700A, Washington, DC 20005.
Categories of individuals covered by the system:
- All persons who are authorized to access Treasury information technology resources, including employees, contractors, grantees, fiscal agents, financial agents, interns, detailees, and any lawfully designated representative of the above as well as representatives of federal, state, territorial, tribal, local, international, or foreign government agencies or entities, in furtherance of the Treasury mission.
- Individuals who serve on Treasury boards and committees;
- Individuals who provide personal information in order to facilitate access to Treasury information technology resources;
- Industry points-of-contact providing business contact information for conducting business with government agencies;
- Industry points-of-contact emergency contact information in case of an injury or medical notification;
- Individuals who voluntarily join a Treasury-owned and operated web portal for collaboration purposes; and
- Individuals who request access but are denied, or who have had their access to Treasury information systems revoked.
Categories of records in the system:
- Social Security number;
- Business name;
- Job title;
- Business contact information;
- Personal contact information;
- Pager numbers;
- Others phone numbers or contact information provided by individuals while on travel or otherwise away from the office or home;
- Level of access;
- Home addresses;
- Business addresses;
- Personal and business electronic mail addresses of senders and recipients;
- Justification for access to Treasury computers, networks, or systems;
- Verification of training requirements or other prerequisite requirements for access to Treasury computers, networks, or systems;
- Records on the authentication of a request for access to a Treasury IT resource, including names, phone numbers of other contacts, and positions or business/organizational affiliations and titles of individuals who can verify that the individual seeking access has a need for access to a Treasury IT resource.
- Records on access to Treasury computers and networks including user IDs and passwords;
- Registration numbers or IDs associated with Treasury information technology resources;
- Date and time of access to Treasury IT resources;
- Tax returns and tax return information;
- Logs of activity when accessing and using Treasury information technology resources;
- Internet Protocol address of visitors to Treasury Web sites (a unique number identifying the computer from which a member of the public or others access Treasury IT resources); and
- Logs of individuals' internet activity while using Treasury IT resources.
Authority for maintenance of the system:
44 U.S.C. 3101; EO 9397, as amended by EO 13487; and 44 U.S.C. 3534.
This system will allow Treasury to collect a discrete set of personally identifiable information in order to allow authorized individuals access to, or interactions with, Treasury information technology resources, and allow Treasury to track use of its information technology resources. The system enables Treasury to maintain: account information required for approved access to information technology; lists of individuals who are appropriate organizational points of contact; and lists of individuals who are emergency points of contact. The system will also enable Treasury to provide individuals access to certain meetings and programs where additional information is required and, where appropriate, facilitate collaboration by allowing individuals in the same operational program to share information.
Routine uses of records maintained in the system, including categories of users and the purposes of such uses:
Disclosure of tax returns and tax return information may be made only as allowed by 26 U.S.C. 6103. In addition to those disclosures generally permitted under 5 U.S.C. 552a (b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside Treasury as a routine use pursuant to 5 U.S.C. 552a (b) (3), as follows:
A. To the Department of Justice (including United States Attorneys' Offices) or other federal agencies conducting litigation or in proceedings before any court or adjudicative or administrative body, when it is relevant or necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation:
1. Treasury or any component thereof;
2. Any employee of Treasury in his/her official capacity;
3. Any employee of Treasury in his/her individual capacity where the Department of Justice or Treasury has agreed to represent the employee; or
4. The United States or any agency thereof.
B. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains.
C. To the National Archives and Records Administration or General Services Administration pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.
D. To an agency or organization for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.
E. To appropriate agencies, entities, and persons when:
1. Treasury suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised;
2. The disclosure made to such agencies, entities, and persons as is reasonably necessary to assist in connection with Treasury's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.
F. To contractors and their agents, grantees, experts, consultants, fiscal agent, financial agents, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for Treasury, when necessary to accomplish an agency function related to this system of records. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to Treasury officers and employees.
G. To an appropriate federal, state, tribal, local, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, where a record, either on its face Start Printed Page 1990or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations and such disclosure is proper and consistent with the official duties of the person making the disclosure.
H. To sponsors, employers, contractors, facility operators, grantees, experts, fiscal agents, financial agents, and consultants in connection with establishing an access account for an individual or maintaining appropriate points of contact and when necessary to accomplish a Treasury mission function or objective related to this system of records.
I. To other individuals in the same operational program supported by an information technology resource, where appropriate notice to the individual has been made that his or her contact information will be shared with other members of the same operational program in order to facilitate collaboration.
J. To federal agencies such as the Office of Personnel Management, the Merit Systems Protection Board, the Office of Management and Budget, the Federal Labor Relations Authority, the Government Accountability Office, and the Equal Employment Opportunity Commission in the fulfillment of these agencies' official duties.
K. To international, federal, state, local, tribal, or private entities for the purpose of the regular exchange of business contact information in order to facilitate collaboration for official business.
L. To the news media and the public, with the approval of the Senior Agency Official for Privacy, or her designee, in consultation with counsel, when there exists a legitimate public interest in the disclosure of the information or when disclosure is necessary to preserve confidence in the integrity of Treasury or is necessary to demonstrate the accountability of Treasury's officers, employees, or individuals covered by the system, except to the extent it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.
Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:
Records in this system are on paper and/or in digital or other electronic form. Digital and other electronic images are stored on a storage area network in a secured environment. Records, whether paper or electronic, may be stored at the Treasury Headquarters or at the bureau or office level.
Information may be retrieved, sorted, and/or searched by an identification number assigned by computer, by facility, by business affiliation, email address, or by the name of the individual, or other employee data fields previously identified in this System of Records Notice.
Information in this system is safeguarded in accordance with applicable laws, rules and policies, including Treasury Directive 85-01, Department of the Treasury Information Technology (IT) Security Program. Further, Treasury .015—General Information Technology Access Account Records system of records security protocols will meet multiple National Institute of Standards and Technology security standards from authentication to certification and authorization. Records in the Treasury .015—General Information Technology Access Account Records system of records will be maintained in a secure, password protected electronic system that will utilize security hardware and software to include: multiple firewalls, active intruder detection, and role-based access controls. Additional safeguards will vary by component and program. All records are protected from unauthorized access through appropriate administrative, physical, and technical safeguards. These safeguards include restricting access to authorized personnel who have a “need to know,” using locks, and password protection identification features. Treasury file areas are locked after normal duty hours and the facilities are protected by security personnel who monitor access to and egress from Treasury facilities.
Retention and disposal:
Records are securely retained and disposed of in accordance with the National Archives and Records Administration's General Records Schedule 24, section 6, “User Identification, Profiles, Authorizations, and Password Files.” Inactive records will be destroyed or deleted 6 years after the user account is terminated or password is altered, or when no longer needed for investigative or security purposes, whichever is later.
System manager(s) and address:
DASIT/CIO, Department of the Treasury, 1500 Pennsylvania Ave. NW., Washington, DC 20220.
Individuals seeking notification of and access to any record contained in this system of records, or seeking to contest its content, may submit a request in writing, in accordance with Treasury's Privacy Act regulations (located at 31 CFR 1.26), to the Freedom of Information Act (FOIA) and Transparency Liaison, whose contact information can be found at http://www.treasury.gov/FOIA/Pages/index.aspx under “FOIA Requester Service Centers and FOIA Liaison.” If an individual believes more than one bureau maintains Privacy Act records concerning him or her, the individual may submit the request to the Office of Privacy, Transparency, and Records, FOIA and Transparency, Department of the Treasury, 1500 Pennsylvania Ave. NW., Washington, DC 20220.
No specific form is required, but a request must be written and:
- Be signed and either notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization
- State that the request is made pursuant to the FOIA and/or Privacy Act disclosure regulations;
- Include information that will enable the processing office to determine the fee category of the user;
- Addressed to the bureau that maintains the record (in order for a request to be properly received by the Department, the request must be received in the appropriate bureau's disclosure office);
- Reasonably describe the records;
- Give the address where the determination letter is to be sent;
- State whether or not the requester wishes to inspect the records or have a copy made without first inspecting them; and
- Include a firm agreement from the requester to pay fees for search, duplication, or review, as appropriate. In the absence of a firm agreement to pay, the requester may submit a request for a waiver or reduction of fees, along with justification of how such a waiver request meets the criteria for a waiver or reduction of fees found in the FOIA statute at 5 U.S.C. 552(a)(4)(A)(iii).
You may also submit your request online at https://rdgw.treasury.gov/foia/pages/gofoia.aspx and call 1-202-622-0930 with questions.
Record access procedures:
See “Notification procedure” above.
Contesting record procedures:
See “Notification procedure” above.Start Printed Page 1991
Record source categories:
Information contained in this system is obtained from affected individuals, organizations, and facilities; public source data; other government agencies; and information already in other Treasury records systems.
Exemptions claimed for the system:
End Supplemental Information
[FR Doc. 2015-00403 Filed 1-13-15; 8:45 am]
BILLING CODE 4810-25-P