Privacy Act of 1974; Revised System of Records, 15024-15026 [2012-6089]
Download as PDF
15024
Federal Register / Vol. 77, No. 50 / Wednesday, March 14, 2012 / Notices
Dated: March 8, 2012.
Pearlie S. Reed,
Assistant Secretary for Administration, S.
Department of Agriculture.
• Docket: For access to the docket to
read background documents or
comments received, go to https://
www.regulations.gov.
[FR Doc. 2012–6101 Filed 3–13–12; 8:45 am]
FOR FURTHER INFORMATION CONTACT:
BILLING CODE 3410–93–P
DEPARTMENT OF AGRICULTURE
Office of the Secretary
Privacy Act of 1974; Revised System of
Records
For
general questions, please contact: Shari
Erickson, Program Manager, (970) 295–
5128, 301 South Howes Street, Suite
309, Fort Collins, Colorado 80521. For
privacy issues, please contact: Ravoyne
Payton, Chief Privacy Officer,
Technology Planning, Architecture and
E-Government, Office of the Chief
Information Officer, Department of
Agriculture, Washington, DC 20250.
SUPPLEMENTARY INFORMATION:
Office of the Chief Information
Officer, USDA.
ACTION: Notice of the revision of Privacy
Act system of records.
I. Background
In accordance with the
Privacy Act of 1974, the Department of
Agriculture proposes to revise an
existing Department of Agriculture
system of records notice now titled,
USDA/OCIO–2 eAuthentication Service
(eAuth). The USDA eAuth provides the
public and government businesses with
a single sign-on capability for USDA
applications, management of user
credentials, and verification of identity,
authorization, and electronic signatures.
USDA’s eAuth collects customer
information through an electronic selfregistration process provided through
the eAuth Web site. This System of
Records Notice was previously
published as ‘‘USDA eAuthentication
Service’’ in Federal Register Vol. 71,
No. 143 on Wednesday July 26, 2006.
The revision reflects updates to the
system name; the system location;
routine uses; storage policies;
safeguards; retention and disposal; the
system manager; and notification,
record access, and contesting
procedures.
DATES: Submit comments on or before
April 23, 2012. This new system will be
effective April 23, 2012.
ADDRESSES: You may submit comments,
identified by docket number USDA/
OCIO–2 by one of the following
methods:
• Federal e-Rulemaking Portal:
https://www.regulations.gov. Follow the
instructions for submitting comments.
• Fax: (970) 295–5168.
• Mail: Chris North, Enterprise
Applications Services Director,
eAuthentication, 2150 Centre Avenue,
Suite 208, Fort Collins, Colorado 80526.
• Instructions: All submissions
received must include the agency name
and docket number for this rulemaking.
All comments received will be posted
without change to https://
www.regulations.gov, including any
personal information provided.
The USDA eAuthentication Service
provides USDA Agency customers and
employees single sign-on capability and
electronic authentication and
authorization for USDA Web
applications and services. Through an
online self-registration process, USDA
Agency customers and employees can
obtain accounts as authorized users that
will provide access to USDA resources
without needing to re-authenticate
within the context of a single Internet
session. Once an account is activated,
users may use the associated user ID
and password that they created to access
USDA resources that are protected by
eAuthentication. Information stored in
the eAuthentication Service may be
shared with other USDA components, as
well as appropriate Federal, State, local,
tribal, foreign, or international
government agencies as outlined in the
routine uses or authorized by statute.
This sharing will take place only after
USDA determines that the receiving
component or agency has a need to
know the information to carry out
national security, law enforcement,
immigration, intelligence, or other
functions consistent with the routine
uses set forth in this system of records
notice. The revisions to this system of
records include renaming the system to
be consistent with the Department’s
naming system; updating the system
location, storage policies, storage
safeguards, and retention and disposal
policies; and the system manager’s
location; and the notification, record
access, and contesting procedures in
order to be consistent with the
Department’s best practices. In addition,
the routine uses were amended as
follows:
• Former Routine Use 1 was deleted.
• Former Routine Use 2 was
renumbered Routine Use 1 and revised.
• Former Routine Use 3 was
renumbered Routine Use 2 and revised.
AGENCY:
srobinson on DSK4SPTVN1PROD with NOTICES
SUMMARY:
VerDate Mar<15>2010
20:05 Mar 13, 2012
Jkt 226001
PO 00000
Frm 00003
Fmt 4703
Sfmt 4703
• Former Routine Use 4 was
renumbered Routine Use 3 and revised.
• Former Routine Use 5 was
renumbered Routine Use 4 and revised.
• Former Routine Use 6 was
renumbered Routine Use 5 and revised.
• Routine Use 6 is added to permit
disclosure to the Department of Justice
in order to represent the government’s
interest in litigation.
• Routine Use 7 is added to permit
disclosure to appropriate agencies,
entities, and persons to prevent or
address a security breach or suspected
security breach.
• Former Routine Use 8 was deleted.
Dated: March 6, 2012.
Thomas J. Vilsack,
Secretary, Department of Agriculture.
SYSTEM OF RECORDS
USDA/OCIO–2
SYSTEM NAME:
USDA/OCIO–2 eAuthentication
Service.
SECURITY CLASSIFICATION: UNCLASSIFIED.
SYSTEM LOCATION:
USDA–NRCS Information Technology
Center, 2150 Centre Avenue Building A,
Fort Collins, Colorado 80526; USDA–
NITC, 8930 Ward Pkwy, Kansas City,
Missouri 64114.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
This system contains records on
individuals who applied for and were
granted access to USDA applications
and services that are protected by
eAuthentication. This includes
members of the public and USDA
employees.
CATEGORIES OF RECORDS IN THE SYSTEM:
CATEGORIES OF RECORDS IN THIS SYSTEM
INCLUDE:
The eAuthentication system will
collect the following information from
individuals:
• Name
• Address
• Country of residence
• Telephone number
• Email address
• Date of birth
• Mother’s maiden name
• The system will also require users
to create a user ID and password
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Government Paperwork Elimination
Act (GPEA, Pub. L. 105–277) of 1998;
Freedom to E-File Act (Pub. L. 106–222)
of 2000; Electronic Signatures in Global
and National Commerce Act (E-SIGN,
Pub. L. 106–229) of 2000; eGovernment
Act of 2002 (H.R. 2458).
E:\FR\FM\14MRN1.SGM
14MRN1
Federal Register / Vol. 77, No. 50 / Wednesday, March 14, 2012 / Notices
PURPOSE(S):
The records in this system are used to
electronically authenticate and
authorize users accessing protected
USDA applications and services.
srobinson on DSK4SPTVN1PROD with NOTICES
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
THE PURPOSES OF SUCH USES:
Information contained in this system
may be disclosed outside USDA as a
routine use pursuant to 5 U.S.C.
552a(b)(3) as follows:
1. To external Web applications
integrated with the government’s
federated architecture for
authentication. Prior to any disclosure
of information under this architecture,
the user will request access to an
external application with their USDA
credential. All external applications will
have undergone rigorous testing before
joining the architecture.
eAuthentication acts as a single sign-on
point for USDA Agency applications.
This allows a USDA customer to sign
onto any USDA applications they have
been authorized on via a single sign-on.
2. When a record on its face, on in
conjunction with other records,
indicates a violation or potential
violation of law, whether civil, criminal,
or regulatory in nature, and whether
arising by general statute or particular
program, statute, or by regulation, rule,
or order issued pursuant thereto,
disclosure may be made to the
appropriate agency, whether Federal,
foreign, State, local, tribal, or other
public authority responsible for
enforcing, investigating, or prosecuting
such violation or charged with enforcing
or implementing the statute, or rule,
regulation, or order issued pursuant
thereto, if the information disclosed is
relevant to any enforcement, regulatory,
investigative, or prosecutive
responsibility of the receiving entity.
3. To a court or adjudicative body in
a proceeding when: (a) The agency or
any component thereof; or (b) any
employee of the agency in his or her
official capacity; or (c) any employee of
the agency in his or her individual
capacity where the agency has agreed to
represent the employee; or (d) the
United States Government, is a party to
litigation or has an interest in such
litigation, and by careful review, the
agency determines that the records are
both relevant and necessary to the
litigation and the use of such records is
therefore deemed by the agency to be for
a purpose that is compatible with the
purpose for which the agency collected
the records.
4. To a congressional office in
response to an inquiry made at the
VerDate Mar<15>2010
17:29 Mar 13, 2012
Jkt 226001
written request of the individual to
whom the record pertains.
5. At the individual’s request to any
Federal department, State or local
agencies, or USDA partner utilizing or
interfacing with eAuthentication to
provide electronic authentication for
electronic transactions. The disclosure
of this information is required to
securely provide, monitor, and analyze
the requested program, service,
registration, or other transaction.
6. To the Department of Justice when:
(a) The agency or any component
thereof; or (b) any employee of the
agency in his or her official capacity; or
(c) any employee in his or her
individual capacity where the
Department of Justice has agreed to
represent the employee; or (d) the
United States Government, is a party to
litigation or has an interest in such
litigation, and by careful review, the
agency determines that the records are
both relevant and necessary to the
litigation and the use of such records by
the Department of Justice is therefore
deemed by the agency to be for a
purpose that is compatible with the
purpose for which the agency collected
the records.
7. To appropriate agencies, entities,
and persons when (1) USDA suspects or
has confirmed that the security or
confidentiality of information in the
system of records has been
compromised; (2) the USDA has
determined that as a result of the
suspected or confirmed compromise
there is a risk of harm to economic or
property interests, identity theft or
fraud, or harm to the security or
integrity of this system or other systems
or programs (whether maintained by the
USDA or another agency or entity) that
rely upon the compromised
information; and (3) the disclosure
made to such agencies, entities, and
persons is reasonably necessary to assist
in connection with the USDA’s efforts to
respond to the suspected or confirmed
compromise and prevent, minimize, or
remedy such harm.
DISCLOSURE TO CONSUMER REPORTING
AGENCIES:
None.
POLICIES AND PRACTICES FOR STORING,
RETRIEVING, ACCESSING, RETAINING, AND
DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Records are stored and maintained
electronically on USDA-owned and
operated systems in Kansas City,
Missouri and Fort Collins, Colorado.
RETRIEVABILITY:
Records can be retrieved by name,
username, or system ID.
PO 00000
Frm 00004
Fmt 4703
Sfmt 4703
15025
SAFEGUARDS:
Records in this system are
safeguarded in accordance with
applicable rules and policies, including
all applicable USDA automated systems
security and access policies. Strict
controls have been imposed to minimize
the risk of compromising the
information that is being stored. Access
to the computer system containing the
records in this system is limited to those
individuals who have a need to know
the information for the performance of
their official duties and who have
appropriate clearances or permissions.
RETENTION AND DISPOSAL:
Records in this system will be
retained in accordance with approved
retention schedules, including: (1)
Audit Reports File (N1–485–08–2, item
17), which provides for annual cut-off
and for destruction 10 years after cutoff;
and (2) Audit Work papers (N1–485–08–
2, item 2), which provides for annual
cut-off and for destruction 6 years and
3 months after cut-off. Additional
approved schedules may apply.
Destruction of records shall occur in the
manner(s) appropriate to the type of
record, such as shredding of paper
records and/or deletion of computer
records.
SYSTEM MANAGER AND ADDRESS:
Program Manager—Identity and
Access Management, 301 South Howes
Street, Suite 309, Fort Collins, Colorado
80521.
NOTIFICATION PROCEDURE:
Individuals seeking notification of
and access to any record contained in
this system of records, or seeking to
contest its content, may submit a
request in writing to the Headquarters or
component’s FOIA Officer, whose
contact information can be found at
https://www.dm.usda.gov/foia.htm under
‘‘contacts.’’ If an individual believes
more than one component maintains
Privacy Act records concerning him or
her, the individual may submit the
request to the Chief FOIA Officer,
Department of Agriculture, 1400
Independence Avenue SW.,
Washington, DC 20250.
When seeking records about yourself
from this system of records or any other
Departmental system of records your
request must conform with the Privacy
Act regulations set forth in 6 CFR Part
5. You must first verify your identity,
meaning that you must provide your full
name, current address and date and
place of birth. You must sign your
request, and your signature must either
be notarized or submitted under 28
U.S.C. 1746, a law that permits
E:\FR\FM\14MRN1.SGM
14MRN1
15026
Federal Register / Vol. 77, No. 50 / Wednesday, March 14, 2012 / Notices
statements to be made under penalty of
perjury as a substitute for notarization.
While no specific form is required, you
may obtain forms for this purpose from
the Chief FOIA Officer, Department of
Agriculture, 1400 Independence Avenue
SW., Washington, DC 20250. In
addition, you should provide the
following:
• An explanation of why you believe
the Department would have information
on you,
• Identify which component(s) of the
Department you believe may have the
information about you,
• Specify when you believe the
records would have been created,
• Provide any other information that
will help the FOIA staff determine
which USDA component agency may
have responsive records,
• If your request is seeking records
pertaining to another living individual,
you must include a statement from that
individual certifying his/her agreement
for you to access his/her records.
Without this bulleted information, the
component(s) may not be able to
conduct an effective search, and your
request may be denied due to lack of
specificity or lack of compliance with
applicable regulations.
RECORD ACCESS PROCEDURES:
See ‘‘Notification procedure’’ above.
CONTESTING RECORD PROCEDURES:
See ‘‘Notification procedure’’ above.
RECORD SOURCE CATEGORIES:
Information from the system will be
submitted by the user. When a user
wishes to transact with USDA or its
partner organizations electronically, the
user must enter name, address, country
of residence, telephone number, date of
birth, mother’s maiden name, username,
and password. As the USDA
eAuthentication Service is integrated
with other government or private sector
authentication systems, data may be
obtained from those systems to facilitate
single-sign on capabilities with the
user’s permission.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
srobinson on DSK4SPTVN1PROD with NOTICES
None.
U.S. Department of Agriculture
Narrative Statement on Revised
eAuthentication System of Records
Under the Privacy Act of 1974 USDA/
OCIO–2 eAuthentication Service
The U.S. Department of Agriculture
(USDA) eAuthentication Service
provides USDA Agency customers and
employees single sign-on capability and
electronic authentication and
authorization for USDA Web
applications and services. Through an
VerDate Mar<15>2010
17:29 Mar 13, 2012
Jkt 226001
online self-registration process, USDA
Agency customers and employees can
obtain accounts as authorized users that
will provide access to USDA resources
without needing to re-authenticate
within the context of a single Internet
session. Once an account is activated,
users may use the associated user ID
and password that they created to access
USDA resources that are protected by
eAuthentication. Information stored in
the eAuthentication Service may be
shared with other USDA components, as
well as appropriate Federal, State, local,
tribal, foreign, or international
government agencies as outlined in the
routine uses or authorized by statute.
This sharing will take place only after
USDA determines that the receiving
component or agency has a need to
know the information to carry out
national security, law enforcement,
immigration, intelligence, or other
functions consistent with the routine
uses set forth in this system of records
notice. USDA is publishing the routine
uses pursuant to which it may disclose
information about individuals to the
extent the disclosure is consistent with
the purpose for which the information
was collected. Routine uses include
disclosure to external Web applications
upon user request, to other government
agencies for law enforcement purposes
if the record on its face or in
conjunction with other records indicates
a violation of law, to a court or
adjudicative body if relevant and
necessary to appropriate litigation, to a
congressional office upon written
request of the individual, to other
government entities of USDA partners
upon user request, to USDA contractors
or industry to identify fraud, waste, or
abuse to the Department of Justice if
relevant and necessary for appropriate
litigation, or to agencies, entities, or
persons to prevent or remedy security
breach. The authority for maintaining
this system is derived from: Government
Paperwork Elimination Act (GPEA, Pub.
L. 105–277) of 1998; Freedom to E-File
Act (Pub. L. 106–222) of 2000;
Electronic Signatures in Global and
National Commerce Act (E-SIGN, Pub.
L. 106–229) of 2000; eGovernment Act
of 2002 (H.R. 2458).
Probable or potential effects on the
privacy of individuals:
Although there is some risk to the
privacy of individuals, that risk is
outweighed by the benefits to those
individuals who will be able to access
multiple programs and applications
with a single login. In addition, the
safeguards in place will protect against
unauthorized disclosure. Records are
accessible only to individuals who are
authorized, and physical and electronic
PO 00000
Frm 00005
Fmt 4703
Sfmt 4703
safeguards are employed to ensure
security. eAuthentication has a current
Authority to Operate obtained via the
completion of a Cyber Security
Certification and Accreditation (C&A). A
satisfactory risk assessment has been
performed.
OMB information collection
requirements:
OMB information collection approval:
OMB No. 0503–0014
[FR Doc. 2012–6089 Filed 3–13–12; 8:45 am]
BILLING CODE 3410–ZV–P
DEPARTMENT OF AGRICULTURE
Office of the Secretary
Privacy Act of 1974; Farm Records File
(Automated) System of Records
Department of Agriculture
(USDA).
ACTION: Notice of revision to Privacy Act
system of records.
AGENCY:
This notice proposes to revise
the Privacy Act System of Records titled
Farm Records File (Automated) USDA/
FSA–2. The records include information
about the majority of agricultural
producers in the United States. In
general, the Farm Service Agency (FSA)
proposes to revise the system of records
to make minor corrections and updates
to meet additional requirements.
DATES: We will consider comments that
we receive on or before April 13, 2012.
The revised system of records and
routine uses will become effective 40
days after publication, on April 23,
2012, unless modified by a subsequent
notice to incorporate changes resulting
from public comments.
ADDRESSES: We invite you to submit
comments on this notice. In your
comment, include the system of records
number (USDA/FSA–2). You may
submit comments by any of the
following methods:
• Federal e-Rulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
• Mail: Virginia Haynes, PECD FSA
USDA, 1400 Independence Ave. SW.,
Mail Stop 0517, Department of
Agriculture, Washington, DC 20250–
0517.
• Hand Delivery or Courier: Deliver
comments to the above address.
Instructions: All comments will be
made public by USDA and will be
posted without change to https://
www.regulations.gov, including any
personal information provided.
FOR FURTHER INFORMATION CONTACT: For
general questions, contact: Virginia
Haynes, (202) 690–2798. For privacy
SUMMARY:
E:\FR\FM\14MRN1.SGM
14MRN1
Agencies
[Federal Register Volume 77, Number 50 (Wednesday, March 14, 2012)]
[Notices]
[Pages 15024-15026]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2012-6089]
-----------------------------------------------------------------------
DEPARTMENT OF AGRICULTURE
Office of the Secretary
Privacy Act of 1974; Revised System of Records
AGENCY: Office of the Chief Information Officer, USDA.
ACTION: Notice of the revision of Privacy Act system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the Privacy Act of 1974, the Department of
Agriculture proposes to revise an existing Department of Agriculture
system of records notice now titled, USDA/OCIO-2 eAuthentication
Service (eAuth). The USDA eAuth provides the public and government
businesses with a single sign-on capability for USDA applications,
management of user credentials, and verification of identity,
authorization, and electronic signatures. USDA's eAuth collects
customer information through an electronic self-registration process
provided through the eAuth Web site. This System of Records Notice was
previously published as ``USDA eAuthentication Service'' in Federal
Register Vol. 71, No. 143 on Wednesday July 26, 2006. The revision
reflects updates to the system name; the system location; routine uses;
storage policies; safeguards; retention and disposal; the system
manager; and notification, record access, and contesting procedures.
DATES: Submit comments on or before April 23, 2012. This new system
will be effective April 23, 2012.
ADDRESSES: You may submit comments, identified by docket number USDA/
OCIO-2 by one of the following methods:
Federal e-Rulemaking Portal: https://www.regulations.gov.
Follow the instructions for submitting comments.
Fax: (970) 295-5168.
Mail: Chris North, Enterprise Applications Services
Director, eAuthentication, 2150 Centre Avenue, Suite 208, Fort Collins,
Colorado 80526.
Instructions: All submissions received must include the
agency name and docket number for this rulemaking. All comments
received will be posted without change to https://www.regulations.gov,
including any personal information provided.
Docket: For access to the docket to read background
documents or comments received, go to https://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: For general questions, please contact:
Shari Erickson, Program Manager, (970) 295-5128, 301 South Howes
Street, Suite 309, Fort Collins, Colorado 80521. For privacy issues,
please contact: Ravoyne Payton, Chief Privacy Officer, Technology
Planning, Architecture and E-Government, Office of the Chief
Information Officer, Department of Agriculture, Washington, DC 20250.
SUPPLEMENTARY INFORMATION:
I. Background
The USDA eAuthentication Service provides USDA Agency customers and
employees single sign-on capability and electronic authentication and
authorization for USDA Web applications and services. Through an online
self-registration process, USDA Agency customers and employees can
obtain accounts as authorized users that will provide access to USDA
resources without needing to re-authenticate within the context of a
single Internet session. Once an account is activated, users may use
the associated user ID and password that they created to access USDA
resources that are protected by eAuthentication. Information stored in
the eAuthentication Service may be shared with other USDA components,
as well as appropriate Federal, State, local, tribal, foreign, or
international government agencies as outlined in the routine uses or
authorized by statute. This sharing will take place only after USDA
determines that the receiving component or agency has a need to know
the information to carry out national security, law enforcement,
immigration, intelligence, or other functions consistent with the
routine uses set forth in this system of records notice. The revisions
to this system of records include renaming the system to be consistent
with the Department's naming system; updating the system location,
storage policies, storage safeguards, and retention and disposal
policies; and the system manager's location; and the notification,
record access, and contesting procedures in order to be consistent with
the Department's best practices. In addition, the routine uses were
amended as follows:
Former Routine Use 1 was deleted.
Former Routine Use 2 was renumbered Routine Use 1 and
revised.
Former Routine Use 3 was renumbered Routine Use 2 and
revised.
Former Routine Use 4 was renumbered Routine Use 3 and
revised.
Former Routine Use 5 was renumbered Routine Use 4 and
revised.
Former Routine Use 6 was renumbered Routine Use 5 and
revised.
Routine Use 6 is added to permit disclosure to the
Department of Justice in order to represent the government's interest
in litigation.
Routine Use 7 is added to permit disclosure to appropriate
agencies, entities, and persons to prevent or address a security breach
or suspected security breach.
Former Routine Use 8 was deleted.
Dated: March 6, 2012.
Thomas J. Vilsack,
Secretary, Department of Agriculture.
SYSTEM OF RECORDS
USDA/OCIO-2
System name:
USDA/OCIO-2 eAuthentication Service.
Security classification: Unclassified.
System location:
USDA-NRCS Information Technology Center, 2150 Centre Avenue
Building A, Fort Collins, Colorado 80526; USDA-NITC, 8930 Ward Pkwy,
Kansas City, Missouri 64114.
Categories of individuals covered by the system:
This system contains records on individuals who applied for and
were granted access to USDA applications and services that are
protected by eAuthentication. This includes members of the public and
USDA employees.
Categories of records in the system:
Categories of records in this system include:
The eAuthentication system will collect the following information
from individuals:
Name
Address
Country of residence
Telephone number
Email address
Date of birth
Mother's maiden name
The system will also require users to create a user ID and
password
Authority for maintenance of the system:
Government Paperwork Elimination Act (GPEA, Pub. L. 105-277) of
1998; Freedom to E-File Act (Pub. L. 106-222) of 2000; Electronic
Signatures in Global and National Commerce Act (E-SIGN, Pub. L. 106-
229) of 2000; eGovernment Act of 2002 (H.R. 2458).
[[Page 15025]]
Purpose(s):
The records in this system are used to electronically authenticate
and authorize users accessing protected USDA applications and services.
Routine uses of records maintained in the system, including categories
of users and the purposes of such uses:
Information contained in this system may be disclosed outside USDA
as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
1. To external Web applications integrated with the government's
federated architecture for authentication. Prior to any disclosure of
information under this architecture, the user will request access to an
external application with their USDA credential. All external
applications will have undergone rigorous testing before joining the
architecture. eAuthentication acts as a single sign-on point for USDA
Agency applications. This allows a USDA customer to sign onto any USDA
applications they have been authorized on via a single sign-on.
2. When a record on its face, on in conjunction with other records,
indicates a violation or potential violation of law, whether civil,
criminal, or regulatory in nature, and whether arising by general
statute or particular program, statute, or by regulation, rule, or
order issued pursuant thereto, disclosure may be made to the
appropriate agency, whether Federal, foreign, State, local, tribal, or
other public authority responsible for enforcing, investigating, or
prosecuting such violation or charged with enforcing or implementing
the statute, or rule, regulation, or order issued pursuant thereto, if
the information disclosed is relevant to any enforcement, regulatory,
investigative, or prosecutive responsibility of the receiving entity.
3. To a court or adjudicative body in a proceeding when: (a) The
agency or any component thereof; or (b) any employee of the agency in
his or her official capacity; or (c) any employee of the agency in his
or her individual capacity where the agency has agreed to represent the
employee; or (d) the United States Government, is a party to litigation
or has an interest in such litigation, and by careful review, the
agency determines that the records are both relevant and necessary to
the litigation and the use of such records is therefore deemed by the
agency to be for a purpose that is compatible with the purpose for
which the agency collected the records.
4. To a congressional office in response to an inquiry made at the
written request of the individual to whom the record pertains.
5. At the individual's request to any Federal department, State or
local agencies, or USDA partner utilizing or interfacing with
eAuthentication to provide electronic authentication for electronic
transactions. The disclosure of this information is required to
securely provide, monitor, and analyze the requested program, service,
registration, or other transaction.
6. To the Department of Justice when: (a) The agency or any
component thereof; or (b) any employee of the agency in his or her
official capacity; or (c) any employee in his or her individual
capacity where the Department of Justice has agreed to represent the
employee; or (d) the United States Government, is a party to litigation
or has an interest in such litigation, and by careful review, the
agency determines that the records are both relevant and necessary to
the litigation and the use of such records by the Department of Justice
is therefore deemed by the agency to be for a purpose that is
compatible with the purpose for which the agency collected the records.
7. To appropriate agencies, entities, and persons when (1) USDA
suspects or has confirmed that the security or confidentiality of
information in the system of records has been compromised; (2) the USDA
has determined that as a result of the suspected or confirmed
compromise there is a risk of harm to economic or property interests,
identity theft or fraud, or harm to the security or integrity of this
system or other systems or programs (whether maintained by the USDA or
another agency or entity) that rely upon the compromised information;
and (3) the disclosure made to such agencies, entities, and persons is
reasonably necessary to assist in connection with the USDA's efforts to
respond to the suspected or confirmed compromise and prevent, minimize,
or remedy such harm.
Disclosure to consumer reporting agencies:
None.
Policies and practices for storing, retrieving, accessing, retaining,
and disposing of records in the system:
Storage:
Records are stored and maintained electronically on USDA-owned and
operated systems in Kansas City, Missouri and Fort Collins, Colorado.
Retrievability:
Records can be retrieved by name, username, or system ID.
Safeguards:
Records in this system are safeguarded in accordance with
applicable rules and policies, including all applicable USDA automated
systems security and access policies. Strict controls have been imposed
to minimize the risk of compromising the information that is being
stored. Access to the computer system containing the records in this
system is limited to those individuals who have a need to know the
information for the performance of their official duties and who have
appropriate clearances or permissions.
Retention and disposal:
Records in this system will be retained in accordance with approved
retention schedules, including: (1) Audit Reports File (N1-485-08-2,
item 17), which provides for annual cut-off and for destruction 10
years after cutoff; and (2) Audit Work papers (N1-485-08-2, item 2),
which provides for annual cut-off and for destruction 6 years and 3
months after cut-off. Additional approved schedules may apply.
Destruction of records shall occur in the manner(s) appropriate to the
type of record, such as shredding of paper records and/or deletion of
computer records.
System Manager and address:
Program Manager--Identity and Access Management, 301 South Howes
Street, Suite 309, Fort Collins, Colorado 80521.
Notification procedure:
Individuals seeking notification of and access to any record
contained in this system of records, or seeking to contest its content,
may submit a request in writing to the Headquarters or component's FOIA
Officer, whose contact information can be found at https://www.dm.usda.gov/foia.htm under ``contacts.'' If an individual believes
more than one component maintains Privacy Act records concerning him or
her, the individual may submit the request to the Chief FOIA Officer,
Department of Agriculture, 1400 Independence Avenue SW., Washington, DC
20250.
When seeking records about yourself from this system of records or
any other Departmental system of records your request must conform with
the Privacy Act regulations set forth in 6 CFR Part 5. You must first
verify your identity, meaning that you must provide your full name,
current address and date and place of birth. You must sign your
request, and your signature must either be notarized or submitted under
28 U.S.C. 1746, a law that permits
[[Page 15026]]
statements to be made under penalty of perjury as a substitute for
notarization. While no specific form is required, you may obtain forms
for this purpose from the Chief FOIA Officer, Department of
Agriculture, 1400 Independence Avenue SW., Washington, DC 20250. In
addition, you should provide the following:
An explanation of why you believe the Department would
have information on you,
Identify which component(s) of the Department you believe
may have the information about you,
Specify when you believe the records would have been
created,
Provide any other information that will help the FOIA
staff determine which USDA component agency may have responsive
records,
If your request is seeking records pertaining to another
living individual, you must include a statement from that individual
certifying his/her agreement for you to access his/her records.
Without this bulleted information, the component(s) may not be able
to conduct an effective search, and your request may be denied due to
lack of specificity or lack of compliance with applicable regulations.
Record access procedures:
See ``Notification procedure'' above.
Contesting record procedures:
See ``Notification procedure'' above.
Record source categories:
Information from the system will be submitted by the user. When a
user wishes to transact with USDA or its partner organizations
electronically, the user must enter name, address, country of
residence, telephone number, date of birth, mother's maiden name,
username, and password. As the USDA eAuthentication Service is
integrated with other government or private sector authentication
systems, data may be obtained from those systems to facilitate single-
sign on capabilities with the user's permission.
Exemptions claimed for the system:
None.
U.S. Department of Agriculture Narrative Statement on Revised
eAuthentication System of Records Under the Privacy Act of 1974 USDA/
OCIO-2 eAuthentication Service
The U.S. Department of Agriculture (USDA) eAuthentication Service
provides USDA Agency customers and employees single sign-on capability
and electronic authentication and authorization for USDA Web
applications and services. Through an online self-registration process,
USDA Agency customers and employees can obtain accounts as authorized
users that will provide access to USDA resources without needing to re-
authenticate within the context of a single Internet session. Once an
account is activated, users may use the associated user ID and password
that they created to access USDA resources that are protected by
eAuthentication. Information stored in the eAuthentication Service may
be shared with other USDA components, as well as appropriate Federal,
State, local, tribal, foreign, or international government agencies as
outlined in the routine uses or authorized by statute. This sharing
will take place only after USDA determines that the receiving component
or agency has a need to know the information to carry out national
security, law enforcement, immigration, intelligence, or other
functions consistent with the routine uses set forth in this system of
records notice. USDA is publishing the routine uses pursuant to which
it may disclose information about individuals to the extent the
disclosure is consistent with the purpose for which the information was
collected. Routine uses include disclosure to external Web applications
upon user request, to other government agencies for law enforcement
purposes if the record on its face or in conjunction with other records
indicates a violation of law, to a court or adjudicative body if
relevant and necessary to appropriate litigation, to a congressional
office upon written request of the individual, to other government
entities of USDA partners upon user request, to USDA contractors or
industry to identify fraud, waste, or abuse to the Department of
Justice if relevant and necessary for appropriate litigation, or to
agencies, entities, or persons to prevent or remedy security breach.
The authority for maintaining this system is derived from: Government
Paperwork Elimination Act (GPEA, Pub. L. 105-277) of 1998; Freedom to
E-File Act (Pub. L. 106-222) of 2000; Electronic Signatures in Global
and National Commerce Act (E-SIGN, Pub. L. 106-229) of 2000;
eGovernment Act of 2002 (H.R. 2458).
Probable or potential effects on the privacy of individuals:
Although there is some risk to the privacy of individuals, that
risk is outweighed by the benefits to those individuals who will be
able to access multiple programs and applications with a single login.
In addition, the safeguards in place will protect against unauthorized
disclosure. Records are accessible only to individuals who are
authorized, and physical and electronic safeguards are employed to
ensure security. eAuthentication has a current Authority to Operate
obtained via the completion of a Cyber Security Certification and
Accreditation (C&A). A satisfactory risk assessment has been performed.
OMB information collection requirements:
OMB information collection approval: OMB No. 0503-0014
[FR Doc. 2012-6089 Filed 3-13-12; 8:45 am]
BILLING CODE 3410-ZV-P