AGENCY:

Office of the Chief Financial Officer, U.S. Department of Agriculture.

ACTION:

Notice of a Modified System of Records.

SUMMARY:

In accordance with the Privacy Act of 1974, as amended, the U.S. Department of Agriculture (USDA), Office of the Chief Financial Officer (OCFO), proposes to modify one Privacy Act System of Record titled “Financial Systems, OCFO-10” published at 75 FR 6622 (February 10, 2010), to include 4 new routine uses: Support Do Not Pay initiative under the Improper Payments Elimination and Recovery Improvement Act of 2012 (IPERIA); two mandatory routine uses addressing Breach Notification per Office of Management and Budget memoranda M-17-12; and routine use for contractors, grantees, etc., support. This modification will also include incorporating and consolidating General Services Administration (GSA) GSA/PPFM-11 (Pegasys) into OCFO-10, Financial Systems. USDA/OCFO has acquired full ownership and responsibility for the management of the GSA commercial-off-the shelf financial management system named Pegasys in fiscal year 2016. The consolidation of the financial systems will update the following sections within OCFO-10: Purpose, system location, categories of individuals covered by the system, record source categories, and storage. Upon publication of the modified OCFO-10, Financial Systems, GSA will rescind GSA/PPFM-11 (Pegasys) published at 71 FR 60710 (November 27, 2006), modified at 73 FR 22397 (April 25, 2008).

DATES:

Submit comments on or before January 30, 2019. This revised system will be effective upon publication. New or modified routine uses are effective January 30, 2019.

ADDRESSES:

You may submit comments, identified by docket number USDA/OCFO by one of the following methods:

• Federal eRule Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
• Fax: (202) 205-3759.
• Mail: Stanley McMichael, Acting Associate Chief Financial Officer for Shared Services, 1400 Independence Ave. SW, Room 3054 South Building, Washington, DC 20250.
• Instructions: All submissions received will be posted without change to http://www.regulations.gov,, including any personal information provided.

Docket: For access to the docket to read background documents or comments received go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT:

Stanley McMichael, Acting Associate Chief Financial Officer for Shared Services, 1400 Independence Ave. SW, Room 3054 South Building, Washington, DC 20250, Stanley.Mcmichael@cfo.usda.gov, (202) 720-0564. For privacy issues please contact: USDA Chief Privacy Officer, 1400 Independence Avenue SW, Room 401-W South Building, Washington, DC 20250; phone 202-205-0926 or at USDAPrivacy@ocio.usda.gov.

SUPPLEMENTARY INFORMATION:

In accordance with the Privacy Act of 1974 the Department of Agriculture proposes to modify the Department of Agriculture's system of records notice titled Financial Systems, OCFO-10. The modification will add 4 new routine uses to the system: Two mandated by OMB memoranda 17-12, one which supports Do Not Pay initiative under the Improper Payments Elimination and Recovery Improvement Act of 2012 (IPERIA) and add support services by entities. Modification will also incorporate the Pegasys financial management system which was acquired from the General Services Administration (GSA) in fiscal year 2016, update purpose, system locations, categories of individuals covered by the system, record source categories and storage. The consolidation of GSA/PPFM-11 into OCFO-10, Financial Systems will place all of the current electronic applications that OCFO uses into a single System of Records Notice.

Financial Systems consist of the electronic information technology systems that contain information concerning individuals and businesses that receive payments for providing goods and services to USDA. This proposed notice covers: (1) Individuals who have funds advances to them for USDA official travel use, approving officials, and individuals who perform official USDA travel and are reimbursed with Government funds; (2) Individuals who receive payments in the form of rents, royalties, prizes, or awards; (3) Individuals who receive for non-personal service contracts, commissions, or compensation for services, which are subject to Internal Revenue Service form 1099 reporting requirements are included in the suite of systems; (4) USDA employees who have been issued a Government purchase card, Government fleet card or a Government travel card; and (5) Employee information necessary to record employee salary disbursements in the financial system that is essential for Internal Revenue Service income tax reporting. The employee records are also used to pay employees for travel reimbursement and any other miscellaneous payments due to the employee. Incorporating Pegasys will include part of a shared-services financial operation providing a commercial-off-the-shelf financial system (in a private vendor hosted environment), financial transaction processing, and financial analysis for its main business lines of Federal supplies and technology, public buildings, and general management and administration offices.

USDA determined that a consolidation of the financial systems is the most efficient, logical, taxpayer-friendly, and user-friendly method of complying with the publication requirements of the Privacy Act. The subject records reflect a common purpose, common functions, and common user community. The USDA herby revises OCFO-10 to include the routine uses and the consolidation of the GSA/PPFM-11 into the OCFO-10. System of Records Notice report on the modified system of records, required by 5 U.S.C. 552a and fully comply with all Office of Management (OMB) policies.

Enclosures

SYSTEM NAME AND NUMBER

USDA/OCFO-10 Financial Systems.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

The systems are operated from the USDA headquarters, located at 1400 Independence Avenue SW, Washington, DC 20250, with other operational locations within the continental United States. Pegasys is hosted in a FEDRAMP certified cloud environment in Phoenix, AZ.

SYSTEM MANAGER(S):

Stanley McMichael, Acting Associate Chief Financial Officer for Shared Services, 1400 Independence Ave. SW, Room 3054 South Building, Washington, DC 20250, email address—Stanley.Mcmichael@cfo.usda.gov, (202) 720-0564.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Chief Financial Officers Act of 1990 (Pub. L. 101-576)

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The Financial Systems contain information about individuals and businesses that receive payments for providing goods and services to the USDA, GSA, and other multiple client agencies. Individuals who have funds advanced to them for official travel use, approving officials, and individuals who perform official USDA travel and are reimbursed with Government funds are included in the system, as well as individuals (excluding USDA employees) who receive payments in the form of rents, royalties, prizes, or awards, individuals (excluding USDA employees) who receive payments for non-personal service contracts, commissions, or compensation for services that are subject to Form 1099 reporting requirements, and USDA employees who have been issued a purchase card, fleet card or travel card are included in the system. Employee information contained in the Financial Systems is used to record the financial impact of employee salary disbursements in the financial system and for Internal Revenue Service income tax reporting. In addition, the employee records are used to pay employees for travel reimbursement and any other miscellaneous payments due to the employee. Individuals covered by Pegasys include GSA vendors and Federal employees.

CATEGORIES OF RECORDS IN THE SYSTEM:

The Financial Systems contain several databases containing the individual's and business' name, address, Social Security Number (SSN) (or employer identification number), ZIP code, amount of payment, credit card number, Vendor DUNS, Lockbox Number, (Vendor) Bank Account Number, Agency Bank Account Number and other information necessary to accurately identify covered payment transactions.

RECORD SOURCE CATEGORIES:

Records are loaded from the USDA and GSA and other multiple client agencies' payroll system to create records of Federal employees. Vendors who do business with the USDA submit their information into the GSA's System for Awards Management (SAM), which is subsequently loaded into the Financial Systems. This information includes but is not limited to SSN, TIN, name, address, and bank electronic funds transfer information. Records are also directly loaded online into the Financial System by agency personnel.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records information contained in this system may be disclosed outside USDA as a routine use pursuant to 5 U.S.C. a(b)(3) as follows:

1. When a record on its face, or in conjunction with other records, indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature, and whether arising by general statute or particular program, statute, or by regulation, rule, or order issued pursuant thereto, disclosure may be made to the appropriate agency, whether Federal, foreign, State, local, tribal, or other public authority responsible for enforcing, investigating, or prosecuting such violation or charged with enforcing or implementing the statute, or rule, regulation, or order issued pursuant thereto, of the information disclosed is relevant to any enforcement, regulatory, investigative, or prospective responsibility of the receiving entity.

2. To the Department of Justice when: (a) The agency or any component thereof; or (b) any employee of the agency in his or her official capacity where the Department of Justice has agreed to represent the employee; or (c) the United States Government, is a party to litigation or has an interest in such litigation, and by careful review, the agency determines that the records are both relevant and necessary to the litigation and the use of such records by the Department of Justice is therefore deemed by the agency to be for a purpose that is compatible with the purpose for which the agency collected the records.

3. To a court or adjudicative body in a proceeding when: (a) USDA or any component thereof; or (b) any employee of USDA in his or her official capacity; or (c) any employee of USDA in his or her individual capacity where USDA has agreed to represent the employee; or (d) the U.S. Government, is a party to litigation or has interest in such litigation, and by careful review, USDA determines that the records are both relevant and necessary to the litigation and the use of such records is therefore deemed by USDA to be for a purpose that is compatible with the purpose of which USDA collected records.

4. To a congressional office in response to any inquiry made at the written request of the individual to whom the record pertains.

5. Information from the system of records will be forwarded to the Internal Revenue Service for income tax purposes.

6. Release of information to other USDA agencies may be made for internal processing purposes.

7. Information will be reviewed during inquiry into payments to be made by the USDA to its employees.

8. To appropriate agencies, entities, and persons when (1) USDA suspects or has confirmed that there has been a breach of the system of records, (2) USDA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, USDA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with USDA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

9. To another Federal agency or Federal entity, when USDA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Start Printed Page 67714Federal Government, or national security, resulting from a suspected or confirmed breach.

10. USDA will disclose information about individuals from the system of records in accordance with the Federal Funding Accountability and Transparency Act of 2006 (Pub. L. 109-282; codified at 31 U.S.C. 6101, et seq.); section 204 of the E-Government Act of 2002 (Pub. L. 107-347; 44 U.S.C. 3501 note), and the Office of Federal Procurement Policy Act (41 U.S.C. 403 et seq.), or similar statutes requiring agencies to make public information concerning Federal financial assistance, including grants, sub-grants, loan awards, cooperative agreements, and other financial assistance; and contracts, purchase orders, task orders, and delivery orders.

11. To the Department of Treasury for administering the Do Not Pay Initiative under the Improper Payments Elimination and Recovery Improvement Act of 2012 (IPERIA). As required by IPERIA, the Bipartisan Budget Act of 2013, and the Federal Improper Payments Coordination Act of 2015 (FIPCA), records maintained in this system will be disclosed to (a) a Federal or state agency, its employees, agents (including contractors of its agents) or contractors; or, (b) a fiscal or financial agent designated by the Bureau of Fiscal Service or other Department of the Treasury bureau or office, including employees, agents or contractors of such agent; or, (c) a contractor of the Bureau of Fiscal Service, for the purpose of identifying, preventing, and recovering improper payments to an applicant for, or recipient of, Federal funds, including funds disbursed by a state in a state administered, federally-funding program. Records disclosed under this routing use may be used to conduct computerized comparison to identify, prevent and recover improper payments, and to identify and mitigate fraud, waste, and abuse in federal payments.

12. To contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the federal government, when necessary to accomplish an agency function related to the this system of records.

13. To a Federal agency in connection with the hiring or retention of an employee; the issuance of a security clearance; the reporting of an investigation; the letting of a contract; or the issuance of a grant, license, or other benefit to the extent that the information is relevant and necessary to a decision.

14. To the Office of Personnel Management (OPM), the Office of Management and Budget (OMB), or the Government Accountability Office (GAO) when the information is required for program evaluation purposes.

15. To the National Archives and Records Administration (NARA) for records management purposes.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are stored and maintained electronically on USDA-owned mainframes, servers, tapes, disks, and in file folders at USDA offices. Records are also stored on FedRAMP certified cloud providers located in the continental United States.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records in the system are retrieved by SSN or by employee identification numbers, employee/business name, and vendor number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records are retained for Financial Systems under National Archives and Records Administration General Records Schedule 1.1 Financial Management and Reporting Records. Records are retained for a period of six years and three months.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records in this system are safeguarded in accordance with applicable Federal rules and policies, including all applicable USDA automated systems security and access policies. Strict security controls have been imposed to minimize the risk of compromising the information that is being stored. Access to the computer system containing the records in this system is limited to those individuals who have a need-to-know the information for the performance of their official duties and who have appropriate clearances or permissions.

RECORD ACCESS PROCEDURES:

See “Notification Procedures” below.

CONTESTING RECORD PROCEDURES:

Individuals seeking to contest any information contained in this system of records or its content may submit a request in writing to the Headquarters or Components FOIA Officer, whose contact information can be found at https://www.dm.usda.gov/​foia/​poc.htm. If an individual believes more than one Component maintains Privacy Act records concerning him or her the individual may submit the request to Chief FOIA Officer, Department of Agriculture, 1400 Independence Avenue SW, Washington, DC 20250.

NOTIFICATION PROCEDURES:

Individuals seeking notification of and access to any record contained in this system of records, may submit a request in writing to the Headquarters or Components FOIA Officer, whose contact information can be found at https://www.dm.usda.gov/​foia/​poc.htm. If an individual believes more than one Component maintains Privacy Act records concerning him or her the individual may submit the request to Chief FOIA Officer, Department of Agriculture, 1400 Independence Avenue SW, Washington, DC 20250. When seeking records about yourself from this system of records or any other Departmental system of records, your request must conform with the Privacy Act regulations set forth in 7 CFR part 1.112. You must verify your identity, meaning that you must provide your full legal name, current address and date and place of birth. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. While no specific form is required, you may obtain forms for this purpose from the Chief FOIA Officer, Department of Agriculture, 1400 Independence Avenue SW, Washington, DC 20250. In addition, you should provide the following:

• An explanation of why you believe the Department would have information on you,
• Identify which Component(s) of the Department you believe may have the information about you,
• Specify when you believe the records would have been created,
• Provide any other information that will help the FOIA staff determine which USDA Component agency may have responsive records,
• If your request is seeking records pertaining to another living individual, you must include a statement from that individual certifying his/her agreement for you to access his/her records.

Without this bulleted information, the Components(s) may not be able to conduct an effective search and your request may be denied, due to lack of specificity or lack of compliance with applicable regulations.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

OCFO 10 (Financial Systems) 75 FR 6622 (February 10, 2010); GSA/PPFM-Start Printed Page 6771511 (Pegasys) published at 71 FR 60710 (October 16, 2006), modified at 73 FR 22397 (April 25, 2008)

United States Department of Agriculture (USDA)

Narrative Statement on Modifying a System of Records Under the Privacy Act of 1974: USDA/OCFO-10

Purpose and Scope

The U.S. Department of Agriculture's (USDA) Office of the Chief Financial Officer (OCFO), Associate Chief Financial Officer for Shared Services, is modifying the system of records notice titled “Financial Systems, OCFO-10” (Financial Systems). This modification is in support of four new routine uses: One routine use between the USDA OCFO and the U.S. Department of the Treasury under the Do not Pay initiative; two mandatory routine uses to address breach notification as required by OMB M-17-12; and a general routine use to include contractors, grantees, etc.

The primary goal of Financial Systems is to improve the Department's financial performance by providing USDA with a modern, efficient core financial system that complies with all legislative and management mandates; integrates with existing and emerging e-government initiatives; and provides support to the USDA mission. Financial Systems includes integration with the financial and administrative feeder systems, realignment of affected business processes, and clear communication to stakeholders. Financial Systems is capable of real-time transaction processing and updates, including immediate budget updating; users and managers have access to the most up-to-date information for an accurate view of available funds and greatly improved management information reporting.

USDA became the owner and manager of a system formally owned and managed by the General Services Administration (GSA) called Pegasys Financial Services (Pegasys) in fiscal year 2016. Pegasys is a Federal financial management system. The consolidation of Pegasys (also known as GSA/PPFM-11) into Financial Systems will place all of the current electronic applications that OCFO uses into a single System of Records Notice.

Pegasys is part of USDA/OCFO and operates a financial management line of business that serves the needs of Federal Government agencies. Pegasys supports all accounting functions related to accounts payable and accounts receivable; financial treatment of the acquiring and disposing of assets; and general accounting functions, such as performing/processing cost transfers, prior-year recovery sampling/validation, Financial Management Services 224 reporting, standard general ledger reconciliations, journal entries, accounting reports, analysis of standard general ledger accounts, and external customers' financial reporting. Pegasys is a commercial off-the-shelf (COTS) package that is based on CGI Federal's Momentum Financials, which is used in the processing of accounting transactions.

Authority for Collecting, Maintaining, Using, and Disseminating Information in OCFO

The authority for USDA to collect, maintain, use, and disseminate information through Financial Systems is the Chief Financial Officers Act of 1990 (Pub. L. 101-576).

The Routine Use Satisfies the Compatibility Requirement of the Privacy Act

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act of 1974, all or a portion of the records or information contained in this system may be disclosed outside of USDA as a routine use under U.S.C. 552a(b)(3), as stated in the Notice and is summarized here for this modification. Financial Systems also includes the consolidation of GSA's Pegasys, into Financial Systems.

This modification includes a new routine use for the Do Not Pay initiative in compliance of Improper Payments, which is compatible with the following routine uses of this system of records of a financial management system: (1) The two required routine uses identified in OMB M-17-12 for notice and breach notification, which is compatible with the necessity of the government to deal with breaches; and (2) routine use for contractors, grantees, and etc., system support, which is compatible with the need of contractor support for Financial Systems. Pegasys data will not be used as a routine use for the Do Not Pay initiative; however, the other routine uses are compatible with the Pegasys system of records as a financial system.

Probable or Potential Effects on the Privacy of Individuals

Although there is some risk to the privacy of individuals, that risk is outweighed by the benefit of a proven financial management system. In addition, safeguards are in place by protecting against unauthorized disclosure. Records are accessible only to individuals who are authorized. Logical, physical, and electronic safeguards are employed to ensure security. Financial Systems and Pegasys have successfully attained “the authority to operate,” in the security assessment and authorization process, and have successfully attained risk assessments, which include security scanning and patching.

Forms for Information Collection Approved by OMB

Not applicable.