[Federal Register Volume 83, Number 249 (Monday, December 31, 2018)]
[Notices]
[Pages 67712-67715]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-28375]


 ========================================================================
 Notices
                                                 Federal Register
 ________________________________________________________________________
 
 This section of the FEDERAL REGISTER contains documents other than rules 
 or proposed rules that are applicable to the public. Notices of hearings 
 and investigations, committee meetings, agency decisions and rulings, 
 delegations of authority, filing of petitions and applications and agency 
 statements of organization and functions are examples of documents 
 appearing in this section.
 
 ========================================================================
 

  Federal Register / Vol. 83, No. 249 / Monday, December 31, 2018 / 
Notices  

[[Page 67712]]



DEPARTMENT OF AGRICULTURE


Privacy Act of 1974; System of Records

AGENCY: Office of the Chief Financial Officer, U.S. Department of 
Agriculture.

ACTION: Notice of a Modified System of Records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, as amended, the 
U.S. Department of Agriculture (USDA), Office of the Chief Financial 
Officer (OCFO), proposes to modify one Privacy Act System of Record 
titled ``Financial Systems, OCFO-10'' published at 75 FR 6622 (February 
10, 2010), to include 4 new routine uses: Support Do Not Pay initiative 
under the Improper Payments Elimination and Recovery Improvement Act of 
2012 (IPERIA); two mandatory routine uses addressing Breach 
Notification per Office of Management and Budget memoranda M-17-12; and 
routine use for contractors, grantees, etc., support. This modification 
will also include incorporating and consolidating General Services 
Administration (GSA) GSA/PPFM-11 (Pegasys) into OCFO-10, Financial 
Systems. USDA/OCFO has acquired full ownership and responsibility for 
the management of the GSA commercial-off-the shelf financial management 
system named Pegasys in fiscal year 2016. The consolidation of the 
financial systems will update the following sections within OCFO-10: 
Purpose, system location, categories of individuals covered by the 
system, record source categories, and storage. Upon publication of the 
modified OCFO-10, Financial Systems, GSA will rescind GSA/PPFM-11 
(Pegasys) published at 71 FR 60710 (November 27, 2006), modified at 73 
FR 22397 (April 25, 2008).

DATES: Submit comments on or before January 30, 2019. This revised 
system will be effective upon publication. New or modified routine uses 
are effective January 30, 2019.

ADDRESSES: You may submit comments, identified by docket number USDA/
OCFO by one of the following methods:
     Federal eRule Portal: http://www.regulations.gov. Follow 
the instructions for submitting comments.
     Fax: (202) 205-3759.
     Mail: Stanley McMichael, Acting Associate Chief Financial 
Officer for Shared Services, 1400 Independence Ave. SW, Room 3054 South 
Building, Washington, DC 20250.
     Instructions: All submissions received will be posted 
without change to http://www.regulations.gov, including any personal 
information provided.
    Docket: For access to the docket to read background documents or 
comments received go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Stanley McMichael, Acting Associate 
Chief Financial Officer for Shared Services, 1400 Independence Ave. SW, 
Room 3054 South Building, Washington, DC 20250, 
[email protected], (202) 720-0564. For privacy issues 
please contact: USDA Chief Privacy Officer, 1400 Independence Avenue 
SW, Room 401-W South Building, Washington, DC 20250; phone 202-205-0926 
or at [email protected].

SUPPLEMENTARY INFORMATION: In accordance with the Privacy Act of 1974 
the Department of Agriculture proposes to modify the Department of 
Agriculture's system of records notice titled Financial Systems, OCFO-
10. The modification will add 4 new routine uses to the system: Two 
mandated by OMB memoranda 17-12, one which supports Do Not Pay 
initiative under the Improper Payments Elimination and Recovery 
Improvement Act of 2012 (IPERIA) and add support services by entities. 
Modification will also incorporate the Pegasys financial management 
system which was acquired from the General Services Administration 
(GSA) in fiscal year 2016, update purpose, system locations, categories 
of individuals covered by the system, record source categories and 
storage. The consolidation of GSA/PPFM-11 into OCFO-10, Financial 
Systems will place all of the current electronic applications that OCFO 
uses into a single System of Records Notice.
    Financial Systems consist of the electronic information technology 
systems that contain information concerning individuals and businesses 
that receive payments for providing goods and services to USDA. This 
proposed notice covers: (1) Individuals who have funds advances to them 
for USDA official travel use, approving officials, and individuals who 
perform official USDA travel and are reimbursed with Government funds; 
(2) Individuals who receive payments in the form of rents, royalties, 
prizes, or awards; (3) Individuals who receive for non-personal service 
contracts, commissions, or compensation for services, which are subject 
to Internal Revenue Service form 1099 reporting requirements are 
included in the suite of systems; (4) USDA employees who have been 
issued a Government purchase card, Government fleet card or a 
Government travel card; and (5) Employee information necessary to 
record employee salary disbursements in the financial system that is 
essential for Internal Revenue Service income tax reporting. The 
employee records are also used to pay employees for travel 
reimbursement and any other miscellaneous payments due to the employee. 
Incorporating Pegasys will include part of a shared-services financial 
operation providing a commercial-off-the-shelf financial system (in a 
private vendor hosted environment), financial transaction processing, 
and financial analysis for its main business lines of Federal supplies 
and technology, public buildings, and general management and 
administration offices.
    USDA determined that a consolidation of the financial systems is 
the most efficient, logical, taxpayer-friendly, and user-friendly 
method of complying with the publication requirements of the Privacy 
Act. The subject records reflect a common purpose, common functions, 
and common user community. The USDA herby revises OCFO-10 to include 
the routine uses and the consolidation of the GSA/PPFM-11 into the 
OCFO-10. System of Records Notice report on the modified system of 
records, required by 5 U.S.C. 552a and fully comply with all Office of 
Management (OMB) policies.


[[Page 67713]]


    Dated: December 20, 2018.
Sonny Perdue,
Secretary.
    Enclosures
SYSTEM NAME AND NUMBER
    USDA/OCFO-10 Financial Systems.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The systems are operated from the USDA headquarters, located at 
1400 Independence Avenue SW, Washington, DC 20250, with other 
operational locations within the continental United States. Pegasys is 
hosted in a FEDRAMP certified cloud environment in Phoenix, AZ.

SYSTEM MANAGER(S):
    Stanley McMichael, Acting Associate Chief Financial Officer for 
Shared Services, 1400 Independence Ave. SW, Room 3054 South Building, 
Washington, DC 20250, email address_[email protected], 
(202) 720-0564.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Chief Financial Officers Act of 1990 (Pub. L. 101-576)

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The Financial Systems contain information about individuals and 
businesses that receive payments for providing goods and services to 
the USDA, GSA, and other multiple client agencies. Individuals who have 
funds advanced to them for official travel use, approving officials, 
and individuals who perform official USDA travel and are reimbursed 
with Government funds are included in the system, as well as 
individuals (excluding USDA employees) who receive payments in the form 
of rents, royalties, prizes, or awards, individuals (excluding USDA 
employees) who receive payments for non-personal service contracts, 
commissions, or compensation for services that are subject to Form 1099 
reporting requirements, and USDA employees who have been issued a 
purchase card, fleet card or travel card are included in the system. 
Employee information contained in the Financial Systems is used to 
record the financial impact of employee salary disbursements in the 
financial system and for Internal Revenue Service income tax reporting. 
In addition, the employee records are used to pay employees for travel 
reimbursement and any other miscellaneous payments due to the employee. 
Individuals covered by Pegasys include GSA vendors and Federal 
employees.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The Financial Systems contain several databases containing the 
individual's and business' name, address, Social Security Number (SSN) 
(or employer identification number), ZIP code, amount of payment, 
credit card number, Vendor DUNS, Lockbox Number, (Vendor) Bank Account 
Number, Agency Bank Account Number and other information necessary to 
accurately identify covered payment transactions.

RECORD SOURCE CATEGORIES:
    Records are loaded from the USDA and GSA and other multiple client 
agencies' payroll system to create records of Federal employees. 
Vendors who do business with the USDA submit their information into the 
GSA's System for Awards Management (SAM), which is subsequently loaded 
into the Financial Systems. This information includes but is not 
limited to SSN, TIN, name, address, and bank electronic funds transfer 
information. Records are also directly loaded online into the Financial 
System by agency personnel.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records information 
contained in this system may be disclosed outside USDA as a routine use 
pursuant to 5 U.S.C. a(b)(3) as follows:
    1. When a record on its face, or in conjunction with other records, 
indicates a violation or potential violation of law, whether civil, 
criminal, or regulatory in nature, and whether arising by general 
statute or particular program, statute, or by regulation, rule, or 
order issued pursuant thereto, disclosure may be made to the 
appropriate agency, whether Federal, foreign, State, local, tribal, or 
other public authority responsible for enforcing, investigating, or 
prosecuting such violation or charged with enforcing or implementing 
the statute, or rule, regulation, or order issued pursuant thereto, of 
the information disclosed is relevant to any enforcement, regulatory, 
investigative, or prospective responsibility of the receiving entity.
    2. To the Department of Justice when: (a) The agency or any 
component thereof; or (b) any employee of the agency in his or her 
official capacity where the Department of Justice has agreed to 
represent the employee; or (c) the United States Government, is a party 
to litigation or has an interest in such litigation, and by careful 
review, the agency determines that the records are both relevant and 
necessary to the litigation and the use of such records by the 
Department of Justice is therefore deemed by the agency to be for a 
purpose that is compatible with the purpose for which the agency 
collected the records.
    3. To a court or adjudicative body in a proceeding when: (a) USDA 
or any component thereof; or (b) any employee of USDA in his or her 
official capacity; or (c) any employee of USDA in his or her individual 
capacity where USDA has agreed to represent the employee; or (d) the 
U.S. Government, is a party to litigation or has interest in such 
litigation, and by careful review, USDA determines that the records are 
both relevant and necessary to the litigation and the use of such 
records is therefore deemed by USDA to be for a purpose that is 
compatible with the purpose of which USDA collected records.
    4. To a congressional office in response to any inquiry made at the 
written request of the individual to whom the record pertains.
    5. Information from the system of records will be forwarded to the 
Internal Revenue Service for income tax purposes.
    6. Release of information to other USDA agencies may be made for 
internal processing purposes.
    7. Information will be reviewed during inquiry into payments to be 
made by the USDA to its employees.
    8. To appropriate agencies, entities, and persons when (1) USDA 
suspects or has confirmed that there has been a breach of the system of 
records, (2) USDA has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, USDA 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with USDA's efforts to respond to the suspected or 
confirmed breach or to prevent, minimize, or remedy such harm.
    9. To another Federal agency or Federal entity, when USDA 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the

[[Page 67714]]

Federal Government, or national security, resulting from a suspected or 
confirmed breach.
    10. USDA will disclose information about individuals from the 
system of records in accordance with the Federal Funding Accountability 
and Transparency Act of 2006 (Pub. L. 109-282; codified at 31 U.S.C. 
6101, et seq.); section 204 of the E-Government Act of 2002 (Pub. L. 
107-347; 44 U.S.C. 3501 note), and the Office of Federal Procurement 
Policy Act (41 U.S.C. 403 et seq.), or similar statutes requiring 
agencies to make public information concerning Federal financial 
assistance, including grants, sub-grants, loan awards, cooperative 
agreements, and other financial assistance; and contracts, purchase 
orders, task orders, and delivery orders.
    11. To the Department of Treasury for administering the Do Not Pay 
Initiative under the Improper Payments Elimination and Recovery 
Improvement Act of 2012 (IPERIA). As required by IPERIA, the Bipartisan 
Budget Act of 2013, and the Federal Improper Payments Coordination Act 
of 2015 (FIPCA), records maintained in this system will be disclosed to 
(a) a Federal or state agency, its employees, agents (including 
contractors of its agents) or contractors; or, (b) a fiscal or 
financial agent designated by the Bureau of Fiscal Service or other 
Department of the Treasury bureau or office, including employees, 
agents or contractors of such agent; or, (c) a contractor of the Bureau 
of Fiscal Service, for the purpose of identifying, preventing, and 
recovering improper payments to an applicant for, or recipient of, 
Federal funds, including funds disbursed by a state in a state 
administered, federally-funding program. Records disclosed under this 
routing use may be used to conduct computerized comparison to identify, 
prevent and recover improper payments, and to identify and mitigate 
fraud, waste, and abuse in federal payments.
    12. To contractors, grantees, experts, consultants, students, and 
others performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for the federal government, when 
necessary to accomplish an agency function related to the this system 
of records.
    13. To a Federal agency in connection with the hiring or retention 
of an employee; the issuance of a security clearance; the reporting of 
an investigation; the letting of a contract; or the issuance of a 
grant, license, or other benefit to the extent that the information is 
relevant and necessary to a decision.
    14. To the Office of Personnel Management (OPM), the Office of 
Management and Budget (OMB), or the Government Accountability Office 
(GAO) when the information is required for program evaluation purposes.
    15. To the National Archives and Records Administration (NARA) for 
records management purposes.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored and maintained electronically on USDA-owned 
mainframes, servers, tapes, disks, and in file folders at USDA offices. 
Records are also stored on FedRAMP certified cloud providers located in 
the continental United States.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records in the system are retrieved by SSN or by employee 
identification numbers, employee/business name, and vendor number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are retained for Financial Systems under National Archives 
and Records Administration General Records Schedule 1.1 Financial 
Management and Reporting Records. Records are retained for a period of 
six years and three months.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records in this system are safeguarded in accordance with 
applicable Federal rules and policies, including all applicable USDA 
automated systems security and access policies. Strict security 
controls have been imposed to minimize the risk of compromising the 
information that is being stored. Access to the computer system 
containing the records in this system is limited to those individuals 
who have a need-to-know the information for the performance of their 
official duties and who have appropriate clearances or permissions.

RECORD ACCESS PROCEDURES:
    See ``Notification Procedures'' below.

CONTESTING RECORD PROCEDURES:
    Individuals seeking to contest any information contained in this 
system of records or its content may submit a request in writing to the 
Headquarters or Components FOIA Officer, whose contact information can 
be found at https://www.dm.usda.gov/foia/poc.htm. If an individual 
believes more than one Component maintains Privacy Act records 
concerning him or her the individual may submit the request to Chief 
FOIA Officer, Department of Agriculture, 1400 Independence Avenue SW, 
Washington, DC 20250.

NOTIFICATION PROCEDURES:
    Individuals seeking notification of and access to any record 
contained in this system of records, may submit a request in writing to 
the Headquarters or Components FOIA Officer, whose contact information 
can be found at https://www.dm.usda.gov/foia/poc.htm. If an individual 
believes more than one Component maintains Privacy Act records 
concerning him or her the individual may submit the request to Chief 
FOIA Officer, Department of Agriculture, 1400 Independence Avenue SW, 
Washington, DC 20250. When seeking records about yourself from this 
system of records or any other Departmental system of records, your 
request must conform with the Privacy Act regulations set forth in 7 
CFR part 1.112. You must verify your identity, meaning that you must 
provide your full legal name, current address and date and place of 
birth. You must sign your request, and your signature must either be 
notarized or submitted under 28 U.S.C. 1746, a law that permits 
statements to be made under penalty of perjury as a substitute for 
notarization. While no specific form is required, you may obtain forms 
for this purpose from the Chief FOIA Officer, Department of 
Agriculture, 1400 Independence Avenue SW, Washington, DC 20250. In 
addition, you should provide the following:
     An explanation of why you believe the Department would 
have information on you,
     Identify which Component(s) of the Department you believe 
may have the information about you,
     Specify when you believe the records would have been 
created,
     Provide any other information that will help the FOIA 
staff determine which USDA Component agency may have responsive 
records,
     If your request is seeking records pertaining to another 
living individual, you must include a statement from that individual 
certifying his/her agreement for you to access his/her records.
    Without this bulleted information, the Components(s) may not be 
able to conduct an effective search and your request may be denied, due 
to lack of specificity or lack of compliance with applicable 
regulations.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    OCFO 10 (Financial Systems) 75 FR 6622 (February 10, 2010); GSA/
PPFM-

[[Page 67715]]

11 (Pegasys) published at 71 FR 60710 (October 16, 2006), modified at 
73 FR 22397 (April 25, 2008)

United States Department of Agriculture (USDA)

Narrative Statement on Modifying a System of Records Under the Privacy 
Act of 1974: USDA/OCFO-10

Purpose and Scope

    The U.S. Department of Agriculture's (USDA) Office of the Chief 
Financial Officer (OCFO), Associate Chief Financial Officer for Shared 
Services, is modifying the system of records notice titled ``Financial 
Systems, OCFO-10'' (Financial Systems). This modification is in support 
of four new routine uses: One routine use between the USDA OCFO and the 
U.S. Department of the Treasury under the Do not Pay initiative; two 
mandatory routine uses to address breach notification as required by 
OMB M-17-12; and a general routine use to include contractors, 
grantees, etc.
    The primary goal of Financial Systems is to improve the 
Department's financial performance by providing USDA with a modern, 
efficient core financial system that complies with all legislative and 
management mandates; integrates with existing and emerging e-government 
initiatives; and provides support to the USDA mission. Financial 
Systems includes integration with the financial and administrative 
feeder systems, realignment of affected business processes, and clear 
communication to stakeholders. Financial Systems is capable of real-
time transaction processing and updates, including immediate budget 
updating; users and managers have access to the most up-to-date 
information for an accurate view of available funds and greatly 
improved management information reporting.
    USDA became the owner and manager of a system formally owned and 
managed by the General Services Administration (GSA) called Pegasys 
Financial Services (Pegasys) in fiscal year 2016. Pegasys is a Federal 
financial management system. The consolidation of Pegasys (also known 
as GSA/PPFM-11) into Financial Systems will place all of the current 
electronic applications that OCFO uses into a single System of Records 
Notice.
    Pegasys is part of USDA/OCFO and operates a financial management 
line of business that serves the needs of Federal Government agencies. 
Pegasys supports all accounting functions related to accounts payable 
and accounts receivable; financial treatment of the acquiring and 
disposing of assets; and general accounting functions, such as 
performing/processing cost transfers, prior-year recovery sampling/
validation, Financial Management Services 224 reporting, standard 
general ledger reconciliations, journal entries, accounting reports, 
analysis of standard general ledger accounts, and external customers' 
financial reporting. Pegasys is a commercial off-the-shelf (COTS) 
package that is based on CGI Federal's Momentum Financials, which is 
used in the processing of accounting transactions.

Authority for Collecting, Maintaining, Using, and Disseminating 
Information in OCFO

    The authority for USDA to collect, maintain, use, and disseminate 
information through Financial Systems is the Chief Financial Officers 
Act of 1990 (Pub. L. 101-576).

The Routine Use Satisfies the Compatibility Requirement of the Privacy 
Act

    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act of 1974, all or a portion of the records or 
information contained in this system may be disclosed outside of USDA 
as a routine use under U.S.C. 552a(b)(3), as stated in the Notice and 
is summarized here for this modification. Financial Systems also 
includes the consolidation of GSA's Pegasys, into Financial Systems.
    This modification includes a new routine use for the Do Not Pay 
initiative in compliance of Improper Payments, which is compatible with 
the following routine uses of this system of records of a financial 
management system: (1) The two required routine uses identified in OMB 
M-17-12 for notice and breach notification, which is compatible with 
the necessity of the government to deal with breaches; and (2) routine 
use for contractors, grantees, and etc., system support, which is 
compatible with the need of contractor support for Financial Systems. 
Pegasys data will not be used as a routine use for the Do Not Pay 
initiative; however, the other routine uses are compatible with the 
Pegasys system of records as a financial system.

Probable or Potential Effects on the Privacy of Individuals

    Although there is some risk to the privacy of individuals, that 
risk is outweighed by the benefit of a proven financial management 
system. In addition, safeguards are in place by protecting against 
unauthorized disclosure. Records are accessible only to individuals who 
are authorized. Logical, physical, and electronic safeguards are 
employed to ensure security. Financial Systems and Pegasys have 
successfully attained ``the authority to operate,'' in the security 
assessment and authorization process, and have successfully attained 
risk assessments, which include security scanning and patching.

Forms for Information Collection Approved by OMB

    Not applicable.

[FR Doc. 2018-28375 Filed 12-28-18; 8:45 am]
 BILLING CODE 3410-90-P