Proposed Designation of Databases for Treasury's Working System Under the Do Not Pay Initiative, 43041-43048 [2017-19433]
Download as PDF
<![CDATA[
Federal Register / Vol. 82, No. 176 / Wednesday, September 13, 2017 / Notices
43041
TABLE 1—LIST OF APPROPRIATE TEST STANDARDS FOR INCLUSION IN MET’S NRTL SCOPE OF RECOGNITION—
Continued
Test standard
Test standard title
UL 61010–2–81* ....................................................
Standard for Safety Requirements for Electrical Equipment for Measurement, Control, and
Laboratory Use—Part 2–081: Particular Requirements for Automatic and Semi-Automatic
Laboratory Equipment for Analysis and Other Purposes.
* Represents a new standard that OSHA is adding to the NRTL Program’s List of Appropriate Test Standards, as specified in Table 2 below.
TABLE 2—TEST STANDARD OSHA IS ADDING TO THE NRTL PROGRAM’S LIST OF APPROPRIATE TEST STANDARDS
Test standard
Test standard title
UL 61010–2–91 .....................................................
UL 61010–2–81 .....................................................
OSHA’s recognition of any NRTL for
a particular test standard is limited to
equipment or materials for which OSHA
standards require third-party testing and
certification before using them in the
workplace. Consequently, if a test
standard also covers any products for
which OSHA does not require such
testing and certification, a NRTL’s scope
of recognition does not include these
products.
The American National Standards
Institute (ANSI) may approve the test
standards listed above as American
National Standards. However, for
convenience, we may use the
designation of the standards-developing
organization for the standard as opposed
to the ANSI designation. Under the
NRTL Program’s policy (see OSHA
Instruction CPL 1–0.3, Appendix C,
paragraph XIV), any NRTL recognized
for a particular test standard may use
either the proprietary version of the test
standard or the ANSI version of that
standard. Contact ANSI to determine
whether a test standard is currently
ANSI-approved.
sradovich on DSK3GMQ082PROD with NOTICES
A. Conditions
In addition to those conditions
already required by 29 CFR 1910.7, MET
must abide by the following conditions
of the recognition:
1. MET must inform OSHA as soon as
possible, in writing, of any change of
ownership, facilities, or key personnel,
and of any major change in its
operations as a NRTL, and provide
details of the change(s);
2. MET must meet all the terms of its
recognition and comply with all OSHA
policies pertaining to this recognition;
and
3. MET must continue to meet the
requirements for recognition, including
all previously published conditions on
VerDate Sep<11>2014
17:34 Sep 12, 2017
Jkt 241001
Standard for
Laboratory
Standard for
Laboratory
Laboratory
Safety Requirements for Electrical Equipment for Measurement, Control and
Use—Part 2–091: Particular Requirements for Cabinet X-Ray Systems.
Safety Requirements for Electrical Equipment for Measurement, Control and
Use—Part 2–081: Particular Requirements for Automatic and Semi-Automatic
Equipment for Analysis and Other Purposes.
MET’s scope of recognition, in all areas
for which it has recognition.
Pursuant to the authority in 29 CFR
1910.7, OSHA hereby expands the scope
of recognition of MET, subject to the
limitation and conditions specified
above.
III. Authority and Signature
Loren Sweatt, Deputy Assistant
Secretary of Labor for Occupational
Safety and Health, 200 Constitution
Avenue NW., Washington, DC 20210,
authorized the preparation of this
notice. Accordingly, the Agency is
issuing this notice pursuant to 29 U.S.C.
657(g)(2), Secretary of Labor’s Order No.
1–2012 (77 FR 3912, Jan. 25, 2012), and
29 CFR 1910.7.
Signed at Washington, DC, on August 30,
2017.
Loren Sweatt,
Deputy Assistant Secretary of Labor for
Occupational Safety and Health.
[FR Doc. 2017–19403 Filed 9–12–17; 8:45 am]
BILLING CODE 4510–26–P
to provide public notice and an
opportunity for comment prior to
designating additional databases. In
fulfillment of this requirement, OMB is
publishing this Notice of Proposed
Designation to designate the following
six databases: (1) The Department of the
Treasury’s (Treasury) Office of Foreign
Assets Control’s Specially Designated
Nationals List (OFAC List), (2) data from
the General Services Administration’s
(GSA) System for Award Management
(SAM) sensitive financial data from
entity registration records (including
those records formerly housed in the
legacy Excluded Parties List System), (3)
the Internal Revenue Service’s (IRS)
Automatic Revocation of Exemption List
(ARL), (4) the IRS’s Exempt
Organizations Select Check (EO Select
Check), (5) the IRS’s e-Postcard
database, and (6) the commercial
database American InfoSource (AIS)
Deceased Data for inclusion in the Do
Not Pay Initiative. This notice has a 30day comment period.
Please submit comments on or
before October 13, 2017. At the
conclusion of the 30-day comment
period, if OMB decides to finalize the
designation, OMB will publish a notice
in the Federal Register to officially
designate the database.
DATES:
OFFICE OF MANAGEMENT AND
BUDGET
Proposed Designation of Databases
for Treasury’s Working System Under
the Do Not Pay Initiative
AGENCY:
Office of Management and
Budget.
ACTION:
Notice of proposed designation.
Section 5(b)(1)(B) of the
Improper Payments Elimination and
Recovery Improvement Act of 2012
(IPERIA) provides that the Director of
the Office of Management and Budget
(OMB), in consultation with agencies,
may designate additional databases for
inclusion under the Do Not Pay (DNP)
Initiative. IPERIA further requires OMB
SUMMARY:
PO 00000
Frm 00073
Fmt 4703
Sfmt 4703
Comments must be
submitted electronically before the
comment closing date to
www.regulations.gov. The public
comments received by OMB will be a
matter of public record and will be
posted at www.regulations.gov.
Accordingly, please do not include in
your comments any confidential
business information or information of a
personal-privacy nature.
ADDRESSES:
FOR FURTHER INFORMATION CONTACT:
Brian Nichols at the OMB Office of
E:\FR\FM\13SEN1.SGM
13SEN1
43042
Federal Register / Vol. 82, No. 176 / Wednesday, September 13, 2017 / Notices
sradovich on DSK3GMQ082PROD with NOTICES
Federal Financial Management at 202–
395–3993.
SUPPLEMENTARY INFORMATION: Among
other things, IPERIA codified the DNP
Initiative that was already underway
across the Federal Government. The
DNP Initiative includes multiple
resources to help Federal agencies
review payment eligibility for purposes
of identifying and preventing improper
payments. As part of the DNP Initiative,
OMB designated Treasury to host
Treasury’s Working System, which is
the primary system through which
Federal agencies can verify payment
eligibility.
Pursuant to IPERIA,1 OMB has the
authority to designate additional
databases for inclusion in the DNP
Initiative.2 OMB Memorandum
M–13–20 3 provides guidance related to
IPERIA and explains the process by
which OMB will consider designating
additional databases. The OMB
guidance provides that OMB will only
consider designating databases that are
relevant and necessary to meet the
objectives of section 5 of IPERIA. In
addition, the guidance explains that six
factors will inform OMB when
considering additional databases for
designation. These factors include: (1)
Statutory or other limitations on the use
and sharing of specific data; (2) privacy
restrictions and risks associated with
specific data; (3) likelihood that the data
will strengthen program integrity across
programs and agencies; (4) benefits of
streamlining access to the data through
the central DNP Initiative; (5) costs
associated with expanding or
centralizing access, including
modifications needed to system
interfaces or other capabilities in order
to make data accessible; and (6) other
policy and stakeholder considerations,
as appropriate.
For commercial databases, the OMB
guidance establishes additional
requirements. The guidance requires
that the commercial data meet the
following general standards: (1)
Information in commercial databases
must be relevant and necessary to meet
the objectives described in section 5 of
IPERIA; (2) information in commercial
databases must be sufficiently accurate,
up-to-date, relevant, and complete to
ensure fairness to the individual record
subjects; and (3) information in
1 31
U.S.C. 3321 note, Public Law 112–248 (2013).
designated the Department of the Treasury
to host Treasury’s Working System, which helps
Federal agencies verify that their payments are
proper. Treasury’s Working System is part of the
broader DNP Initiative.
3 ‘‘Protecting Privacy while Reducing Improper
Payments with the Do Not Pay Initiative’’—August
16, 2013.
2 OMB
VerDate Sep<11>2014
17:34 Sep 12, 2017
Jkt 241001
commercial databases must not contain
information that describes how any
individual exercises rights guaranteed
by the First Amendment, unless use of
the data is expressly authorized by
statute. In addition, when OMB
designates commercial databases for use
in Treasury’s Working System, Treasury
must meet the following specific
requirements: (1) Treasury shall
establish rules of conduct for persons
involved in the use of, or access to,
commercial databases and instruct each
person with respect to such rules,
including penalties for noncompliance,
as appropriate; and (2) Treasury shall
establish appropriate administrative,
technical, and physical safeguards to
ensure the security and confidentiality
of information in commercial databases
when such information is under
Treasury’s control.
Considerations for Designating the
Office of Foreign Assets Control’s
Specially Designated Nationals List
(OFAC List)
OMB proposes to designate the
Treasury OFAC List for inclusion in
Treasury’s Working System. Acting
under Presidential national emergency
powers, the Office of Foreign Assets
Control (OFAC) derives its authority
from a variety of U.S. Federal laws
regarding embargoes and economic
sanctions such as those terrorismrelated mandates found in 31 CFR parts
595–597. This database is a list of
persons and entities whose assets are
blocked and generally prohibited from
entering into financial transactions with
United States (U.S.) financial
institutions and the U.S. Government.
Currently, each payment-issuing
agency has its own procedure for
blocking or rejecting payments to
persons or entities on the OFAC List. By
designating the OFAC List as an
additional database in Treasury’s
Working System, Treasury would
improve and streamline access by
allowing agencies to verify payment
eligibility at multiple points in the
payment process.
OMB has reached the following initial
determinations and is seeking public
comment before finalizing the
designation of the database.
1. There are no statutory or other
limitations that would prevent
including this public database within
Treasury’s Working System for the
purposes of verifying payment
eligibility. Due to the broad audience of
government agencies required to check
OFAC’s List, this database was made
accessible to agencies matching against
Treasury’s Working System soon after
IPERIA became effective and before the
PO 00000
Frm 00074
Fmt 4703
Sfmt 4703
issuance of OMB Memorandum M–13–
20 establishing this designation process.
The database is formatted for
information processing on OFAC’s Web
site and requires no changes to existing
processes or any additional expense for
Treasury.
2. There are no prohibitive privacy
restrictions or risks for Treasury to make
this publicly facing database already
available on OFAC’s Web site also
available in Treasury’s Working System.
Risk mitigation measures include
maintaining a current and compliant
Security Accreditation and
Authorization (SA&A) package for
Treasury’s Working System in
accordance with OMB Circular No. A–
130, Managing Information as a
Strategic Resource, and complying with
the Federal Information Security
Modernization Act (FISMA)
requirements. To reduce the likelihood
of incidents triggered by unauthorized
access, login to Treasury’s Working
System requires public key
infrastructure (PKI) or personal identity
verification (PIV) credentials. All users
and administrators are required to sign
rules of behavior stipulating their
responsibilities to minimize risks and
support DNP’s mission to ‘‘Protect the
integrity of the government’s payment
process by assisting agencies in
mitigating and eliminating improper
payments in a cost-effective manner
while safeguarding the privacy of
individuals.’’ In this vein, Treasury has
also dedicated resources to establish a
Privacy Program based on applicable
requirements, the Fair Information
Practice Principles (FIPPs), and industry
best practices. Treasury’s Privacy
Program champions various internal
controls in concert with agency
leadership and counsel such as a data
usage governance process charged with
vetting projects that support a data
driven approach to reducing improper
payments for Treasury’s specific
customers and government-wide.
3. Designating the OFAC List would
likely strengthen program integrity.
With access to the OFAC List through
Treasury’s Working System, an agency
will be better equipped to minimize the
risk that it makes a payment to a person
or entity on the list and the potentially
catastrophic impact of such a payment.
4. It would be beneficial to streamline
access to the OFAC List through its
inclusion as an additional database
within Treasury’s Working System.
IPERIA requires agencies to check the
Act’s enumerated databases prior to
making a payment with Federal funds.
Federal regulations, such as 31 CFR
parts 595–597, require paying agencies
to check the OFAC List. Many of DNP’s
E:\FR\FM\13SEN1.SGM
13SEN1
Federal Register / Vol. 82, No. 176 / Wednesday, September 13, 2017 / Notices
sradovich on DSK3GMQ082PROD with NOTICES
customers are paying agencies that are
required to check the OFAC List. They
will now be able to check it along with
the other databases that comprise
Treasury’s Working System. This will
enable agencies to make more informed
payment decisions, increase efficiency,
and strengthen internal controls.
5. There are no additional costs
associated with expanding or
centralizing access to the OFAC List
within Treasury’s Working System.
6. No additional stakeholder
considerations were identified.
Regarding policy, the designation
further ensures that Treasury customers
adhere to terrorism-related mandates set
forth in Federal regulations, such as
those found in 31 CFR parts 595–597.
Considerations for Designating System
for Award Management (SAM)
Sensitive Financial Data From Entity
Registration Records
OMB proposes to designate SAM
sensitive financial data from entity
registration records specifically the
sensitive financial data and exclusion
data for use in the DNP initiative via
Treasury’s Working System. SAM is the
single registration point for entities
seeking Federal contracts or grants (with
limited exceptions defined in the
Federal Acquisition Regulation (FAR) or
Title 2 of the Code of Federal
Regulations). As such, key data that are
essential to appropriately identifying
unique entities for DNP are included in
the entity registration records in SAM
and identified as sensitive data,
meaning they are not disclosed
publically. These data include
information used in financial
transactions.
By designating SAM sensitive
financial data from entity registration
records as an additional data source in
DNP via Treasury’s Working System,
agencies using the system will have
greater confidence in results returned
from the Treasury Working System and
used in analysis for processing
payments. This would reduce the
administrative burden for agencies
having to check both systems prior to
finalizing pre- and post-payment
analysis.
OMB has reached the following initial
determinations and is seeking public
comment before finalizing the
designation of the database.
1. There are no statutory or other
limitations that would prevent the DNP
Initiative from using SAM sensitive
financial data from entity registration
records for the purposes of verifying
payment eligibility. GSA is authorized
to maintain SAM pursuant to the FAR
Subparts 4.11, 9.4, 28.2, and 52.204, 2
VerDate Sep<11>2014
17:34 Sep 12, 2017
Jkt 241001
CFR part 25, and 40 U.S.C. 121(c), and
the data collection requirements from
entities is governed by the FAR and
Title 2 of the Code of Federal
Regulations. The records in SAM
sensitive financial data from entity
registration records are covered by a
Privacy Act system of records. Pursuant
to the system of records notice’s
(SORN) 4 routine use (m), GSA is
permitted to disclose SAM sensitive
entity registration data for the purposes
of the DNP Initiative. DNP currently
receives SAM sensitive financial data
from entity registration records and
comports with the GSA routine use
when re-disclosing the data to Federal
agencies ‘for the purpose of identifying,
preventing, or recouping improper
payments to an applicant for, or
recipient of, Federal funds, including
funds disbursed by a state in a stateadministered, federally funded program’
(78 FR 11648, Feb. 19, 2013). Adding
this data source to the DNP Initiative
will not require any additional action
because this database was made
accessible to agencies for DNP soon after
IPERIA became effective and before the
issuance of OMB Memorandum M–13–
20 establishing this designation process
and Treasury’s Working System.
2. There are some privacy restrictions
and risks associated with the DNP
Initiative’s use of the SAM sensitive
entity registration data. For example,
SAM is a system of records, so the
Privacy Act governs the DNP Initiative’s
use of these records. As mentioned
above with respect to the first
consideration, DNP would comport with
the SORN’s routine use (m), which
mitigates the privacy risks with respect
to the Privacy Act. Risk mitigation
measures also include maintaining a
current and compliant SA&A package
for Treasury’s Working System in
accordance with OMB Circular No. A–
130 requirements. To reduce the
likelihood of incidents triggered by
unauthorized access, login to Treasury’s
Working System requires PKI or PIV
credentials. All users and administrators
are required to sign rules of behavior
stipulating their responsibilities to
minimize risks and support DNP’s
mission to ‘‘Protect the integrity of the
government’s payment process by
assisting agencies in mitigating and
eliminating improper payments in a
cost-effective manner while
safeguarding the privacy of
individuals.’’ In this vein, Treasury has
also dedicated resources to establish a
Privacy Program based on applicable
requirements, FIPPs, and industry best
4 SAM SORN: https://www.gsa.gov/portal/
mediaId/205455/fileName/2013-03743.action.
PO 00000
Frm 00075
Fmt 4703
Sfmt 4703
43043
practices. Treasury’s Privacy Program
champions various internal controls in
concert with agency leadership and
counsel such as a data usage governance
process charged with vetting projects
that support a data driven approach to
reducing improper payments for
Treasury’s specific customers and
government-wide.
3. Designating SAM sensitive
financial data from entity registration
records would strengthen program
integrity. With SAM sensitive financial
data from entity registration records as
a data source in DNP, agencies would
have more convenient access to these
data, strengthening their ability to make
stronger and more efficient payment
determinations and reducing false
positives that result in improper
withholding of or late payments.
4. It would be beneficial to streamline
access to SAM sensitive financial data
from entity registration records as an
additional database within Treasury’s
Working System. Many of Treasury’s
Working System users are paymentissuing agencies that are required to
check SAM prior to payment. They will
now be able to check SAM sensitive
financial data from entity registration
records alongside the other Treasury’s
Working System databases. This will
enable agencies to make more informed
and efficient payment decisions.
5. There are no additional costs
associated with expanding or
centralizing access to SAM sensitive
financial data from entity registration
records because Treasury’s Working
System already includes this data. As a
result, Treasury’s Working System
already has interfaces in place to allow
for access to GSA’s existing SAM
technology feeds.
6. No additional policy or stakeholder
considerations were identified.
Consideration for Designating the
Internal Revenue Service’s (IRS)
Automatic Revocation of Exemption
List (ARL)
OMB proposes to designate the IRS’s
ARL, which maintains records of
entities that have lost tax-exempt status
due to failure to file an annual
information return or notice with the
IRS for three consecutive years. The
Federal government administers a
number of grant programs that pertain
specifically to tax-exempt entities. As
such, verification against ARL will
assist grant-making agencies in verifying
tax-exempt status prior to payment.
OMB has reached the following initial
determinations and is seeking public
comment before finalizing the
designation of the database.
E:\FR\FM\13SEN1.SGM
13SEN1
sradovich on DSK3GMQ082PROD with NOTICES
43044
Federal Register / Vol. 82, No. 176 / Wednesday, September 13, 2017 / Notices
1. There are no statutory or other
limitations that would prevent
including this public database within
Treasury’s Working System.
2. There are no prohibitive privacy
restrictions or risks for Treasury to make
this publicly facing database also
available in Treasury’s Working System.
Risk mitigation measures include
maintaining a current and compliant
SA&A package for Treasury’s Working
System in accordance with OMB
Circular No. A–130. To reduce the
likelihood of incidents triggered by
unauthorized access, login to Treasury’s
Working System requires PKI or PIV
credentials. All users and administrators
are required to sign rules of behavior
stipulating their responsibilities to
minimize risks and support DNP’s
mission to ‘‘Protect the integrity of the
government’s payment process by
assisting agencies in mitigating and
eliminating improper payments in a
cost-effective manner while
safeguarding the privacy of
individuals.’’ In this vein, Treasury has
also dedicated resources to establish a
Privacy Program based on applicable
requirements, FIPPs, and industry best
practices. This Treasury’s Privacy
Program champions various internal
controls in concert with agency
leadership and counsel such as a data
usage governance process charged with
vetting projects that support foster a
data driven approach to reducing
improper payments for Treasury’s
specific customers and governmentwide.
3. Designating IRS’ ARL would likely
strengthen program integrity. With
access to this database through
Treasury’s Working System, an agency
will be better equipped to minimize the
risk that it makes a payment to an entity
that has not had its tax-exempt status
verified.
4. It would be beneficial to streamline
access to the ARL through its inclusion
within Treasury’s Working System.
Many of DNP’s customers are grantissuing agencies. This will enable
agencies to make more informed
payment decisions, increase efficiency,
and strengthen internal controls.
5. Aside from budgeted system
development costs, there are no
additional costs associated with
expanding or centralizing access to this
publically available database within
Treasury’s Working System.
6. No additional policy or stakeholder
considerations were identified.
VerDate Sep<11>2014
17:34 Sep 12, 2017
Jkt 241001
Consideration for Designating the IRS’s
Exempt Organizations Select Check (EO
Select Check)
OMB proposes to designate the IRS’s
EO Select Check, which maintains
records of organizations eligible to
receive tax-deductible charitable
contributions. IRS Publication 78
requires organizations with gross
receipts over $50,000 to file Form 990
once every three years in order to
remain eligible for tax-exempt status.
The EO Select Check database is even
more valuable when used in concert
with ARL, and will allow agencies to
verify an entity’s tax-exempt status prior
to payment.
OMB has reached the following initial
determinations and is seeking public
comment before finalizing the
designation of the database.
1. There are no statutory or other
limitations that would prevent
including this public database within
Treasury’s Working System.
2. There are no prohibitive privacy
restrictions or risks for Treasury to make
this publicly facing database also
available in Treasury’s Working System.
Risk mitigation measures include
maintaining a current and compliant
SA&A package for Treasury’s Working
System in accordance with OMB
Circular No. A–130. To reduce the
likelihood of incidents triggered by
unauthorized access, login to Treasury’s
Working System requires PKI or PIV
credentials. All users and administrators
are required to sign rules of behavior
stipulating their responsibilities to
minimize risks and support DNP’s
mission to ‘‘Protect the integrity of the
government’s payment process by
assisting agencies in mitigating and
eliminating improper payments in a
cost-effective manner while
safeguarding the privacy of
individuals.’’ In this vein, Treasury has
also dedicated resources to establish a
Privacy Program based on applicable
requirements, the FIPPs, and industry
best practices. This Treasury’s Privacy
Program champions various internal
controls in concert with agency
leadership and counsel such as a data
usage governance process charged with
vetting projects that support foster a
data driven approach to reducing
improper payments for Treasury’s
specific customers and governmentwide.
3. Designating IRS’s EO Select Check
database would likely strengthen
program integrity. With access to this
database through Treasury’s Working
System, an agency will be better
equipped to minimize the risk that it
PO 00000
Frm 00076
Fmt 4703
Sfmt 4703
makes a payment to an entity that has
not had its tax-exempt status verified.
4. It would be beneficial to streamline
access to the EO Select Check through
its inclusion as an additional database
within Treasury’s Working System.
Many of DNP’s customers are grant
issuing agencies. This will enable
agencies to make more informed
payment decisions, increase efficiency,
and strengthen internal controls.
5. Aside from budgeted system
development costs, there are no
additional costs associated with
expanding or centralizing access to this
publically available database within
Treasury’s Working System.
6. No additional policy or stakeholder
considerations were identified.
Consideration for Designating the IRS’s
e-Postcard
OMB proposes to designate the IRS’s
e-Postcard database, which maintains
records of small entities eligible to
receive tax-deductible charitable
contributions. Entities within e-Postcard
are considered both small businesses
and tax-exempt, with gross receipts
under $50,000. These organizations are
required to file a Form 990–N once
every three years in order to remain
eligible for tax-exempt status. As with
the EO Select Check database, ePostcard will allow agencies to verify
tax-exempt status before making a
payment.
OMB has reached the following initial
determinations and is seeking public
comment before finalizing the
designation of the database.
1. There are no statutory or other
limitations that would prevent
including this public database within
Treasury’s Working System.
2. There are no prohibitive privacy
restrictions or risks for Treasury to make
this publicly facing database also
available in Treasury’s Working System.
Risk mitigation measures include
maintaining a current and compliant
SA&A package for Treasury’s Working
System in accordance with OMB
Circular No. A–130. To reduce the
likelihood of incidents triggered by
unauthorized access, login to Treasury’s
Working System requires PKI or PIV
credentials. All users and administrators
are required to sign rules of behavior
stipulating their responsibilities to
minimize risks and support DNP’s
mission to ‘‘Protect the integrity of the
government’s payment process by
assisting agencies in mitigating and
eliminating improper payments in a
cost-effective manner while
safeguarding the privacy of
individuals.’’ In this vein, Treasury has
also dedicated resources to establish a
E:\FR\FM\13SEN1.SGM
13SEN1
Federal Register / Vol. 82, No. 176 / Wednesday, September 13, 2017 / Notices
sradovich on DSK3GMQ082PROD with NOTICES
Privacy Program based on applicable
requirements, the FIPPs, and industry
best practices. This Treasury’s Privacy
Program champions various internal
controls in concert with agency
leadership and counsel such as a data
usage governance process charged with
vetting projects that support foster a
data driven approach to reducing
improper payments for Treasury’s
specific customers and governmentwide.
3. Designating IRS’ e-Postcard
database would likely strengthen
program integrity. With access to this
database through Treasury’s Working
System, an agency will be better
equipped to minimize the risk that it
makes a payment to an entity that has
not had its tax-exempt status verified.
4. It would be beneficial to streamline
access to the e-Postcard through its
inclusion as additional database within
Treasury’s Working System. Many of
DNP’s customers are grant issuing
agencies. This will enable agencies to
make more informed payment
decisions, increase efficiency, and
strengthen internal controls.
5. Aside from budgeted system
development costs, there are no
additional costs associated with
expanding or centralizing access to this
publically available database within
Treasury’s Working System.
6. No additional policy or stakeholder
considerations were identified.
Considerations for Designating
American InfoSource (AIS) Deceased
Data
OMB has considered Treasury’s
recommendation and assessment of the
suitability of AIS Deceased Data for
designation within Treasury’s Working
System. OMB proposes to designate AIS
Deceased Data for inclusion in
Treasury’s Working System. Treasury’s
suitability assessment, which evaluates
the suitability of AIS Deceased Data, is
attached.
Highlights of Treasury’s assessment
on AIS Deceased Data against the
considerations and factors outlined in
Section 5(b) of OMB Memorandum M–
13–20 follow:
1. There are no statutory or other
limitations that would prevent Treasury
from using or sharing AIS Deceased
Data through Treasury’s Working
System.
2. Treasury assessed privacy
restrictions and risks by reviewing AIS’
responses to a questionnaire based on
Federal Trade Commission (FTC)
vendor management guidance and
conducting a data source profile. The
information AIS provided regarding
data restrictions and risks helped inform
VerDate Sep<11>2014
17:34 Sep 12, 2017
Jkt 241001
Treasury’s decision to request this OMB
designation of AIS.
The questionnaire includes sections
on Products and Services, Breach
Notification, Consumer Access and
Redress, and Legal Action/Complaints/
Inquiries. AIS’ response indicated that
there are no consumer access or redress
procedures in place because their data
is not directly acquired from the
consumer. AIS data is gathered through
public records and additional data
sources. AIS maintains that policies,
practices and procedures relating to the
monitoring, auditing, or evaluation of
the accuracy of personally identifiable
information may be customized and
approved by Treasury as its customer.
Treasury evaluated AIS Deceased Data
in various areas, including a data
quality assessment at the attribute level,
and at the level of the source as a whole.
Per-data element measures include
quantifications of accuracy, coverage,
and conformity. Whole-source measures
include assessments of the freshness,
completeness, and uniqueness of all
records. These six assessments factors,
some of which are multi-part, reduce to
six quantitative scores, and these six
scores are combined into an overall data
source quality benchmark. The quality
assessment was performed on a
snapshot of the data source from July
14, 2014, for December and January
deaths and from March 28, 2014, for
November deaths.
3. Designating AIS Deceased Data will
strengthen program integrity. Treasury
performed an analysis, in which it was
conservatively estimated, that the
program’s use of just three months of
AIS Deceased Data would have resulted
in the identification of 226 additional
improper payments, with a
corresponding reduction of roughly
$450,000 in improper payments to
deceased persons. Please see sections
IV(A)(5) and IV(B)(2) of the AIS
Deceased Data suitability assessment for
more detail on the results of this
analysis.
4. Streamlining Federal officials’
access to AIS Deceased Data as an
additional database within Treasury’s
Working System supports the
Administration’s objectives to reduce
duplication and costs to taxpayers.
Adding in this needed data source
without streamlining through Treasury
would require each agency to purchase
the data set separately, resulting in
delays to access and redundant.
5. There will be some additional costs
associated with expanding or
centralizing access to AIS Deceased
Data. However, Treasury has performed
a trial assessment with respect to AIS
Deceased Data, and has determined that
PO 00000
Frm 00077
Fmt 4703
Sfmt 4703
43045
the return on investment (ROI) is
positive and outweighs the costs. Please
see sections IV(A)(5) and IV(B)(2) of the
AIS Deceased Data suitability
assessment for more detail on how this
analysis was performed and the results.
6. No additional policy or stakeholder
considerations were identified.
We invite public comments on the
proposed designation of each of the six
databases described in this notice.
Mark Reger,
Deputy Controller.
Do Not Pay: Written Assessment of the
Suitability of the AIS Deceased Data
Commercial Database
The Office of Management and Budget
(OMB) Memorandum M–13–20 requires
the Department of the Treasury to
prepare and submit to OMB a written
assessment to document the suitability
of any commercial database proposed
for use in Treasury’s Working System.
Section 11(d) of M–13–20 requires the
assessment to address four topics:
(i) The need to use or access the data;
(ii) how the data will be used or
accessed;
(iii) a description of the data,
including each data element that will be
used or accessed; and
(iv) how the database meets all
applicable requirements of M–13–20.
Treasury has completed its
assessment of the suitability of
American InfoSource (AIS) Deceased
Data for inclusion as a database in
Treasury’s Working System. Based on
its assessment, Treasury recommends
that OMB propose the inclusion of AIS
Deceased Data into Treasury’s Working
System. Below are Treasury’s
evaluations and conclusions regarding
the Section 11(d) topics.
I. Explanation of the Need To Use or
Access the Data
Decedent persons are ineligible to
receive payments with few exceptions,
such as to payments to survivors under
the deceased name or payments to an
estate for work completed before death.
As such, the deceased are ineligible for
most benefits, grants, or awards. There
is a business need for the government to
use the most complete, timely, and
accurate data to ensure an improper
payment is not made to these persons.
Currently, government sources of death
data include the Social Security
Administration’s (SSA) Death Master
File (DMF), the Centers for Disease
Control and Prevention’s (CDC) National
Vital Statistics System, and data
maintained by the Internal Revenue
Service (IRS) derived from Table
2000CM of tax returns.
E:\FR\FM\13SEN1.SGM
13SEN1
43046
Federal Register / Vol. 82, No. 176 / Wednesday, September 13, 2017 / Notices
The AIS Deceased Data database
includes information about deceased
persons from all 50 states. AIS Deceased
Data provides death data from states
currently unavailable to Treasury
customers through SSA’s DMF.
Treasury’s Working System currently
uses the public version of SSA’s DMF.
There is also a restricted version of DMF
(known as the ‘‘public plus state’’ DMF),
which is more comprehensive and
contains more data reported from states
than the public version. The Social
Security Act limits the disclosure of
state death records contained in the
‘‘public plus state’’ DMF to only benefit
paying agencies. SSA has determined
that Treasury’s Working System does
not meet the requirements for access to
the ‘‘public plus state’’ DMF. Therefore,
Treasury evaluated the coverage of AIS
Deceased Data by state ‘‘public plus
state’’ DMF and found that AIS does
have significant coverage in many states
above and beyond public DMF which
are not contained within ‘‘public plus
state’’ DMF. In addition to inputs from
SSA’s public DMF, AIS gathers
information from probate court records
and published obituaries. Obituaries are
obtained by AIS from over 3,000 funeral
homes and thousands of newspapers,
and probate records are collected from
the county courts. These sources are not
currently available to agencies accessing
Treasury’s Working System. Out of
600,000 records Treasury received from
AIS when assessing the suitability of the
database, approximately 230,000 came
from sources (obituaries and
probationary records) other than the
public version of DMF. The positive
return on investment (ROI) analysis
(Section IV) removed DMF files from its
calculations further supporting that
including records from AIS in
Treasury’s Working System will create
value to Federal agencies that require
this additional death data to make
payment decisions.
II. Explanation of How the Data Will Be
Used or Accessed
Generally, when payment-issuing
agencies identify a business need to
match against a specific type of
database, Treasury will work with the
payment-issuing agency to complete an
Initial Questionnaire. An Initial
Questionnaire is the form that Treasury
must approve for each payment-issuing
agency to initiate the onboarding
process, and begin the process of
accessing the requested databases. The
objectives of the onboarding process are
to:
• Allow the payment-issuing agency
to gain access to Treasury’s Working
System;
• Outline business needs and legal
authorities for the payment-issuing
agency to access Treasury’s Working
System; and
• Ensure that payment-issuing agency
files are ready for use in Treasury’s
Working System.
During the onboarding process, if an
agency determines it has a business
need to access death data like AIS
Deceased Data—typically, to assist the
agency in making eligibility
determinations for payments or awards,
customers will also identify the method
by which their agency will search, or be
disclosed, AIS Deceased Data (via
online single search, batch matching,
continuous monitoring, DNP Analytics,
or a combination of these services). To
access the batch matching and
continuous monitoring matching
functions, customers must establish a
secure file transfer process with
Treasury. Treasury then works with
customers to provision access
credentials and obtain supplementary
information necessary to access
Treasury’s Working System. Each
customer must certify and agree to Rules
of Behavior for Treasury’s Working
System and certify and execute several
legal agreements. Customers will then
identify AIS Deceased Data as the
specific database relevant to their
matching needs.
Upon obtaining access to use
Treasury’s Working System, a
comparison between AIS data and
agency payment data could be made,
resulting in the return of positive
matches. Users may either use
Treasury’s online portal to view
automated match results on a regular
basis, or request analytical services to be
performed in order to gain additional
insight. It is then the customer’s
responsibility to review the information
received and make a determination, or
request additional services.
III. Description of the Data (Including
Each Data Element That Will Be Used
or Accessed)
DATA ELEMENT DEFINITIONS
Related fields in
DMF
Header
Description of data
Last Name ................................................
First Name ................................................
Middle Name ............................................
City ............................................................
State .........................................................
Social Security Number (SSN) .................
The last name of the deceased individual ................................................................
The first name of the deceased individual ................................................................
The middle name of the deceased individual ...........................................................
The city of residence for the deceased individual ....................................................
The state of residence for the deceased individual ..................................................
A 9-digit identification number used by the SSA. It is exclusively issued by SSA
and is predominantly used for the individual classification.
The date of death for the deceased individual, used to determine if payment date
is before or after death date.
The date of birth for the deceased individual, which is a supplemental matching
element payment-issuing agencies may use as an additional unique identifier to
increase confidence in match accuracy.
Identifies when the data was first acquired by AIS ...................................................
Identifies the number of days between the acquired date and the date of death ....
Level of confidence in the data within the record, determined by the source of the
death report (DMF, probate court, obituary, and/or independent verification by
AIS).
The number of death sources in which the record was found .................................
The source from which the record was first acquired ...............................................
Date of Death (Dod) .................................
Date of birth (Dob) ....................................
sradovich on DSK3GMQ082PROD with NOTICES
Acquired 5 .................................................
Age ...........................................................
Confidence ................................................
Source count ............................................
Source ......................................................
5 The Acquired and Age data elements reflect the
timeliness of the data, and document when AIS
compiled the specific death record.
VerDate Sep<11>2014
17:34 Sep 12, 2017
Jkt 241001
PO 00000
Frm 00078
Fmt 4703
Sfmt 4703
E:\FR\FM\13SEN1.SGM
13SEN1
lastname.
firstname.
middlename.
ssn.
dateofdeath.
dateofbirth.
verifyproof_cd.
Federal Register / Vol. 82, No. 176 / Wednesday, September 13, 2017 / Notices
IV. Explanation of How the Database
Meets All the Applicable Requirements
of OMB M–13–20
M–13–20 outlines three distinct sets
of requirements for including additional
databases in Treasury’s Working
System.
sradovich on DSK3GMQ082PROD with NOTICES
A. M–13–20 Section 5(b)—
Considerations for Designation of
Additional Databases
M–13–20 section 5(b) requires that
when considering additional databases
for designation, OMB will consider:
1. Statutory or other limitations on the
use and sharing of specific data;
2. Privacy restrictions and risks
associated with specific data;
3. Likelihood that the data will
strengthen program integrity across
programs and agencies;
4. Benefits of streamlining access to
the data through the central DNP
Initiative;
5. Costs associated with expanding or
centralizing access, including
modifications needed to system
interfaces or other capabilities in order
to make data accessible; and
6. Other policy and stakeholder
considerations, as appropriate.
Treasury has assessed AIS Deceased
Data against the considerations and
factors outlined in Section 5(b) of M–
13–20. Treasury has determined that:
1. There are no statutory or other
limitations that would prevent Treasury
from using or sharing AIS Deceased
Data through Treasury’s Working
System.
2. Treasury assessed privacy
restrictions and risks by reviewing AIS’
responses to a questionnaire based on
Federal Trade Commission (FTC)
vendor management guidance and
conducting a data source profile. These
inputs that considered data restrictions
and risks informed Treasury’s decision
to request this designation request.
The questionnaire includes sections
on Products and Services, Breach
Notification, Consumer Access and
Redress, and Legal Action/Complaints/
Inquiries. AIS’ response indicated that
there are no consumer access or redress
procedures in place because their data
is not directly acquired from the
consumer. AIS data is gathered through
public records and additional data
sources. AIS maintains that policies,
practices and procedures relating to the
monitoring, auditing, or evaluation of
the accuracy of personally identifiable
information may be customized and
approved by the Treasury as its
customer.
Treasury evaluated AIS Deceased Data
in various areas, including a data
VerDate Sep<11>2014
17:34 Sep 12, 2017
Jkt 241001
quality assessment at the attribute level,
and at the level of the source as a whole.
Per-data element measures include
quantifications of accuracy, coverage,
and conformity. Whole-source measures
include assessments of the freshness,
completeness, and uniqueness of all
records. These six assessments factors,
some of which are multi-part, reduce to
six quantitative scores, and these six
scores are combined into an overall data
source quality benchmark. The quality
assessment was performed on a
snapshot of the data source, from July
14, 2014 for December and January
deaths and from March 28, 2014 for
November deaths.
3. Designating AIS Deceased Data will
strengthen program integrity. Treasury
performed an analysis in which it was
conservatively estimated that the
program’s use of just three months of
AIS Deceased Data would have resulted
in the identification of 226 additional
improper payments, with a
corresponding reduction of roughly
$450,000 in improper payments to
deceased persons. Please see section
IV(A)(5) and IV(B)(2) for more detail on
how this analysis was performed and
the results.
4. It is beneficial to the Federal
government and to taxpayers to
streamline access to AIS Deceased Data
as an additional database within
Treasury’s Working System. Currently,
in order to access AIS Deceased Data,
customer agencies must each procure
the data themselves. This process can
take up to six months to complete and
is costly and duplicative. With over 140
programs currently accessing Treasury’s
Working System, the amount of time
saved with a single procurement will
have a positive ROI.
5. There will be some additional costs
associated with expanding or
centralizing access to AIS Deceased
Data. However, Treasury has performed
a trial assessment with respect to AIS
Deceased Data, and it has determined
that the ROI is positive and outweighs
the costs. Specifically, the trial
assessment compared three months of
AIS data to current and historical
payment data in order to determine
which payments would result in
matches. Agency-specific business rules
identified in Treasury’s current
processes were then applied to reduce
false positives. ROI was 400%.
Recurring payments were then
eliminated to simulate an agency
stopping the first payment, thus
nullifying benefit from future payments.
ROI was found to be 315%.
6. No additional policy or stakeholder
considerations were identified.
PO 00000
Frm 00079
Fmt 4703
Sfmt 4703
43047
B. M–13–20 Section 11(b)—General
Standards for the Use or Access to
Commercial Databases
M–13–20 Section 11(b) provides that
Treasury may use or access a
commercial database for Treasury’s
Working System only if OMB has
officially, previously designated such
database for inclusion following a
period of public notice and comment, as
described in section 5(b) of this
Memorandum. Because commercial
databases used or accessed for purposes
of the DNP Initiative will be used to
help agencies make determinations
about persons, it is important that
agencies apply safeguards that are
similarly rigorous to those that apply to
systems of records under the Privacy
Act. Thus, commercial data may only be
used or accessed for the DNP Initiative
when the commercial data in question
would meet the following general
standards:
1. Information in commercial
databases must be relevant and
necessary to meet the objectives
described in section 5 of IPERIA.
2. Information in commercial
databases must be sufficiently accurate,
up-to-date, relevant, and complete to
ensure fairness to the individual record
subjects.
3. Information in commercial
databases must not contain information
that describes how any individual
exercises rights guaranteed by the First
Amendment, unless use of the data is
expressly authorized by statute.
Treasury has assessed AIS Deceased
Data against the considerations and
factors outlined in Section 11(b) of M–
13–20. Treasury has determined that:
1. AIS Deceased Data is relevant and
necessary to meet objectives set out in
the Improper Payments Elimination and
Recovery Improvement Act of 2012
(IPERIA). IPERIA requires paymentissuing agencies to verify eligibility of
payments and awards by reviewing the
SSA DMF, as appropriate. Treasury has
access to the public DMF, but does not
currently have access to the ‘‘public
plus state’’ DMF or probate court
records and obituaries. AIS Deceased
Data provides the latter two categories,
creating value for payment-issuing
agencies in this additional death data.
Additionally, AIS Deceased Data
includes records from states, including
18 states that do not report deaths to
SSA via the Internet Electronic Death
Registration (I–EDR), and would not be
included in the ‘‘public plus state’’ DMF
anyway. AIS Deceased Data will
supplement the existing data provided
by SSA in the public DMF and further
E:\FR\FM\13SEN1.SGM
13SEN1
43048
Federal Register / Vol. 82, No. 176 / Wednesday, September 13, 2017 / Notices
sradovich on DSK3GMQ082PROD with NOTICES
inform the payment decisions of
Treasury customers.
2. In its trial assessment, Treasury
determined that AIS Deceased Data is
sufficiently accurate, up-to-date,
relevant, and complete to ensure
fairness. Treasury compared the AIS
Deceased Data city and state data to
other databases that are considered
‘‘gold standards’’ and over 99 percent of
these data were accurate. Treasury also
assessed AIS Deceased Data social
security number (SSN), date of death,
and date of birth data elements and
determined that: over 99 percent of the
SSN data are accurate; all records
contain a date of death; and 89 percent
of the data contain a date of birth, which
is sufficiently accurate for a
supplemental matching element. The
data elements that AIS will provide to
Treasury’s Working System all directly
relate to confirming the identification of
a person’s status as deceased and would
be fully refreshed on a quarterly basis.
Extraneous fields are not included to
ensure that data minimization standards
(see M–13–20 section 5(c)) are applied.
In addition, Treasury only receives
records from AIS, which contain a SSN,
first name, and last name. These
practices and the data elements will
ensure fewer false positives and fairness
to the record subjects.
3. AIS Deceased Data does not contain
information that describes how an
individual exercises rights guaranteed
by the First Amendment.
C. M–13–20 Section 11(c)—Specific
Requirements for Use or Access to
Commercial Databases
M–13–20 Section 11(c) provides that
in addition to the general standards
provided above, Treasury shall meet the
following specific requirements
whenever agencies use or access a
commercial database as part of
Treasury’s Working System:
1. Treasury shall establish rules of
conduct for persons involved in the use
of or access to commercial databases
and instruct each person with respect to
such rules, including penalties for
noncompliance, as appropriate.
2. Treasury shall establish appropriate
administrative, technical, and physical
safeguards to ensure the security and
confidentiality of information in
commercial databases when such
information is under Treasury’s control.
Treasury has assessed AIS Deceased
Data against the considerations and
factors outlined in Section 11(c) of M–
13–20. Treasury has determined that it
has fulfilled the requirements of Section
11(c) because:
1. Treasury has established rules of
conduct for users of the Treasury’s
VerDate Sep<11>2014
17:34 Sep 12, 2017
Jkt 241001
Working System. Users must agree to
the following:
• To use information to perform job
duties and to only access data necessary
to perform said duties;
• To not use data for fraud;
• To not browse or access data
without authorization;
• To make no changes to data
delivered;
• To not use data for personal gain;
• To report conflicts of interest
immediately;
• To terminate access when access is
no longer required for job duties; and
• To not disclose information to
unauthorized persons.
Terms and conditions which must be
accepted each time a customer accesses
the Treasury’s Working System include
a description of penalties for misuse of
data. These include:
• Criminal and civil penalties.
• disciplinary actions and other
consequences including the loss of
system access.
2. Treasury has strong safeguards to
protect the security and confidentiality
of information. Access to the Treasury’s
Working System is available only by
authorized persons on a need-to-know
basis. External access logs to Treasury’s
Working System are reviewed to ensure
compliance with the Rules of Behavior
agreed to by credentialed users. Internal
access log control measures are
reviewed to ensure compliance with
security guidelines governing access to
Privacy Act data. Audit logs allow
system managers to monitor external
and internal user actions and address
any misuse or violation of access
privileges. Access to computerized
records is limited through the use of
internal mechanisms available to only
those whose official duties require
access. Facilities where records are
physically located are secured by
various means, such as security guards,
locked doors with key entry, and
equipment requiring a physical token to
gain access. The Bureau of the Fiscal
Service may agree to additional
safeguards for some data through a
written agreement with the entity
supplying the data.
Treasury’s Working System recently
completed its Security Assessment and
Authorization (SA&A), which is
reviewed at the Bureau of the Fiscal
Service level. The SA&A adheres to the
processes outlined in the National
Institute of Standards and Technology
(NIST) Special Publication (SP) 800
series. More specifically, NIST SP 800–
115; NIST SP 800–53, Rev. 3; NIST SP–
800–53A, Rev. 1; NIST SP 800–37, Rev.
1; and NIST SP 800–30. Treasury’s
Working System also complies with the
PO 00000
Frm 00080
Fmt 4703
Sfmt 4703
Federal Information Security
Management Act (FISMA). For example,
detailed SA&A information is currently
safeguarded within the Treasury FISMA
Information Management System; in the
event of an audit, this documentation
may be made available.
[FR Doc. 2017–19433 Filed 9–12–17; 8:45 am]
BILLING CODE 3110–01–P
NATIONAL AERONAUTICS AND
SPACE ADMINISTRATION
[Notice: (17–063)]
Aerospace Safety Advisory Panel;
Charter Renewal
National Aeronautics and
Space Administration (NASA).
ACTION: Notice of renewal of charter of
the Aerospace Safety Advisory Panel.
AGENCY:
Pursuant to sections 14(b)(1)
and 9(c) of the Federal Advisory
Committee Act (Pub. L. 92–463), and
after consultation with the Committee
Management Secretariat, U.S. General
Services Administration, the NASA
Acting Administrator has determined
that renewal of the Aerospace Safety
Advisory Panel (ASAP) is in the public
interest in connection with the
performance of duties imposed on
NASA by law. The renewed charter is
for a two-year period ending on August
15, 2019.
FOR FURTHER INFORMATION CONTACT: Ms.
Carol Hamilton, Designated Federal
Officer, Office of International and
Interagency Relations, NASA
Headquarters, Washington, DC 20546;
phone (202) 358–1857; email
carol.j.hamilton@nasa.gov.
SUMMARY:
Patricia D. Rausch,
Advisory Committee Management Officer,
National Aeronautics and Space
Administration.
[FR Doc. 2017–19406 Filed 9–12–17; 8:45 am]
BILLING CODE 7510–13–P
NATIONAL AERONAUTICS AND
SPACE ADMINISTRATION
[Notice: 17–061]
International Space Station Advisory
Committee; Charter Renewal
National Aeronautics and
Space Administration (NASA).
ACTION: Notice of renewal of charter of
the International Space Station
Advisory Committee.
AGENCY:
Pursuant to sections 14(b)(1)
and 9(c) of the Federal Advisory
Committee Act, and after consultation
SUMMARY:
E:\FR\FM\13SEN1.SGM
13SEN1
]]>Agencies
[Federal Register Volume 82, Number 176 (Wednesday, September 13, 2017)]
[Notices]
[Pages 43041-43048]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-19433]
=======================================================================
-----------------------------------------------------------------------
OFFICE OF MANAGEMENT AND BUDGET
Proposed Designation of Databases for Treasury's Working System
Under the Do Not Pay Initiative
AGENCY: Office of Management and Budget.
ACTION: Notice of proposed designation.
-----------------------------------------------------------------------
SUMMARY: Section 5(b)(1)(B) of the Improper Payments Elimination and
Recovery Improvement Act of 2012 (IPERIA) provides that the Director of
the Office of Management and Budget (OMB), in consultation with
agencies, may designate additional databases for inclusion under the Do
Not Pay (DNP) Initiative. IPERIA further requires OMB to provide public
notice and an opportunity for comment prior to designating additional
databases. In fulfillment of this requirement, OMB is publishing this
Notice of Proposed Designation to designate the following six
databases: (1) The Department of the Treasury's (Treasury) Office of
Foreign Assets Control's Specially Designated Nationals List (OFAC
List), (2) data from the General Services Administration's (GSA) System
for Award Management (SAM) sensitive financial data from entity
registration records (including those records formerly housed in the
legacy Excluded Parties List System), (3) the Internal Revenue
Service's (IRS) Automatic Revocation of Exemption List (ARL), (4) the
IRS's Exempt Organizations Select Check (EO Select Check), (5) the
IRS's e-Postcard database, and (6) the commercial database American
InfoSource (AIS) Deceased Data for inclusion in the Do Not Pay
Initiative. This notice has a 30-day comment period.
DATES: Please submit comments on or before October 13, 2017. At the
conclusion of the 30-day comment period, if OMB decides to finalize the
designation, OMB will publish a notice in the Federal Register to
officially designate the database.
ADDRESSES: Comments must be submitted electronically before the comment
closing date to www.regulations.gov. The public comments received by
OMB will be a matter of public record and will be posted at
www.regulations.gov. Accordingly, please do not include in your
comments any confidential business information or information of a
personal-privacy nature.
FOR FURTHER INFORMATION CONTACT: Brian Nichols at the OMB Office of
[[Page 43042]]
Federal Financial Management at 202-395-3993.
SUPPLEMENTARY INFORMATION: Among other things, IPERIA codified the DNP
Initiative that was already underway across the Federal Government. The
DNP Initiative includes multiple resources to help Federal agencies
review payment eligibility for purposes of identifying and preventing
improper payments. As part of the DNP Initiative, OMB designated
Treasury to host Treasury's Working System, which is the primary system
through which Federal agencies can verify payment eligibility.
Pursuant to IPERIA,\1\ OMB has the authority to designate
additional databases for inclusion in the DNP Initiative.\2\ OMB
Memorandum M-13-20 \3\ provides guidance related to IPERIA and explains
the process by which OMB will consider designating additional
databases. The OMB guidance provides that OMB will only consider
designating databases that are relevant and necessary to meet the
objectives of section 5 of IPERIA. In addition, the guidance explains
that six factors will inform OMB when considering additional databases
for designation. These factors include: (1) Statutory or other
limitations on the use and sharing of specific data; (2) privacy
restrictions and risks associated with specific data; (3) likelihood
that the data will strengthen program integrity across programs and
agencies; (4) benefits of streamlining access to the data through the
central DNP Initiative; (5) costs associated with expanding or
centralizing access, including modifications needed to system
interfaces or other capabilities in order to make data accessible; and
(6) other policy and stakeholder considerations, as appropriate.
---------------------------------------------------------------------------
\1\ 31 U.S.C. 3321 note, Public Law 112-248 (2013).
\2\ OMB designated the Department of the Treasury to host
Treasury's Working System, which helps Federal agencies verify that
their payments are proper. Treasury's Working System is part of the
broader DNP Initiative.
\3\ ``Protecting Privacy while Reducing Improper Payments with
the Do Not Pay Initiative''--August 16, 2013.
---------------------------------------------------------------------------
For commercial databases, the OMB guidance establishes additional
requirements. The guidance requires that the commercial data meet the
following general standards: (1) Information in commercial databases
must be relevant and necessary to meet the objectives described in
section 5 of IPERIA; (2) information in commercial databases must be
sufficiently accurate, up-to-date, relevant, and complete to ensure
fairness to the individual record subjects; and (3) information in
commercial databases must not contain information that describes how
any individual exercises rights guaranteed by the First Amendment,
unless use of the data is expressly authorized by statute. In addition,
when OMB designates commercial databases for use in Treasury's Working
System, Treasury must meet the following specific requirements: (1)
Treasury shall establish rules of conduct for persons involved in the
use of, or access to, commercial databases and instruct each person
with respect to such rules, including penalties for noncompliance, as
appropriate; and (2) Treasury shall establish appropriate
administrative, technical, and physical safeguards to ensure the
security and confidentiality of information in commercial databases
when such information is under Treasury's control.
Considerations for Designating the Office of Foreign Assets Control's
Specially Designated Nationals List (OFAC List)
OMB proposes to designate the Treasury OFAC List for inclusion in
Treasury's Working System. Acting under Presidential national emergency
powers, the Office of Foreign Assets Control (OFAC) derives its
authority from a variety of U.S. Federal laws regarding embargoes and
economic sanctions such as those terrorism-related mandates found in 31
CFR parts 595-597. This database is a list of persons and entities
whose assets are blocked and generally prohibited from entering into
financial transactions with United States (U.S.) financial institutions
and the U.S. Government.
Currently, each payment-issuing agency has its own procedure for
blocking or rejecting payments to persons or entities on the OFAC List.
By designating the OFAC List as an additional database in Treasury's
Working System, Treasury would improve and streamline access by
allowing agencies to verify payment eligibility at multiple points in
the payment process.
OMB has reached the following initial determinations and is seeking
public comment before finalizing the designation of the database.
1. There are no statutory or other limitations that would prevent
including this public database within Treasury's Working System for the
purposes of verifying payment eligibility. Due to the broad audience of
government agencies required to check OFAC's List, this database was
made accessible to agencies matching against Treasury's Working System
soon after IPERIA became effective and before the issuance of OMB
Memorandum M-13-20 establishing this designation process. The database
is formatted for information processing on OFAC's Web site and requires
no changes to existing processes or any additional expense for
Treasury.
2. There are no prohibitive privacy restrictions or risks for
Treasury to make this publicly facing database already available on
OFAC's Web site also available in Treasury's Working System. Risk
mitigation measures include maintaining a current and compliant
Security Accreditation and Authorization (SA&A) package for Treasury's
Working System in accordance with OMB Circular No. A-130, Managing
Information as a Strategic Resource, and complying with the Federal
Information Security Modernization Act (FISMA) requirements. To reduce
the likelihood of incidents triggered by unauthorized access, login to
Treasury's Working System requires public key infrastructure (PKI) or
personal identity verification (PIV) credentials. All users and
administrators are required to sign rules of behavior stipulating their
responsibilities to minimize risks and support DNP's mission to
``Protect the integrity of the government's payment process by
assisting agencies in mitigating and eliminating improper payments in a
cost-effective manner while safeguarding the privacy of individuals.''
In this vein, Treasury has also dedicated resources to establish a
Privacy Program based on applicable requirements, the Fair Information
Practice Principles (FIPPs), and industry best practices. Treasury's
Privacy Program champions various internal controls in concert with
agency leadership and counsel such as a data usage governance process
charged with vetting projects that support a data driven approach to
reducing improper payments for Treasury's specific customers and
government-wide.
3. Designating the OFAC List would likely strengthen program
integrity. With access to the OFAC List through Treasury's Working
System, an agency will be better equipped to minimize the risk that it
makes a payment to a person or entity on the list and the potentially
catastrophic impact of such a payment.
4. It would be beneficial to streamline access to the OFAC List
through its inclusion as an additional database within Treasury's
Working System. IPERIA requires agencies to check the Act's enumerated
databases prior to making a payment with Federal funds. Federal
regulations, such as 31 CFR parts 595-597, require paying agencies to
check the OFAC List. Many of DNP's
[[Page 43043]]
customers are paying agencies that are required to check the OFAC List.
They will now be able to check it along with the other databases that
comprise Treasury's Working System. This will enable agencies to make
more informed payment decisions, increase efficiency, and strengthen
internal controls.
5. There are no additional costs associated with expanding or
centralizing access to the OFAC List within Treasury's Working System.
6. No additional stakeholder considerations were identified.
Regarding policy, the designation further ensures that Treasury
customers adhere to terrorism-related mandates set forth in Federal
regulations, such as those found in 31 CFR parts 595-597.
Considerations for Designating System for Award Management (SAM)
Sensitive Financial Data From Entity Registration Records
OMB proposes to designate SAM sensitive financial data from entity
registration records specifically the sensitive financial data and
exclusion data for use in the DNP initiative via Treasury's Working
System. SAM is the single registration point for entities seeking
Federal contracts or grants (with limited exceptions defined in the
Federal Acquisition Regulation (FAR) or Title 2 of the Code of Federal
Regulations). As such, key data that are essential to appropriately
identifying unique entities for DNP are included in the entity
registration records in SAM and identified as sensitive data, meaning
they are not disclosed publically. These data include information used
in financial transactions.
By designating SAM sensitive financial data from entity
registration records as an additional data source in DNP via Treasury's
Working System, agencies using the system will have greater confidence
in results returned from the Treasury Working System and used in
analysis for processing payments. This would reduce the administrative
burden for agencies having to check both systems prior to finalizing
pre- and post-payment analysis.
OMB has reached the following initial determinations and is seeking
public comment before finalizing the designation of the database.
1. There are no statutory or other limitations that would prevent
the DNP Initiative from using SAM sensitive financial data from entity
registration records for the purposes of verifying payment eligibility.
GSA is authorized to maintain SAM pursuant to the FAR Subparts 4.11,
9.4, 28.2, and 52.204, 2 CFR part 25, and 40 U.S.C. 121(c), and the
data collection requirements from entities is governed by the FAR and
Title 2 of the Code of Federal Regulations. The records in SAM
sensitive financial data from entity registration records are covered
by a Privacy Act system of records. Pursuant to the system of records
notice's (SORN) \4\ routine use (m), GSA is permitted to disclose SAM
sensitive entity registration data for the purposes of the DNP
Initiative. DNP currently receives SAM sensitive financial data from
entity registration records and comports with the GSA routine use when
re-disclosing the data to Federal agencies `for the purpose of
identifying, preventing, or recouping improper payments to an applicant
for, or recipient of, Federal funds, including funds disbursed by a
state in a state-administered, federally funded program' (78 FR 11648,
Feb. 19, 2013). Adding this data source to the DNP Initiative will not
require any additional action because this database was made accessible
to agencies for DNP soon after IPERIA became effective and before the
issuance of OMB Memorandum M-13-20 establishing this designation
process and Treasury's Working System.
---------------------------------------------------------------------------
\4\ SAM SORN: https://www.gsa.gov/portal/mediaId/205455/fileName/2013-03743.action.
---------------------------------------------------------------------------
2. There are some privacy restrictions and risks associated with
the DNP Initiative's use of the SAM sensitive entity registration data.
For example, SAM is a system of records, so the Privacy Act governs the
DNP Initiative's use of these records. As mentioned above with respect
to the first consideration, DNP would comport with the SORN's routine
use (m), which mitigates the privacy risks with respect to the Privacy
Act. Risk mitigation measures also include maintaining a current and
compliant SA&A package for Treasury's Working System in accordance with
OMB Circular No. A-130 requirements. To reduce the likelihood of
incidents triggered by unauthorized access, login to Treasury's Working
System requires PKI or PIV credentials. All users and administrators
are required to sign rules of behavior stipulating their
responsibilities to minimize risks and support DNP's mission to
``Protect the integrity of the government's payment process by
assisting agencies in mitigating and eliminating improper payments in a
cost-effective manner while safeguarding the privacy of individuals.''
In this vein, Treasury has also dedicated resources to establish a
Privacy Program based on applicable requirements, FIPPs, and industry
best practices. Treasury's Privacy Program champions various internal
controls in concert with agency leadership and counsel such as a data
usage governance process charged with vetting projects that support a
data driven approach to reducing improper payments for Treasury's
specific customers and government-wide.
3. Designating SAM sensitive financial data from entity
registration records would strengthen program integrity. With SAM
sensitive financial data from entity registration records as a data
source in DNP, agencies would have more convenient access to these
data, strengthening their ability to make stronger and more efficient
payment determinations and reducing false positives that result in
improper withholding of or late payments.
4. It would be beneficial to streamline access to SAM sensitive
financial data from entity registration records as an additional
database within Treasury's Working System. Many of Treasury's Working
System users are payment-issuing agencies that are required to check
SAM prior to payment. They will now be able to check SAM sensitive
financial data from entity registration records alongside the other
Treasury's Working System databases. This will enable agencies to make
more informed and efficient payment decisions.
5. There are no additional costs associated with expanding or
centralizing access to SAM sensitive financial data from entity
registration records because Treasury's Working System already includes
this data. As a result, Treasury's Working System already has
interfaces in place to allow for access to GSA's existing SAM
technology feeds.
6. No additional policy or stakeholder considerations were
identified.
Consideration for Designating the Internal Revenue Service's (IRS)
Automatic Revocation of Exemption List (ARL)
OMB proposes to designate the IRS's ARL, which maintains records of
entities that have lost tax-exempt status due to failure to file an
annual information return or notice with the IRS for three consecutive
years. The Federal government administers a number of grant programs
that pertain specifically to tax-exempt entities. As such, verification
against ARL will assist grant-making agencies in verifying tax-exempt
status prior to payment.
OMB has reached the following initial determinations and is seeking
public comment before finalizing the designation of the database.
[[Page 43044]]
1. There are no statutory or other limitations that would prevent
including this public database within Treasury's Working System.
2. There are no prohibitive privacy restrictions or risks for
Treasury to make this publicly facing database also available in
Treasury's Working System. Risk mitigation measures include maintaining
a current and compliant SA&A package for Treasury's Working System in
accordance with OMB Circular No. A-130. To reduce the likelihood of
incidents triggered by unauthorized access, login to Treasury's Working
System requires PKI or PIV credentials. All users and administrators
are required to sign rules of behavior stipulating their
responsibilities to minimize risks and support DNP's mission to
``Protect the integrity of the government's payment process by
assisting agencies in mitigating and eliminating improper payments in a
cost-effective manner while safeguarding the privacy of individuals.''
In this vein, Treasury has also dedicated resources to establish a
Privacy Program based on applicable requirements, FIPPs, and industry
best practices. This Treasury's Privacy Program champions various
internal controls in concert with agency leadership and counsel such as
a data usage governance process charged with vetting projects that
support foster a data driven approach to reducing improper payments for
Treasury's specific customers and government-wide.
3. Designating IRS' ARL would likely strengthen program integrity.
With access to this database through Treasury's Working System, an
agency will be better equipped to minimize the risk that it makes a
payment to an entity that has not had its tax-exempt status verified.
4. It would be beneficial to streamline access to the ARL through
its inclusion within Treasury's Working System. Many of DNP's customers
are grant-issuing agencies. This will enable agencies to make more
informed payment decisions, increase efficiency, and strengthen
internal controls.
5. Aside from budgeted system development costs, there are no
additional costs associated with expanding or centralizing access to
this publically available database within Treasury's Working System.
6. No additional policy or stakeholder considerations were
identified.
Consideration for Designating the IRS's Exempt Organizations Select
Check (EO Select Check)
OMB proposes to designate the IRS's EO Select Check, which
maintains records of organizations eligible to receive tax-deductible
charitable contributions. IRS Publication 78 requires organizations
with gross receipts over $50,000 to file Form 990 once every three
years in order to remain eligible for tax-exempt status. The EO Select
Check database is even more valuable when used in concert with ARL, and
will allow agencies to verify an entity's tax-exempt status prior to
payment.
OMB has reached the following initial determinations and is seeking
public comment before finalizing the designation of the database.
1. There are no statutory or other limitations that would prevent
including this public database within Treasury's Working System.
2. There are no prohibitive privacy restrictions or risks for
Treasury to make this publicly facing database also available in
Treasury's Working System. Risk mitigation measures include maintaining
a current and compliant SA&A package for Treasury's Working System in
accordance with OMB Circular No. A-130. To reduce the likelihood of
incidents triggered by unauthorized access, login to Treasury's Working
System requires PKI or PIV credentials. All users and administrators
are required to sign rules of behavior stipulating their
responsibilities to minimize risks and support DNP's mission to
``Protect the integrity of the government's payment process by
assisting agencies in mitigating and eliminating improper payments in a
cost-effective manner while safeguarding the privacy of individuals.''
In this vein, Treasury has also dedicated resources to establish a
Privacy Program based on applicable requirements, the FIPPs, and
industry best practices. This Treasury's Privacy Program champions
various internal controls in concert with agency leadership and counsel
such as a data usage governance process charged with vetting projects
that support foster a data driven approach to reducing improper
payments for Treasury's specific customers and government-wide.
3. Designating IRS's EO Select Check database would likely
strengthen program integrity. With access to this database through
Treasury's Working System, an agency will be better equipped to
minimize the risk that it makes a payment to an entity that has not had
its tax-exempt status verified.
4. It would be beneficial to streamline access to the EO Select
Check through its inclusion as an additional database within Treasury's
Working System. Many of DNP's customers are grant issuing agencies.
This will enable agencies to make more informed payment decisions,
increase efficiency, and strengthen internal controls.
5. Aside from budgeted system development costs, there are no
additional costs associated with expanding or centralizing access to
this publically available database within Treasury's Working System.
6. No additional policy or stakeholder considerations were
identified.
Consideration for Designating the IRS's e-Postcard
OMB proposes to designate the IRS's e-Postcard database, which
maintains records of small entities eligible to receive tax-deductible
charitable contributions. Entities within e-Postcard are considered
both small businesses and tax-exempt, with gross receipts under
$50,000. These organizations are required to file a Form 990-N once
every three years in order to remain eligible for tax-exempt status. As
with the EO Select Check database, e-Postcard will allow agencies to
verify tax-exempt status before making a payment.
OMB has reached the following initial determinations and is seeking
public comment before finalizing the designation of the database.
1. There are no statutory or other limitations that would prevent
including this public database within Treasury's Working System.
2. There are no prohibitive privacy restrictions or risks for
Treasury to make this publicly facing database also available in
Treasury's Working System. Risk mitigation measures include maintaining
a current and compliant SA&A package for Treasury's Working System in
accordance with OMB Circular No. A-130. To reduce the likelihood of
incidents triggered by unauthorized access, login to Treasury's Working
System requires PKI or PIV credentials. All users and administrators
are required to sign rules of behavior stipulating their
responsibilities to minimize risks and support DNP's mission to
``Protect the integrity of the government's payment process by
assisting agencies in mitigating and eliminating improper payments in a
cost-effective manner while safeguarding the privacy of individuals.''
In this vein, Treasury has also dedicated resources to establish a
[[Page 43045]]
Privacy Program based on applicable requirements, the FIPPs, and
industry best practices. This Treasury's Privacy Program champions
various internal controls in concert with agency leadership and counsel
such as a data usage governance process charged with vetting projects
that support foster a data driven approach to reducing improper
payments for Treasury's specific customers and government-wide.
3. Designating IRS' e-Postcard database would likely strengthen
program integrity. With access to this database through Treasury's
Working System, an agency will be better equipped to minimize the risk
that it makes a payment to an entity that has not had its tax-exempt
status verified.
4. It would be beneficial to streamline access to the e-Postcard
through its inclusion as additional database within Treasury's Working
System. Many of DNP's customers are grant issuing agencies. This will
enable agencies to make more informed payment decisions, increase
efficiency, and strengthen internal controls.
5. Aside from budgeted system development costs, there are no
additional costs associated with expanding or centralizing access to
this publically available database within Treasury's Working System.
6. No additional policy or stakeholder considerations were
identified.
Considerations for Designating American InfoSource (AIS) Deceased Data
OMB has considered Treasury's recommendation and assessment of the
suitability of AIS Deceased Data for designation within Treasury's
Working System. OMB proposes to designate AIS Deceased Data for
inclusion in Treasury's Working System. Treasury's suitability
assessment, which evaluates the suitability of AIS Deceased Data, is
attached.
Highlights of Treasury's assessment on AIS Deceased Data against
the considerations and factors outlined in Section 5(b) of OMB
Memorandum M-13-20 follow:
1. There are no statutory or other limitations that would prevent
Treasury from using or sharing AIS Deceased Data through Treasury's
Working System.
2. Treasury assessed privacy restrictions and risks by reviewing
AIS' responses to a questionnaire based on Federal Trade Commission
(FTC) vendor management guidance and conducting a data source profile.
The information AIS provided regarding data restrictions and risks
helped inform Treasury's decision to request this OMB designation of
AIS.
The questionnaire includes sections on Products and Services,
Breach Notification, Consumer Access and Redress, and Legal Action/
Complaints/Inquiries. AIS' response indicated that there are no
consumer access or redress procedures in place because their data is
not directly acquired from the consumer. AIS data is gathered through
public records and additional data sources. AIS maintains that
policies, practices and procedures relating to the monitoring,
auditing, or evaluation of the accuracy of personally identifiable
information may be customized and approved by Treasury as its customer.
Treasury evaluated AIS Deceased Data in various areas, including a
data quality assessment at the attribute level, and at the level of the
source as a whole. Per-data element measures include quantifications of
accuracy, coverage, and conformity. Whole-source measures include
assessments of the freshness, completeness, and uniqueness of all
records. These six assessments factors, some of which are multi-part,
reduce to six quantitative scores, and these six scores are combined
into an overall data source quality benchmark. The quality assessment
was performed on a snapshot of the data source from July 14, 2014, for
December and January deaths and from March 28, 2014, for November
deaths.
3. Designating AIS Deceased Data will strengthen program integrity.
Treasury performed an analysis, in which it was conservatively
estimated, that the program's use of just three months of AIS Deceased
Data would have resulted in the identification of 226 additional
improper payments, with a corresponding reduction of roughly $450,000
in improper payments to deceased persons. Please see sections IV(A)(5)
and IV(B)(2) of the AIS Deceased Data suitability assessment for more
detail on the results of this analysis.
4. Streamlining Federal officials' access to AIS Deceased Data as
an additional database within Treasury's Working System supports the
Administration's objectives to reduce duplication and costs to
taxpayers. Adding in this needed data source without streamlining
through Treasury would require each agency to purchase the data set
separately, resulting in delays to access and redundant.
5. There will be some additional costs associated with expanding or
centralizing access to AIS Deceased Data. However, Treasury has
performed a trial assessment with respect to AIS Deceased Data, and has
determined that the return on investment (ROI) is positive and
outweighs the costs. Please see sections IV(A)(5) and IV(B)(2) of the
AIS Deceased Data suitability assessment for more detail on how this
analysis was performed and the results.
6. No additional policy or stakeholder considerations were
identified.
We invite public comments on the proposed designation of each of
the six databases described in this notice.
Mark Reger,
Deputy Controller.
Do Not Pay: Written Assessment of the Suitability of the AIS Deceased
Data Commercial Database
The Office of Management and Budget (OMB) Memorandum M-13-20
requires the Department of the Treasury to prepare and submit to OMB a
written assessment to document the suitability of any commercial
database proposed for use in Treasury's Working System. Section 11(d)
of M-13-20 requires the assessment to address four topics:
(i) The need to use or access the data;
(ii) how the data will be used or accessed;
(iii) a description of the data, including each data element that
will be used or accessed; and
(iv) how the database meets all applicable requirements of M-13-20.
Treasury has completed its assessment of the suitability of
American InfoSource (AIS) Deceased Data for inclusion as a database in
Treasury's Working System. Based on its assessment, Treasury recommends
that OMB propose the inclusion of AIS Deceased Data into Treasury's
Working System. Below are Treasury's evaluations and conclusions
regarding the Section 11(d) topics.
I. Explanation of the Need To Use or Access the Data
Decedent persons are ineligible to receive payments with few
exceptions, such as to payments to survivors under the deceased name or
payments to an estate for work completed before death. As such, the
deceased are ineligible for most benefits, grants, or awards. There is
a business need for the government to use the most complete, timely,
and accurate data to ensure an improper payment is not made to these
persons. Currently, government sources of death data include the Social
Security Administration's (SSA) Death Master File (DMF), the Centers
for Disease Control and Prevention's (CDC) National Vital Statistics
System, and data maintained by the Internal Revenue Service (IRS)
derived from Table 2000CM of tax returns.
[[Page 43046]]
The AIS Deceased Data database includes information about deceased
persons from all 50 states. AIS Deceased Data provides death data from
states currently unavailable to Treasury customers through SSA's DMF.
Treasury's Working System currently uses the public version of SSA's
DMF. There is also a restricted version of DMF (known as the ``public
plus state'' DMF), which is more comprehensive and contains more data
reported from states than the public version. The Social Security Act
limits the disclosure of state death records contained in the ``public
plus state'' DMF to only benefit paying agencies. SSA has determined
that Treasury's Working System does not meet the requirements for
access to the ``public plus state'' DMF. Therefore, Treasury evaluated
the coverage of AIS Deceased Data by state ``public plus state'' DMF
and found that AIS does have significant coverage in many states above
and beyond public DMF which are not contained within ``public plus
state'' DMF. In addition to inputs from SSA's public DMF, AIS gathers
information from probate court records and published obituaries.
Obituaries are obtained by AIS from over 3,000 funeral homes and
thousands of newspapers, and probate records are collected from the
county courts. These sources are not currently available to agencies
accessing Treasury's Working System. Out of 600,000 records Treasury
received from AIS when assessing the suitability of the database,
approximately 230,000 came from sources (obituaries and probationary
records) other than the public version of DMF. The positive return on
investment (ROI) analysis (Section IV) removed DMF files from its
calculations further supporting that including records from AIS in
Treasury's Working System will create value to Federal agencies that
require this additional death data to make payment decisions.
II. Explanation of How the Data Will Be Used or Accessed
Generally, when payment-issuing agencies identify a business need
to match against a specific type of database, Treasury will work with
the payment-issuing agency to complete an Initial Questionnaire. An
Initial Questionnaire is the form that Treasury must approve for each
payment-issuing agency to initiate the onboarding process, and begin
the process of accessing the requested databases. The objectives of the
onboarding process are to:
Allow the payment-issuing agency to gain access to
Treasury's Working System;
Outline business needs and legal authorities for the
payment-issuing agency to access Treasury's Working System; and
Ensure that payment-issuing agency files are ready for use
in Treasury's Working System.
During the onboarding process, if an agency determines it has a
business need to access death data like AIS Deceased Data--typically,
to assist the agency in making eligibility determinations for payments
or awards, customers will also identify the method by which their
agency will search, or be disclosed, AIS Deceased Data (via online
single search, batch matching, continuous monitoring, DNP Analytics, or
a combination of these services). To access the batch matching and
continuous monitoring matching functions, customers must establish a
secure file transfer process with Treasury. Treasury then works with
customers to provision access credentials and obtain supplementary
information necessary to access Treasury's Working System. Each
customer must certify and agree to Rules of Behavior for Treasury's
Working System and certify and execute several legal agreements.
Customers will then identify AIS Deceased Data as the specific database
relevant to their matching needs.
Upon obtaining access to use Treasury's Working System, a
comparison between AIS data and agency payment data could be made,
resulting in the return of positive matches. Users may either use
Treasury's online portal to view automated match results on a regular
basis, or request analytical services to be performed in order to gain
additional insight. It is then the customer's responsibility to review
the information received and make a determination, or request
additional services.
---------------------------------------------------------------------------
\5\ The Acquired and Age data elements reflect the timeliness of
the data, and document when AIS compiled the specific death record.
---------------------------------------------------------------------------
III. Description of the Data (Including Each Data Element That Will Be
Used or Accessed)
Data Element Definitions
------------------------------------------------------------------------
Related fields in
Header Description of data DMF
------------------------------------------------------------------------
Last Name................... The last name of the lastname.
deceased individual.
First Name.................. The first name of firstname.
the deceased
individual.
Middle Name................. The middle name of middlename.
the deceased
individual.
City........................ The city of ....................
residence for the
deceased individual.
State....................... The state of ....................
residence for the
deceased individual.
Social Security Number (SSN) A 9-digit ssn.
identification
number used by the
SSA. It is
exclusively issued
by SSA and is
predominantly used
for the individual
classification.
Date of Death (Dod)......... The date of death dateofdeath.
for the deceased
individual, used to
determine if
payment date is
before or after
death date.
Date of birth (Dob)......... The date of birth dateofbirth.
for the deceased
individual, which
is a supplemental
matching element
payment-issuing
agencies may use as
an additional
unique identifier
to increase
confidence in match
accuracy.
Acquired \5\................ Identifies when the ....................
data was first
acquired by AIS.
Age......................... Identifies the ....................
number of days
between the
acquired date and
the date of death.
Confidence.................. Level of confidence verifyproof_cd.
in the data within
the record,
determined by the
source of the death
report (DMF,
probate court,
obituary, and/or
independent
verification by
AIS).
Source count................ The number of death ....................
sources in which
the record was
found.
Source...................... The source from ....................
which the record
was first acquired.
------------------------------------------------------------------------
[[Page 43047]]
IV. Explanation of How the Database Meets All the Applicable
Requirements of OMB M-13-20
M-13-20 outlines three distinct sets of requirements for including
additional databases in Treasury's Working System.
A. M-13-20 Section 5(b)--Considerations for Designation of Additional
Databases
M-13-20 section 5(b) requires that when considering additional
databases for designation, OMB will consider:
1. Statutory or other limitations on the use and sharing of
specific data;
2. Privacy restrictions and risks associated with specific data;
3. Likelihood that the data will strengthen program integrity
across programs and agencies;
4. Benefits of streamlining access to the data through the central
DNP Initiative;
5. Costs associated with expanding or centralizing access,
including modifications needed to system interfaces or other
capabilities in order to make data accessible; and
6. Other policy and stakeholder considerations, as appropriate.
Treasury has assessed AIS Deceased Data against the considerations
and factors outlined in Section 5(b) of M-13-20. Treasury has
determined that:
1. There are no statutory or other limitations that would prevent
Treasury from using or sharing AIS Deceased Data through Treasury's
Working System.
2. Treasury assessed privacy restrictions and risks by reviewing
AIS' responses to a questionnaire based on Federal Trade Commission
(FTC) vendor management guidance and conducting a data source profile.
These inputs that considered data restrictions and risks informed
Treasury's decision to request this designation request.
The questionnaire includes sections on Products and Services,
Breach Notification, Consumer Access and Redress, and Legal Action/
Complaints/Inquiries. AIS' response indicated that there are no
consumer access or redress procedures in place because their data is
not directly acquired from the consumer. AIS data is gathered through
public records and additional data sources. AIS maintains that
policies, practices and procedures relating to the monitoring,
auditing, or evaluation of the accuracy of personally identifiable
information may be customized and approved by the Treasury as its
customer.
Treasury evaluated AIS Deceased Data in various areas, including a
data quality assessment at the attribute level, and at the level of the
source as a whole. Per-data element measures include quantifications of
accuracy, coverage, and conformity. Whole-source measures include
assessments of the freshness, completeness, and uniqueness of all
records. These six assessments factors, some of which are multi-part,
reduce to six quantitative scores, and these six scores are combined
into an overall data source quality benchmark. The quality assessment
was performed on a snapshot of the data source, from July 14, 2014 for
December and January deaths and from March 28, 2014 for November
deaths.
3. Designating AIS Deceased Data will strengthen program integrity.
Treasury performed an analysis in which it was conservatively estimated
that the program's use of just three months of AIS Deceased Data would
have resulted in the identification of 226 additional improper
payments, with a corresponding reduction of roughly $450,000 in
improper payments to deceased persons. Please see section IV(A)(5) and
IV(B)(2) for more detail on how this analysis was performed and the
results.
4. It is beneficial to the Federal government and to taxpayers to
streamline access to AIS Deceased Data as an additional database within
Treasury's Working System. Currently, in order to access AIS Deceased
Data, customer agencies must each procure the data themselves. This
process can take up to six months to complete and is costly and
duplicative. With over 140 programs currently accessing Treasury's
Working System, the amount of time saved with a single procurement will
have a positive ROI.
5. There will be some additional costs associated with expanding or
centralizing access to AIS Deceased Data. However, Treasury has
performed a trial assessment with respect to AIS Deceased Data, and it
has determined that the ROI is positive and outweighs the costs.
Specifically, the trial assessment compared three months of AIS data to
current and historical payment data in order to determine which
payments would result in matches. Agency-specific business rules
identified in Treasury's current processes were then applied to reduce
false positives. ROI was 400%. Recurring payments were then eliminated
to simulate an agency stopping the first payment, thus nullifying
benefit from future payments. ROI was found to be 315%.
6. No additional policy or stakeholder considerations were
identified.
B. M-13-20 Section 11(b)--General Standards for the Use or Access to
Commercial Databases
M-13-20 Section 11(b) provides that Treasury may use or access a
commercial database for Treasury's Working System only if OMB has
officially, previously designated such database for inclusion following
a period of public notice and comment, as described in section 5(b) of
this Memorandum. Because commercial databases used or accessed for
purposes of the DNP Initiative will be used to help agencies make
determinations about persons, it is important that agencies apply
safeguards that are similarly rigorous to those that apply to systems
of records under the Privacy Act. Thus, commercial data may only be
used or accessed for the DNP Initiative when the commercial data in
question would meet the following general standards:
1. Information in commercial databases must be relevant and
necessary to meet the objectives described in section 5 of IPERIA.
2. Information in commercial databases must be sufficiently
accurate, up-to-date, relevant, and complete to ensure fairness to the
individual record subjects.
3. Information in commercial databases must not contain information
that describes how any individual exercises rights guaranteed by the
First Amendment, unless use of the data is expressly authorized by
statute.
Treasury has assessed AIS Deceased Data against the considerations
and factors outlined in Section 11(b) of M-13-20. Treasury has
determined that:
1. AIS Deceased Data is relevant and necessary to meet objectives
set out in the Improper Payments Elimination and Recovery Improvement
Act of 2012 (IPERIA). IPERIA requires payment-issuing agencies to
verify eligibility of payments and awards by reviewing the SSA DMF, as
appropriate. Treasury has access to the public DMF, but does not
currently have access to the ``public plus state'' DMF or probate court
records and obituaries. AIS Deceased Data provides the latter two
categories, creating value for payment-issuing agencies in this
additional death data. Additionally, AIS Deceased Data includes records
from states, including 18 states that do not report deaths to SSA via
the Internet Electronic Death Registration (I-EDR), and would not be
included in the ``public plus state'' DMF anyway. AIS Deceased Data
will supplement the existing data provided by SSA in the public DMF and
further
[[Page 43048]]
inform the payment decisions of Treasury customers.
2. In its trial assessment, Treasury determined that AIS Deceased
Data is sufficiently accurate, up-to-date, relevant, and complete to
ensure fairness. Treasury compared the AIS Deceased Data city and state
data to other databases that are considered ``gold standards'' and over
99 percent of these data were accurate. Treasury also assessed AIS
Deceased Data social security number (SSN), date of death, and date of
birth data elements and determined that: over 99 percent of the SSN
data are accurate; all records contain a date of death; and 89 percent
of the data contain a date of birth, which is sufficiently accurate for
a supplemental matching element. The data elements that AIS will
provide to Treasury's Working System all directly relate to confirming
the identification of a person's status as deceased and would be fully
refreshed on a quarterly basis. Extraneous fields are not included to
ensure that data minimization standards (see M-13-20 section 5(c)) are
applied. In addition, Treasury only receives records from AIS, which
contain a SSN, first name, and last name. These practices and the data
elements will ensure fewer false positives and fairness to the record
subjects.
3. AIS Deceased Data does not contain information that describes
how an individual exercises rights guaranteed by the First Amendment.
C. M-13-20 Section 11(c)--Specific Requirements for Use or Access to
Commercial Databases
M-13-20 Section 11(c) provides that in addition to the general
standards provided above, Treasury shall meet the following specific
requirements whenever agencies use or access a commercial database as
part of Treasury's Working System:
1. Treasury shall establish rules of conduct for persons involved
in the use of or access to commercial databases and instruct each
person with respect to such rules, including penalties for
noncompliance, as appropriate.
2. Treasury shall establish appropriate administrative, technical,
and physical safeguards to ensure the security and confidentiality of
information in commercial databases when such information is under
Treasury's control.
Treasury has assessed AIS Deceased Data against the considerations
and factors outlined in Section 11(c) of M-13-20. Treasury has
determined that it has fulfilled the requirements of Section 11(c)
because:
1. Treasury has established rules of conduct for users of the
Treasury's Working System. Users must agree to the following:
To use information to perform job duties and to only
access data necessary to perform said duties;
To not use data for fraud;
To not browse or access data without authorization;
To make no changes to data delivered;
To not use data for personal gain;
To report conflicts of interest immediately;
To terminate access when access is no longer required for
job duties; and
To not disclose information to unauthorized persons.
Terms and conditions which must be accepted each time a customer
accesses the Treasury's Working System include a description of
penalties for misuse of data. These include:
Criminal and civil penalties.
disciplinary actions and other consequences including the
loss of system access.
2. Treasury has strong safeguards to protect the security and
confidentiality of information. Access to the Treasury's Working System
is available only by authorized persons on a need-to-know basis.
External access logs to Treasury's Working System are reviewed to
ensure compliance with the Rules of Behavior agreed to by credentialed
users. Internal access log control measures are reviewed to ensure
compliance with security guidelines governing access to Privacy Act
data. Audit logs allow system managers to monitor external and internal
user actions and address any misuse or violation of access privileges.
Access to computerized records is limited through the use of internal
mechanisms available to only those whose official duties require
access. Facilities where records are physically located are secured by
various means, such as security guards, locked doors with key entry,
and equipment requiring a physical token to gain access. The Bureau of
the Fiscal Service may agree to additional safeguards for some data
through a written agreement with the entity supplying the data.
Treasury's Working System recently completed its Security
Assessment and Authorization (SA&A), which is reviewed at the Bureau of
the Fiscal Service level. The SA&A adheres to the processes outlined in
the National Institute of Standards and Technology (NIST) Special
Publication (SP) 800 series. More specifically, NIST SP 800-115; NIST
SP 800-53, Rev. 3; NIST SP-800-53A, Rev. 1; NIST SP 800-37, Rev. 1; and
NIST SP 800-30. Treasury's Working System also complies with the
Federal Information Security Management Act (FISMA). For example,
detailed SA&A information is currently safeguarded within the Treasury
FISMA Information Management System; in the event of an audit, this
documentation may be made available.
[FR Doc. 2017-19433 Filed 9-12-17; 8:45 am]
BILLING CODE 3110-01-P
