Privacy Act of 1974; System of Records, 36851-36853 [2024-09698]
Download as PDF
<![CDATA[
Federal Register / Vol. 89, No. 87 / Friday, May 3, 2024 / Notices
• Enhancing mapping and spatial AI
for real-time automation and navigation
across all modes, as well as for
infrastructure design, maintenance, and
repair,
• AI-based robotic repair and
repurposing of pipeline infrastructure,
and
• AI-enhanced robotic mapping of
sub-surface infrastructure and utilities
for safe, efficient, and cost-effective ‘‘dig
once’’ construction.
Specific Questions
This RFI seeks information that will
assist ARPA–I and the U.S. Department
of Transportation in carrying out
responsibilities under section 8 (c)(iii)
of E.O. 14110, as noted above.
DOT is providing the following
specific questions to prompt feedback
and comments. DOT encourages public
comment on any of these questions and
seeks any other information commenters
believe is relevant.
DOT is requesting information from
all interested entities and stakeholders,
including innovators and technology
developers, researchers and universities,
transportation system and infrastructure
owners and operators, transportationfocused groups, organizations and
associations, and the public. Where
appropriate, responses should include
discussion of real-world applications
and actual examples of AI technologies,
tools, and methods currently being used
or contemplated for future use in the
transportation and mobility domain.
DOT is interested in receiving
succinct and relevant responses to some
or all of the following questions,
keeping in mind the current efforts and
potential use cases as described above:
lotter on DSK11XQN23PROD with NOTICES1
Question 1: Current AI Applications in
Transportation
What are the relevant current or nearterm applications of AI in
transportation? If applicable, describe
the mode(s) of transportation that these
applications cover, referencing DOT’s
stated priorities (including safety,
climate and sustainability, equity,
economic strength and global
competitiveness, and transformation)
that these applications support.
Question 2: Opportunities of AI in
Transportation
What are the future potential
opportunities in transportation that AI
can facilitate? Describe the mode(s) of
transportation that these opportunities
cover, referencing DOT’s stated
priorities (including safety, climate and
sustainability, equity, economic strength
and global competitiveness, and
transformation) as appropriate.
VerDate Sep<11>2014
18:11 May 02, 2024
Jkt 262001
Question 3: Challenges of AI in
Transportation
What are the current or future
challenges of AI in transportation,
including risks presented by the use of
AI in transportation and potential
barriers to its responsible adoption?
Describe the mode(s) of transportation
that these challenges cover, referencing
DOT’s stated priorities (including safety,
climate and sustainability, equity,
economic strength and global
competitiveness, and transformation) as
appropriate.
Question 4: Autonomous Mobility
Ecosystems
What are the opportunities,
challenges, and risks of AI related to
autonomous mobility ecosystems,
including software-defined AI
enhancements? Describe how AI can
responsibly facilitate autonomous
mobility, including specifically safety
considerations.
Question 5: Other Considerations in the
Development of AI for Transportation
Comment on any other considerations
relevant to the development, challenges,
and opportunities of AI in
transportation that have not been
included in the questions above. These
considerations may include ones such
as potential priorities in transportationspecific future AI R&D funding, access
to transportation datasets, the
development of AI testbeds, physical
and digital infrastructure needs and
requirements, and workforce training
and education.
Confidential Business Information
Do not submit information disclosure
of which is restricted by statute, such as
trade secrets and commercial or
financial information (hereinafter
referred to as Confidential Business
Information ‘‘CBI’’) to Regulations.gov.
Comments submitted through
Regulations.gov cannot be claimed as
CBI. Comments received through the
website will waive any CBI claims for
the information submitted.
Issued in Washington, DC, on April 26,
2024.
Robert C. Hampshire,
Principal Deputy Assistant Secretary for
Research and Technology and Chief Science
Officer.
[FR Doc. 2024–09645 Filed 5–2–24; 8:45 am]
BILLING CODE 4910–9X–P
PO 00000
Frm 00103
Fmt 4703
Sfmt 4703
36851
DEPARTMENT OF THE TREASURY
Privacy Act of 1974; System of
Records
Internal Revenue Service,
Department of the Treasury.
ACTION: Notice of a new system of
records.
AGENCY:
In accordance with the
Privacy Act of 1974, as amended
(Privacy Act), the Department of the
Treasury, Internal Revenue Service
(IRS), proposes to establish a new
system of records entitled, ‘‘Treasury/
IRS 34.018, Insider Risk Management
Records,’’ within its inventory of
records systems subject to the Privacy
Act. The IRS will use this system to
identify potential threats to IRS
resources and information assets and
facilitate management of insider threat
investigations, complaints, inquiries,
and counterintelligence threat detection
activities. An ‘‘insider’’ is defined to
include current and former employees,
contractors, interns, visitors, and any
other individuals who have or who had
persistent authorized access to IRS
assets including any IRS facility,
information, equipment, network, or
system. An ‘‘insider threat’’ is the threat
that an insider will use his or her
authorized access, wittingly or
unwittingly, to do harm to the IRS
mission, resources, personnel, facilities,
information, equipment, networks, or
systems.
SUMMARY:
Comments must be received no
later than June 3, 2024. This new system
of records will be effective upon
publication in the Federal Register
unless the IRS receives comments
which would result in a contrary
determination. The routine uses will be
effective on June 3, 2024. The IRS
invites written comments on the routine
uses and other aspects of this system of
records prior to the proposed effective
date.
DATES:
Comments may be
submitted to the Federal eRulemaking
Portal electronically at https://
www.regulations.gov identified by
docket number TREAS–DO–2024–0003.
Comments can also be sent to the
Deputy Assistant Secretary for Privacy,
Transparency, and Records, Department
of the Treasury, 1500 Pennsylvania
Avenue NW, Washington, DC 20220,
Attention: New Privacy Act Systems of
Records. All comments received,
including attachments and other
supporting documents, are part of the
public record and subject to public
disclosure. All comments received will
be posted without change to
ADDRESSES:
E:\FR\FM\03MYN1.SGM
03MYN1
36852
Federal Register / Vol. 89, No. 87 / Friday, May 3, 2024 / Notices
www.regulations.gov, including any
personal information provided. You
should submit only information that
you wish to make publicly available.
Dated: February 13, 2024.
Ryan Law,
Deputy Assistant Secretary for Privacy,
Transparency, and Records.
FOR FURTHER INFORMATION CONTACT:
SYSTEM NAME AND NUMBER:
Kathleen Walters, Chief Risk Officer,
Internal Revenue Service, Office of the
Chief Risk Officer, Enterprise Risk
Management, 1111 Constitution Ave
NW, Washington, DC 20224–0002;
enterprise.risk.mgt@irs.gov, telephone:
(801) 612–4815.
Insider Risk Management Records.
Treasury/IRS 34.018.
The IRS
has long-standing processes, controls,
and systems in place to meet legal and
regulatory guidance to protect agency
assets including personnel, facilities,
information systems, equipment, and
data. To better protect these resources,
the Department of Treasury established
an Insider Risk Management Office,
under Treasury Directive 15–70, to
implement and maintain a holistic,
proactive, and risk-based program to
effectively deter, detect, and mitigate
the risks associated with insider actions
or behaviors, while protecting the
privacy and civil liberties of insiders
through supporting policies,
procedures, and standards. The IRS
established a subordinate Insider Risk
Management Program, which consists of
a Program Management Office,
Executive Steering Committee and
Working Group governance boards, and
coordinated Insider Risk Management
incident response operations. The
Insider Risk Management program
collaborates with business unit
representatives to perform a
comprehensive risk assessment, aiding
business units in their risk prioritization
efforts.
This established system will be
included in Treasury’s inventory of
record systems. Below is the description
of the Treasury/IRS 34.018, Insider Risk
Management Records System of
Records.
Treasury has provided a report of this
system of records to the Committee on
Oversight and Government Reform of
the House of Representatives, the
Committee on Homeland Security and
Governmental Affairs of the Senate, and
the Office of Management and Budget
(OMB), pursuant to 5 U.S.C. 552a(r) and
OMB Circular A–108, ‘‘Federal Agency
Responsibilities for Review, Reporting,
and Publication under the Privacy Act,’’
dated December 23, 2016.
The system of records entitled
‘‘Treasury/IRS 34.018, Insider Risk
Management Records’’ is published in
its entirety below.
lotter on DSK11XQN23PROD with NOTICES1
SUPPLEMENTARY INFORMATION:
VerDate Sep<11>2014
18:11 May 02, 2024
Jkt 262001
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Enterprise Risk Management, Internal
Revenue Service, 1111 Constitution Ave
NW, Washington, DC 20224–0002.
SYSTEM MANAGER(S):
Chief Risk Officer, Internal Revenue
Service, 1111 Constitution Ave NW,
Washington, DC 20224–0002.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 301, Departmental
Regulations; 26 U.S.C. 7801, Authority
of Department of the Treasury; 26 U.S.C
7803, Commissioner of Internal
Revenue, other officials; 18 U.S.C.
1030(a)(2)(B), Fraud and Related
Activity in Connection with Computers;
44 U.S.C. 3101, Records Management by
Agency Heads; General Duties; 44
U.S.C. 3551 to 3558, Federal
Information Security Modernization Act
of 2014; 28 U.S.C 535, Investigation of
Crimes Involving Government Officers
and Employees; Limitations; Treasury
Order 105–20: Insider Threat Program;
Treasury Order 105–22: Delegation of
Authorities Concerning the Treasury
Operations Security Program; Treasury
Directive 15–70: Delegation of Treasury
Counterintelligence and Insider Threat
Functions and Programs.
PURPOSE(S) OF THE SYSTEM:
The purpose of this system is to
maintain, analyze, and process records
about insider risks to support holistic
security analysis, case management, and
incident response activities in the
administration of the IRS Insider Risk
Management Program.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
(1) Current and former employees,
contractors, interns, visitors, and any
other individuals who have or who had
persistent authorized access to IRS
assets including any IRS facility,
information, equipment, network, or
system.
(2) Individuals who are, or have been,
temporarily authorized to perform,
provide, or use services in IRS facilities
(either on an ongoing or occasional
basis), including, but not limited to,
visitors, security personnel, custodial
staff, maintenance workers, food service
PO 00000
Frm 00104
Fmt 4703
Sfmt 4703
workers, employee assistance program
staff, and other non-IRS employees with
access to IRS assets; witnesses and other
individuals who provide statements or
information to the IRS related to an
insider threat inquiry.
CATEGORIES OF RECORDS IN THE SYSTEM:
Records about individuals reported to
exhibit behaviors requiring analysis and
consideration by Holistic Insider Risk
Management’s Hub Operations team as
a result of exceeded risk tolerance; IRS
security investigations, including
authorized IT Security, Physical
Security, and Personnel Security risk
scoring; information systems security
analysis and logs; determinations
derived from information obtained in
other systems; information potentially
relevant to conducting insider risk
management. These records include the
results of the analysis and explanations
of any responsive actions.
RECORDS SOURCE CATEGORIES:
IRS internal personnel and security
records, external law enforcement
agencies, Federal Counterintelligence
and Security agencies, third party
witnesses, public and social media,
complainants, and informants.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
Disclosure of returns and return
information may be made only as
provided by 26 U.S.C. 6103. Material
covered by rule 6(e) of the Federal Rules
of Criminal Procedure may be disclosed
only as permitted by that rule. All other
records may be used as described below
if the IRS deems that the purpose of the
disclosure is compatible with the
purpose for which the IRS collected the
records, and no privilege is asserted.
(1) Disclose information to the
Department of Justice (DOJ) when
seeking legal advice or for use in any
proceeding, or in preparation for any
proceeding, when: (a) The IRS or any
component thereof; (b) any IRS
employee in their official capacity; (c)
any IRS employee in their individual
capacity if the IRS or DOJ has agreed to
provide representation for the
employee; or (d) the United States is a
party to, has an interest in, or is likely
to be affected by, the proceeding and the
IRS determines that the records are
relevant and necessary to the
proceeding or advice sought.
(2) Disclose information in a
proceeding (including discovery) before
a court, administrative tribunal, or other
adjudicative body when: (a) the IRS or
any component thereof; (b) any IRS
employee in their official capacity; (c)
E:\FR\FM\03MYN1.SGM
03MYN1
lotter on DSK11XQN23PROD with NOTICES1
Federal Register / Vol. 89, No. 87 / Friday, May 3, 2024 / Notices
any IRS employee in their personal
capacity if the IRS or DOJ has agreed to
provide representation for the
employee; or (d) the United States is a
party to, has an interest in, or is likely
to be affected by, the proceeding and the
IRS or DOJ determines that the
information is relevant and necessary to
the proceeding. Information may be
disclosed to the adjudicative body to
resolve issues of relevancy, necessity, or
privilege pertaining to the information.
(3) Disclose information to an
appropriate Federal, state, local, tribal,
or foreign agency, or other public
authority, responsible for implementing
or enforcing, or for investigating or
prosecuting the violation of, a statute,
rule, regulation, order, or license, when
a record on its face, or in conjunction
with other records, indicates a potential
violation of law or regulation and the
information disclosed is relevant to any
regulatory, enforcement, investigative,
or prosecutorial responsibility of the
receiving authority.
(4) Disclose information to officials of
labor organizations recognized under 5
U.S.C. Chapter 71 when relevant and
necessary to their duties of exclusive
representation.
(5) Disclose information to third
parties during the course of an
investigation to the extent necessary to
obtain information pertinent to the
investigation.
(6) Disclose information to a
contractor or service provider, including
an expert witness or a consultant, hired
by the IRS, to the extent necessary for
the performance of a contract.
(7) Disclose information to the news
media as described in the IRS Policy
Statement 11–94 (formerly P–1–183),
News Coverage to Advance Deterrent
Value of Enforcement Activities
Encouraged, IRM 1.2.1.11.9.
(8) Disclose information to
professional organizations or
associations with which individuals
covered by this system of records may
be affiliated, such as state bar
disciplinary authorities, to meet their
responsibilities in connection with the
administration and maintenance of
standards of conduct and discipline.
(9) Disclose information to a Federal,
state, local, or tribal agency, or other
public authority, which has requested
information relevant or necessary to
hiring or retaining an employee, or
issuing or continuing a security
clearance, license, contract, grant or
other benefit.
(10) To appropriate agencies, entities,
and persons when (1) the Department of
the Treasury or IRS suspects or has
confirmed that there has been a breach
of the system of records; (2) the
VerDate Sep<11>2014
18:11 May 02, 2024
Jkt 262001
Department of the Treasury or IRS has
determined that as a result of the
suspected or confirmed breach there is
a risk of harm to individuals, the
Department of the Treasury and/or
Treasury bureau(s) (including
information systems, programs, and
operations), the Federal Government, or
national security; and (3) the disclosure
made to such agencies, entities, and
persons is reasonably necessary to assist
in connection with the Department of
the Treasury’s or IRS efforts to respond
to the suspected or confirmed breach or
to prevent, minimize, or remedy such
harm;
(11) To another Federal agency or
Federal entity, when the Department of
the Treasury or IRS determines that
information from this system of records
is reasonably necessary to assist the
recipient agency or entity in (1)
responding to a suspected or confirmed
breach or (2) preventing, minimizing, or
remedying the risk of harm to
individuals, the recipient agency or
entity (including information systems,
programs, and operations), the Federal
Government, or national security,
resulting from a suspected or confirmed
breach.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
Paper records and electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
By name, Social Security Number
(SSN), access/security badge number,
obfuscated system-generated identifier
and other electronic identification
numbers, date of birth, phone number,
and other unique individual identifiers.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
Records are maintained in accordance
with IRM 1.15, Records and Information
Management (also see Documents 12829
and 12990).
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
Role based access controls are not less
than those published in IRM 10.8,
Information Technology (IT) Security,
IRM 10.2, Physical Security Program,
and IRM 10.5, Privacy and Information
Protection.
RECORDS ACCESS PROCEDURES:
See ‘‘Notification Procedures’’ below.
CONTESTING RECORDS PROCEDURES:
See ‘‘Notification Procedures’’ below.
NOTIFICATION PROCEDURES:
This system may not be accessed for
purposes of determining whether the
PO 00000
Frm 00105
Fmt 4703
Sfmt 4703
36853
system contains a record pertaining to a
particular individual; the records are
exempt under 5 U.S.C. 552a(k)(2) and
(k)(5).
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
Records maintained in this system
haves been designated exempt from
sections (c)(3), (d), (e)(1), (e)(4)(G)–(I),
and (f) of the Privacy Act, pursuant to
5 U.S.C. 552a(k)(2) and (k)(5) (See 31
CFR 1.36).
HISTORY:
None.
[FR Doc. 2024–09698 Filed 5–2–24; 8:45 am]
BILLING CODE 4810–AK–P
UNITED STATES SENTENCING
COMMISSION
Sentencing Guidelines for United
States Courts
United States Sentencing
Commission.
ACTION: Notice of submission to
Congress of amendments to the
sentencing guidelines effective
November 1, 2024, and request for
comment.
AGENCY:
The United States Sentencing
Commission hereby gives notice that the
Commission has promulgated
amendments to the sentencing
guidelines, policy statements,
commentary, and statutory index; and
the Commission requests comment
regarding whether it should include in
the Guidelines Manual as changes that
may be applied retroactively to
previously sentenced defendants any or
all of the following amendments:
Amendment 1; Part A of Amendment 3;
Part B of Amendment 3; and Part D of
Amendment 5. This notice sets forth the
text of the amendments and the reason
for each amendment, and the request for
comment regarding possible retroactive
application of the amendments listed
above.
SUMMARY:
Effective Date of Amendments.
The Commission has specified an
effective date of November 1, 2024, for
the amendments set forth in this notice.
Written Public Comment. Written
public comment regarding possible
retroactive application of Amendment 1,
Part A of Amendment 3, Part B of
Amendment 3, and Part D of
Amendment 5, should be received by
the Commission not later than June 21,
2024. Written reply comments, which
may only respond to issues raised
during the original comment period,
should be received by the Commission
not later than July 22, 2024. Any public
DATES:
E:\FR\FM\03MYN1.SGM
03MYN1
]]>Agencies
[Federal Register Volume 89, Number 87 (Friday, May 3, 2024)]
[Notices]
[Pages 36851-36853]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-09698]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Privacy Act of 1974; System of Records
AGENCY: Internal Revenue Service, Department of the Treasury.
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the Privacy Act of 1974, as amended
(Privacy Act), the Department of the Treasury, Internal Revenue Service
(IRS), proposes to establish a new system of records entitled,
``Treasury/IRS 34.018, Insider Risk Management Records,'' within its
inventory of records systems subject to the Privacy Act. The IRS will
use this system to identify potential threats to IRS resources and
information assets and facilitate management of insider threat
investigations, complaints, inquiries, and counterintelligence threat
detection activities. An ``insider'' is defined to include current and
former employees, contractors, interns, visitors, and any other
individuals who have or who had persistent authorized access to IRS
assets including any IRS facility, information, equipment, network, or
system. An ``insider threat'' is the threat that an insider will use
his or her authorized access, wittingly or unwittingly, to do harm to
the IRS mission, resources, personnel, facilities, information,
equipment, networks, or systems.
DATES: Comments must be received no later than June 3, 2024. This new
system of records will be effective upon publication in the Federal
Register unless the IRS receives comments which would result in a
contrary determination. The routine uses will be effective on June 3,
2024. The IRS invites written comments on the routine uses and other
aspects of this system of records prior to the proposed effective date.
ADDRESSES: Comments may be submitted to the Federal eRulemaking Portal
electronically at https://www.regulations.gov identified by docket
number TREAS-DO-2024-0003. Comments can also be sent to the Deputy
Assistant Secretary for Privacy, Transparency, and Records, Department
of the Treasury, 1500 Pennsylvania Avenue NW, Washington, DC 20220,
Attention: New Privacy Act Systems of Records. All comments received,
including attachments and other supporting documents, are part of the
public record and subject to public disclosure. All comments received
will be posted without change to
[[Page 36852]]
www.regulations.gov, including any personal information provided. You
should submit only information that you wish to make publicly
available.
FOR FURTHER INFORMATION CONTACT: Kathleen Walters, Chief Risk Officer,
Internal Revenue Service, Office of the Chief Risk Officer, Enterprise
Risk Management, 1111 Constitution Ave NW, Washington, DC 20224-0002;
[email protected], telephone: (801) 612-4815.
SUPPLEMENTARY INFORMATION: The IRS has long-standing processes,
controls, and systems in place to meet legal and regulatory guidance to
protect agency assets including personnel, facilities, information
systems, equipment, and data. To better protect these resources, the
Department of Treasury established an Insider Risk Management Office,
under Treasury Directive 15-70, to implement and maintain a holistic,
proactive, and risk-based program to effectively deter, detect, and
mitigate the risks associated with insider actions or behaviors, while
protecting the privacy and civil liberties of insiders through
supporting policies, procedures, and standards. The IRS established a
subordinate Insider Risk Management Program, which consists of a
Program Management Office, Executive Steering Committee and Working
Group governance boards, and coordinated Insider Risk Management
incident response operations. The Insider Risk Management program
collaborates with business unit representatives to perform a
comprehensive risk assessment, aiding business units in their risk
prioritization efforts.
This established system will be included in Treasury's inventory of
record systems. Below is the description of the Treasury/IRS 34.018,
Insider Risk Management Records System of Records.
Treasury has provided a report of this system of records to the
Committee on Oversight and Government Reform of the House of
Representatives, the Committee on Homeland Security and Governmental
Affairs of the Senate, and the Office of Management and Budget (OMB),
pursuant to 5 U.S.C. 552a(r) and OMB Circular A-108, ``Federal Agency
Responsibilities for Review, Reporting, and Publication under the
Privacy Act,'' dated December 23, 2016.
The system of records entitled ``Treasury/IRS 34.018, Insider Risk
Management Records'' is published in its entirety below.
Dated: February 13, 2024.
Ryan Law,
Deputy Assistant Secretary for Privacy, Transparency, and Records.
SYSTEM NAME AND NUMBER:
Insider Risk Management Records. Treasury/IRS 34.018.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Enterprise Risk Management, Internal Revenue Service, 1111
Constitution Ave NW, Washington, DC 20224-0002.
SYSTEM MANAGER(S):
Chief Risk Officer, Internal Revenue Service, 1111 Constitution Ave
NW, Washington, DC 20224-0002.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 301, Departmental Regulations; 26 U.S.C. 7801, Authority
of Department of the Treasury; 26 U.S.C 7803, Commissioner of Internal
Revenue, other officials; 18 U.S.C. 1030(a)(2)(B), Fraud and Related
Activity in Connection with Computers; 44 U.S.C. 3101, Records
Management by Agency Heads; General Duties; 44 U.S.C. 3551 to 3558,
Federal Information Security Modernization Act of 2014; 28 U.S.C 535,
Investigation of Crimes Involving Government Officers and Employees;
Limitations; Treasury Order 105-20: Insider Threat Program; Treasury
Order 105-22: Delegation of Authorities Concerning the Treasury
Operations Security Program; Treasury Directive 15-70: Delegation of
Treasury Counterintelligence and Insider Threat Functions and Programs.
PURPOSE(S) OF THE SYSTEM:
The purpose of this system is to maintain, analyze, and process
records about insider risks to support holistic security analysis, case
management, and incident response activities in the administration of
the IRS Insider Risk Management Program.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
(1) Current and former employees, contractors, interns, visitors,
and any other individuals who have or who had persistent authorized
access to IRS assets including any IRS facility, information,
equipment, network, or system.
(2) Individuals who are, or have been, temporarily authorized to
perform, provide, or use services in IRS facilities (either on an
ongoing or occasional basis), including, but not limited to, visitors,
security personnel, custodial staff, maintenance workers, food service
workers, employee assistance program staff, and other non-IRS employees
with access to IRS assets; witnesses and other individuals who provide
statements or information to the IRS related to an insider threat
inquiry.
CATEGORIES OF RECORDS IN THE SYSTEM:
Records about individuals reported to exhibit behaviors requiring
analysis and consideration by Holistic Insider Risk Management's Hub
Operations team as a result of exceeded risk tolerance; IRS security
investigations, including authorized IT Security, Physical Security,
and Personnel Security risk scoring; information systems security
analysis and logs; determinations derived from information obtained in
other systems; information potentially relevant to conducting insider
risk management. These records include the results of the analysis and
explanations of any responsive actions.
RECORDS SOURCE CATEGORIES:
IRS internal personnel and security records, external law
enforcement agencies, Federal Counterintelligence and Security
agencies, third party witnesses, public and social media, complainants,
and informants.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
Disclosure of returns and return information may be made only as
provided by 26 U.S.C. 6103. Material covered by rule 6(e) of the
Federal Rules of Criminal Procedure may be disclosed only as permitted
by that rule. All other records may be used as described below if the
IRS deems that the purpose of the disclosure is compatible with the
purpose for which the IRS collected the records, and no privilege is
asserted.
(1) Disclose information to the Department of Justice (DOJ) when
seeking legal advice or for use in any proceeding, or in preparation
for any proceeding, when: (a) The IRS or any component thereof; (b) any
IRS employee in their official capacity; (c) any IRS employee in their
individual capacity if the IRS or DOJ has agreed to provide
representation for the employee; or (d) the United States is a party
to, has an interest in, or is likely to be affected by, the proceeding
and the IRS determines that the records are relevant and necessary to
the proceeding or advice sought.
(2) Disclose information in a proceeding (including discovery)
before a court, administrative tribunal, or other adjudicative body
when: (a) the IRS or any component thereof; (b) any IRS employee in
their official capacity; (c)
[[Page 36853]]
any IRS employee in their personal capacity if the IRS or DOJ has
agreed to provide representation for the employee; or (d) the United
States is a party to, has an interest in, or is likely to be affected
by, the proceeding and the IRS or DOJ determines that the information
is relevant and necessary to the proceeding. Information may be
disclosed to the adjudicative body to resolve issues of relevancy,
necessity, or privilege pertaining to the information.
(3) Disclose information to an appropriate Federal, state, local,
tribal, or foreign agency, or other public authority, responsible for
implementing or enforcing, or for investigating or prosecuting the
violation of, a statute, rule, regulation, order, or license, when a
record on its face, or in conjunction with other records, indicates a
potential violation of law or regulation and the information disclosed
is relevant to any regulatory, enforcement, investigative, or
prosecutorial responsibility of the receiving authority.
(4) Disclose information to officials of labor organizations
recognized under 5 U.S.C. Chapter 71 when relevant and necessary to
their duties of exclusive representation.
(5) Disclose information to third parties during the course of an
investigation to the extent necessary to obtain information pertinent
to the investigation.
(6) Disclose information to a contractor or service provider,
including an expert witness or a consultant, hired by the IRS, to the
extent necessary for the performance of a contract.
(7) Disclose information to the news media as described in the IRS
Policy Statement 11-94 (formerly P-1-183), News Coverage to Advance
Deterrent Value of Enforcement Activities Encouraged, IRM 1.2.1.11.9.
(8) Disclose information to professional organizations or
associations with which individuals covered by this system of records
may be affiliated, such as state bar disciplinary authorities, to meet
their responsibilities in connection with the administration and
maintenance of standards of conduct and discipline.
(9) Disclose information to a Federal, state, local, or tribal
agency, or other public authority, which has requested information
relevant or necessary to hiring or retaining an employee, or issuing or
continuing a security clearance, license, contract, grant or other
benefit.
(10) To appropriate agencies, entities, and persons when (1) the
Department of the Treasury or IRS suspects or has confirmed that there
has been a breach of the system of records; (2) the Department of the
Treasury or IRS has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, the Department
of the Treasury and/or Treasury bureau(s) (including information
systems, programs, and operations), the Federal Government, or national
security; and (3) the disclosure made to such agencies, entities, and
persons is reasonably necessary to assist in connection with the
Department of the Treasury's or IRS efforts to respond to the suspected
or confirmed breach or to prevent, minimize, or remedy such harm;
(11) To another Federal agency or Federal entity, when the
Department of the Treasury or IRS determines that information from this
system of records is reasonably necessary to assist the recipient
agency or entity in (1) responding to a suspected or confirmed breach
or (2) preventing, minimizing, or remedying the risk of harm to
individuals, the recipient agency or entity (including information
systems, programs, and operations), the Federal Government, or national
security, resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Paper records and electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
By name, Social Security Number (SSN), access/security badge
number, obfuscated system-generated identifier and other electronic
identification numbers, date of birth, phone number, and other unique
individual identifiers.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are maintained in accordance with IRM 1.15, Records and
Information Management (also see Documents 12829 and 12990).
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Role based access controls are not less than those published in IRM
10.8, Information Technology (IT) Security, IRM 10.2, Physical Security
Program, and IRM 10.5, Privacy and Information Protection.
RECORDS ACCESS PROCEDURES:
See ``Notification Procedures'' below.
CONTESTING RECORDS PROCEDURES:
See ``Notification Procedures'' below.
NOTIFICATION PROCEDURES:
This system may not be accessed for purposes of determining whether
the system contains a record pertaining to a particular individual; the
records are exempt under 5 U.S.C. 552a(k)(2) and (k)(5).
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
Records maintained in this system haves been designated exempt from
sections (c)(3), (d), (e)(1), (e)(4)(G)-(I), and (f) of the Privacy
Act, pursuant to 5 U.S.C. 552a(k)(2) and (k)(5) (See 31 CFR 1.36).
HISTORY:
None.
[FR Doc. 2024-09698 Filed 5-2-24; 8:45 am]
BILLING CODE 4810-AK-P
