[Federal Register Volume 68, Number 23 (Tuesday, February 4, 2003)]
[Notices]
[Pages 5691-5695]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 03-2521]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Financial Management Service


Privacy Act of 1974, as Amended; System of Records

AGENCY: Financial Management Service, Treasury.

ACTION: Notice of proposed new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, as amended, the 
Financial Management Service gives notice of a proposed new Privacy Act 
system of records entitled ``Treasury/FMS .017--Collections Records.''

DATES: Comments must be received no later than March 6, 2003. The 
proposed new system of records will become effective March 17, 2003 
unless comments are received which would result in a contrary 
determination.

ADDRESSES: You should send your comments to Robert Spiegel, Disclosure 
Officer, Financial Management Service, 401 14th Street, SW., 
Washington, DC 20227. Comments received will be available for 
inspection at the same address between the hours of 9 a.m. and 4 p.m. 
Monday through Friday. You may send your comments by electronic mail to 
[email protected].

FOR FURTHER INFORMATION CONTACT: Robert Spiegel, Disclosure Officer, 
(202) 874-6837.

SUPPLEMENTARY INFORMATION: Pursuant to the Privacy Act of 1974, as 
amended, 5 U.S.C. 552a, the Financial Management Service (FMS) is 
proposing to establish a new system of records entitled ``Collection 
Records --Treasury/FMS .017.'' FMS collects more than $2 trillion in 
Federal receipts through a network of more than 10,000 financial 
institutions. It manages the collection of Federal receipts such as 
taxes, customs duties, loan repayments, fines, fees, and lease 
payments. Citizens and others make payments to the Federal government 
in a variety of ways. Many people mail a check to a post office box, 
known as a ``lockbox,'' which is managed by a financial institution as 
the financial agent of the Department of the Treasury. Some people pay 
over-the-counter for goods and services at the time of receipt of those 
goods or services. Others make payments electronically by credit card, 
debit card, or by authorizing the government to debit their bank 
account. FMS offers a variety of cost-efficient ways by which Federal 
agencies may collect receipts due from the public to the government 
while ensuring that information pertaining to such collections remains 
secure and confidential.
    FMS continually seeks to modernize the government collections 
program. Through its electronic money program, FMS is initiating new 
collection mechanisms using the Internet or other communications 
networks to help Federal agencies modernize their collection 
activities. For example, through an Internet site known as ``Pay.gov,'' 
a person can authorize a payment to the government via the Internet. 
Electronic Federal Tax Payment System, or ``EFTPS,'' allows taxpayers 
to authorize the payment of certain types of taxes on-line. In both 
cases, the payor submits information to a government Web site, which 
allows the government to debit the person's bank account or charge the 
person's credit card. The process used by the government and the 
information collected from payors is similar to how the private sector 
handles commercial

[[Page 5692]]

transactions over the Internet. Another type of electronic collection 
mechanism known as ``paper check conversion'' allows the government to 
convert a paper check to an Automated Clearing House (ACH) debit, that 
is, to an electronic debit of the payor's checking account, as is done 
in the private sector. With better technology, FMS expects to develop 
new collections vehicles in the future.
    FMS's electronic money programs are developed to efficiently 
facilitate the collection and reporting of receipts from the public in 
accordance with legal authorities. Simultaneously, FMS seeks to protect 
the government and the public from risks such as the unauthorized use 
of electronic payment methods, identity theft, and inadvertent 
disclosure of confidential information. The records covered by the 
proposed system are necessary not only to process financial 
transactions, but to authenticate the identity of someone 
electronically authorizing a payment to the government and to verify 
the payor's ability to make the payment authorized.
    Thus, the records are collected and maintained for three primary 
reasons. First, in order to process a payment electronically, a payor 
needs to submit his or her name and bank account or credit card account 
information. Without such information, FMS would not be able to process 
the payment as requested by the individual authorizing the payment.
    Second, to authenticate the identity of the person initiating the 
electronic transaction (i.e., user claiming to be ``John Doe'' is, in 
fact, ``John Doe''), FMS may, in some instances, require some or all of 
the following additional information from an individual: date of birth; 
driver's license number; employer's name, address and telephone number 
(currently, employer information is not mandatory); user name, 
password, and/or unique question and answer chosen by the person using 
the Internet to initiate the electronic transaction. The information 
collected and maintained for a particular transaction will depend upon 
the level of risk associated with the transaction. FMS will work with 
the Federal agency for which collections are being made to determine 
the financial risk associated with a transaction, as well as the risk 
of identity theft. For example, if an individual is paying an 
obligation, such as a student loan, an agency may need less information 
than in the case of someone purchasing goods from the government. The 
agency may determine there is a lower likelihood that someone would pay 
a bill fraudulently than there is that someone would purchase goods in 
a one-time non-recurring transaction with the government. This is not 
to minimize the amount of security associated with an electronic loan 
repayment process, which in any event will be stringent, but to note 
that less personal information may be needed in order to provide the 
degree of security required for a particular transaction type. FMS 
recognizes that security needs must always be balanced with privacy 
concerns, and therefore, seeks to limit personal information 
requirements to only what is needed to securely process transactions.
    Third, to verify the financial and other information provided by 
the person initiating the electronic transaction and to evaluate the 
payor's ability to make the payment authorized (for example, to verify 
the validity of the payor's credit card account information), FMS may 
compare information submitted with information available in FMS's 
electronic transaction historical database or commercial databases used 
for verification purposes, much like a store clerk determines whether 
someone paying by paper check has a history of writing bad checks. The 
ability to research historical transaction information will help 
eliminate the risk of fraudulent activity, such as the purchase of 
government products using an account with insufficient funds or using a 
stolen identity. By collecting and maintaining a certain amount of 
unique personal information about an individual who purchases goods 
from the government, FMS can help ensure that the individual's 
sensitive financial information will not be fraudulently accessed or 
used by anyone other than the individual.
    The authentication of identity and verification of account 
information is required under FMS's regulation governing Federal 
agencies' use of the ACH system (see 31 CFR part 210). Part 210, which 
incorporates the private sector rules governing ACH transactions, 
requires a debit to a consumer's account to be authorized in writing 
and signed or similarly authenticated. For the ``similarly 
authenticated'' standard to be met, the process of obtaining a 
consumer's authorization electronically must provide evidence of both 
the consumer's identity and his or her assent to the transaction. In 
addition, the rules governing ACH debits initiated over the Internet 
require that an agency employ a ``commercially reasonable fraudulent 
transaction detection system to screen each entry'' and use 
``commercially reasonable procedures to verify that (bank account) 
routing numbers are valid.'' An agency is required to retain a copy of 
each authorization for two years. The information collected and 
maintained for authentication and verification purposes is intended to 
assist agencies in meeting the requirements of part 210.
    In addition to the purposes cited above, the information contained 
in the covered records will be used for collateral purposes related to 
the processing of financial transactions, such as collection of 
statistical information on operations, development of computer systems, 
investigation of unauthorized or fraudulent activity related to 
electronic transactions, and the collection of debts arising out of 
such activity.
    Thus, the information contained in the records covered by FMS's 
proposed system of records and FMS's use of the information is 
necessary to process financial transactions while protecting the 
government and the public from financial risks that could be associated 
with electronic transactions. It is noted that the proposed system 
covers records obtained in connection with various mechanisms that are 
either used currently or may be used in the future for electronic 
financial transactions. Not every transaction will require the 
collection or disclosure of all of the information listed under 
``Categories of records in the system.'' The categories of records 
cover the broad spectrum of information that might be connected to 
various types of transactions. FMS has attempted to cover the 
information needed for the types of transactions processed in today's 
technological environment, as well as some or all of the information 
that might be required in connection with future yet-to-be developed 
collections mechanisms or future security needs. Security needs are 
constantly changing with the evolution of technology. FMS is aware that 
the information used today to authenticate an individual and verify a 
transaction may need to be upgraded in the future.
    FMS recognizes the sensitive nature of the confidential information 
it obtains when collecting receipts from the public and has many 
safeguards in place to protect the information from theft or 
inadvertent disclosure. When appropriate, FMS's contractual 
arrangements with commercial database vendors include provisions that 
preclude the vendors from retaining, disclosing, and using for other 
purposes the information provided by FMS to the vendor. In addition to 
various procedural and physical safeguards, access to computerized 
records is limited, through the use of encryption,

[[Page 5693]]

access codes, and other internal mechanisms, to those whose official 
duties require access solely for the purposes outlined in the proposed 
system. Access to the system is granted only as authorized by a 
security manager after security background checks. The information in 
the Collections Records system will allow the public to enjoy the 
benefits of electronic payment authorization while minimizing the risks 
of identity theft, fraudulent transactions, and the loss of public 
funds.
    The new system of records report, as required by 5 U.S.C. 552a(r) 
of the Privacy Act, has been submitted to the Committee on Government 
Reform of the House of Representatives, the Committee on Governmental 
Affairs of the Senate, and the Office of Management and Budget, 
pursuant to Appendix I to OMB Circular A-130, ``Federal Agency 
Responsibilities for Maintaining Records About Individuals,'' dated 
November 30, 2000.
    For the reasons set forth in the preamble, FMS proposes a new 
system of records Treasury/FMS .017-Collections Records which is 
published in its entirety below.

    Dated: January 29, 2003.
W. Earl Wright, Jr.,
Chief Management and Administrative Programs Officer.
Treasury/FMS .017

System name:
    Collections Records--Treasury/Financial Management Service.

System location:
    Records are located at the Financial Management Service, U.S. 
Department of the Treasury, Liberty Center Building (Headquarters), 401 
14th Street, SW., Washington, DC 20227. Records are also located 
throughout the United States at various Federal Reserve Banks and 
financial institutions, which act as Treasury's fiscal and financial 
agents. The address(es) of the fiscal and financial agents may be 
obtained from the system manager below.

Categories of individuals covered by the system:
    Individuals who electronically authorize payments to the Federal 
government through the use of communication networks, such as the 
Internet, via means such as Automated Clearing House (ACH), check 
conversion, credit card, and/or stored value card.

Categories of records in the system:
    Collections records containing information about individuals who 
electronically authorize payments to the Federal government to the 
extent such records are covered by the Privacy Act of 1974. The records 
may contain identifying information, such as an individual's name(s), 
taxpayer identifying number (i.e., social security number or employer 
identification number), home address, home telephone number, and 
personal e-mail address (home and work); an individual's employer's 
name, address, telephone number, and e-mail address; an individual's 
date of birth and driver's license number; information about an 
individual's bank account(s) and other types of accounts from which 
payments are made, such as financial institution routing and account 
number; credit card numbers; information about an individual's payments 
made to or from the United States (or to other entities such as private 
contractors for the Federal government), including the amount, date, 
status of payments, payment settlement history, and tracking numbers 
used to locate payment information; user name and password assigned to 
an individual; other information used to identify and/or authenticate 
the user of an electronic system to authorize and make payments, such 
as a unique question and answer chosen by an individual; information 
concerning the authority of an individual to use an electronic system 
(access status) and the individual's historical use of the electronic 
system. The records also may contain information about the governmental 
agency to which payment is made and information required by such agency 
as authorized or required by law.
    The information contained in the records covered by FMS's proposed 
system of records is necessary to process financial transactions while 
protecting the government and the public from financial risks that 
could be associated with electronic transactions. It is noted that the 
proposed system covers records obtained in connection with various 
mechanisms that are either used currently or may be used in the future 
for electronic financial transactions. Not every transaction will 
require the maintenance of all of the information listed in this 
section. The categories of records cover the broad spectrum of 
information that might be connected to various types of transactions.

Authority for maintenance of the system:
    5 U.S.C. 301; 31 U.S.C. 321; 31 U.S.C. chapter 33; 31 U.S.C. 3720

Purpose(s):
    The purpose of this system is to maintain records about individuals 
who electronically authorize payments to the Federal government. The 
information contained in the records is maintained for the purpose of 
facilitating the collection and reporting of receipts from the public 
to the Federal government and to minimize the financial risk to the 
Government and the public of unauthorized use of electronic payment 
methods. Examples of payment mechanisms authorized electronically 
include ACH, check conversion, credit card, or stored value cards. 
Individuals may authorize payments using paper check conversion or 
Internet-based systems through programs such as ``Pay.gov'' and 
``Electronic Federal Taxpayer Payment System (EFTPS).'' The information 
also is maintained to:
    (a) Provide collections information to the Federal agency 
collecting the public receipts;
    (b) Authenticate the identity of individuals who electronically 
authorize payments to the Federal government;
    (c) Verify the payment history and eligibility of individuals to 
electronically authorize payments to the Federal government;
    (d) Provide statistical information on collections operations;
    (e) Test and develop enhancements to the computer systems that 
contain the records; and
    (f) Collect debts owed to the Federal government from individuals 
when the debt arises from the unauthorized use of electronic payment 
methods.
    FMS's use of the information contained in the records is necessary 
to process financial transactions while protecting the government and 
the public from financial risks that could be associated with 
electronic transactions. The records are collected and maintained for 
three primary reasons. First, in order to process a payment 
electronically, a payor needs to submit his or her name and bank 
account or credit card account information. Without such information, 
FMS would not be able to process the payment as requested by the 
individual authorizing the payment. Second, to authenticate the 
identity of the person initiating the electronic transaction, FMS may, 
in some instances, require some or all of the information described in 
``Categories of records in the system,'' above, depending upon the 
level of risk associated with a particular type of transaction. Third, 
to verify the financial and other information provided by the person 
initiating the electronic transaction and to evaluate the payor's 
ability to make the payment authorized, FMS may compare information 
submitted with information

[[Page 5694]]

available in FMS's electronic transaction historical database or 
commercial databases used for verification purposes, much like a store 
clerk determines whether someone paying by paper check has a history of 
writing bad checks. The ability to research historical transaction 
information will help eliminate the risk of fraudulent activity, such 
as the purchase of government products using an account with 
insufficient funds or using a stolen identity. By collecting and 
maintaining a certain amount of unique personal information about an 
individual who purchases goods from the government, FMS can help ensure 
that the individual's sensitive financial information will not be 
fraudulently accessed or used by anyone other than the individual.
    In addition, the information contained in the covered records will 
be used for collateral purposes related to the processing of financial 
transactions, such as collection of statistical information on 
operations, development of computer systems, investigation of 
unauthorized or fraudulent activity related to electronic transactions, 
and the collection of debts arising out of such activity.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    These records may be used to disclose information to:
    (1) Appropriate Federal, state, local or foreign agencies 
responsible for investigating or prosecuting the violation of, or for 
enforcing or implementing, a statute, rule, regulation, order, or 
license, but only if the investigation, prosecution, enforcement or 
implementation concerns a transaction(s) or other event(s) that 
involved (or contemplates involvement of), in whole or part, an 
electronic method of collecting receipts for the Federal government. 
The records and information may also be disclosed to commercial 
database vendors to the extent necessary to obtain information 
pertinent to such an investigation, prosecution, enforcement or 
implementation.
    (2) Commercial database vendors for the purposes of authenticating 
the identity of individuals who electronically authorize payments to 
the Federal government, to obtain information on such individuals' 
payment or check writing history, and for administrative purposes, such 
as resolving a question about a transaction. For purposes of this 
notice, the term ``commercial database vendors'' means vendors who 
maintain and disclose information from consumer credit, check 
verification, and address databases.
    (3) A court, magistrate, or administrative tribunal, in the course 
of presenting evidence, including disclosures to opposing counsel or 
witnesses, for the purpose of civil discovery, litigation, or 
settlement negotiations or in response to a subpoena, where arguably 
relevant to the litigation, or in connection with criminal law 
proceedings.
    (4) A congressional office in response to an inquiry made at the 
request of the individual to whom the record pertains.
    (5) Fiscal agents, financial agents, financial institutions, and 
contractors for the purpose of performing financial management 
services, including, but not limited to, processing payments, 
investigating and rectifying possible erroneous reporting information, 
creating and reviewing statistics to improve the quality of services 
provided, conducting debt collection services, or developing, testing 
and enhancing computer systems.
    (6) Federal agencies, their agents and contractors for the purposes 
of facilitating the collection of receipts, determining the acceptable 
method of collection, the accounting of such receipts, and the 
implementation of programs related to the receipts being collected.
    (7) Federal agencies, their agents and contractors, credit bureaus, 
and employers of individuals who owe delinquent debt for the purpose of 
garnishing wages only when the debt arises from the unauthorized use of 
electronic payment methods. The information will be used for the 
purpose of collecting such debt through offset, administrative wage 
garnishment, referral to private collection agencies, litigation, 
reporting the debt to credit bureaus, or for any other authorized debt 
collection purpose.
    (8) Financial institutions, including banks and credit unions, and 
credit card companies for the purpose of collections and/or 
investigating the accuracy of information required to complete 
transactions using electronic methods and for administrative purposes, 
such as resolving questions about a transaction.

Disclosure to consumer reporting agencies:
    Debt information concerning a government claim against a debtor 
when the debt arises from the unauthorized use of electronic payment 
methods is also furnished, in accordance with 5 U.S.C. 552a(b)(12) and 
31 U.S.C. 3711(e), to consumer reporting agencies, as defined by the 
Fair Credit Reporting Act, 5 U.S.C. 1681(f), to encourage repayment of 
a delinquent debt.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system: Storage:
    Records are maintained in electronic media.

Retrievability:
    Records are retrieved by account number (such as financial 
institution account number or credit card account number), name 
(including an authentication credential, e.g., a user name), social 
security number, transaction identification number, or other alpha/
numeric identifying information.

Safeguards:
    All officials access the system of records on a need-to-know basis 
only, as authorized by the system manager after security background 
checks. Procedural and physical safeguards, such as personal 
accountability, audit logs, and specialized communications security, 
are utilized. Accountability and audit logs allow systems managers to 
track the actions of every user of the system. Each user has an 
individual password (as opposed to a group password) for which he or 
she is responsible. Thus, a system manager can identify access to the 
records by user. Access to computerized records is limited, through use 
of encryption, access codes, and other internal mechanisms, to those 
whose official duties require access. Storage facilities are secured by 
various means such as security guards, locked doors with key entry, and 
limited virtual access requiring a physical token.

Retention and disposal:
    Records for payments and associated transactions will be retained 
for seven (7) years or as otherwise required by statute or court order. 
Audit logs of transactions will be retained for a period of six (6) 
months or as otherwise required by statute or court order. Records in 
electronic media are electronically erased using industry-accepted 
techniques.

System manager(s) and address:
    Chief Architect, Electronic Commerce, Federal Finance, Financial 
Management Service, 401 14th Street, SW., Washington, DC 20227.

Notification procedure:
    Inquiries under the Privacy Act of 1974, as amended, shall be 
addressed to the Disclosure Officer, Financial Management Service, 401 
14th Street, SW., Washington, DC 20227. All

[[Page 5695]]

individuals making inquiries should provide with their request as much 
descriptive matter as is possible to identify the particular record 
desired. The system manager will advise as to whether FMS maintains the 
records requested by the individual.

Record access procedures:
    Individuals requesting information under the Privacy Act of 1974, 
as amended, concerning procedures for gaining access to or contesting 
records should write to the Disclosure Officer. All individuals are 
urged to examine the rules of the U.S. Department of the Treasury 
published in 31 CFR part 1, subpart C, and appendix G, concerning 
requirements of this Department with respect to the Privacy Act of 
1974, as amended.

Contesting record procedures:
    See ``Record access procedures'' above.

Record source categories:
    Information in this system is provided by the individual on whom 
the record is maintained (or by his or her authorized representative), 
other persons who electronically authorize payments to the Federal 
government, Federal agencies responsible for collecting receipts, 
Federal agencies responsible for disbursing and issuing Federal 
payments, Treasury fiscal and financial agents that process 
collections, and commercial database vendors.

Exemptions claimed for the system:
    None.

[FR Doc. 03-2521 Filed 2-3-03; 8:45 am]
BILLING CODE 4810-35-P