Privacy Act of 1974; System of Records, 73353-73356 [2020-25298]
Download as PDF
<![CDATA[
Federal Register / Vol. 85, No. 222 / Tuesday, November 17, 2020 / Notices
respond to, a collection of information
unless the collection of information
displays a valid OMB control number.
Books or records relating to a collection
of information must be retained as long
as their contents may become material
in the administration of any internal
revenue law. Generally, tax returns and
tax return information are confidential,
as required by 26 U.S.C. 6103.
Request for Comments: Comments
submitted in response to this notice will
be summarized and/or included in the
request for OMB approval. All
comments will become a matter of
public record. Comments are invited on:
(a) Whether the collection of
information is necessary for the proper
performance of the functions of the
agency, including whether the
information shall have practical utility;
(b) the accuracy of the agency’s estimate
of the burden of the collection of
information; (c) ways to enhance the
quality, utility, and clarity of the
information to be collected; (d) ways to
minimize the burden of the collection of
information on respondents, including
through the use of automated collection
techniques or other forms of information
technology; and (e) estimates of capital
or start-up costs and costs of operation,
maintenance, and purchase of services
to provide information.
Approved: November 12, 2020.
Sara L. Covington,
IRS Tax Analyst.
[FR Doc. 2020–25339 Filed 11–16–20; 8:45 am]
BILLING CODE 4830–01–P
DEPARTMENT OF THE TREASURY
Privacy Act of 1974; System of
Records
Department of the Treasury.
Notice of a modified system of
AGENCY:
ACTION:
records.
In accordance with the
requirements of the Privacy Act of 1974,
as amended, the Department is
publishing its modified Privacy Act
systems of record.
DATES: Submit comments on or before
December 17, 2020.
ADDRESSES: Comments may be
submitted to the Federal eRulemaking
Portal electronically at https://
www.regulations.gov. Comments can
also be sent to the Deputy Assistant
Secretary for Privacy, Transparency, and
Records, Department of the Treasury,
1500 Pennsylvania Avenue NW,
Washington, DC 20220, Attention:
Revisions to Privacy Act Systems of
Records. All comments received,
SUMMARY:
VerDate Sep<11>2014
19:46 Nov 16, 2020
Jkt 253001
including attachments and other
supporting documents, are part of the
public record and subject to public
disclosure. All comments received will
be posted without change to
www.regulations.gov, including any
personal information provided. You
should submit only information that
you wish to make publicly available.
For
general questions and for privacy issues
please contact: Ryan Law, Deputy
Assistant Secretary for Privacy,
Transparency, and Records (202–622–
5710), Department of the Treasury, 1500
Pennsylvania Avenue NW, Washington,
DC 20220.
FOR FURTHER INFORMATION CONTACT:
Pursuant
to the Privacy Act of 1974, 5 U.S.C. 552
and the Office of Management and
Budget (OMB) Circular No. A–130, the
Department of the Treasury has
completed a review of Treasury .015—
General Information Technology Access
Account Records Privacy Act system of
records notice to identify minor changes
that will more accurately describe the
record. Minor changes throughout the
document are editorial in nature and
consist principally of changes to system
locations, system manager addresses,
and revisions to titles. The notice was
last published in its entirety on
November 7, 2016, at 81 FR 78266.
The categories of records have been
updated to include such information as
driver’s license numbers, photographs,
and universally unique identifier
(UUID). Finally, the routine uses have
been updated to include the breach
response routine uses (M) and (N)
published at 85 FR 36460 in accordance
with OMB M–17–12 for the disclosure
of information necessary to respond to
a breach either of Treasury’s PII or,
appropriate, to assist another agency in
its response to a breach.
The system enables Treasury to
maintain: Account information required
for approved access to information
technology; contractor-provided identity
proofing, authentication, and group
affiliation verification in support of
Treasury Bureaus and Departmental
Offices; lists of individuals who are
appropriate organizational points of
contact; and lists of individuals who are
emergency points of contact. In
addition, the system will enable
Treasury to collect records allowing
individuals access to specific meetings
and programs where supplemental
information is required and, where
appropriate, to facilitate collaboration
by allowing individuals in the same
operational program to share
information.
SUPPLEMENTARY INFORMATION:
PO 00000
Frm 00096
Fmt 4703
Sfmt 4703
73353
Treasury has provided a report of this
system of records to the Committee on
Oversight and Government Reform of
the House of Representatives, the
Committee on Homeland Security and
Governmental Affairs of the Senate, and
OMB, pursuant to 5 U.S.C. 552a(r) and
OMB Circular A–108, ‘‘Federal Agency
Responsibilities for Review, Reporting,
and Publication under the Privacy Act,’’
dated December 23, 2016.
Ryan Law,
Deputy Assistant Secretary for Privacy,
Transparency, and Records.
SYSTEM NAME AND NUMBER:
Department of the Treasury .015—
General Information Technology Access
Account Records.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The records are located at Main
Treasury and in other Treasury bureaus
and offices, both in Washington, DC and
at field locations as follows:
(1) Departmental Offices: 1500
Pennsylvania Ave. NW, Washington, DC
20220;
(2) Alcohol and Tobacco Tax and
Trade Bureau: 1310 G St. NW,
Washington, DC 20220.
(3) Office of the Comptroller of the
Currency: Constitution Center, 400
Seventh St. SW, Washington, DC 20024;
(4) Fiscal Service: Liberty Center
Building, 401 14th St. SW, Washington,
DC 20227;
(5) Internal Revenue Service: 1111
Constitution Ave. NW, Washington, DC
20224;
(6) United States Mint: 801 Ninth St.
NW, Washington, DC 20220;
(7) Bureau of Engraving and Printing:
Eastern Currency Facility, 14th and C
Streets SW, Washington, DC 20228 and
Western Currency Facility, 9000 Blue
Mound Rd., Fort Worth, TX 76131;
(8) Financial Crimes Enforcement
Network: Vienna, VA 22183;
(9) Special Inspector General for the
Troubled Asset Relief Program
(SIGTARP): 1801 L St. NW, Washington,
DC 20220;
(10) Office of Inspector General: 740
15th St. NW, Washington, DC 20220;
and
(11) Office of the Treasury Inspector
General for Tax Administration: 1125
15th St. NW, Suite 700A, Washington,
DC 20005.
SYSTEM MANAGER(S):
DASIT/CIO, Department of the
Treasury, 1500 Pennsylvania Ave. NW,
Washington, DC 20220.
E:\FR\FM\17NON1.SGM
17NON1
73354
Federal Register / Vol. 85, No. 222 / Tuesday, November 17, 2020 / Notices
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
44 U.S.C. 3101; E.O. 9397, as
amended by E.O. 13487; and 44 U.S.C.
3534.
PURPOSE(S) OF THE SYSTEM:
This system will allow Treasury to
collect a discrete set of personally
identifiable information to allow
authorized individuals (including
members of the public) access to, or
interact with, Treasury information
technology resources, and allow
Treasury to track use of its information
technology resources. The system
enables Treasury to maintain: Account
information required for approved
access to information technology; lists
of individuals who are appropriate
organizational points of contact; and
lists of individuals who are emergency
points of contact. The system will also
enable Treasury to provide individuals
access to certain meetings and programs
where additional information is
required and, where appropriate,
facilitate collaboration by allowing
individuals in the same operational
program to share information.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
• All persons who are authorized to
access Treasury information technology
resources (either directly or via
contractor-provided validation services),
including employees, contractors,
grantees, fiscal agents, financial agents,
interns, detailees, members of the
public, and any lawfully designated
representative of the above as well as
representatives of federal, state,
territorial, tribal, local, international, or
foreign government agencies or entities,
in furtherance of the Treasury mission.
• Individuals who serve on Treasury
boards and committees;
• Individuals who provide personal
information to Treasury or a Treasury
contractor to facilitate access to
Treasury information technology
resources;
• Industry points-of-contact
providing business contact information
for conducting business with
government agencies;
• Industry points-of-contact
emergency contact information in case
of an injury or medical notification;
• Individuals who voluntarily join a
Treasury-owned and operated web
portal for collaboration purposes; and
• Individuals who request access but
are denied, or who have had their access
to Treasury information systems
revoked.
CATEGORIES OF RECORDS IN THE SYSTEM:
• Driver’s License Numbers;
VerDate Sep<11>2014
19:46 Nov 16, 2020
Jkt 253001
• Photographs;
• Universally Unique Identifier
(UUID) or other assigned identifier;
• Social Security number;
• Business name;
• Job title;
• Business contact information;
• Personal contact information;
• Pager numbers;
• Others phone numbers or contact
information provided by individuals
while on travel or otherwise away from
the office or home;
• Citizenship;
• Level of access;
• Home addresses;
• Business addresses;
• Personal and business electronic
mail addresses of senders and
recipients;
• Justification for access to Treasury
computers, networks, or systems;
• Verification of training
requirements or other prerequisite
requirements for access to Treasury
computers, networks, or systems;
• Records on the authentication of a
request for access to a Treasury IT
resource, including names, phone
numbers of other contacts, and positions
or business/organizational affiliations
and titles of individuals who can verify
an individual’s need for access to a
Treasury IT resource and validate their
identity before access is granted.
• Records on access to Treasury
computers and networks including user
IDs and passwords;
• Registration numbers or IDs
associated with Treasury information
technology resources;
• Date and time of access to Treasury
IT resources;
• Tax returns and tax return
information;
• Logs of activity when accessing and
using Treasury information technology
resources;
• Internet Protocol address of visitors
to Treasury websites (a unique number
identifying the computer from which a
member of the public or others access
Treasury IT resources); and
• Logs of individuals’ internet
activity while using Treasury IT
resources.
RECORD SOURCE CATEGORIES:
Information contained in this system
is obtained from affected individuals,
organizations, and facilities; public
source data; other government agencies;
and information already in other
Treasury records systems.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
Disclosure of tax returns and tax
return information may be made only as
PO 00000
Frm 00097
Fmt 4703
Sfmt 4703
allowed by 26 U.S.C. 6103. In addition
to those disclosures generally permitted
under 5 U.S.C. 552a (b) of the Privacy
Act, all or a portion of the records or
information contained in this system
may be disclosed outside Treasury as a
routine use pursuant to 5 U.S.C. 552a (b)
(3), as follows:
A. To the Department of Justice
(including United States Attorneys’
Offices) or other federal agencies
conducting litigation or in proceedings
before any court or adjudicative or
administrative body, when it is relevant
or necessary to the litigation and one of
the following is a party to the litigation
or has an interest in such litigation:
1. Treasury or any component thereof;
2. Any employee of Treasury in his/
her official capacity;
3. Any employee of Treasury in his/
her individual capacity where the
Department of Justice or Treasury has
agreed to represent the employee; or
4. The United States or any agency
thereof.
B. To a congressional office from the
record of an individual in response to
an inquiry from that congressional office
made at the request of the individual to
whom the record pertains.
C. To the National Archives and
Records Administration or General
Services Administration pursuant to
records management inspections being
conducted under the authority of 44
U.S.C. 2904 and 2906.
D. To an agency or organization for
the purpose of performing audit or
oversight operations as authorized by
law, but only such information as is
necessary and relevant to such audit or
oversight function.
E. To appropriate agencies, entities,
and persons when:
1. Treasury suspects or has confirmed
that the security or confidentiality of
information in the system of records has
been compromised;
2. The disclosure made to such
agencies, entities, and persons as is
reasonably necessary to assist in
connection with Treasury’s efforts to
respond to the suspected or confirmed
compromise and prevent, minimize, or
remedy such harm.
F. To contractors and their agents,
grantees, experts, consultants, fiscal
agent, financial agents, and others
performing or working on a contract,
service, grant, cooperative agreement, or
other assignment for Treasury, when
necessary to accomplish an agency
function related to this system of
records. Individuals provided
information under this routine use are
subject to the same Privacy Act
requirements and limitations on
E:\FR\FM\17NON1.SGM
17NON1
Federal Register / Vol. 85, No. 222 / Tuesday, November 17, 2020 / Notices
disclosure as are applicable to Treasury
officers and employees.
G. To an appropriate federal, state,
tribal, local, international, or foreign law
enforcement agency or other appropriate
authority charged with investigating or
prosecuting a violation or enforcing or
implementing a law, rule, regulation, or
order, where a record, either on its face
or in conjunction with other
information, indicates a violation or
potential violation of law, which
includes criminal, civil, or regulatory
violations and such disclosure is proper
and consistent with the official duties of
the person making the disclosure.
H. To sponsors, employers,
contractors, facility operators, grantees,
experts, fiscal agents, financial agents,
and consultants in connection with
establishing an access account for an
individual or maintaining appropriate
points of contact and when necessary to
accomplish a Treasury mission function
or objective related to this system of
records.
I. To other individuals in the same
operational program supported by an
information technology resource, where
appropriate notice to the individual has
been made that his or her contact
information will be shared with other
members of the same operational
program in order to facilitate
collaboration.
J. To federal agencies such as the
Office of Personnel Management, the
Merit Systems Protection Board, the
Office of Management and Budget, the
Federal Labor Relations Authority, the
Government Accountability Office, and
the Equal Employment Opportunity
Commission in the fulfillment of these
agencies’ official duties.
K. To international, federal, state,
local, tribal, or private entities for the
purpose of the regular exchange of
business contact information in order to
facilitate collaboration for official
business.
L. To the news media and the public,
with the approval of the Senior Agency
Official for Privacy, or her designee, in
consultation with counsel, when there
exists a legitimate public interest in the
disclosure of the information or when
disclosure is necessary to preserve
confidence in the integrity of Treasury
or is necessary to demonstrate the
accountability of Treasury’s officers,
employees, or individuals covered by
the system, except to the extent it is
determined that release of the specific
information in the context of a
particular case would constitute an
unwarranted invasion of personal
privacy.
M. To appropriate agencies, entities,
and persons when (1) the Department of
VerDate Sep<11>2014
19:46 Nov 16, 2020
Jkt 253001
the Treasury and/or Treasury bureau
suspects or has confirmed that there has
been a breach of the system of records;
(2) the Department of the Treasury and/
or Treasury bureau has determined that
as a result of the suspected or confirmed
breach there is a risk of harm to
individuals, the Department of the
Treasury and/or Treasury bureau(s)
(including its information systems,
programs, and operations), the Federal
Government, or national security; and
(3) the disclosure made to such
agencies, entities, and persons is
reasonably necessary to assist in
connection with the Department of the
Treasury’s and/or Treasury bureau’s
efforts to respond to the suspected or
confirmed breach or to prevent,
minimize, or remedy such harm;
N. To another Federal agency or
Federal entity, when the Department of
the Treasury and/or Treasury bureau
determines that information from this
system of records is reasonably
necessary to assist the recipient agency
or entity in (1) responding to a
suspected or confirmed breach or (2)
preventing, minimizing, or remedying
the risk of harm to individuals, the
recipient agency or entity (including its
information systems, programs, and
operations), the Federal Government, or
national security, resulting from a
suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
Records in this system are on paper
and/or in digital or other electronic
form. Digital and other electronic
images are stored on a storage area
network in a secured environment.
Records, whether paper or electronic,
may be stored at the Treasury
Headquarters or at the bureau or office
level.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
Records may be retrieved by an
identification number assigned by
computer, by facility, by business
affiliation, email address, or by the
name of the individual, or other
employee data fields previously
identified in this System of Records
Notice.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
Records are securely retained and
disposed of in accordance with the
National Archives and Records
Administration’s General Records
Schedule 24, section 6, ‘‘User
Identification, Profiles, Authorizations,
and Password Files.’’ Inactive records
will be destroyed or deleted 6 years after
the user account is terminated or
PO 00000
Frm 00098
Fmt 4703
Sfmt 4703
73355
password is altered, or when no longer
needed for investigative or security
purposes, whichever is later.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
Information in this system is
safeguarded in accordance with
applicable laws, rules, and policies,
including Treasury Directive 85–01,
Department of the Treasury Information
Technology (IT) Security Program.
Further, Treasury .015—General
Information Technology Access
Account Records system of records
security protocols will meet multiple
National Institute of Standards and
Technology security standards from
authentication to certification and
authorization. Records in the Treasury
.015—General Information Technology
Access Account Records system of
records will be maintained in a secure,
password protected electronic system
that will utilize security hardware and
software to include: Multiple firewalls,
active intruder detection, and role-based
access controls. Additional safeguards
will vary by component and program.
All records are protected from
unauthorized access through
appropriate administrative, physical,
and technical safeguards. These
safeguards include restricting access to
authorized personnel who have a ‘‘need
to know,’’ using locks, and password
protection identification features.
Treasury file areas are locked after
normal duty hours and the facilities are
protected by security personnel who
monitor access to and egress from
Treasury facilities.
RECORD ACCESS PROCEDURES:
See ‘‘Notification Procedures’’ below.
CONTESTING RECORD PROCEDURES:
See ‘‘Notification Procedures’’ below.
NOTIFICATION PROCEDURES:
Individuals seeking notification of
and access to any record contained in
this system of records, or seeking to
contest its content, may submit a
request in writing, in accordance with
Treasury’s Privacy Act regulations
(located at 31 CFR 1.26), to the Freedom
of Information Act (FOIA) and
Transparency Liaison, whose contact
information can be found at https://
www.treasury.gov/FOIA/Pages/
index.aspx under ‘‘FOIA Requester
Service Centers and FOIA Liaison.’’ If
an individual believes more than one
bureau maintains Privacy Act records
concerning him or her, the individual
may submit the request to the Office of
Privacy, Transparency, and Records,
FOIA and Transparency, Department of
E:\FR\FM\17NON1.SGM
17NON1
73356
Federal Register / Vol. 85, No. 222 / Tuesday, November 17, 2020 / Notices
U.S.-China Economic and
Security Review Commission.
ACTION: Notice of open public event.
Commission. The Commission is
mandated by Congress to investigate,
assess, and report to Congress annually
on ‘‘the national security implications of
the economic relationship between the
United States and the People’s Republic
of China.’’ Pursuant to this mandate, the
Commission will hold a virtual public
release of its 2020 Annual Report to
Congress in Washington, DC, on
December 1, 2020.
DATES: The release is scheduled for
Tuesday, December 1, 2020 at 10:30
a.m.
ADDRESSES: This release will be held
online. Members of the public will be
able to view a live webcast via the
Commission’s website at www.uscc.gov.
Please check the Commission’s website
for possible changes to the event
schedule and instructions on how to
submit questions or participate in the
question and answer session.
Reservations are not required to attend.
FOR FURTHER INFORMATION CONTACT: Any
member of the public seeking further
information concerning the event
should contact Jameson Cunningham,
444 North Capitol Street NW, Suite 602,
Washington, DC 20001; telephone: 202–
624–1496, or via email at jcunningham@
uscc.gov. Reservations are not required
to attend.
ADA Accessibility: For questions
about the accessibility of the event or to
request an accommodation, please
contact Jameson Cunningham at 202–
624–1496, or via email at jcunningham@
uscc.gov. Requests for an
accommodation should be made as soon
as possible, and at least five business
days prior to the event.
SUPPLEMENTARY INFORMATION:
Topics To Be Discussed: The
Commission’s 2020 Annual Report to
Congress addresses key findings and
recommendations for Congressional
action based upon the Commission’s
hearings, research, and review of the
areas designated by Congress in its
mandate, including focused work this
year on: China’s view of strategic
competition with the United States;
China’s promotion of alternative global
norms and standards; China’s strategic
aims in Africa; vulnerabilities in China’s
financial system and risks for the United
States; U.S.-China links in healthcare
and biotechnology; China’s growing
power projection and expeditionary
capabilities; Taiwan; Hong Kong; and a
review of economics, trade, security,
political, and foreign affairs
developments in 2020.
Notice is hereby given of the
following open public event of the U.S.China Economic and Security Review
Authority: Congress created the U.S.-China
Economic and Security Review Commission
in 2000 in the National Defense
Authorization Act (Pub. L. 106–398), as
the Treasury, 1500 Pennsylvania Ave.
NW, Washington, DC 20220.
No specific form is required, but a
request must be written and:
• Be signed and either notarized or
submitted under 28 U.S.C. 1746, a law
that permits statements to be made
under penalty of perjury as a substitute
for notarization;
• State that the request is made
pursuant to the FOIA and/or Privacy
Act disclosure regulations;
• Include information that will enable
the processing office to determine the
fee category of the user;
• Addressed to the bureau that
maintains the record (in order for a
request to be properly received by the
Department, the request must be
received in the appropriate bureau’s
disclosure office);
• Reasonably describe the records;
• Give the address where the
determination letter is to be sent;
• State whether or not the requester
wishes to inspect the records or have a
copy made without first inspecting
them; and
• Include a firm agreement from the
requester to pay fees for search,
duplication, or review, as appropriate.
In the absence of a firm agreement to
pay, the requester may submit a request
for a waiver or reduction of fees, along
with justification of how such a waiver
request meets the criteria for a waiver or
reduction of fees found in the FOIA
statute at 5 U.S.C. 552(a)(4)(A)(iii).
You may also submit your request
online at https://rdgw.treasury.gov/foia/
pages/gofoia.aspx and call 1–202–622–
0930 with questions.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
Notice of this system of records was
last published in full in the Federal
Register on November 7, 2016 (81 FR
78266) as the Department of the
Treasury .015—General Information
Technology Access Account Records
[FR Doc. 2020–25298 Filed 11–16–20; 8:45 am]
BILLING CODE 4810–25–P
U.S.-CHINA ECONOMIC AND
SECURITY REVIEW COMMISSION
Notice of Open Public Event
AGENCY:
SUMMARY:
VerDate Sep<11>2014
19:46 Nov 16, 2020
Jkt 253001
PO 00000
Frm 00099
Fmt 4703
Sfmt 4703
amended by Division P of the Consolidated
Appropriations Resolution, 2003 (Pub. L.
108–7), as amended by Public Law 109–108
(November 22, 2005), as amended by Public
Law 113–291 (December 19, 2014).
Dated: November 12, 2020.
Daniel W. Peck,
Executive Director, U.S.-China Economic and
Security Review Commission.
[FR Doc. 2020–25347 Filed 11–16–20; 8:45 am]
BILLING CODE 1137–00–P
DEPARTMENT OF VETERANS
AFFAIRS
Privacy Act of 1974; Matching Program
AGENCY:
Department of Veterans Affairs
(VA).
Notice of a new matching
program.
ACTION:
This re-established computer
matching agreement (CMA) sets forth
the terms, conditions, and safeguards
under which the Internal Revenue
Service (IRS) will disclose return
information, relating to unearned
income, to the Department of Veterans
Affairs (VA), Veterans Benefits
Administration (VBA) for the Disclosure
of Information to Federal, State and
Local Agencies (DIFSLA). The purpose
of this CMA is to make available to VBA
certain return information needed to
determine eligibility for, and amount of
benefits for, VBA applicants and
beneficiaries of needs-based benefits,
and to adjust income-dependent benefit
payments, as prescribed by law.
Currently, the most cost effective and
efficient way to verify annual income of
applicants, and recipients of these
benefits, is through a computer match.
DATES: Comments on this matching
notice must be received no later than 30
days after date of publication in the
Federal Register. If no public comments
are received during the period allowed
for comment, the re-established
agreement will become effective January
1, 2021 provided it is a minimum of 30
days after the publication date. If VA
receives public comments, VA shall
review the substance of the comments to
determine whether or not VA needs to
take other actions. The CMA will be
effective 30 days after the publication
date even, if public comments are
received. This matching program will be
valid for 18 months from the effective
date of this notice.
ADDRESSES: Comments may be
submitted through www.Regulations.gov
or mailed to VA Privacy Service, 810
Vermont Avenue NW, (005R1A),
Washington, DC 20420. Comments
should indicate that they are submitted
SUMMARY:
E:\FR\FM\17NON1.SGM
17NON1
]]>Agencies
[Federal Register Volume 85, Number 222 (Tuesday, November 17, 2020)]
[Notices]
[Pages 73353-73356]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-25298]
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Privacy Act of 1974; System of Records
AGENCY: Department of the Treasury.
ACTION: Notice of a modified system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the requirements of the Privacy Act of
1974, as amended, the Department is publishing its modified Privacy Act
systems of record.
DATES: Submit comments on or before December 17, 2020.
ADDRESSES: Comments may be submitted to the Federal eRulemaking Portal
electronically at https://www.regulations.gov. Comments can also be sent
to the Deputy Assistant Secretary for Privacy, Transparency, and
Records, Department of the Treasury, 1500 Pennsylvania Avenue NW,
Washington, DC 20220, Attention: Revisions to Privacy Act Systems of
Records. All comments received, including attachments and other
supporting documents, are part of the public record and subject to
public disclosure. All comments received will be posted without change
to www.regulations.gov, including any personal information provided.
You should submit only information that you wish to make publicly
available.
FOR FURTHER INFORMATION CONTACT: For general questions and for privacy
issues please contact: Ryan Law, Deputy Assistant Secretary for
Privacy, Transparency, and Records (202-622-5710), Department of the
Treasury, 1500 Pennsylvania Avenue NW, Washington, DC 20220.
SUPPLEMENTARY INFORMATION: Pursuant to the Privacy Act of 1974, 5
U.S.C. 552 and the Office of Management and Budget (OMB) Circular No.
A-130, the Department of the Treasury has completed a review of
Treasury .015--General Information Technology Access Account Records
Privacy Act system of records notice to identify minor changes that
will more accurately describe the record. Minor changes throughout the
document are editorial in nature and consist principally of changes to
system locations, system manager addresses, and revisions to titles.
The notice was last published in its entirety on November 7, 2016, at
81 FR 78266.
The categories of records have been updated to include such
information as driver's license numbers, photographs, and universally
unique identifier (UUID). Finally, the routine uses have been updated
to include the breach response routine uses (M) and (N) published at 85
FR 36460 in accordance with OMB M-17-12 for the disclosure of
information necessary to respond to a breach either of Treasury's PII
or, appropriate, to assist another agency in its response to a breach.
The system enables Treasury to maintain: Account information
required for approved access to information technology; contractor-
provided identity proofing, authentication, and group affiliation
verification in support of Treasury Bureaus and Departmental Offices;
lists of individuals who are appropriate organizational points of
contact; and lists of individuals who are emergency points of contact.
In addition, the system will enable Treasury to collect records
allowing individuals access to specific meetings and programs where
supplemental information is required and, where appropriate, to
facilitate collaboration by allowing individuals in the same
operational program to share information.
Treasury has provided a report of this system of records to the
Committee on Oversight and Government Reform of the House of
Representatives, the Committee on Homeland Security and Governmental
Affairs of the Senate, and OMB, pursuant to 5 U.S.C. 552a(r) and OMB
Circular A-108, ``Federal Agency Responsibilities for Review,
Reporting, and Publication under the Privacy Act,'' dated December 23,
2016.
Ryan Law,
Deputy Assistant Secretary for Privacy, Transparency, and Records.
SYSTEM NAME AND NUMBER:
Department of the Treasury .015--General Information Technology
Access Account Records.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The records are located at Main Treasury and in other Treasury
bureaus and offices, both in Washington, DC and at field locations as
follows:
(1) Departmental Offices: 1500 Pennsylvania Ave. NW, Washington, DC
20220;
(2) Alcohol and Tobacco Tax and Trade Bureau: 1310 G St. NW,
Washington, DC 20220.
(3) Office of the Comptroller of the Currency: Constitution Center,
400 Seventh St. SW, Washington, DC 20024;
(4) Fiscal Service: Liberty Center Building, 401 14th St. SW,
Washington, DC 20227;
(5) Internal Revenue Service: 1111 Constitution Ave. NW,
Washington, DC 20224;
(6) United States Mint: 801 Ninth St. NW, Washington, DC 20220;
(7) Bureau of Engraving and Printing: Eastern Currency Facility,
14th and C Streets SW, Washington, DC 20228 and Western Currency
Facility, 9000 Blue Mound Rd., Fort Worth, TX 76131;
(8) Financial Crimes Enforcement Network: Vienna, VA 22183;
(9) Special Inspector General for the Troubled Asset Relief Program
(SIGTARP): 1801 L St. NW, Washington, DC 20220;
(10) Office of Inspector General: 740 15th St. NW, Washington, DC
20220; and
(11) Office of the Treasury Inspector General for Tax
Administration: 1125 15th St. NW, Suite 700A, Washington, DC 20005.
SYSTEM MANAGER(S):
DASIT/CIO, Department of the Treasury, 1500 Pennsylvania Ave. NW,
Washington, DC 20220.
[[Page 73354]]
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
44 U.S.C. 3101; E.O. 9397, as amended by E.O. 13487; and 44 U.S.C.
3534.
PURPOSE(S) OF THE SYSTEM:
This system will allow Treasury to collect a discrete set of
personally identifiable information to allow authorized individuals
(including members of the public) access to, or interact with, Treasury
information technology resources, and allow Treasury to track use of
its information technology resources. The system enables Treasury to
maintain: Account information required for approved access to
information technology; lists of individuals who are appropriate
organizational points of contact; and lists of individuals who are
emergency points of contact. The system will also enable Treasury to
provide individuals access to certain meetings and programs where
additional information is required and, where appropriate, facilitate
collaboration by allowing individuals in the same operational program
to share information.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
All persons who are authorized to access Treasury
information technology resources (either directly or via contractor-
provided validation services), including employees, contractors,
grantees, fiscal agents, financial agents, interns, detailees, members
of the public, and any lawfully designated representative of the above
as well as representatives of federal, state, territorial, tribal,
local, international, or foreign government agencies or entities, in
furtherance of the Treasury mission.
Individuals who serve on Treasury boards and committees;
Individuals who provide personal information to Treasury
or a Treasury contractor to facilitate access to Treasury information
technology resources;
Industry points-of-contact providing business contact
information for conducting business with government agencies;
Industry points-of-contact emergency contact information
in case of an injury or medical notification;
Individuals who voluntarily join a Treasury-owned and
operated web portal for collaboration purposes; and
Individuals who request access but are denied, or who have
had their access to Treasury information systems revoked.
CATEGORIES OF RECORDS IN THE SYSTEM:
Driver's License Numbers;
Photographs;
Universally Unique Identifier (UUID) or other assigned
identifier;
Social Security number;
Business name;
Job title;
Business contact information;
Personal contact information;
Pager numbers;
Others phone numbers or contact information provided by
individuals while on travel or otherwise away from the office or home;
Citizenship;
Level of access;
Home addresses;
Business addresses;
Personal and business electronic mail addresses of senders
and recipients;
Justification for access to Treasury computers, networks,
or systems;
Verification of training requirements or other
prerequisite requirements for access to Treasury computers, networks,
or systems;
Records on the authentication of a request for access to a
Treasury IT resource, including names, phone numbers of other contacts,
and positions or business/organizational affiliations and titles of
individuals who can verify an individual's need for access to a
Treasury IT resource and validate their identity before access is
granted.
Records on access to Treasury computers and networks
including user IDs and passwords;
Registration numbers or IDs associated with Treasury
information technology resources;
Date and time of access to Treasury IT resources;
Tax returns and tax return information;
Logs of activity when accessing and using Treasury
information technology resources;
Internet Protocol address of visitors to Treasury websites
(a unique number identifying the computer from which a member of the
public or others access Treasury IT resources); and
Logs of individuals' internet activity while using
Treasury IT resources.
RECORD SOURCE CATEGORIES:
Information contained in this system is obtained from affected
individuals, organizations, and facilities; public source data; other
government agencies; and information already in other Treasury records
systems.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
Disclosure of tax returns and tax return information may be made
only as allowed by 26 U.S.C. 6103. In addition to those disclosures
generally permitted under 5 U.S.C. 552a (b) of the Privacy Act, all or
a portion of the records or information contained in this system may be
disclosed outside Treasury as a routine use pursuant to 5 U.S.C. 552a
(b) (3), as follows:
A. To the Department of Justice (including United States Attorneys'
Offices) or other federal agencies conducting litigation or in
proceedings before any court or adjudicative or administrative body,
when it is relevant or necessary to the litigation and one of the
following is a party to the litigation or has an interest in such
litigation:
1. Treasury or any component thereof;
2. Any employee of Treasury in his/her official capacity;
3. Any employee of Treasury in his/her individual capacity where
the Department of Justice or Treasury has agreed to represent the
employee; or
4. The United States or any agency thereof.
B. To a congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of the individual to whom the record pertains.
C. To the National Archives and Records Administration or General
Services Administration pursuant to records management inspections
being conducted under the authority of 44 U.S.C. 2904 and 2906.
D. To an agency or organization for the purpose of performing audit
or oversight operations as authorized by law, but only such information
as is necessary and relevant to such audit or oversight function.
E. To appropriate agencies, entities, and persons when:
1. Treasury suspects or has confirmed that the security or
confidentiality of information in the system of records has been
compromised;
2. The disclosure made to such agencies, entities, and persons as
is reasonably necessary to assist in connection with Treasury's efforts
to respond to the suspected or confirmed compromise and prevent,
minimize, or remedy such harm.
F. To contractors and their agents, grantees, experts, consultants,
fiscal agent, financial agents, and others performing or working on a
contract, service, grant, cooperative agreement, or other assignment
for Treasury, when necessary to accomplish an agency function related
to this system of records. Individuals provided information under this
routine use are subject to the same Privacy Act requirements and
limitations on
[[Page 73355]]
disclosure as are applicable to Treasury officers and employees.
G. To an appropriate federal, state, tribal, local, international,
or foreign law enforcement agency or other appropriate authority
charged with investigating or prosecuting a violation or enforcing or
implementing a law, rule, regulation, or order, where a record, either
on its face or in conjunction with other information, indicates a
violation or potential violation of law, which includes criminal,
civil, or regulatory violations and such disclosure is proper and
consistent with the official duties of the person making the
disclosure.
H. To sponsors, employers, contractors, facility operators,
grantees, experts, fiscal agents, financial agents, and consultants in
connection with establishing an access account for an individual or
maintaining appropriate points of contact and when necessary to
accomplish a Treasury mission function or objective related to this
system of records.
I. To other individuals in the same operational program supported
by an information technology resource, where appropriate notice to the
individual has been made that his or her contact information will be
shared with other members of the same operational program in order to
facilitate collaboration.
J. To federal agencies such as the Office of Personnel Management,
the Merit Systems Protection Board, the Office of Management and
Budget, the Federal Labor Relations Authority, the Government
Accountability Office, and the Equal Employment Opportunity Commission
in the fulfillment of these agencies' official duties.
K. To international, federal, state, local, tribal, or private
entities for the purpose of the regular exchange of business contact
information in order to facilitate collaboration for official business.
L. To the news media and the public, with the approval of the
Senior Agency Official for Privacy, or her designee, in consultation
with counsel, when there exists a legitimate public interest in the
disclosure of the information or when disclosure is necessary to
preserve confidence in the integrity of Treasury or is necessary to
demonstrate the accountability of Treasury's officers, employees, or
individuals covered by the system, except to the extent it is
determined that release of the specific information in the context of a
particular case would constitute an unwarranted invasion of personal
privacy.
M. To appropriate agencies, entities, and persons when (1) the
Department of the Treasury and/or Treasury bureau suspects or has
confirmed that there has been a breach of the system of records; (2)
the Department of the Treasury and/or Treasury bureau has determined
that as a result of the suspected or confirmed breach there is a risk
of harm to individuals, the Department of the Treasury and/or Treasury
bureau(s) (including its information systems, programs, and
operations), the Federal Government, or national security; and (3) the
disclosure made to such agencies, entities, and persons is reasonably
necessary to assist in connection with the Department of the Treasury's
and/or Treasury bureau's efforts to respond to the suspected or
confirmed breach or to prevent, minimize, or remedy such harm;
N. To another Federal agency or Federal entity, when the Department
of the Treasury and/or Treasury bureau determines that information from
this system of records is reasonably necessary to assist the recipient
agency or entity in (1) responding to a suspected or confirmed breach
or (2) preventing, minimizing, or remedying the risk of harm to
individuals, the recipient agency or entity (including its information
systems, programs, and operations), the Federal Government, or national
security, resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records in this system are on paper and/or in digital or other
electronic form. Digital and other electronic images are stored on a
storage area network in a secured environment. Records, whether paper
or electronic, may be stored at the Treasury Headquarters or at the
bureau or office level.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records may be retrieved by an identification number assigned by
computer, by facility, by business affiliation, email address, or by
the name of the individual, or other employee data fields previously
identified in this System of Records Notice.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are securely retained and disposed of in accordance with
the National Archives and Records Administration's General Records
Schedule 24, section 6, ``User Identification, Profiles,
Authorizations, and Password Files.'' Inactive records will be
destroyed or deleted 6 years after the user account is terminated or
password is altered, or when no longer needed for investigative or
security purposes, whichever is later.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Information in this system is safeguarded in accordance with
applicable laws, rules, and policies, including Treasury Directive 85-
01, Department of the Treasury Information Technology (IT) Security
Program. Further, Treasury .015--General Information Technology Access
Account Records system of records security protocols will meet multiple
National Institute of Standards and Technology security standards from
authentication to certification and authorization. Records in the
Treasury .015--General Information Technology Access Account Records
system of records will be maintained in a secure, password protected
electronic system that will utilize security hardware and software to
include: Multiple firewalls, active intruder detection, and role-based
access controls. Additional safeguards will vary by component and
program. All records are protected from unauthorized access through
appropriate administrative, physical, and technical safeguards. These
safeguards include restricting access to authorized personnel who have
a ``need to know,'' using locks, and password protection identification
features. Treasury file areas are locked after normal duty hours and
the facilities are protected by security personnel who monitor access
to and egress from Treasury facilities.
RECORD ACCESS PROCEDURES:
See ``Notification Procedures'' below.
CONTESTING RECORD PROCEDURES:
See ``Notification Procedures'' below.
NOTIFICATION PROCEDURES:
Individuals seeking notification of and access to any record
contained in this system of records, or seeking to contest its content,
may submit a request in writing, in accordance with Treasury's Privacy
Act regulations (located at 31 CFR 1.26), to the Freedom of Information
Act (FOIA) and Transparency Liaison, whose contact information can be
found at https://www.treasury.gov/FOIA/Pages/index.aspx under ``FOIA
Requester Service Centers and FOIA Liaison.'' If an individual believes
more than one bureau maintains Privacy Act records concerning him or
her, the individual may submit the request to the Office of Privacy,
Transparency, and Records, FOIA and Transparency, Department of
[[Page 73356]]
the Treasury, 1500 Pennsylvania Ave. NW, Washington, DC 20220.
No specific form is required, but a request must be written and:
Be signed and either notarized or submitted under 28
U.S.C. 1746, a law that permits statements to be made under penalty of
perjury as a substitute for notarization;
State that the request is made pursuant to the FOIA and/or
Privacy Act disclosure regulations;
Include information that will enable the processing office
to determine the fee category of the user;
Addressed to the bureau that maintains the record (in
order for a request to be properly received by the Department, the
request must be received in the appropriate bureau's disclosure
office);
Reasonably describe the records;
Give the address where the determination letter is to be
sent;
State whether or not the requester wishes to inspect the
records or have a copy made without first inspecting them; and
Include a firm agreement from the requester to pay fees
for search, duplication, or review, as appropriate. In the absence of a
firm agreement to pay, the requester may submit a request for a waiver
or reduction of fees, along with justification of how such a waiver
request meets the criteria for a waiver or reduction of fees found in
the FOIA statute at 5 U.S.C. 552(a)(4)(A)(iii).
You may also submit your request online at https://rdgw.treasury.gov/foia/pages/gofoia.aspx and call 1-202-622-0930 with
questions.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
Notice of this system of records was last published in full in the
Federal Register on November 7, 2016 (81 FR 78266) as the Department of
the Treasury .015--General Information Technology Access Account
Records
[FR Doc. 2020-25298 Filed 11-16-20; 8:45 am]
BILLING CODE 4810-25-P
