Privacy Act: Systems of records,

[Federal Register: June 1, 2005 (Volume 70, Number 104)]

[Notices]

[Page 31559-31561]

From the Federal Register Online via GPO Access [wais.access.gpo.gov]

[DOCID:fr01jn05-162]

DEPARTMENT OF THE TREASURY

Fiscal Service

Privacy Act of 1974, as Amended; System of Records

AGENCY: Fiscal Service, Treasury.

ACTION: Notice of proposed privacy act system of records.

SUMMARY: In accordance with the Privacy Act of 1974, as amended, the Department of the Treasury, Office of Domestic Finance, Fiscal Service gives notice of a proposed system of records. The new system contains records about individuals who apply for digital certificates under the Fiscal Service Certificate Authority which is administered under the Department of the Treasury Certificate Policy. A new Privacy Act System is proposed in order to accomplish the Department's obligations to protect privacy, to ensure the security of data and to maintain required records.

DATES: Comments must be received no later than July 1, 2005. The proposed system of records will be effective July 11, 2005, unless the Bureau of the Public Debt receives comments which would result in a contrary determination.

ADDRESSES: Send any comments to the Disclosure Officer, Administrative Resource Center, Bureau of the Public Debt, Department of the Treasury, 200 Third Street, Avery 5th, Parkersburg, WV 26101-5312. All comments received will be posted without change to http://www.publicdebt.treas.gov. The posting will include any personal

information that you provide in the submission.

FOR FURTHER INFORMATION CONTACT: For information about this document, contact Edward Gronseth, Deputy Chief Counsel, or Elizabeth Spears, Senior Attorney, in the Office of the Chief Counsel, Bureau of the Public Debt, at 304-480-8692, or Natalie Diana, Senior Attorney, in the Office of the Chief Counsel, Financial Management Service, at (202) 874-6680.

SUPPLEMENTARY INFORMATION: The Government Paperwork Elimination Act (GPEA) directs Federal agencies to implement systems that will enable the electronic collection and dissemination of information. In order to carry out the GPEA, the Department of the Treasury, Office of Domestic Finance, Fiscal Service has implemented Public Key Infrastructure (PKI) technology, known as the Fiscal Service Certificate Authority (Fiscal Service CA), to support electronic commerce between

[[Page 31560]]

the Bureau of the Public Debt (BPD) or the Financial Management Service (FMS), and their customers.

PKI is a set of hardware, software, policies and procedures used to provide several important security services for electronic business activities. PKI technology protects the integrity and confidentiality of information submitted electronically. Customers submit a request to BPD or FMS for a digital certificate, which enables the customer to download and use cryptographic software to create the encryption keys necessary for electronic identity verification and secure transactions. This digital certificate is required in order to access secure online systems that are provided through the Fiscal Service CA, such as obtaining access to services offered by BPD and FMS.

For example, the Department of the Treasury, through FMS, operates Federal payment systems and disburses approximately 85 percent of all Federal payments. All vouchers submitted to FMS for payment must be signed (certified) by a Federal program agency's duly designated certifying officer. Previously, payment requests were submitted through the Treasury Electronic Certification System (ECS), a DOS-based system. FMS is replacing ECS with the Secure Payment System (SPS). SPS is a mechanism which employs digital certificates, issued by the Fiscal Service CA, to initiate payment and certification requests providing for the positive identification of agency certifying officers who authorize vouchers for payment. SPS provides enhanced operating capabilities and much greater information integrity than ECS.

Additionally, FMS operates the Automated Standard Application for Payments (ASAP) program. ASAP is a mechanism by which FMS makes grant payments to state agencies and other authorized grantee organizations. Digital certificates will be issued to Federal employees who approve the funding amounts in grantees' accounts. The grantees will request draw downs, and delivery of Federal funds, from accounts held in the ASAP.GOV system.

FMS requires that applicants who seek access to SPS, ASAP, and other similar systems, request a digital certificate by submitting an application form. The forms are available for download from the FMS Web sites located at: http://www.fms.treas.gov.

In conjunction with the application process, the applicant will be required to submit personal information that is subject to the Privacy Act of 1974. The information collected will be used only to establish and verify the identity and eligibility of applicants for certificates. No other use of the information is permitted.

The new system of records report, as required by 5 U.S.C. 552a(r) of the Privacy Act, has been submitted to the Committee on Government Reform and Oversight of the House of Representatives, the Committee on Homeland Security and Governmental Affairs of the Senate and the Office of Management and Budget, pursuant to Appendix I to OMB Circular A-130, ``Federal Agency Responsibilities for Maintaining Records About Individuals,'' dated November 30, 2000.

The proposed Treasury .012--Fiscal Service Public Key Infrastructure, is published in its entirety below.

Dated: May 23, 2005. Nicholas Williams, Deputy Assistant Secretary for Headquarters Operations. Treasury .012

System Name:

Fiscal Service Public Key Infrastructure--Treasury.

System Location:

The system of records is located at:

(1) The Bureau of the Public Debt (BPD), U.S. Department of the Treasury, in Parkersburg, WV, and,

(2) The Financial Management Service (FMS), U.S. Department of the Treasury, Washington, DC, and Hyattsville, MD. The system managers maintain the system location of these records.

Categories of Individuals Covered By the System:

Digital certificates may be issued to any of the following individuals: A Federal agency certifying officer who authorizes vouchers for payment; Federal employees who approve the grantees' accounts; an individual authorized by a state or grantee organization to conduct business with the Fiscal Service; employees of the Fiscal Service; fiscal agents; and contractors.

Categories of Records in the System:

The system contains information needed to establish accountability and audit control of digital certificates. It also contains records that are needed to authorize an individual's access to a Treasury network. Depending on the service(s) requested by the customer, information may also include:

Personal identifiers--name, including previous name used, and aliases; organization, employer name and address; Social Security number, Tax Identification Number; physical and electronic addresses; telephone, fax, and pager numbers; bank account information (name, type, account number, routing/transit number); Federal-issued photograph ID; driver's license information or state ID information (number, state, and expiration date); military ID information (number, branch, expiration date); or passport/visa information (number, expiration date, and issuing country).

Authentication aids--personal identification number, password, account number, shared-secret identifier, digitized signature, other unique identifier.

The system contains records on public key data related to the customer, including the creation, renewal, replacement or revocation of digital certificates, including evidence provided by applicants for proof of identity and authority, sources used to verify an applicant's identity and authority, and the certificates issued, denied and revoked, including reasons for denial and revocation.

Authority for Maintenance of the System:

5 U.S.C. 301, 31 U.S.C. 321, and the Government Paperwork Elimination Act, Pub. L. 105-277.

Purposes:

We are establishing the Fiscal Service Public Key Infrastructure System to:

(1) Use electronic transactions and authentication techniques in accordance with the Government Paperwork Elimination Act;

(2) Facilitate transactions involving the transfer of information, the transfer of funds, or where parties commit to actions or contracts that may give rise to financial or legal liability, where the information is protected under the Privacy Act of 1974, as amended;

(3) Maintain an electronic system to facilitate secure, on-line communication between Federal automated systems, and between Federal employees or contractors, by using digital signature technologies to authenticate and verify identity;

(4) Provide mechanisms for non-repudiation of personal identification and access to Treasury systems including, but not limited to SPS and ASAP; and

(5) Maintain records relating to the issuance of digital certificates utilizing public key cryptography to employees and contractors for purpose of the transmission of sensitive electronic material that requires protection.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses:

These records may be disclosed to:

[[Page 31561]]

(1) Congressional offices in response to an inquiry made at the request of the individual to whom the record pertains;

(2) Appropriate Federal, State, local, or foreign agencies responsible for investigating or prosecuting the violations of, or for enforcing or implementing a statute, rule, regulation, order, or license, where the disclosing agency becomes aware of a potential violation of civil or criminal law or regulation;

(3) A court, magistrate, or administrative tribunal in the course of presenting evidence, including disclosures to opposing counsel or witnesses in the course of civil discovery, litigation, or settlement negotiations or in connection with criminal law proceedings or in response to a subpoena;

(4) A Federal, State, local or other public authority maintaining civil, criminal or other relevant enforcement information or other pertinent information, which has requested information relevant to or necessary to the requesting agency's, bureau's, or authority's, hiring or retention of an individual, or issuance of a security clearance, license, contract, grant or other benefit;

(5) Agents or contractors who have been engaged to assist the Department in the performance of a service related to this system of records and who need to have access to the records in order to perform the activity;

(6) The Department of Justice when seeking legal advice or when (a) the Department of the Treasury or (b) the disclosing agency, or (c) any employee of the disclosing agency in his or her official capacity, or (d) any employee of the agency in his or her individual capacity where the Department of Justice has agreed to represent the employee, or (e) the United States, where the disclosing agency determines that litigation is likely to affect the disclosing agency, is a party to litigation or has an interest in such litigation, and the use of such records by the Department of Justice is deemed by the agency to be relevant and necessary to the litigation; and

(7) Representatives of the National Archives and Records Administration (NARA) who are conducting records management inspections under authority of 44 U.S.C. 2904 and 2906.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System: Storage:

Records are maintained on electronic media, multiple client-server platforms that are backed-up to magnetic tape or other storage media, and/or hard copy.

Retrievability:

Records may be retrieved by name, alias name, Social Security number, Tax Identification Number, account number, or other unique identifier.

Safeguards:

These records are maintained in controlled access areas. Identification cards are verified to ensure that only authorized personnel are present. Electronic records are protected by restricted access procedures, including the use of passwords and sign-on protocols which are periodically changed. Only employees whose official duties require access are allowed to view, administer, and control these records. Copies of records maintained on computer have the same limited access as paper records.

Retention and Disposal:

Records are maintained in accordance with National Archives and Records Administration retention schedules. Paper and microform records ready for disposal are destroyed by shredding or maceration. Records in electronic media are electronically erased using accepted techniques.

System Managers and Addresses:

(1) Assistant Commissioner, Office of Information Technology, Bureau of the Public Debt, 200 Third Street, Parkersburg, WV 26101, and,

(2) Assistant Commissioner, Information Resources, and Chief Information Officer, Financial Management Service, 3700 East West Highway, Hyattsville, MD 20782.

Notification Procedure:

Individuals seeking notification and access to any record contained in the system of records, or seeking to contest its content, may inquire in accordance with instructions pertaining to individual Treasury components appearing at 31 CFR part 1, subpart C:

Appendix I for records within the custody of the Bureau of the Public Debt, and,

Appendix G for records within the custody of the Financial Management Service.

Record Access Procedures:

See ``Notification procedure'' above.

Contesting Record Procedures:

See ``Notification procedure'' above.

Record Source Categories:

The information contained in this system is provided by or verified by the subject individual of the record, as well as Federal and non- Federal sources such as private employers.

Exemptions Claimed For The System:

None.

[FR Doc. 05-10854 Filed 5-31-05; 8:45 am]

BILLING CODE 4810-39-P