AGENCY:

Internal Revenue Service, Treasury.

ACTION:

Notice of proposed alterations to an existing Privacy Act System of Records.

SUMMARY:

In accordance with the requirements of the Privacy Act of 1974, as amended, the Department of the Treasury, Internal Revenue Service (IRS), is proposing to add to the categories of individuals covered by the system and categories of records in the system of records entitled “Treasury/IRS 34.037—IRS Audit Trail and Security Records System.” These additions will permit the IRS to monitor system resources and enable IRS to deter, deny and detect unauthorized access to internal computer hardware and software and misuse of IRS resources to access external objects, like Web sites that feature pornography, gambling, etc. The IRS is also proposing to add a routine use to the system of records to permit disclosure to contractors.

DATES:

Comments must be received no later than February 14, 2005. The alterations to the system of records will be effective February 22, 2005 unless the IRS receives comments which result in a contrary determination.

ADDRESSES:

Comments should be sent to the Office of Governmental Liaison & Disclosure, Internal Revenue Service, 1111 Constitution Avenue, NW., Washington, DC 20224. Comments will be made available for public inspection and copying in the Internal Revenue Service Freedom of Information Reading Room, 1111 Constitution Avenue, NW., Room 1621, Washington, DC 20224, telephone number (202) 622-5164, (not a toll-free call).

FOR FURTHER INFORMATION CONTACT:

Colleen Murphy, 5000 Ellin Road, C8-300, Lanham, MD 20706, (202) 283-4351 (not a toll-free number).

SUPPLEMENTARY INFORMATION:

The Internal Revenue Service (IRS), in fulfillment of legal and regulatory obligations to protect the integrity of its computing resources and to maintain the public trust, must monitor the usage of those resources to ensure that they are proper and within the scope of the purpose for which users were granted access privileges. Review of audit trails and real time monitoring of system resources will enable IRS to deter, deny Start Printed Page 2466and detect unauthorized access to internal computer hardware and software and the misuse of IRS resources to access external objects, like Web sites that feature pornography, gambling, etc.

A new routine use is also being proposed for this system of records to allow disclosure of records other than tax returns or return information to contractors when the information is necessary to perform the services of a government contract for which a contractor has been hired. Because the IRS utilizes contractor services to perform certain data processing activities, disclosure of audit trail data may be necessary under the terms of those services. If disclosure is necessary, the contractor to which disclosure is made will be subject to the same limitations applicable to IRS officers and employees under the Privacy Act. This new routine uses covers information other than tax returns and return information. Disclosure of IRS tax returns and return information may be made only as provided by 26 U.S.C. 6103(n). Treasury/IRS regulations at 26 CFR 301.6103(n)-1 provide guidance on the limited conditions of disclosure permissible under section 6103(n).

Other changes are being made to the notice to update the information provided under “system location,” “safeguards,” “retention and disposal,” and “system manager and addresses.”

In addition, the Service will be following OMB Guidelines under which Government agencies have been directed to become more efficient while sustaining service to customers by using competitive sourcing.

The system notice was last published in its entirety in the Federal Register on December 10, 2001 at 66 FR 63818.

The altered system of records report, as required by 5 U.S.C. 552a(r) of the Privacy Act, has been submitted to the Committee on Government Reform of the House of Representatives, the Committee on Governmental Affairs of the Senate, and the Office of Management and Budget, pursuant to appendix I to OMB Circular A-130, “Federal Agency Responsibilities for Maintaining Records About Individuals,” dated November 30, 2000.

For reasons set forth above, IRS proposes to alter the system of records, Treasury/IRS 34.037—IRS Audit Trail and Security Records System, as follows:

TREASURY/IRS 34.037

System Name:

IRS Audit Trail and Security Records System—Treasury/IRS.

System location:

Description of changes: The current text is replaced with the following: “National Office, Area Offices, Territory Offices, Campuses, Computing Centers. (See IRS appendix A for addresses of IRS offices.)”

Categories of individuals covered by the system:

Description of changes: The period “.” at the end of sentence is replaced with the following text: “or who have used IRS computing equipment/resources. Information monitored includes Internet sites accessed.”

Categories of records in the system:

Description of changes: The period “.” at the end of sentence is replaced with the following text: “or used IRS computing equipment/resources.”

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

Description of changes: The period “.” at the end of routine use (7) is replaced with a semicolon “;”, and the following routine use is added at the end thereof:

“(8) disclose records to agency contractors who need to have access to the records in order to perform the services required by the contract. Recipients must comply with the requirements of the Privacy Act of 1974, as amended, 5 U.S.C. 552a.”

Safeguards:

Description of changes: Remove the current text and insert the following: “Access controls will not be less than those described in IRM 25.10.1 Information Technology Security Policy and Guidance, and IRM 1.4.6 Managers Security Handbook.”

Retention and disposal:

Description of changes: Remove the current text and insert the following: “Records are maintained in accordance with record disposition handbooks, IRM 1.15.6, Retiring and Requesting Records and IRM 1.15.17, Records Management, Records Control Schedule for Information Technology.”

System Manager(s) and address:

Description of changes: Remove the current text and insert the following: “Director, Operational Assurance, Mission Assurance, Deputy Commissioner Operations Support, Internal Revenue Service, Department of the Treasury, 5000 Ellin Road, C8-300, Lanham, MD 20706.”