AGENCY:

Department of the Treasury.

ACTION:

Notice of alteration of the Department's Privacy Act Systems of Records.

SUMMARY:

The Department of the Treasury gives notice of a proposed alteration to each of its systems of records by adding a routine use subject to the Privacy Act of 1974, as amended (5 U.S.C. 552a).

DATES:

Comments must be received no later than November 2, 2007. The proposed alteration will be effective November 13, 2007 unless the Department receives comments which would result in a contrary determination.

ADDRESSES:

Comments must be submitted to Disclosure Services, Department of the Treasury, 1500 Pennsylvania Avenue, NW., Washington, DC 20220. Comments received will be available for inspection by appointment at the library, U.S. Department of the Treasury, 1500 Pennsylvania Avenue, NW., Washington, DC 20220, Room 1428, between the hours of 9 a.m. and 4 p.m. Monday through Friday. To make an appointment, please call the library at 202-622-0990 or contact the library by e-mail: library.reference@do.treas.gov.

FOR FURTHER INFORMATION CONTACT:

Dale Underwood, Deputy Director, Disclosure Services, phone: 202-622-0874, by fax: 202-622-3895, or by e-mail at dale.underwoodd@do.treas.gov.

SUPPLEMENTARY INFORMATION:

Pursuant to the provisions of the Privacy Act of 1974, 5 U.S.C. 552a, notice is given that the Department of the Treasury, proposes to modify all of its Privacy Act systems of records, as identified below, to include a new routine use permitting disclosure to appropriate persons and entities for purposes of response and remedial efforts in the event of a breach or compromise of data contained in the applicable system of records. The purpose and intent of publishing the routine use is to give individuals full and fair notice of the extent of potential disclosures, consistent with the Privacy Act's requirement that individuals be made aware of how their records may be disclosed, even if the Department anticipates that there may often be very limited or no disclosure of an individual's records to third parties as part of the agency's investigatory or remedial efforts.

The President's Identity Theft Task Force's Strategic Plan recommended that all federal agencies publish a routine use for their systems of records allowing for the disclosure of information in the course of responding to a breach of data maintained in a system of records. The term “breach” is used to include the loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or any similar term referring to situations where persons other than authorized users and/or for an other than authorized purpose have access or potential access to personally identifiable information (PII), whether physical or electronic.

On May 22, 2007, the Office of Management and Budget (OMB) issued M-07-16 “Safeguarding Against and Responding to the Breach of Personally Identifiable Information.” It requires agencies to develop and implement breach notification policies within 120 days. As part of that effort the Department is publishing the routine use recommended by the President's Identity Theft Task Force and set out in OMB M-07-16.

The routine use will facilitate an effective response to a confirmed or suspected breach by allowing for disclosure to those individuals affected by the breach, as well as to others who are in a position to assist in the Department's response efforts, either by assisting in notification to affected individuals or otherwise playing a role in preventing, minimizing, or remedying harms from the breach or compromise. When there is a clear need for a rapid response following a breach with a prompt and effective investigation and possible mitigation, waiting until a breach has occurred before adding or amending a routine use to accommodate disclosures in response to the breach is not a viable option.

Although a routine use may permit the disclosure of information from a system of records without the consent of the record subject, the information may also be subject to a statutory scheme that prohibits or otherwise restricts the disclosure information as a matter of law. The Department of the Treasury is required to protect information it receives from taxpayers or those required to file certain information under the Bank Secrecy Act. Accordingly, tax returns and return information may only be disclosed under this routine use as provided by 26 U.S.C. 6103. Bank Secrecy Act information may only be disclosed under this routine use as provided by 31 U.S.C. 5311 et seq.

The Privacy Act authorizes the agency to adopt routine uses that are consistent with the purpose for which information is collected. The Department believes that it is consistent with the collection of information pertaining to such individuals to disclose Privacy Act records when, in doing so, could help prevent, minimize or remedy a data breach or compromise that might affect such individuals. By contrast, it is believed that failure to take reasonable steps to help prevent or minimize the harm that may result from such a breach or compromise would jeopardize, rather than promote, the privacy of such individuals.

The report on the proposed routine use, as required by 5 U.S.C. 552a(r) of the Privacy Act, has been submitted to the Committee on Government Reform and Oversight of the House of Representatives, the Committee on Homeland Security and Governmental Affairs of the Senate and the Office of Management and Budget, pursuant to Appendix I to OMB Circular A-130, “Federal Agency Responsibilities for Maintaining Records About Individuals,” dated November 30, 2000.

For the reasons set forth above, the proposed routine use is added to the systems of records as follows:

The following Treasury-wide systems of records were last published in the Federal Register in their entirety on August 1, 2005, beginning at 70 FR 44178:

Treasury .001—Treasury Payroll and Personnel System

Treasury .002—Grievance Records

Treasury .003—Treasury Child Care Tuition Assistance Records

Treasury .004—Freedom of Information Act/Privacy Act Request Records

Treasury .005—Public Transportation Incentive Program Records

Treasury .006—Parking and Carpool Program Records

Treasury .007—Personnel Security System

Treasury .008—Treasury Emergency Management System

Treasury .009—Treasury Financial Management Systems

Treasury .010—Telephone Call Detail Records

Treasury .011—Treasury Safety Incident Management Information System (SIMIS)

Treasury .012—Fiscal Service Public Key Infrastructure (PKI) System

The following Departmental Offices (DO) systems of records were last published in the Federal Register in their entirety on August 9, 2005, beginning at 70 FR 46268:

DO .003—Law Enforcement Retirement Claims Records

DO .007—General Correspondence Files

DO .010—Office of Domestic Finance, Actuarial Valuation System Start Printed Page 56435

DO .015—Political Appointee Files

DO .060—Correspondence Files and Records on Dissatisfaction

DO .111—Office of Foreign Assets Control Census Records

DO .114—Foreign Assets Control Enforcement Records

DO .118—Foreign Assets Control Licensing Records

DO .144—General Counsel Litigation Referral and Reporting System

DO .149—Foreign Assets Control Legal Files

DO .190—Investigation Data Management System

DO .191—Human Resources and Administrative Records System

DO .193—Employee Locator and Automated Directory System

DO .194—Circulation System

DO .196—Security Information System

DO .202—Drug-Free Workplace Program Records

DO .207—Waco Administrative Review Group Investigation

DO .209—Personal Services Contracts (PSC)

DO .214—D.C. Pensions Retirement Records

DO .216—Treasury Security Access Control and Certificates Systems

DO .301—TIGTA—General Personnel and Payroll

DO .302—TIGTA—Medical Records

DO .303—TIGTA—General Correspondence

DO .304—TIGTA—General Training

DO .305—TIGTA—Personal Property Management Records

DO .306—TIGTA—Recruiting and Placement Records

DO .307—TIGTA—Employee Relations Matters, Appeals, Grievances, and Complaint Files

DO .308—TIGTA—Data Extracts

DO .309—TIGTA—Chief Counsel Case Files

DO .310—TIGTA—Chief Counsel Disclosure Section

DO .311—TIGTA—Office of Investigations Files

The following Alcohol and Tobacco Tax and Trade Bureau (TTB) systems of records were last published in the Federal Register in their entirety on August 30, 2001, beginning at 66 FR 45893:

ATF .001—Administrative Record System

ATF .002—Correspondence Record System

ATF .003—Criminal Investigation Report System

ATF .007—Personnel Record System

ATF .008—Regulatory Enforcement Record System

ATF .009—Technical and Scientific Services Record System

The following Comptroller of the Currency (CC) systems of records were last published in the Federal Register in their entirety on July 11, 2005, beginning at 70 FR 39853:

CC .100—Enforcement Action Report System

CC .110—Reports of Suspicious Activities

CC .120—Bank Fraud Information System

CC .200—Chain Banking Organizations System

CC .210—Bank Securities Dealers System

CC .220—Section 914 Tracking System

CC .340—Access Control System

CC .500—Chief Counsel's Management Information System

CC .510—Litigation Information System

CC .600—Consumer Complaint and Inquiry Information System

CC .700—Correspondence Tracking System

The following Bureau of Engraving and Printing (BEP) systems of records were last published in the Federal Register in their entirety on July 27, 2005, beginning at 70 FR 43508:

BEP .002—Personal Property Claim File

BEP .004—Counseling Records

BEP .005—Compensation Claims

BEP .006—Debt Files (Employees)

BEP .014—Employee's Production Record

BEP .016—Employee Suggestions

BEP .020—Industrial Truck Licensing Records

BEP .021—Investigative Files

BEP .027—Access Control and Alarm Monitoring Systems (ACAMS)

BEP .035—Tort Claims (Against the United States)

BEP .038—Unscheduled Absence Record

BEP .041—Record of Discrimination Complaints

BEP .045—Mail Order Sales Customer Files

BEP .046—Automated Mutilated Currency Tracking System

BEP .047—Employee Emergency Notification system

The following Financial Management Service (FMS) systems of records were last published in the Federal Register in their entirety on July 14, 2005, beginning at 70 FR 34522, unless otherwise indicated by a parenthetical:

FMS .001—Administrative Records

FMS .002—Payment Issue Records for Regular Recurring Benefit Payments

FMS .003—Claims and Inquiry Records on Treasury Checks, and International Claimants

FMS .004—Education and Training Records

FMS .005—FMS Personnel Records

FMS .006—Direct Deposit Enrollment Records (October 10, 2005, at 70 FR 59395)

FMS .007—Payroll and Pay Administration

FMS .010—Records of Accountable Officers' Authority With Treasury

FMS .012—Pre-complaint Counseling and Complaint Activities

FMS .013—Gifts to the United States

FMS .014—Debt Collection Operations System

FMS .016—Payment Records for Other Than Regular Recurring Benefit Payments

FMS .017—Collection Records

The following Internal Revenue Service (IRS) systems of records were last published in the Federal Register in their entirety on December 10, 2001, beginning at 66 FR 63784, unless otherwise indicated by a parenthetical:

IRS 00.001—Correspondence Files (including Stakeholder Relationship files) and Correspondence Control Files

IRS 00.002—Correspondence Files/Inquiries About Enforcement Activities

IRS 00.003—Taxpayer Advocate Service and Customer Feedback and Survey Records

IRS 00.007—Employee Complaint and Allegation Referral Records (May 28, 2002, at 67 FR 36963)

IRS 00.008—Recorded Quality Review Records (November 11, 2003, at 68 FR 65996)

IRS 00.009—IRS Taxpayer Assistance Center Recorded Quality Review Records (February 24, 2005, at 70 FR 9132)

IRS 00.333—Third Party Contact Records

IRS 00.334—Third Party Contact Reprisal Records

IRS 10.001—Biographical Files, Chief, Communications and Liaison

IRS 10.004—Stakeholder Relationship Management and Subject Files, Chief, Communications and Liaison

IRS 10.007—SPEC Taxpayer Assistance Reporting System (STARS) (June 19, 2004, at 68 FR 43055)

IRS 10.555—Volunteer Records (February 10, 2006, at 71 FR 7115)

IRS 21.001—Tax Administration Resources File, Office of Tax Administration Advisory Services

IRS 22.003—Annual Listing of Undelivered Refund Checks

IRS 22.011—File of Erroneous Refunds

IRS 22.012—Health Coverage Tax Credit Program Records (June 4, 2003, at 68 FR 33577)

IRS 22.026—Form 1042S Index by Name of Recipient Start Printed Page 56436

IRS 22.027—Foreign Information System (FIS)

IRS 22.028—Disclosure Authorizations for U.S. Residency Certification Letters

IRS 22.032—Individual Microfilm Retention Register

IRS 22.034—Individual Returns Files, Adjustments and Miscellaneous Documents Files

IRS 22.043—Potential Refund Litigation Case Files

IRS 22.044—P.O.W.-M.I.A. Reference File

IRS 22.054—Subsidiary Accounting Files

IRS 22.059—Unidentified Remittance File

IRS 22.060—Automated Non-Master File (ANMF)

IRS 22.061—Individual Return Master File (IRMF)

IRS 22.062—Electronic Filing Records

IRS 24.013—Combined Account Number File, Taxpayer Services

IRS 24.029—Individual Account Number File (IANF)

IRS 24.030—CADE Individual Master File (IMF)

IRS 24.031—Medicare Prescription Drug Transitional Assistance Records (May 12, 2004, at 69 FR 26432)

IRS 24.046—CADE Business Master File (BMF)

IRS 24.047—Audit Underreporter Case File

IRS 24.070—Debtor Master File (DMF)

IRS 26.001—Acquired Property Records

IRS 26.006—Form 2209, Courtesy Investigations

IRS 26.008—IRS and Treasury Employee Delinquency

IRS 26.009—Lien Files (Open and Closed)

IRS 26.010—Lists of Prospective Bidders at Internal Revenue Sales of Seized Property

IRS 26.011—Litigation Case Files

IRS 26.012—Offer in Compromise (OIC) File

IRS 26.013—Trust Fund Recovery Cases/One Hundred Percent Penalty Cases

IRS 26.014—Record 21, Record of Seizure and Sale of Real Property

IRS 26.016—Returns Compliance Programs (RCP)

IRS 26.019—Taxpayer Delinquent Accounts (TDA) Files including subsystems: (a) Adjustments and Payment Tracers Files, (b) Collateral Files, (c) Seized Property Records, (d) Tax SB/SE, W&I, LMSB Waiver, Forms 900, Files, and (e) Accounts on Child Support Obligations

IRS 26.020—Taxpayer Delinquency Investigation (TDI) Files

IRS 26.021—Transferee Files

IRS 26.022—Delinquency Prevention Programs

IRS 26.055—Private Collection Agency (PCA) Quality Review Records (June 19, 2006, at 71 FR 41075)

IRS 30.003—Requests for Printed Tax Materials Including Lists

IRS 30.004—Security Violations

IRS 34.003—Assignment and Accountability of Personal Property Files

IRS 34.007—Record of Government Books of Transportation Requests

IRS 34.009—Safety Program Files

IRS 34.012—Emergency Preparedness Cadre Assignments and Alerting Rosters Files

IRS 34.013—Identification Media Files System for Employees and Others Issued IRS ID

IRS 34.014—Motor Vehicle Registration and Entry Pass Files

IRS 34.016—Security Clearance Files

IRS 34.020—IRS Audit Trail Lead Analysis System (ATLAS)

IRS 34.021—Personnel Security Investigations, National Background Investigations Center

IRS 34.022—National Background Investigations Center Management Information System (NBICMIS) (November 28, 2005, at 70 FR 71376)

IRS 34.037—IRS Audit Trail and Security Records System

IRS 35.001—Reasonable Accommodation Request Records (October 5, 2004, at 69 FR 59645)

IRS 36.001—Appeals, Grievances and Complaints Records

IRS 36.002—Employee Activity Records

IRS 36.003—General Personnel and Payroll Records

IRS 36.005—Medical Records

IRS 36.008—Recruiting, Examining and Placement Records

IRS 36.009—Retirement, Life Insurance and Health Benefits Records System

IRS 36.888—Employee Tax Compliance Records (ETC)

IRS 37.006—Correspondence, Miscellaneous Records and Information Management Records (December 1, 2006, at 71 FR 69615)

IRS 37.007—Practitioner Disciplinary Records (December 1, 2006, at 71 FR 69616)

IRS 37.009—Enrolled Agent Records (December 1, 2006, at 71 FR 69618)

IRS 38.001—General Training Records

IRS 42.001—Examination Administrative File

IRS 42.002—Excise Compliance Programs (November 8, 2006, at 71 FR 65570)

IRS 42.008—Audit Information Management System (AIMS)

IRS 42.013—Project Files for the Uniform Application of Laws as a Result of Technical Determinations and Court Decisions

IRS 42.014—Internal Revenue Service Employees' Returns Control Files

IRS 42.016—Classification/Centralized Files and Scheduling Files

IRS 42.017—International Enforcement Program Files

IRS 42.021—Compliance Programs and Projects Files

IRS 42.027—Data on Taxpayers Filing on Foreign Holdings

IRS 42.030—Discriminant Function File (DIF)

IRS 42.031—Anti-Money Laundering/Bank Secrecy Act (BSA) and Form 8300 Records (April 30, 2004, at 69 FR 23854)

IRS 44.001—Appeals Case Files

IRS 44.003—Appeals Centralized Data System

IRS 44.004—Art Case File

IRS 44.005—Expert Witness and Fee Appraiser Files

IRS 46.002—Criminal Investigation Management Information System (CIMIS)

IRS 46.003—Confidential Informants, Criminal Investigation Division

IRS 46.004—Controlled Accounts (Open and Closed)

IRS 46.005—Electronic Surveillance File, Criminal Investigation Division

IRS 46.009—Centralized Evaluation and Processing of Information Items (CEPIIs), Evaluation and Processing of Information (EOI), Criminal Investigation Division

IRS 46.011—Illinois Land Trust Files, Criminal Investigation Division

IRS 46.015—Relocated Witnesses, Criminal Investigation Division

IRS 46.016—Secret Service Details, Criminal Investigation Division

IRS 46.022—Treasury Enforcement Communications System (TECS), Criminal Investigation Division

IRS 46.050—Automated Information Analysis System

IRS 46.051—Criminal Investigation Audit Trail Records System

IRS 48.001—Disclosure Records

IRS 48.008—Defunct Special Service Staff File Being Retained Because of Congressional Directive

IRS 49.001—Collateral and Information Requests System

IRS 49.002—Tax Treaty Information Management System

IRS 49.003—Financial Statements File

IRS 49.007—Overseas Compliance Projects System

IRS 49.008—International Correspondence System

IRS 50.001—Employee Plans/Exempt Organizations Correspondence Control Records

IRS 50.003—Employee Plans/Exempt Organizations, Reports of Significant Matters in Technical

IRS 50.222—Tax Exempt/Government Entities (TE/GE) Case Management Records (December 7, 2005, at 70 FR 72876) Start Printed Page 56437

IRS 60.000—Employee Protection System Records (November 30, 2001, at 59839)

IRS 70.001—Individual Income Tax Returns, Statistics of Income

IRS 90.001—Chief Counsel Criminal Tax Case Files

IRS 90.002—Chief Counsel Disclosure Litigation Case Files

IRS 90.003—Chief Counsel General Administrative Systems

IRS 90.004—Chief Counsel General Legal Services Case Files

IRS 90.005—Chief Counsel General Litigation Case Files

IRS 90.007—Chief Counsel Legislation and Regulations Division, Employee Plans and Exempt Organizations Division, and Associate Chief Counsel (Technical and International) Correspondence and Private Bill File

IRS 90.009—Chief Counsel Field Services Case Files

IRS 90.010—Digest Room Files Containing Briefs, Legal Opinions, and Digests of Documents Generated Internally or by the Department of Justice Relating to the Administration of the Revenue Laws

IRS 90.011—Attorney Recruiting Files

IRS 90.013—Legal Case Files of the Chief Counsel, Deputy Chief Counsel and Associate Chief Counsels

IRS 90.015—Reference Records of the Library in the Office of Chief Counsel

IRS 90.016—Counsel Automated Tracking System (CATS) Records

IRS 90.017—Correspondence Control and Records, Associate Chief Counsel (Technical and International)

IRS 90.018—Expert Witness Library IRS

The following United States Mint (Mint) systems of records were last published in the Federal Register in their entirety on June 13, 2005, beginning at 70 FR 34178:

Mint .001—Cash Receivable Accounting Information System

Mint .003—Employee and Former Employee Travel & Training Accounting Information System

Mint .004—Occupational Safety and Health, Accident and Injury Records, and Claims for Injuries or Damage Compensation Records

Mint .005—Employee-Supervisor Performance Evaluation, Counseling, and Time and Attendance Records

Mint .007—General Correspondence

Mint .008—Employee Background Investigations Files

Mint .012—Grievances: Union/Agency Negotiated Grievances; Adverse Performance Based Personnel Actions; Discrimination Complaints; Third Party Actions United States Mint

The following Bureau of the Public Debt (BPD) systems of records were last published in the Federal Register in their entirety on June 10, 2005, beginning at 70 FR 33939:

BPD .001—Human Resources and Administrative Records

BPD .002—United States Savings-Type Securities

BPD .003—United States Securities (Other than Savings-Type Securities)

BPD .004—Controlled Access Security System

BPD .005—Employee Assistance Records

BPD .006—Health Service Program Records

BPD .007—Gifts to Reduce the Public Debt

BPD .008—Retail Treasury Securities Access Application

BPD .009—U.S. Treasury Securities Fraud Information System

The following Office of Thrift Supervision (OTS) systems of records were last published in the Federal Register in their entirety on July 15, 2005, beginning at 70 FR 41085, unless otherwise indicated by a parenthetical:

OTS .001—Confidential Individual Information System

OTS .002—Correspondence/Correspondence Tracking (April 18, 2007, at 72 FR 19580)

OTS .003—Consumer Complaint (April 18, 2007, at 72 FR 19581)

OTS .004—Criminal Referral Database

OTS .005—Employee Counseling Service

OTS .006—Employee Locator File (April 18, 2007, at 72 FR 19582)

OTS .008—Employee Training Database (April 18, 2007, at 72 FR 19582)

OTS .011—Positions/Budget (April 18, 2007, at 72 FR 19583)

OTS .012—Payroll/Personnel Systems & Payroll Records. (April 18, 2007, at 72 FR 19584)

The following Financial Crimes Enforcement Network (FinCEN) systems of records were last published in the Federal Register in their entirety on August 8, 2005:

FinCEN .001—FinCEN Data Base

FinCEN .002—Suspicious Activity Reporting System (SARS)

FinCEN .003—Bank Secrecy Act Reports System

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses

Description of changes: Replace the period “(.)” at the end of the last routine use with a semicolon “(;)” and add the following routine use at the end thereof in numerical order:

“( ) To appropriate agencies, entities, and persons when (1) the Department suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; (2) the Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the Department or another agency or entity) that rely upon the compromised information; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Department's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.”