68 FR 23 pgs. 5691-5695 - Privacy Act of 1974, as Amended; System of Records
Type: NOTICEVolume: 68Number: 23Pages: 5691 - 5695
FR document: [FR Doc. 03-2521 Filed 2-3-03; 8:45 am]
Agency: Treasury Department
Sub Agency: Financial Management Service
Official PDF Version: PDF Version
DEPARTMENT OF THE TREASURY
Financial Management Service
Privacy Act of 1974, as Amended; System of Records
AGENCY:
Financial Management Service, Treasury.
ACTION:
Notice of proposed new system of records.
SUMMARY:
In accordance with the Privacy Act of 1974, as amended, the Financial Management Service gives notice of a proposed new Privacy Act system of records entitled "Treasury/FMS .017-Collections Records."
DATES:
Comments must be received no later than March 6, 2003. The proposed new system of records will become effective March 17, 2003 unless comments are received which would result in a contrary determination.
ADDRESSES:
You should send your comments to Robert Spiegel, Disclosure Officer, Financial Management Service, 401 14th Street, SW., Washington, DC 20227. Comments received will be available for inspection at the same address between the hours of 9 a.m. and 4 p.m. Monday through Friday. You may send your comments by electronic mail to robert.spiegel@fms.treas.gov.
FOR FURTHER INFORMATION CONTACT:
Robert Spiegel, Disclosure Officer, (202) 874-6837.
SUPPLEMENTARY INFORMATION:
Pursuant to the Privacy Act of 1974, as amended, 5 U.S.C. 552a, the Financial Management Service (FMS) is proposing to establish a new system of records entitled "Collection Records -Treasury/FMS .017." FMS collects more than $2 trillion in Federal receipts through a network of more than 10,000 financial institutions. It manages the collection of Federal receipts such as taxes, customs duties, loan repayments, fines, fees, and lease payments. Citizens and others make payments to the Federal government in a variety of ways. Many people mail a check to a post office box, known as a "lockbox," which is managed by a financial institution as the financial agent of the Department of the Treasury. Some people pay over-the-counter for goods and services at the time of receipt of those goods or services. Others make payments electronically by credit card, debit card, or by authorizing the government to debit their bank account. FMS offers a variety of cost-efficient ways by which Federal agencies may collect receipts due from the public to the government while ensuring that information pertaining to such collections remains secure and confidential.
FMS continually seeks to modernize the government collections program. Through its electronic money program, FMS is initiating new collection mechanisms using the Internet or other communications networks to help Federal agencies modernize their collection activities. For example, through an Internet site known as "Pay.gov," a person can authorize a payment to the government via the Internet. Electronic Federal Tax Payment System, or "EFTPS," allows taxpayers to authorize the payment of certain types of taxes on-line. In both cases, the payor submits information to a government Web site, which allows the government to debit the person's bank account or charge the person's credit card. The process used by the government and the information collected from payors is similar to how the private sector handles commercial transactions over the Internet. Another type of electronic collection mechanism known as "paper check conversion" allows the government to convert a paper check to an Automated Clearing House (ACH) debit, that is, to an electronic debit of the payor's checking account, as is done in the private sector. With better technology, FMS expects to develop new collections vehicles in the future.
FMS's electronic money programs are developed to efficiently facilitate the collection and reporting of receipts from the public in accordance with legal authorities. Simultaneously, FMS seeks to protect the government and the public from risks such as the unauthorized use of electronic payment methods, identity theft, and inadvertent disclosure of confidential information. The records covered by the proposed system are necessary not only to process financial transactions, but to authenticate the identity of someone electronically authorizing a payment to the government and to verify the payor's ability to make the payment authorized.
Thus, the records are collected and maintained for three primary reasons. First, in order to process a payment electronically, a payor needs to submit his or her name and bank account or credit card account information. Without such information, FMS would not be able to process the payment as requested by the individual authorizing the payment.
Second, to authenticate the identity of the person initiating the electronic transaction ( i.e. , user claiming to be "John Doe" is, in fact, "John Doe"), FMS may, in some instances, require some or all of the following additional information from an individual: date of birth; driver's license number; employer's name, address and telephone number (currently, employer information is not mandatory); user name, password, and/or unique question and answer chosen by the person using the Internet to initiate the electronic transaction. The information collected and maintained for a particular transaction will depend upon the level of risk associated with the transaction. FMS will work with the Federal agency for which collections are being made to determine the financial risk associated with a transaction, as well as the risk of identity theft. For example, if an individual is paying an obligation, such as a student loan, an agency may need less information than in the case of someone purchasing goods from the government. The agency may determine there is a lower likelihood that someone would pay a bill fraudulently than there is that someone would purchase goods in a one-time non-recurring transaction with the government. This is not to minimize the amount of security associated with an electronic loan repayment process, which in any event will be stringent, but to note that less personal information may be needed in order to provide the degree of security required for a particular transaction type. FMS recognizes that security needs must always be balanced with privacy concerns, and therefore, seeks to limit personal information requirements to only what is needed to securely process transactions.
Third, to verify the financial and other information provided by the person initiating the electronic transaction and to evaluate the payor's ability to make the payment authorized (for example, to verify the validity of the payor's credit card account information), FMS may compare information submitted with information available in FMS's electronic transaction historical database or commercial databases used for verification purposes, much like a store clerk determines whether someone paying by paper check has a history of writing bad checks. The ability to research historical transaction information will help eliminate the risk of fraudulent activity, such as the purchase of government products using an account with insufficient funds or using a stolen identity. By collecting and maintaining a certain amount of unique personal information about an individual who purchases goods from the government, FMS can help ensure that the individual's sensitive financial information will not be fraudulently accessed or used by anyone other than the individual.
The authentication of identity and verification of account information is required under FMS's regulation governing Federal agencies' use of the ACH system ( see 31 CFR part 210). Part 210, which incorporates the private sector rules governing ACH transactions, requires a debit to a consumer's account to be authorized in writing and signed or similarly authenticated. For the "similarly authenticated" standard to be met, the process of obtaining a consumer's authorization electronically must provide evidence of both the consumer's identity and his or her assent to the transaction. In addition, the rules governing ACH debits initiated over the Internet require that an agency employ a "commercially reasonable fraudulent transaction detection system to screen each entry" and use "commercially reasonable procedures to verify that (bank account) routing numbers are valid." An agency is required to retain a copy of each authorization for two years. The information collected and maintained for authentication and verification purposes is intended to assist agencies in meeting the requirements of part 210.
In addition to the purposes cited above, the information contained in the covered records will be used for collateral purposes related to the processing of financial transactions, such as collection of statistical information on operations, development of computer systems, investigation of unauthorized or fraudulent activity related to electronic transactions, and the collection of debts arising out of such activity.
Thus, the information contained in the records covered by FMS's proposed system of records and FMS's use of the information is necessary to process financial transactions while protecting the government and the public from financial risks that could be associated with electronic transactions. It is noted that the proposed system covers records obtained in connection with various mechanisms that are either used currently or may be used in the future for electronic financial transactions. Not every transaction will require the collection or disclosure of all of the information listed under "Categories of records in the system." The categories of records cover the broad spectrum of information that might be connected to various types of transactions. FMS has attempted to cover the information needed for the types of transactions processed in today's technological environment, as well as some or all of the information that might be required in connection with future yet-to-be developed collections mechanisms or future security needs. Security needs are constantly changing with the evolution of technology. FMS is aware that the information used today to authenticate an individual and verify a transaction may need to be upgraded in the future.
FMS recognizes the sensitive nature of the confidential information it obtains when collecting receipts from the public and has many safeguards in place to protect the information from theft or inadvertent disclosure. When appropriate, FMS's contractual arrangements with commercial database vendors include provisions that preclude the vendors from retaining, disclosing, and using for other purposes the information provided by FMS to the vendor. In addition to various procedural and physical safeguards, access to computerized records is limited, through the use of encryption, access codes, and other internal mechanisms, to those whose official duties require access solely for the purposes outlined in the proposed system. Access to the system is granted only as authorized by a security manager after security background checks. The information in the Collections Records system will allow the public to enjoy the benefits of electronic payment authorization while minimizing the risks of identity theft, fraudulent transactions, and the loss of public funds.
The new system of records report, as required by 5 U.S.C. 552a(r) of the Privacy Act, has been submitted to the Committee on Government Reform of the House of Representatives, the Committee on Governmental Affairs of the Senate, and the Office of Management and Budget, pursuant to Appendix I to OMB Circular A-130, "Federal Agency Responsibilities for Maintaining Records About Individuals," dated November 30, 2000.
For the reasons set forth in the preamble, FMS proposes a new system of records Treasury/FMS .017-Collections Records which is published in its entirety below.
Dated: January 29, 2003.
W. Earl Wright, Jr.,
Chief Management and Administrative Programs Officer.
Treasury/FMS .017
System name:
Collections Records-Treasury/Financial Management Service.
System location:
Records are located at the Financial Management Service, U.S. Department of the Treasury, Liberty Center Building (Headquarters), 401 14th Street, SW., Washington, DC 20227. Records are also located throughout the United States at various Federal Reserve Banks and financial institutions, which act as Treasury's fiscal and financial agents. The address(es) of the fiscal and financial agents may be obtained from the system manager below.
Categories of individuals covered by the system:
Individuals who electronically authorize payments to the Federal government through the use of communication networks, such as the Internet, via means such as Automated Clearing House (ACH), check conversion, credit card, and/or stored value card.
Categories of records in the system:
Collections records containing information about individuals who electronically authorize payments to the Federal government to the extent such records are covered by the Privacy Act of 1974. The records may contain identifying information, such as an individual's name(s), taxpayer identifying number ( i.e. , social security number or employer identification number), home address, home telephone number, and personal e-mail address (home and work); an individual's employer's name, address, telephone number, and e-mail address; an individual's date of birth and driver's license number; information about an individual's bank account(s) and other types of accounts from which payments are made, such as financial institution routing and account number; credit card numbers; information about an individual's payments made to or from the United States (or to other entities such as private contractors for the Federal government), including the amount, date, status of payments, payment settlement history, and tracking numbers used to locate payment information; user name and password assigned to an individual; other information used to identify and/or authenticate the user of an electronic system to authorize and make payments, such as a unique question and answer chosen by an individual; information concerning the authority of an individual to use an electronic system (access status) and the individual's historical use of the electronic system. The records also may contain information about the governmental agency to which payment is made and information required by such agency as authorized or required by law.
The information contained in the records covered by FMS's proposed system of records is necessary to process financial transactions while protecting the government and the public from financial risks that could be associated with electronic transactions. It is noted that the proposed system covers records obtained in connection with various mechanisms that are either used currently or may be used in the future for electronic financial transactions. Not every transaction will require the maintenance of all of the information listed in this section. The categories of records cover the broad spectrum of information that might be connected to various types of transactions.
Authority for maintenance of the system:
5 U.S.C. 301; 31 U.S.C. 321; 31 U.S.C. chapter 33; 31 U.S.C. 3720
Purpose(s):
The purpose of this system is to maintain records about individuals who electronically authorize payments to the Federal government. The information contained in the records is maintained for the purpose of facilitating the collection and reporting of receipts from the public to the Federal government and to minimize the financial risk to the Government and the public of unauthorized use of electronic payment methods. Examples of payment mechanisms authorized electronically include ACH, check conversion, credit card, or stored value cards. Individuals may authorize payments using paper check conversion or Internet-based systems through programs such as " Pay.gov " and "Electronic Federal Taxpayer Payment System (EFTPS)." The information also is maintained to:
(a) Provide collections information to the Federal agency collecting the public receipts;
(b) Authenticate the identity of individuals who electronically authorize payments to the Federal government;
(c) Verify the payment history and eligibility of individuals to electronically authorize payments to the Federal government;
(d) Provide statistical information on collections operations;
(e) Test and develop enhancements to the computer systems that contain the records; and
(f) Collect debts owed to the Federal government from individuals when the debt arises from the unauthorized use of electronic payment methods.
FMS's use of the information contained in the records is necessary to process financial transactions while protecting the government and the public from financial risks that could be associated with electronic transactions. The records are collected and maintained for three primary reasons. First, in order to process a payment electronically, a payor needs to submit his or her name and bank account or credit card account information. Without such information, FMS would not be able to process the payment as requested by the individual authorizing the payment. Second, to authenticate the identity of the person initiating the electronic transaction, FMS may, in some instances, require some or all of the information described in "Categories of records in the system," above, depending upon the level of risk associated with a particular type of transaction. Third, to verify the financial and other information provided by the person initiating the electronic transaction and to evaluate the payor's ability to make the payment authorized, FMS may compare information submitted with information available in FMS's electronic transaction historical database or commercial databases used for verification purposes, much like a store clerk determines whether someone paying by paper check has a history of writing bad checks. The ability to research historical transaction information will help eliminate the risk of fraudulent activity, such as the purchase of government products using an account with insufficient funds or using a stolen identity. By collecting and maintaining a certain amount of unique personal information about an individual who purchases goods from the government, FMS can help ensure that the individual's sensitive financial information will not be fraudulently accessed or used by anyone other than the individual.
In addition, the information contained in the covered records will be used for collateral purposes related to the processing of financial transactions, such as collection of statistical information on operations, development of computer systems, investigation of unauthorized or fraudulent activity related to electronic transactions, and the collection of debts arising out of such activity.
Routine uses of records maintained in the system, including categories of users and the purposes of such uses:
These records may be used to disclose information to:
(1) Appropriate Federal, state, local or foreign agencies responsible for investigating or prosecuting the violation of, or for enforcing or implementing, a statute, rule, regulation, order, or license, but only if the investigation, prosecution, enforcement or implementation concerns a transaction(s) or other event(s) that involved (or contemplates involvement of), in whole or part, an electronic method of collecting receipts for the Federal government. The records and information may also be disclosed to commercial database vendors to the extent necessary to obtain information pertinent to such an investigation, prosecution, enforcement or implementation.
(2) Commercial database vendors for the purposes of authenticating the identity of individuals who electronically authorize payments to the Federal government, to obtain information on such individuals' payment or check writing history, and for administrative purposes, such as resolving a question about a transaction. For purposes of this notice, the term "commercial database vendors" means vendors who maintain and disclose information from consumer credit, check verification, and address databases.
(3) A court, magistrate, or administrative tribunal, in the course of presenting evidence, including disclosures to opposing counsel or witnesses, for the purpose of civil discovery, litigation, or settlement negotiations or in response to a subpoena, where arguably relevant to the litigation, or in connection with criminal law proceedings.
(4) A congressional office in response to an inquiry made at the request of the individual to whom the record pertains.
(5) Fiscal agents, financial agents, financial institutions, and contractors for the purpose of performing financial management services, including, but not limited to, processing payments, investigating and rectifying possible erroneous reporting information, creating and reviewing statistics to improve the quality of services provided, conducting debt collection services, or developing, testing and enhancing computer systems.
(6) Federal agencies, their agents and contractors for the purposes of facilitating the collection of receipts, determining the acceptable method of collection, the accounting of such receipts, and the implementation of programs related to the receipts being collected.
(7) Federal agencies, their agents and contractors, credit bureaus, and employers of individuals who owe delinquent debt for the purpose of garnishing wages only when the debt arises from the unauthorized use of electronic payment methods. The information will be used for the purpose of collecting such debt through offset, administrative wage garnishment, referral to private collection agencies, litigation, reporting the debt to credit bureaus, or for any other authorized debt collection purpose.
(8) Financial institutions, including banks and credit unions, and credit card companies for the purpose of collections and/or investigating the accuracy of information required to complete transactions using electronic methods and for administrative purposes, such as resolving questions about a transaction.
Disclosure to consumer reporting agencies:
Debt information concerning a government claim against a debtor when the debt arises from the unauthorized use of electronic payment methods is also furnished, in accordance with 5 U.S.C. 552a(b)(12) and 31 U.S.C. 3711(e), to consumer reporting agencies, as defined by the Fair Credit Reporting Act, 5 U.S.C. 1681(f), to encourage repayment of a delinquent debt.
Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system: Storage:
Records are maintained in electronic media.
Retrievability:
Records are retrieved by account number (such as financial institution account number or credit card account number), name (including an authentication credential, e.g. , a user name), social security number, transaction identification number, or other alpha/numeric identifying information.
Safeguards:
All officials access the system of records on a need-to-know basis only, as authorized by the system manager after security background checks. Procedural and physical safeguards, such as personal accountability, audit logs, and specialized communications security, are utilized. Accountability and audit logs allow systems managers to track the actions of every user of the system. Each user has an individual password (as opposed to a group password) for which he or she is responsible. Thus, a system manager can identify access to the records by user. Access to computerized records is limited, through use of encryption, access codes, and other internal mechanisms, to those whose official duties require access. Storage facilities are secured by various means such as security guards, locked doors with key entry, and limited virtual access requiring a physical token.
Retention and disposal:
Records for payments and associated transactions will be retained for seven (7) years or as otherwise required by statute or court order. Audit logs of transactions will be retained for a period of six (6) months or as otherwise required by statute or court order. Records in electronic media are electronically erased using industry-accepted techniques.
System manager(s) and address:
Chief Architect, Electronic Commerce, Federal Finance, Financial Management Service, 401 14th Street, SW., Washington, DC 20227.
Notification procedure:
Inquiries under the Privacy Act of 1974, as amended, shall be addressed to the Disclosure Officer, Financial Management Service, 401 14th Street, SW., Washington, DC 20227. All individuals making inquiries should provide with their request as much descriptive matter as is possible to identify the particular record desired. The system manager will advise as to whether FMS maintains the records requested by the individual.
Record access procedures:
Individuals requesting information under the Privacy Act of 1974, as amended, concerning procedures for gaining access to or contesting records should write to the Disclosure Officer. All individuals are urged to examine the rules of the U.S. Department of the Treasury published in 31 CFR part 1, subpart C, and appendix G, concerning requirements of this Department with respect to the Privacy Act of 1974, as amended.
Contesting record procedures:
See "Record access procedures" above.
Record source categories:
Information in this system is provided by the individual on whom the record is maintained (or by his or her authorized representative), other persons who electronically authorize payments to the Federal government, Federal agencies responsible for collecting receipts, Federal agencies responsible for disbursing and issuing Federal payments, Treasury fiscal and financial agents that process collections, and commercial database vendors.
Exemptions claimed for the system:
None.
[FR Doc. 03-2521 Filed 2-3-03; 8:45 am]
BILLING CODE 4810-35-P