[Federal Register Volume 85, Number 222 (Tuesday, November 17, 2020)]
[Notices]
[Pages 73353-73356]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-25298]


-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY


Privacy Act of 1974; System of Records

AGENCY: Department of the Treasury.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, as amended, the Department is publishing its modified Privacy Act 
systems of record.

DATES: Submit comments on or before December 17, 2020.

ADDRESSES: Comments may be submitted to the Federal eRulemaking Portal 
electronically at http://www.regulations.gov. Comments can also be sent 
to the Deputy Assistant Secretary for Privacy, Transparency, and 
Records, Department of the Treasury, 1500 Pennsylvania Avenue NW, 
Washington, DC 20220, Attention: Revisions to Privacy Act Systems of 
Records. All comments received, including attachments and other 
supporting documents, are part of the public record and subject to 
public disclosure. All comments received will be posted without change 
to www.regulations.gov, including any personal information provided. 
You should submit only information that you wish to make publicly 
available.

FOR FURTHER INFORMATION CONTACT: For general questions and for privacy 
issues please contact: Ryan Law, Deputy Assistant Secretary for 
Privacy, Transparency, and Records (202-622-5710), Department of the 
Treasury, 1500 Pennsylvania Avenue NW, Washington, DC 20220.

SUPPLEMENTARY INFORMATION: Pursuant to the Privacy Act of 1974, 5 
U.S.C. 552 and the Office of Management and Budget (OMB) Circular No. 
A-130, the Department of the Treasury has completed a review of 
Treasury .015--General Information Technology Access Account Records 
Privacy Act system of records notice to identify minor changes that 
will more accurately describe the record. Minor changes throughout the 
document are editorial in nature and consist principally of changes to 
system locations, system manager addresses, and revisions to titles. 
The notice was last published in its entirety on November 7, 2016, at 
81 FR 78266.
    The categories of records have been updated to include such 
information as driver's license numbers, photographs, and universally 
unique identifier (UUID). Finally, the routine uses have been updated 
to include the breach response routine uses (M) and (N) published at 85 
FR 36460 in accordance with OMB M-17-12 for the disclosure of 
information necessary to respond to a breach either of Treasury's PII 
or, appropriate, to assist another agency in its response to a breach.
    The system enables Treasury to maintain: Account information 
required for approved access to information technology; contractor-
provided identity proofing, authentication, and group affiliation 
verification in support of Treasury Bureaus and Departmental Offices; 
lists of individuals who are appropriate organizational points of 
contact; and lists of individuals who are emergency points of contact. 
In addition, the system will enable Treasury to collect records 
allowing individuals access to specific meetings and programs where 
supplemental information is required and, where appropriate, to 
facilitate collaboration by allowing individuals in the same 
operational program to share information.
    Treasury has provided a report of this system of records to the 
Committee on Oversight and Government Reform of the House of 
Representatives, the Committee on Homeland Security and Governmental 
Affairs of the Senate, and OMB, pursuant to 5 U.S.C. 552a(r) and OMB 
Circular A-108, ``Federal Agency Responsibilities for Review, 
Reporting, and Publication under the Privacy Act,'' dated December 23, 
2016.

Ryan Law,
Deputy Assistant Secretary for Privacy, Transparency, and Records.

SYSTEM NAME AND NUMBER:
    Department of the Treasury .015--General Information Technology 
Access Account Records.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The records are located at Main Treasury and in other Treasury 
bureaus and offices, both in Washington, DC and at field locations as 
follows:
    (1) Departmental Offices: 1500 Pennsylvania Ave. NW, Washington, DC 
20220;
    (2) Alcohol and Tobacco Tax and Trade Bureau: 1310 G St. NW, 
Washington, DC 20220.
    (3) Office of the Comptroller of the Currency: Constitution Center, 
400 Seventh St. SW, Washington, DC 20024;
    (4) Fiscal Service: Liberty Center Building, 401 14th St. SW, 
Washington, DC 20227;
    (5) Internal Revenue Service: 1111 Constitution Ave. NW, 
Washington, DC 20224;
    (6) United States Mint: 801 Ninth St. NW, Washington, DC 20220;
    (7) Bureau of Engraving and Printing: Eastern Currency Facility, 
14th and C Streets SW, Washington, DC 20228 and Western Currency 
Facility, 9000 Blue Mound Rd., Fort Worth, TX 76131;
    (8) Financial Crimes Enforcement Network: Vienna, VA 22183;
    (9) Special Inspector General for the Troubled Asset Relief Program 
(SIGTARP): 1801 L St. NW, Washington, DC 20220;
    (10) Office of Inspector General: 740 15th St. NW, Washington, DC 
20220; and
    (11) Office of the Treasury Inspector General for Tax 
Administration: 1125 15th St. NW, Suite 700A, Washington, DC 20005.

SYSTEM MANAGER(S):
    DASIT/CIO, Department of the Treasury, 1500 Pennsylvania Ave. NW, 
Washington, DC 20220.

[[Page 73354]]

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    44 U.S.C. 3101; E.O. 9397, as amended by E.O. 13487; and 44 U.S.C. 
3534.

PURPOSE(S) OF THE SYSTEM:
    This system will allow Treasury to collect a discrete set of 
personally identifiable information to allow authorized individuals 
(including members of the public) access to, or interact with, Treasury 
information technology resources, and allow Treasury to track use of 
its information technology resources. The system enables Treasury to 
maintain: Account information required for approved access to 
information technology; lists of individuals who are appropriate 
organizational points of contact; and lists of individuals who are 
emergency points of contact. The system will also enable Treasury to 
provide individuals access to certain meetings and programs where 
additional information is required and, where appropriate, facilitate 
collaboration by allowing individuals in the same operational program 
to share information.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
     All persons who are authorized to access Treasury 
information technology resources (either directly or via contractor-
provided validation services), including employees, contractors, 
grantees, fiscal agents, financial agents, interns, detailees, members 
of the public, and any lawfully designated representative of the above 
as well as representatives of federal, state, territorial, tribal, 
local, international, or foreign government agencies or entities, in 
furtherance of the Treasury mission.
     Individuals who serve on Treasury boards and committees;
     Individuals who provide personal information to Treasury 
or a Treasury contractor to facilitate access to Treasury information 
technology resources;
     Industry points-of-contact providing business contact 
information for conducting business with government agencies;
     Industry points-of-contact emergency contact information 
in case of an injury or medical notification;
     Individuals who voluntarily join a Treasury-owned and 
operated web portal for collaboration purposes; and
     Individuals who request access but are denied, or who have 
had their access to Treasury information systems revoked.

CATEGORIES OF RECORDS IN THE SYSTEM:
     Driver's License Numbers;
     Photographs;
     Universally Unique Identifier (UUID) or other assigned 
identifier;
     Social Security number;
     Business name;
     Job title;
     Business contact information;
     Personal contact information;
     Pager numbers;
     Others phone numbers or contact information provided by 
individuals while on travel or otherwise away from the office or home;
     Citizenship;
     Level of access;
     Home addresses;
     Business addresses;
     Personal and business electronic mail addresses of senders 
and recipients;
     Justification for access to Treasury computers, networks, 
or systems;
     Verification of training requirements or other 
prerequisite requirements for access to Treasury computers, networks, 
or systems;
     Records on the authentication of a request for access to a 
Treasury IT resource, including names, phone numbers of other contacts, 
and positions or business/organizational affiliations and titles of 
individuals who can verify an individual's need for access to a 
Treasury IT resource and validate their identity before access is 
granted.
     Records on access to Treasury computers and networks 
including user IDs and passwords;
     Registration numbers or IDs associated with Treasury 
information technology resources;
     Date and time of access to Treasury IT resources;
     Tax returns and tax return information;
     Logs of activity when accessing and using Treasury 
information technology resources;
     Internet Protocol address of visitors to Treasury websites 
(a unique number identifying the computer from which a member of the 
public or others access Treasury IT resources); and
     Logs of individuals' internet activity while using 
Treasury IT resources.

RECORD SOURCE CATEGORIES:
    Information contained in this system is obtained from affected 
individuals, organizations, and facilities; public source data; other 
government agencies; and information already in other Treasury records 
systems.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    Disclosure of tax returns and tax return information may be made 
only as allowed by 26 U.S.C. 6103. In addition to those disclosures 
generally permitted under 5 U.S.C. 552a (b) of the Privacy Act, all or 
a portion of the records or information contained in this system may be 
disclosed outside Treasury as a routine use pursuant to 5 U.S.C. 552a 
(b) (3), as follows:
    A. To the Department of Justice (including United States Attorneys' 
Offices) or other federal agencies conducting litigation or in 
proceedings before any court or adjudicative or administrative body, 
when it is relevant or necessary to the litigation and one of the 
following is a party to the litigation or has an interest in such 
litigation:
    1. Treasury or any component thereof;
    2. Any employee of Treasury in his/her official capacity;
    3. Any employee of Treasury in his/her individual capacity where 
the Department of Justice or Treasury has agreed to represent the 
employee; or
    4. The United States or any agency thereof.
    B. To a congressional office from the record of an individual in 
response to an inquiry from that congressional office made at the 
request of the individual to whom the record pertains.
    C. To the National Archives and Records Administration or General 
Services Administration pursuant to records management inspections 
being conducted under the authority of 44 U.S.C. 2904 and 2906.
    D. To an agency or organization for the purpose of performing audit 
or oversight operations as authorized by law, but only such information 
as is necessary and relevant to such audit or oversight function.
    E. To appropriate agencies, entities, and persons when:
    1. Treasury suspects or has confirmed that the security or 
confidentiality of information in the system of records has been 
compromised;
    2. The disclosure made to such agencies, entities, and persons as 
is reasonably necessary to assist in connection with Treasury's efforts 
to respond to the suspected or confirmed compromise and prevent, 
minimize, or remedy such harm.
    F. To contractors and their agents, grantees, experts, consultants, 
fiscal agent, financial agents, and others performing or working on a 
contract, service, grant, cooperative agreement, or other assignment 
for Treasury, when necessary to accomplish an agency function related 
to this system of records. Individuals provided information under this 
routine use are subject to the same Privacy Act requirements and 
limitations on

[[Page 73355]]

disclosure as are applicable to Treasury officers and employees.
    G. To an appropriate federal, state, tribal, local, international, 
or foreign law enforcement agency or other appropriate authority 
charged with investigating or prosecuting a violation or enforcing or 
implementing a law, rule, regulation, or order, where a record, either 
on its face or in conjunction with other information, indicates a 
violation or potential violation of law, which includes criminal, 
civil, or regulatory violations and such disclosure is proper and 
consistent with the official duties of the person making the 
disclosure.
    H. To sponsors, employers, contractors, facility operators, 
grantees, experts, fiscal agents, financial agents, and consultants in 
connection with establishing an access account for an individual or 
maintaining appropriate points of contact and when necessary to 
accomplish a Treasury mission function or objective related to this 
system of records.
    I. To other individuals in the same operational program supported 
by an information technology resource, where appropriate notice to the 
individual has been made that his or her contact information will be 
shared with other members of the same operational program in order to 
facilitate collaboration.
    J. To federal agencies such as the Office of Personnel Management, 
the Merit Systems Protection Board, the Office of Management and 
Budget, the Federal Labor Relations Authority, the Government 
Accountability Office, and the Equal Employment Opportunity Commission 
in the fulfillment of these agencies' official duties.
    K. To international, federal, state, local, tribal, or private 
entities for the purpose of the regular exchange of business contact 
information in order to facilitate collaboration for official business.
    L. To the news media and the public, with the approval of the 
Senior Agency Official for Privacy, or her designee, in consultation 
with counsel, when there exists a legitimate public interest in the 
disclosure of the information or when disclosure is necessary to 
preserve confidence in the integrity of Treasury or is necessary to 
demonstrate the accountability of Treasury's officers, employees, or 
individuals covered by the system, except to the extent it is 
determined that release of the specific information in the context of a 
particular case would constitute an unwarranted invasion of personal 
privacy.
    M. To appropriate agencies, entities, and persons when (1) the 
Department of the Treasury and/or Treasury bureau suspects or has 
confirmed that there has been a breach of the system of records; (2) 
the Department of the Treasury and/or Treasury bureau has determined 
that as a result of the suspected or confirmed breach there is a risk 
of harm to individuals, the Department of the Treasury and/or Treasury 
bureau(s) (including its information systems, programs, and 
operations), the Federal Government, or national security; and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with the Department of the Treasury's 
and/or Treasury bureau's efforts to respond to the suspected or 
confirmed breach or to prevent, minimize, or remedy such harm;
    N. To another Federal agency or Federal entity, when the Department 
of the Treasury and/or Treasury bureau determines that information from 
this system of records is reasonably necessary to assist the recipient 
agency or entity in (1) responding to a suspected or confirmed breach 
or (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records in this system are on paper and/or in digital or other 
electronic form. Digital and other electronic images are stored on a 
storage area network in a secured environment. Records, whether paper 
or electronic, may be stored at the Treasury Headquarters or at the 
bureau or office level.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by an identification number assigned by 
computer, by facility, by business affiliation, email address, or by 
the name of the individual, or other employee data fields previously 
identified in this System of Records Notice.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are securely retained and disposed of in accordance with 
the National Archives and Records Administration's General Records 
Schedule 24, section 6, ``User Identification, Profiles, 
Authorizations, and Password Files.'' Inactive records will be 
destroyed or deleted 6 years after the user account is terminated or 
password is altered, or when no longer needed for investigative or 
security purposes, whichever is later.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Information in this system is safeguarded in accordance with 
applicable laws, rules, and policies, including Treasury Directive 85-
01, Department of the Treasury Information Technology (IT) Security 
Program. Further, Treasury .015--General Information Technology Access 
Account Records system of records security protocols will meet multiple 
National Institute of Standards and Technology security standards from 
authentication to certification and authorization. Records in the 
Treasury .015--General Information Technology Access Account Records 
system of records will be maintained in a secure, password protected 
electronic system that will utilize security hardware and software to 
include: Multiple firewalls, active intruder detection, and role-based 
access controls. Additional safeguards will vary by component and 
program. All records are protected from unauthorized access through 
appropriate administrative, physical, and technical safeguards. These 
safeguards include restricting access to authorized personnel who have 
a ``need to know,'' using locks, and password protection identification 
features. Treasury file areas are locked after normal duty hours and 
the facilities are protected by security personnel who monitor access 
to and egress from Treasury facilities.

RECORD ACCESS PROCEDURES:
    See ``Notification Procedures'' below.

CONTESTING RECORD PROCEDURES:
    See ``Notification Procedures'' below.

NOTIFICATION PROCEDURES:
    Individuals seeking notification of and access to any record 
contained in this system of records, or seeking to contest its content, 
may submit a request in writing, in accordance with Treasury's Privacy 
Act regulations (located at 31 CFR 1.26), to the Freedom of Information 
Act (FOIA) and Transparency Liaison, whose contact information can be 
found at http://www.treasury.gov/FOIA/Pages/index.aspx under ``FOIA 
Requester Service Centers and FOIA Liaison.'' If an individual believes 
more than one bureau maintains Privacy Act records concerning him or 
her, the individual may submit the request to the Office of Privacy, 
Transparency, and Records, FOIA and Transparency, Department of

[[Page 73356]]

the Treasury, 1500 Pennsylvania Ave. NW, Washington, DC 20220.
    No specific form is required, but a request must be written and:
     Be signed and either notarized or submitted under 28 
U.S.C. 1746, a law that permits statements to be made under penalty of 
perjury as a substitute for notarization;
     State that the request is made pursuant to the FOIA and/or 
Privacy Act disclosure regulations;
     Include information that will enable the processing office 
to determine the fee category of the user;
     Addressed to the bureau that maintains the record (in 
order for a request to be properly received by the Department, the 
request must be received in the appropriate bureau's disclosure 
office);
     Reasonably describe the records;
     Give the address where the determination letter is to be 
sent;
     State whether or not the requester wishes to inspect the 
records or have a copy made without first inspecting them; and
     Include a firm agreement from the requester to pay fees 
for search, duplication, or review, as appropriate. In the absence of a 
firm agreement to pay, the requester may submit a request for a waiver 
or reduction of fees, along with justification of how such a waiver 
request meets the criteria for a waiver or reduction of fees found in 
the FOIA statute at 5 U.S.C. 552(a)(4)(A)(iii).
    You may also submit your request online at https://rdgw.treasury.gov/foia/pages/gofoia.aspx and call 1-202-622-0930 with 
questions.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    Notice of this system of records was last published in full in the 
Federal Register on November 7, 2016 (81 FR 78266) as the Department of 
the Treasury .015--General Information Technology Access Account 
Records

[FR Doc. 2020-25298 Filed 11-16-20; 8:45 am]
BILLING CODE 4810-25-P