[Federal Register Volume 85, Number 6 (Thursday, January 9, 2020)]
[Notices]
[Pages 1198-1200]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-00145]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY


Privacy Act of 1974; System of Records

AGENCY: Department of the Treasury.

ACTION: Notice of a New System of Records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of 
the Treasury (``Treasury'' or ``Department''), Treasury proposes to 
establish a new system of records titled, ``Department of the 
Treasury--.018 E-Rulemaking System of Records'' under the Privacy Act 
of 1974 for the online collection through the Federal Docket Management 
System and/or Regulations.gov of public comments to notices of proposed 
rulemaking, proposed orders, and other policy or regulatory actions 
that are published in the Federal Register or rules or rule amendments, 
petitions, and other input collected from the public that may not be 
associated with statutory or regulatory notice and comment 
requirements.

DATES: Submit comments on or before February 10, 2020. The new routine 
uses will be applicable on February 10, 2020 unless Treasury receives 
comments and determines that changes to the system of records notice 
are necessary.

ADDRESSES: Comments may be submitted to the Federal E-Rulemaking Portal 
electronically at http://www.regulations.gov. Comments can also be sent 
to the Deputy Assistant Secretary for Privacy, Transparency, and 
Records, Department of the Treasury, Departmental Offices, 1750 
Pennsylvania Avenue NW, Washington, DC 20220, Attention: Revisions to 
Privacy Act Systems of Records. All comments received, including 
attachments and other supporting documents, are part of the public 
records and subject to public disclosure. All comments received will be 
posted without change to www.regulations.gov, including any personal 
information provided. You should submit only information that you wish 
to make publicly available.

FOR FURTHER INFORMATION CONTACT: For general questions and privacy 
issues please contact: Deputy Assistant Secretary for Privacy, 
Transparency, and Records (202-622-5710), Department of the Treasury, 
1500 Pennsylvania Avenue NW, Washington, DC 20220.

SUPPLEMENTARY INFORMATION: 

I. E-Rulemaking

    In accordance with the Privacy Act of 1974, the Department of the 
Treasury (``Treasury'') proposes to establish a new system of records 
titled, ``Department of the Treasury--.018 E-Rulemaking System of 
Records.''
    Treasury collects comments on rulemakings and other regulatory 
actions, which it timely publishes on a website to provide transparency 
in the informal rulemaking process under the Administrative Procedure 
Act (``APA''), 5 U.S.C. 553. The Treasury also may solicit comments or 
other input from the public that may not be associated with statutory 
or regulatory notice and comment requirements.
    During an informal rulemaking or other statutory or regulatory 
notice and comment process, Department personnel may manually remove a 
comment from posting if the commenter withdraws his or her comments 
before the comment period has closed or because the comment contains 
obscenities or other material deemed inappropriate for publication by 
the Treasury. However, comments that are removed from posting will be 
retained by the Department for consideration, if appropriate under the 
APA.
    Below is the description of the new Treasury--.018 E-Rulemaking 
System of Records.
    Treasury has provided a report of this system of records to the 
Committee on Oversight and Government Reform of the House of 
Representatives, the Committee on Homeland Security and Governmental 
Affairs of the Senate, and OMB, pursuant to 5 U.S.C. 552a(r) and OMB 
Circular A-108, ``Federal Agency Responsibilities for Review, 
Reporting, and Publication under the Privacy Act,'' dated December 23, 
2016.

II. The Privacy Act

    Under the Privacy Act of 1974, 5 U.S.C. 552a, a ``system of 
records'' is defined as any group of records under the control of a 
federal government agency from which information about individuals is 
retrieved by name or other personal identifier. The Privacy Act 
establishes the means by which government agencies must collect, 
maintain, and use personally identifiable information associated with 
an individual in a government system of records.
    Each government agency is required to publish in the Federal 
Register a notice of a new system of records in which the agency 
identifies and describes the system of records, the reasons why the 
agency uses the personally identifying information therein, the routine 
uses for which the agency will disclose such information outside the 
agency, and how individuals may exercise their rights under the Privacy 
Act to determine if the system contains information about them.

Ryan Law,
Deputy Assistant Secretary for Privacy, Transparency, and Records.

SYSTEM NAME AND NUMBER:
    Department of the Treasury--.018 E-Rulemaking.

SECURITY CLASSIFICATION:
    Unclassified

SYSTEM LOCATION:
    Records are maintained at:

[[Page 1199]]

    a. Department of the Treasury, 1500 Pennsylvania Avenue NW, 
Washington, DC 20220
    b. General Services Administration, 1800 F St NW, Washington, DC 
20006

SYSTEM MANAGER(S):
    Privacy Act Officer, 1750 Pennsylvania Avenue NW, Washington, DC 
20220.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    44 U.S.C. 3101; Administrative Procedure Act, Public Law 79-404, 60 
Stat. 237; 5 U.S.C. 553 et seq., and rules and regulations promulgated 
thereunder.

PURPOSE(S) OF THE SYSTEM:
    To collect and maintain in an electronic system feedback from the 
public and industry groups regarding proposed rules and other Treasury 
regulatory actions in accordance with the Administrative Procedure Act 
(``APA'') or other statutory or regulatory provisions, as well as input 
on Treasury actions that may not be associated with notice and comment 
requirements.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals providing comments or other input to the Treasury in 
response to proposed rules, industry filings or other Treasury request 
for comments associated with Treasury rules, notices, policies or 
procedures, whether the individuals provide comments or input directly 
or through their representatives. Any individuals who may be discussed 
or identified in the comments or input provided by others to the 
Treasury.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Incoming comments or other input to the Treasury in response to 
proposed rules, or other Treasury request for comments associated with 
Treasury rules, policies or procedures, provided to the Treasury 
electronically, by facsimile or postal mail or delivery service. 
Comments or input submitted to Treasury may include the full name of 
the submitter, an email address and the name of the organization, if an 
organization is submitting the comments. The commenter may optionally 
provide job title, mailing address and phone numbers. The comments or 
input provided may contain other personal information, although the 
comment submission instructions advise commenters not to include 
additional personal or confidential information.
    This system excludes comments or input for which the Treasury has 
received and either has approved or not yet decided a Freedom of 
Information Act or Privacy Act Request.

RECORDS SOURCE CATEGORIES:
    Individuals and organizations providing comments or other input to 
the Treasury.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under the 
Privacy Act of 1974, 5 U.S.C. 552a(b), records and/or information or 
portions thereof maintained as part of this system may be disclosed 
outside Treasury as a routine use pursuant to 5 U.S.C. 552a(b)(3) as 
follows:
    (1) To appropriate federal, state, local, and foreign agencies for 
the purpose of enforcing and investigating administrative, civil or 
criminal law relating to the hiring or retention of an employee; 
issuance of a security clearance, license, contract, grant or other 
benefit;
    (2) To a court, magistrate, or administrative tribunal in the 
course of presenting evidence, including disclosures to opposing 
counsel or witnesses in the course of or in preparation for civil 
discovery, litigation, or settlement negotiations, in response to a 
court order where relevant or potentially relevant to a proceeding, or 
in connection with criminal law proceedings;
    (3) To a contractor for the purpose of compiling, organizing, 
analyzing, programming, or otherwise refining records to accomplish an 
agency function subject to the same limitations applicable to U.S. 
Department of the Treasury officers and employees under the Privacy 
Act;
    (4) To a congressional office from the records of an individual in 
response to an inquiry from that congressional office made pursuant to 
a written Privacy Act waiver at the request of the individual to whom 
the records pertain;
    (5) To third parties during the course of an investigation to the 
extent necessary to obtain information pertinent to the investigation;
    (6) To the Office of Personnel Management, Merit Systems Protection 
Board, Equal Employment Opportunity Commission, Federal Labor Relations 
Authority, and the Office of Special Counsel for the purpose of 
properly administering Federal personnel systems or other agencies' 
systems in accordance with applicable laws, Executive Orders, and 
regulations;
    (7) To the National Archives and Records Administration (NARA) or 
General Services Administration pursuant to records management 
inspections being conducted under the authority of 44 U.S.C. 2904 and 
2906;
    (8) To other Federal agencies or entities when the disclosure of 
the existence of the individual's security clearance is needed for the 
conduct of government business, and
    (9) To appropriate agencies, entities, and person when (1) the 
Department of the Treasury and/or Departmental Offices suspects or has 
confirmed that there has been a breach of the system of records; (2) 
the Department of the Treasury and/or Departmental Offices has 
determined that as a result of the suspected or confirmed breach there 
is a risk of harm to individuals, the Department of the Treasury and/or 
Departmental Offices (including its information systems, programs, and 
operations), the Federal Government, or national security; and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with the Department of the Treasury's 
and/or Departmental Offices' efforts to respond to the suspected or 
confirmed breach or to prevent, minimize, or remedy such harm;
    (10) To another Federal agency or Federal entity when the 
Department of the Treasury and/or Departmental Offices determines that 
information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach;
    (11) To General Services Administration for purposes of operating 
the E-Rulemaking system.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records in this system are stored electronically or on paper in 
secure facilities in a locked drawer behind a locked door.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by an individual's name, social security 
number, email address, electronic identification number and/or access/
security badge number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    The retention and disposal period depends on the nature of the 
comments

[[Page 1200]]

or input provided to the Treasury. For example, comments that pertain 
to a Treasury proposed rule becomes part of the Treasury's central 
files and are kept permanently. Other input to the Treasury may be kept 
between one and 10 years, depending on the subject matter.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records in this system are safeguarded in accordance with 
applicable rules and policies, including all applicable Treasury 
automated systems security and access policies. Strict controls have 
been imposed to minimize the risk of compromising the information that 
is being stored. Access to the computer system containing the records 
in this system is limited to those individuals who have a need to know 
the information for the performance of their official duties and who 
have appropriate clearances.
    Entrance to data centers and support organization offices is 
restricted to those employees whose work requires them to be there for 
the system to operate. Identification (ID) cards are verified to ensure 
that only authorized personnel are present. Disclosure of information 
through remote terminals is restricted through the use of passwords and 
sign-on protocols which are periodically changed. Reports produced from 
the remote printers are in the custody of personnel and financial 
management officers and are subject to the same privacy controls as 
other documents of similar sensitivity. Access is limited to authorized 
employees. Paper records are maintained in locked safes and/or file 
cabinets. Electronic records are password-protected. During non-work 
hours, records are stored in locked safes and/or cabinets in a locked 
room.
    Protection and control of any sensitive but unclassified (SBU) 
records are in accordance with TD P 71-10, Department of the Treasury 
Security Manual. Access to the records is available only to employees 
responsible for the management of the system and/or employees of 
program offices who have a need for such information.
    The GSA information technology system that hosts regulations.gov 
and FDMS is in a facility protected by physical walls, security guards, 
and requiring identification badges. Rooms housing the information 
technology system infrastructure are locked, as are the individual 
server racks. All security controls are reviewed on a periodic basis by 
external assessors. The controls themselves include measures for access 
control, security awareness training, audits, configuration management, 
contingency planning, incident response, and maintenance.
    Records in FDMS are maintained in a secure, password protected 
electronic system that utilizes security hardware and software to 
include multiple firewalls, active intrusion detection, encryption, 
identification and authentication of users.
    Partner agencies manage their own access to FDMS through their 
designated partner agency account managers. Each designated partner 
agency account manager has access to FDMS. This level of access enables 
them to establish, manage, and terminate user accounts limited to their 
own agency.

RECORDS ACCESS PROCEDURES:
    See ``Notification Procedures'' below.

CONTESTING RECORDS PROCEDURES:
    See ``Notification Procedures'' below.

NOTIFICATION PROCEDURES:
    Individuals seeking notification and access to any records 
contained in the system of records, or seeking to contest its content, 
may inquire in accordance with instructions pertaining to individual 
Treasury components appearing at 31 CFR part 1, subpart C, appendix A.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.
[FR Doc. 2020-00145 Filed 1-8-20; 8:45 am]
 BILLING CODE 4810-25-P