[Federal Register Volume 70, Number 4 (Thursday, January 6, 2005)]
[Notices]
[Pages 1261-1262]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 05-289]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE INTERIOR

Office of the Secretary


Privacy Act of 1974, as Amended; Addition of a New System of 
Records

AGENCY: Office of the Secretary, Department of the Interior.

ACTION: Proposed addition of a new system of records.

-----------------------------------------------------------------------

SUMMARY: The Department of the Interior is issuing public notice of its 
intent to add a new Privacy Act system of records to its inventory of 
records systems subject to the Privacy Act of 1974 (5 U.S.C. 552a). 
This action is necessary to meet the requirements of the Privacy Act to 
publish in the Federal Register notice of the existence and character 
of records systems maintained by the agency (5 U.S.C. 552a(e)(4)). The 
new system of records is called the Enterprise Access Control Service 
(EACS)--Interior, DOI-30.

EFFECTIVE DATE: 5 U.S.C. 552a(e)(11) requires that the public be 
provided a 30-day period in which to comment on the intended use of the 
information in the system of records. Any persons interested in 
commenting on this proposed system of records may do so by submitting 
comments in writing to the Departmental Privacy Act Officer, U.S. 
Department of the Interior, Office of the Chief Information Officer, MS 
5312 MIB, 1849 C Street NW., Washington, DC 20240. Comments received 
within 30 days of publication in the Federal Register will be 
considered. The system will be effective as proposed at the end of the 
comment period unless comments are received which would require a 
contrary determination. In that case the Department will publish any 
changes to the routine uses.

FOR FURTHER INFORMATION CONTACT: For information on the Enterprise 
Access Control Service (EACS)--Interior, DOI-30, please contact Richard 
A. Delph, Office of the Chief Information Officer, Office of the 
Secretary, Department of the Interior, 625 Herndon Parkway, Herndon, VA 
20170, (703) 487-8555.

SUPPLEMENTARY INFORMATION: The purpose of the Enterprise Access Control 
Service is to streamline DOI bureau/office information technology (IT) 
user management and administration by providing an enterprise Directory 
structure. It will provide an enhanced control of user identification, 
authentication, and authorization. This improvement will enable DOI to 
centrally manage network resources and support multiple processes. 
Direct results of this initiative will include enhanced sharing of 
information and resources and an overall improved level of security for 
IT systems.

    Dated: January 3, 2005.
Marilyn Legnini,
Departmental Privacy Act Officer, Department of the Interior.
INTERIOR/DOI-30

System name:
     Enterprise Access Control Service (EACS)--Interior, DOI-30.

System location:
    Information covered by this system is located in three primary 
master sites at the following locations under the Department of the 
Interior (DOI), Office of the Secretary, Office of the Chief 
Information Officer at: (a) The Enterprise Service Center, Herndon, 
Virginia, (b) Anchorage, Alaska, and (c) the National Business Center, 
Lakewood, Colorado. DOI bureau and office replicas of the master 
database of the EACS are located at strategic Departmental locations.

Categories of individuals covered by the system:
    All current DOI employees and contractors who use DOI computer 
networks and e-mail.

Categories of records in the system:
    The information retained in EACS contains: User name, address, and 
contact information, Web home page address, user access and permission 
rights, authentication certificates along with the date and time of 
signature retained on the signed document, and supervisor's name.

Authority for maintenance of the system:
    This system of records is maintained under the authority of 5 
U.S.C. 301; the Paperwork Reduction Act of 1995, 44 U.S.C. 3501; and 
the Government Paperwork Elimination Act, 44 U.S.C. 3504.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    The primary purposes of the system are: (1) To provide a common

[[Page 1262]]

authoritative directory service for the purpose of ensuring the 
security of DOI computer networks, resources and information and 
protecting them from unauthorized access, tampering or destruction, (2) 
to authenticate and verify that all persons accessing DOI computer 
networks, resources and information are authorized to access them, (3) 
to ensure that persons signing official documents are indeed the person 
represented and to provide for non-repudiation of the use of an 
electronic signature, and (4) to enable an individual to encrypt and 
decrypt documents for secure transmission.
    Disclosures outside the DOI may be made:
    (a) To an expert, consultant, or contractor (including employees of 
the contractor) of DOI that performs, on DOI's behalf, services 
requiring access to these records.
    (b) To the Federal Protective Service and appropriate Federal, 
State, local or foreign agencies responsible for investigating 
emergency response situations or investigating or prosecuting the 
violation of or for enforcing or implementing a statute, rule, 
regulation, order or license, when DOI becomes aware of a violation or 
potential violation of a statute, rule, regulation, order or license.
    (c) To another agency with a similar smart card system when a 
person with a DOI SmartCard desires access to that other agency's 
facility.
    (d) To the Department of Justice, or to a court, adjudicative or 
other administrative body, or to a party in litigation before a court 
or adjudicative or administrative body, when:
    (1) One of the following is a party to the proceeding or has an 
interest in the proceeding:
    (i) The Department or any component of the Department;
    (ii) Any Departmental employee acting in his or her official 
capacity; or
    (iii) Any Departmental employee acting in his or her individual 
capacity where the Department or the Department of Justice has agreed 
to represent the employee; and

    (2) We deem the disclosure to be:
    (i) Relevant and necessary to the proceeding; and
    (ii) Compatible with the purpose for which we compiled the 
information.
    (e) To the appropriate Federal agency that is responsible for 
investigating, prosecuting, enforcing or implementing a statute, rule, 
regulation or order, when we become aware of an indication of a 
violation or potential violation of the statute, rule, regulation, or 
order.
    (f) To a congressional office in response to a written inquiry to 
that office by the individual to whom the record pertains.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    Records are stored in electronic media on hard disks, magnetic 
tapes.

Retrievability:
    Records are retrievable from EACS by name, digital certificate and 
personal identification number (PIN), and Web home address.

Access Safeguards:
    The computer servers in which records are stored are located in 
computer facilities that are secured by alarm systems and off-master 
key access. EACS access granted to individuals is password-protected. 
Access to the certificate issuance portion of this system of records is 
controlled by a digital certificate in combination with a PIN. Each 
person granted access to the system must be individually authorized to 
use the system. A Privacy Act Warning Notice appears on the monitor 
screen when first displayed. Backup tapes are stored in a locked and 
controlled room in a secure, off-site location. A Privacy Impact 
Assessment was completed to ensure that Privacy Act requirements and 
safeguard requirements are met.

Retention and disposal:
    Records relating to persons covered by this system are retained in 
accordance with General Records Schedule.

System manager(s) and address:
    Office of the Chief Information Officer, Office of the Secretary, 
Department of the Interior, 625 Herndon Parkway, Herndon, VA 20170.

Notification procedures:
    An individual requesting notification of the existence of records 
on him or herself should address his/her request to the local Bureau/
office IT computer administrators or help desk. Individuals requesting 
notification must provide their full name and social security number. 
Interior bureaus/offices are listed at the Department of the Interior 
Web site at http://www.doi.gov. The request must be in writing and 
signed by the requester. (See 43 CFR 2.60).

Records access procedures:
    An individual requesting access to records maintained on him or 
herself should address his/her request to the office listed in the 
``Notification procedures'' section above. Individuals requesting 
access must provide their full name and social security number. The 
request must be in writing and signed by the requester. (See 43 CFR 
2.63).

Contesting record procedures:
    An individual requesting amendment of a record maintained on him or 
herself should address his/her request to the office above. Individuals 
requesting an amendment must provide their full name and social 
security number. The request must be in writing and signed by the 
requester. (See 43 CFR 2.71).

Record source categories:
    Information in this system is obtained from individuals covered by 
the system supervisors, designated approving officials, certificate 
issuing authority, and network system administrators.

Exemptions claimed for the system:
    None.

[FR Doc. 05-289 Filed 1-5-05; 8:45 am]
BILLING CODE 4310-RK-P