[Federal Register Volume 70, Number 104 (Wednesday, June 1, 2005)]
[Notices]
[Pages 31559-31561]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 05-10854]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Fiscal Service


Privacy Act of 1974, as Amended; System of Records

AGENCY: Fiscal Service, Treasury.

ACTION: Notice of proposed privacy act system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, as amended, the 
Department of the Treasury, Office of Domestic Finance, Fiscal Service 
gives notice of a proposed system of records. The new system contains 
records about individuals who apply for digital certificates under the 
Fiscal Service Certificate Authority which is administered under the 
Department of the Treasury Certificate Policy. A new Privacy Act System 
is proposed in order to accomplish the Department's obligations to 
protect privacy, to ensure the security of data and to maintain 
required records.

DATES: Comments must be received no later than July 1, 2005. The 
proposed system of records will be effective July 11, 2005, unless the 
Bureau of the Public Debt receives comments which would result in a 
contrary determination.

ADDRESSES: Send any comments to the Disclosure Officer, Administrative 
Resource Center, Bureau of the Public Debt, Department of the Treasury, 
200 Third Street, Avery 5th, Parkersburg, WV 26101-5312. All comments 
received will be posted without change to http://www.publicdebt.treas.gov. The posting will include any personal 
information that you provide in the submission.

FOR FURTHER INFORMATION CONTACT: For information about this document, 
contact Edward Gronseth, Deputy Chief Counsel, or Elizabeth Spears, 
Senior Attorney, in the Office of the Chief Counsel, Bureau of the 
Public Debt, at 304-480-8692, or Natalie Diana, Senior Attorney, in the 
Office of the Chief Counsel, Financial Management Service, at (202) 
874-6680.

SUPPLEMENTARY INFORMATION: The Government Paperwork Elimination Act 
(GPEA) directs Federal agencies to implement systems that will enable 
the electronic collection and dissemination of information. In order to 
carry out the GPEA, the Department of the Treasury, Office of Domestic 
Finance, Fiscal Service has implemented Public Key Infrastructure (PKI) 
technology, known as the Fiscal Service Certificate Authority (Fiscal 
Service CA), to support electronic commerce between

[[Page 31560]]

the Bureau of the Public Debt (BPD) or the Financial Management Service 
(FMS), and their customers.
    PKI is a set of hardware, software, policies and procedures used to 
provide several important security services for electronic business 
activities. PKI technology protects the integrity and confidentiality 
of information submitted electronically. Customers submit a request to 
BPD or FMS for a digital certificate, which enables the customer to 
download and use cryptographic software to create the encryption keys 
necessary for electronic identity verification and secure transactions. 
This digital certificate is required in order to access secure online 
systems that are provided through the Fiscal Service CA, such as 
obtaining access to services offered by BPD and FMS.
    For example, the Department of the Treasury, through FMS, operates 
Federal payment systems and disburses approximately 85 percent of all 
Federal payments. All vouchers submitted to FMS for payment must be 
signed (certified) by a Federal program agency's duly designated 
certifying officer. Previously, payment requests were submitted through 
the Treasury Electronic Certification System (ECS), a DOS-based system. 
FMS is replacing ECS with the Secure Payment System (SPS). SPS is a 
mechanism which employs digital certificates, issued by the Fiscal 
Service CA, to initiate payment and certification requests providing 
for the positive identification of agency certifying officers who 
authorize vouchers for payment. SPS provides enhanced operating 
capabilities and much greater information integrity than ECS.
    Additionally, FMS operates the Automated Standard Application for 
Payments (ASAP) program. ASAP is a mechanism by which FMS makes grant 
payments to state agencies and other authorized grantee organizations. 
Digital certificates will be issued to Federal employees who approve 
the funding amounts in grantees' accounts. The grantees will request 
draw downs, and delivery of Federal funds, from accounts held in the 
ASAP.GOV system.
    FMS requires that applicants who seek access to SPS, ASAP, and 
other similar systems, request a digital certificate by submitting an 
application form. The forms are available for download from the FMS Web 
sites located at: http://www.fms.treas.gov.
    In conjunction with the application process, the applicant will be 
required to submit personal information that is subject to the Privacy 
Act of 1974. The information collected will be used only to establish 
and verify the identity and eligibility of applicants for certificates. 
No other use of the information is permitted.
    The new system of records report, as required by 5 U.S.C. 552a(r) 
of the Privacy Act, has been submitted to the Committee on Government 
Reform and Oversight of the House of Representatives, the Committee on 
Homeland Security and Governmental Affairs of the Senate and the Office 
of Management and Budget, pursuant to Appendix I to OMB Circular A-130, 
``Federal Agency Responsibilities for Maintaining Records About 
Individuals,'' dated November 30, 2000.
    The proposed Treasury .012--Fiscal Service Public Key 
Infrastructure, is published in its entirety below.

    Dated: May 23, 2005.
Nicholas Williams,
Deputy Assistant Secretary for Headquarters Operations.
Treasury .012

System Name:
    Fiscal Service Public Key Infrastructure--Treasury.

System Location:
    The system of records is located at:
    (1) The Bureau of the Public Debt (BPD), U.S. Department of the 
Treasury, in Parkersburg, WV, and,
    (2) The Financial Management Service (FMS), U.S. Department of the 
Treasury, Washington, DC, and Hyattsville, MD. The system managers 
maintain the system location of these records.

Categories of Individuals Covered By the System:
    Digital certificates may be issued to any of the following 
individuals: A Federal agency certifying officer who authorizes 
vouchers for payment; Federal employees who approve the grantees' 
accounts; an individual authorized by a state or grantee organization 
to conduct business with the Fiscal Service; employees of the Fiscal 
Service; fiscal agents; and contractors.

Categories of Records in the System:
    The system contains information needed to establish accountability 
and audit control of digital certificates. It also contains records 
that are needed to authorize an individual's access to a Treasury 
network. Depending on the service(s) requested by the customer, 
information may also include:
     Personal identifiers--name, including previous name used, 
and aliases; organization, employer name and address; Social Security 
number, Tax Identification Number; physical and electronic addresses; 
telephone, fax, and pager numbers; bank account information (name, 
type, account number, routing/transit number); Federal-issued 
photograph ID; driver's license information or state ID information 
(number, state, and expiration date); military ID information (number, 
branch, expiration date); or passport/visa information (number, 
expiration date, and issuing country).
     Authentication aids--personal identification number, 
password, account number, shared-secret identifier, digitized 
signature, other unique identifier.
    The system contains records on public key data related to the 
customer, including the creation, renewal, replacement or revocation of 
digital certificates, including evidence provided by applicants for 
proof of identity and authority, sources used to verify an applicant's 
identity and authority, and the certificates issued, denied and 
revoked, including reasons for denial and revocation.

Authority for Maintenance of the System:
    5 U.S.C. 301, 31 U.S.C. 321, and the Government Paperwork 
Elimination Act, Pub. L. 105-277.

Purposes:
    We are establishing the Fiscal Service Public Key Infrastructure 
System to:
    (1) Use electronic transactions and authentication techniques in 
accordance with the Government Paperwork Elimination Act;
    (2) Facilitate transactions involving the transfer of information, 
the transfer of funds, or where parties commit to actions or contracts 
that may give rise to financial or legal liability, where the 
information is protected under the Privacy Act of 1974, as amended;
    (3) Maintain an electronic system to facilitate secure, on-line 
communication between Federal automated systems, and between Federal 
employees or contractors, by using digital signature technologies to 
authenticate and verify identity;
    (4) Provide mechanisms for non-repudiation of personal 
identification and access to Treasury systems including, but not 
limited to SPS and ASAP; and
    (5) Maintain records relating to the issuance of digital 
certificates utilizing public key cryptography to employees and 
contractors for purpose of the transmission of sensitive electronic 
material that requires protection.

Routine Uses of Records Maintained in the System, Including Categories 
of Users and the Purposes of Such Uses:
    These records may be disclosed to:

[[Page 31561]]

    (1) Congressional offices in response to an inquiry made at the 
request of the individual to whom the record pertains;
    (2) Appropriate Federal, State, local, or foreign agencies 
responsible for investigating or prosecuting the violations of, or for 
enforcing or implementing a statute, rule, regulation, order, or 
license, where the disclosing agency becomes aware of a potential 
violation of civil or criminal law or regulation;
    (3) A court, magistrate, or administrative tribunal in the course 
of presenting evidence, including disclosures to opposing counsel or 
witnesses in the course of civil discovery, litigation, or settlement 
negotiations or in connection with criminal law proceedings or in 
response to a subpoena;
    (4) A Federal, State, local or other public authority maintaining 
civil, criminal or other relevant enforcement information or other 
pertinent information, which has requested information relevant to or 
necessary to the requesting agency's, bureau's, or authority's, hiring 
or retention of an individual, or issuance of a security clearance, 
license, contract, grant or other benefit;
    (5) Agents or contractors who have been engaged to assist the 
Department in the performance of a service related to this system of 
records and who need to have access to the records in order to perform 
the activity;
    (6) The Department of Justice when seeking legal advice or when (a) 
the Department of the Treasury or (b) the disclosing agency, or (c) any 
employee of the disclosing agency in his or her official capacity, or 
(d) any employee of the agency in his or her individual capacity where 
the Department of Justice has agreed to represent the employee, or (e) 
the United States, where the disclosing agency determines that 
litigation is likely to affect the disclosing agency, is a party to 
litigation or has an interest in such litigation, and the use of such 
records by the Department of Justice is deemed by the agency to be 
relevant and necessary to the litigation; and
    (7) Representatives of the National Archives and Records 
Administration (NARA) who are conducting records management inspections 
under authority of 44 U.S.C. 2904 and 2906.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, 
and Disposing of Records in the System:
Storage:
    Records are maintained on electronic media, multiple client-server 
platforms that are backed-up to magnetic tape or other storage media, 
and/or hard copy.

Retrievability:
    Records may be retrieved by name, alias name, Social Security 
number, Tax Identification Number, account number, or other unique 
identifier.

Safeguards:
    These records are maintained in controlled access areas. 
Identification cards are verified to ensure that only authorized 
personnel are present. Electronic records are protected by restricted 
access procedures, including the use of passwords and sign-on protocols 
which are periodically changed. Only employees whose official duties 
require access are allowed to view, administer, and control these 
records. Copies of records maintained on computer have the same limited 
access as paper records.

Retention and Disposal:
    Records are maintained in accordance with National Archives and 
Records Administration retention schedules. Paper and microform records 
ready for disposal are destroyed by shredding or maceration. Records in 
electronic media are electronically erased using accepted techniques.

System Managers and Addresses:
    (1) Assistant Commissioner, Office of Information Technology, 
Bureau of the Public Debt, 200 Third Street, Parkersburg, WV 26101, 
and,
    (2) Assistant Commissioner, Information Resources, and Chief 
Information Officer, Financial Management Service, 3700 East West 
Highway, Hyattsville, MD 20782.

Notification Procedure:
    Individuals seeking notification and access to any record contained 
in the system of records, or seeking to contest its content, may 
inquire in accordance with instructions pertaining to individual 
Treasury components appearing at 31 CFR part 1, subpart C:
     Appendix I for records within the custody of the Bureau of 
the Public Debt, and,
     Appendix G for records within the custody of the Financial 
Management Service.

Record Access Procedures:
    See ``Notification procedure'' above.

Contesting Record Procedures:
    See ``Notification procedure'' above.

Record Source Categories:
    The information contained in this system is provided by or verified 
by the subject individual of the record, as well as Federal and non-
Federal sources such as private employers.

Exemptions Claimed For The System:
    None.

[FR Doc. 05-10854 Filed 5-31-05; 8:45 am]
BILLING CODE 4810-39-P