82_FR_8519 82 FR 8503 - Privacy Act of 1974; Revised System of Records

82 FR 8503 - Privacy Act of 1974; Revised System of Records

DEPARTMENT OF AGRICULTURE
Office of the Secretary

Federal Register Volume 82, Issue 16 (January 26, 2017)

Page Range8503-8506
FR Document2017-01767

In accordance with the Privacy Act of 1974, the Department of Agriculture proposes to revise an existing Department of Agriculture system of records notice now titled, USDA/OCIO-2 eAuthentication Service (eAuth). The USDA eAuth provides the public and government businesses with a single sign-on capability for USDA applications, management of user credentials, and verification of identity, authorization, and electronic signatures. USDA's eAuth collects customer information through an electronic self-registration process provided through the eAuth Web site. This System of Records Notice was previously published as ``USDA eAuthentication Service'' in Federal Register Vol. 77, No. 50 on Wednesday, March 14, 2012. The revision reflects updates to the system name; the system location; routine uses; storage policies; safeguards; retention and disposal; identity proofing individuals, the system manager; and notification, record access, and contesting procedures.

Federal Register, Volume 82 Issue 16 (Thursday, January 26, 2017) 
[Federal Register Volume 82, Number 16 (Thursday, January 26, 2017)]
[Notices]
[Pages 8503-8506]
From the Federal Register Online  [www.thefederalregister.org]
[FR Doc No: 2017-01767]


========================================================================
Notices
                                                Federal Register
________________________________________________________________________

This section of the FEDERAL REGISTER contains documents other than rules 
or proposed rules that are applicable to the public. Notices of hearings 
and investigations, committee meetings, agency decisions and rulings, 
delegations of authority, filing of petitions and applications and agency 
statements of organization and functions are examples of documents 
appearing in this section.

========================================================================


Federal Register / Vol. 82, No. 16 / Thursday, January 26, 2017 / 
Notices

[[Page 8503]]



 DEPARTMENT OF AGRICULTURE

Office of the Secretary


Privacy Act of 1974; Revised System of Records

AGENCY: Office of the Chief Information Officer, USDA.

ACTION: Notice of the revision of Privacy Act system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of 
Agriculture proposes to revise an existing Department of Agriculture 
system of records notice now titled, USDA/OCIO-2 eAuthentication 
Service (eAuth). The USDA eAuth provides the public and government 
businesses with a single sign-on capability for USDA applications, 
management of user credentials, and verification of identity, 
authorization, and electronic signatures. USDA's eAuth collects 
customer information through an electronic self-registration process 
provided through the eAuth Web site. This System of Records Notice was 
previously published as ``USDA eAuthentication Service'' in Federal 
Register Vol. 77, No. 50 on Wednesday, March 14, 2012. The revision 
reflects updates to the system name; the system location; routine uses; 
storage policies; safeguards; retention and disposal; identity proofing 
individuals, the system manager; and notification, record access, and 
contesting procedures.

DATES: Submit comments on or before March 7, 2017. This new system will 
be effective March 7, 2017.

ADDRESSES: You may submit comments, identified by docket number USDA/
OCIO-2 by one of the following methods:
     Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: (970) 295-5238.
     Mail: Adam Zeimet, Branch Chief, Identity Access Branch, 
eAuthentication, 2150 Centre Avenue, Building A, Suite 350, Fort 
Collins, Colorado 80526.
     Instructions: All submissions received must include the 
agency name and docket number for this rulemaking. All comments 
received will be posted without change to http://www.regulations.gov, 
including any personal information provided.
     Docket: For access to the docket to read background 
documents or comments received, go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: For general questions, please contact: 
Adam Zeimet, Program Manager, (970) 295-5678, 2150 Centre Avenue, 
Building A, Suite 350, Fort Collins, Colorado 80526. For privacy 
issues, please contact: Kelvin Fairfax, Chief Privacy Officer, 
Technology Planning, Architecture and E-Government, Office of the Chief 
Information Officer, Department of Agriculture, Washington, DC 20250.

SUPPLEMENTARY INFORMATION:

I. Background

    The USDA eAuthentication Service provides USDA Agency customers and 
employee's single sign-on capability and electronic authentication and 
authorization for USDA Web applications and services. Through an online 
self-registration process, USDA Agency customers and employees can 
obtain accounts as authorized users that will provide access to USDA 
resources without needing to re-authenticate within the context of a 
single Internet session. Once an account is activated, users may use 
the associated user ID and password that they created to access USDA 
resources that are protected by eAuthentication. Information stored in 
the eAuthentication Service may be shared with other USDA components, 
as well as appropriate Federal, State, local, tribal, foreign, or 
international government agencies as outlined in the routine uses or 
authorized by statute.
    This sharing will take place only after USDA determines that the 
receiving component or agency has a need to know the information to 
carry out agency mission, national security, law enforcement, 
immigration, intelligence, or other functions consistent with the 
routine uses set forth in this system of records notice. The revisions 
to this system of records include: Updating the system location, 
storage policies, storage safeguards, retention and disposal policies; 
the system manager's location; the practice of identity proofing 
individuals; record retrieval; and the notification, record access, & 
contesting procedures in order to be consistent with the Department's 
best practices.
    In addition, the routine uses were amended as follows:
     Routine Use 1. is modified adding account management and 
user profile management
     Routine Use 8. is added to permit another federal agency 
or federal entity to investigate breaches and remedy risk to 
individuals
     Routine Use 9. is added for disclosure to credit bureaus 
to conduct identity proofing
     Routine Use 10. is added for disclosure for contractors to 
assist in administering the program
     Routine Use 11. Is added for disclosure of records to 
other federal agencies

    Dated: January 18, 2017.
Michael T. Scuse,
Acting Secretary of Agriculture.
SYSTEM OF RECORDS

USDA/OCIO-2

SYSTEM NAME:
    USDA/OCIO-2 eAuthentication Service

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    USDA--National Information Technology Center (NITC), 8930 Ward 
Pkwy, Kansas City, MO 64114.
    USDA--St. Louis Enterprise Data Center, 4300 Goodfellow Boulevard, 
St. Louis, MO 63120 US.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system contains records on individuals who applied for and 
were granted access to USDA applications and services that are 
protected by eAuthentication. This includes but not limited to public 
citizens, federal employees, contractor employees, affiliates, etc.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The eAuthentication system will collect the information including 
but

[[Page 8504]]

not limited to name, address, country of residence, telephone, email 
address, date of birth, user name, password, SSN (Capture Temporarily), 
challenge question, and challenge answer. The latter two types of 
information are used to validate a customer's identity for password 
reset. The system will request social security number for online 
identity proofing services through a verification process implemented 
with a credit bureau.

AUTHORITY FOR MAINTENANCE ON THE SYSTEM:
    Government Paperwork Elimination Act (GPEA, Pub. L. 105-277) of 
1998; Freedom to E-File Act (Pub. L. 106-222) of 2000; Electronic 
Signatures in Global and National Commerce Act (E-SIGN, Pub. L. 106-
229) of 2000; eGovernment Act of 2002 (H.R. 2458/Pub. L. 107-347); 
GRAMM-LEACH-BLILEY ACT (Pub L. 106-102).

PURPOSE(S):
    The records in this system are used to electronically authenticate 
and authorize users accessing protected USDA applications and services. 
eAuthentication shares the user information with authorized federal 
agencies or contractor systems supporting a federal agency mission for 
centralized account management and user profile management for USDA.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES. RECORDS IN THIS SYSTEM MAY BE 
DISCLOSED AS FOLLOWS:
    1. To external Web applications or information technology systems 
integrated with the government's federated architecture for 
authentication, identity management, and user profile management for 
USDA. Prior to any disclosure of information under this architecture, 
the user will request access to an external application with their USDA 
credential. All external applications will have undergone rigorous 
testing before joining the architecture. The eAuthentication Service 
acts as a single sign-on point for USDA Agency applications, allowing a 
USDA customer to sign onto any USDA applications for which they have 
been authorized.
    2. When a record on its face, or in conjunction with other records, 
indicates a violation or potential violation of law, whether civil, 
criminal, or regulatory in nature, and whether arising by general 
statute or particular program, statute, or by regulation, rule, or 
order issued pursuant thereto, disclosure may be made to the 
appropriate agency, whether Federal, foreign, State, local, tribal, or 
other public authority responsible for enforcing, investigating, or 
prosecuting such violation or charged with enforcing or implementing 
the statute, or rule, regulation, or order issued pursuant thereto, if 
the information disclosed is relevant to any enforcement, regulatory, 
investigative, or prosecutive responsibility of the receiving entity. 
Referral to the appropriate agency, whether Federal, State, local, or 
foreign, charged with the responsibility of investigating or 
prosecuting violation of law, or of enforcing or implementing a 
statute, rule, regulation, or order issued pursuant thereto, of any 
record within this system when information available indicates a 
violation or potential violation of law, whether civil, criminal, or 
regulatory in nature.
    3. To a court or adjudicative body in a proceeding when: (a) USDA 
or any component thereof; or (b) any employee of USDA in his or her 
official capacity; or (c) any employee of USDA in his or her individual 
capacity where USDA has agreed to represent the employee; or (d) the 
United States Government, is a party to litigation or has an interest 
in such litigation, and by careful review, USDA determines that the 
records are both relevant and necessary to the litigation and the use 
of such records is therefore deemed by USDA to be for a purpose that is 
compatible with the purpose for which USDA collected the records.
    4. To a congressional office in response to an inquiry made at the 
written request of the individual to whom the record pertains.
    5. Disclosure at the individuals' request to any Federal 
department, State, local agencies, or USDA partners including but not 
limited to contractor systems supporting the government mission 
utilizing or interfacing with eAuthentication to provide electronic 
authentication. The disclosure of this information is required to 
securely provide, monitor, and analyze the requested program, service, 
registration, or other transaction.
    6. To the Department of Justice when: (a) USDA or any component 
thereof; or (b) any employee of USDA in his or her official capacity 
where the Department of Justice has agreed to represent the employee; 
or (d) the United States Government, is a party to litigation or has an 
interest in such litigation, and by careful review, USDA determines 
that the records are both relevant and necessary to the litigation and 
the use of such records by the Department of Justice is therefore 
deemed by USDA to be for a purpose that is compatible with the purpose 
for which USDA collected the records.
    7. To appropriate agencies, entities, and persons when (1) USDA 
suspects or has confirmed that the security or confidentiality of 
information in the system of records has been compromised; (2) USDA has 
determined that as a result of the suspected or confirmed breach there 
is a risk of harm to individuals, USDA (including its information 
systems, programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, and 
persons is reasonably necessary to assist in connection with USDA's 
efforts to respond to the suspected or confirmed compromise and 
prevent, minimize, or remedy such harm.
    8. To another Federal agency or Federal entity, when information 
from this system of records is reasonably necessary to assist the 
recipient agency or entity in (1) responding to a suspected or 
confirmed breach or (2) preventing, minimizing, or remedying the risk 
of harm to individuals, the agency (including its information systems, 
programs and operations), the Federal Government, or national security.
    9. Disclosure to credit bureaus to conduct online identity proofing 
of users including but not limited to public citizens, federal 
employees, contractor employees, affiliates, etc., for the purpose of 
remotely verifying the users identity in using eAuthentication account 
management practices (e.g. Issuing an account & credential, and account 
recovery).
    10. Contract Disclosure. If the Department contracts with an entity 
for the purpose of performing any function that requires disclosure of 
records including but not limited to helpdesk operations, password 
resets, system administration, application operations, program support. 
The Department may disclose the records as a routine use to those 
contract employees. Before entering into such a contract, the 
Department shall require the contractor to maintain Privacy Act 
safeguards as required under 5 U.S.C. 552a(m) with respect to the 
records in the system.
    11. Disclosure may be made to a private contractor or Federal 
agency for the purpose of collating, analyzing, aggregating or 
otherwise refining records for official business in this system. The 
contractor or Federal agency will be required to maintain Privacy Act 
safeguards with respect to these records.

[[Page 8505]]

POLICIES/PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND 
DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored and maintained electronically on USDA owned and 
operated systems in Kansas City, MO and St. Louis, Missouri.

RETRIEVABILITY:
    Records can be retrieved by a search of user profile attributes 
including but not limited to Personal Identity Verification (HSPD-12 
PID) card identifiers, UserName (Login ID), Last Name, First Name, 
Email, system ID (eAuth Internal ID), challenge question, and challenge 
answer. The latter two types of information are used to validate a 
customer's identity for helpdesk services only those individuals with 
approved access rights have this authority and data accessibility. USDA 
staff and contractors (acting as authorized agents) access information 
that is necessary to fulfill customer requests, provide end-user 
technical support and to operate and administer the system.

SAFEGUARDS:
    Records are accessible only to authorized personnel. Protection of 
the records is ensured by appropriate technical controls. The physical 
security of the system is provided by restricted building access. In 
addition, increased security is provided by encryption of data when 
transmitted. SSN is masked during the capture process when a user 
enters on the web form. The system has undergone an Assessment and 
Authorization (A&A) by the OCIO Designated Approving Authority via 
Agricultural Security Operations Center (ASOC).

RETENTION AND DISPOSAL:
    Records in this system will be retained in accordance with approved 
retention schedules, including: (31) General Retention Schedule (DAA-
GRS-2013-0006-0004), which provides for annual cut-off and for 
destruction 6 years after cutoff or longer if required for business 
use; (61) General Retention Schedule (N1-GRS-07-3, item 13a2), which 
provides for annual cut-off and for destruction 7 years and 6 months to 
20 years to 6 months after cut-off; and additional approved schedules 
may apply. Destruction of records shall occur in the manner(s) 
appropriate to the type of record, such as but not limited to shredding 
of paper records and/or deletion of computer records in accordance with 
federal requirements.

SYSTEM MANAGER AND ADDRESS:
    Program Manager--Identity and Access Management, 2150 Centre 
Avenue, Fort Collins, CO 80526

NOTIFICATION PROCEDURE:
    Individuals seeking notification of and access to any record 
contained in this system of records, or seeking to contest its content, 
may submit a request in writing to the Headquarters or component's FOIA 
Officer, whose contact information can be found at http://www.da.usda.gov/foia.htm under ``contacts.'' If an individual believes 
more than one component maintains Privacy Act records concerning him or 
her the individual may submit the request to the Chief FOIA Officer, 
Department of Agriculture, 1400 Independence Avenue SW., Washington, DC 
20250.
    When seeking records about yourself from this system of records or 
any other Departmental system of records your request must conform with 
the Privacy Act regulations set forth in 6 CFR part 5. You must first 
verify your identity, meaning that you must provide your full name, 
current address and date and place of birth. You must sign your 
request, and your signature must either be notarized or submitted under 
28 U.S.C. 1746, a law that permits statements to be made under penalty 
of perjury as a substitute for notarization. While no specific form is 
required, you may obtain forms for this purpose from the Chief FOIA 
Officer, Department of Agriculture, 1400 Independence Avenue SW., 
Washington, DC 20250. In addition you should provide the following:
     An explanation of why you believe the Department would 
have information on you,
     Identify which component(s) of the Department you believe 
may have the information about you,
     Specify when you believe the records would have been 
created,
     Provide any other information that will help the FOIA 
staff determine which USDA component agency may have responsive 
records,
     If your request is seeking records pertaining to another 
living individual, you must include a statement from that individual 
certifying his/her agreement for you to access his/her records.
    Without this bulleted information the component(s) may not be able 
to conduct an effective search, and your request may be denied due to 
lack of specificity or lack of compliance with applicable regulations.

RECORD ACCESS PROCEDURES:
    See ``Notification procedure'' above.

CONTESTING RECORD PROCEDURES:
    Any individual may contest information contained within a record in 
the system that pertains to him/her by submitting a written request to 
the system manager at the address above. Include the reason for 
contesting the record and the proposed amendment to the information 
with supporting documentation to show how the record is inaccurate.

RECORD SOURCE CATEGORIES:
    Information maintained in the system will be submitted but not 
limited to public citizens, federal employees, contractor employees, 
affiliates, etc.. When a user wishes to transact with USDA or its 
partner organizations electronically, the user must enter name, 
address, country of residence, telephone, date of birth, username, and 
password. To elevate the user to conduct official business with USDA 
the user must be identity proofed requiring social security number 
being queried through a national credit bureau. As the USDA 
eAuthentication Service is integrated with other government or private 
sector authentication systems, data may be obtained from those systems 
to facilitate single-sign on capabilities with the user's permission.

EXEMPTIONS CLAIMED FOR THIS SYSTEM:
    None.
U.S. Department of Agriculture Narrative Statement on Revised 
eAuthentication System of Records Under the Privacy Act of 1974 USDA/
OCIO-2 eAuthentication Service
    The U.S. Department of Agriculture (USDA) eAuthentication Service 
provides USDA Agency customers and employees single sign-on capability 
and electronic authentication and authorization for USDA Web 
applications and services. Through an online self-registration process, 
USDA Agency customers and employees can obtain accounts as authorized 
users that will provide access to USDA resources without needing to re-
authenticate within the context of a single Internet session. Once an 
account is activated, users may use the associated user ID and password 
that they created to access USDA resources that are protected by 
eAuthentication. Information stored in the eAuthentication Service may 
be shared with other USDA components, as well as appropriate Federal, 
State, local, tribal, foreign, or international government agencies as 
outlined in the routine uses or authorized by statute. This sharing 
will take place only after USDA determines that the receiving

[[Page 8506]]

component or agency has a need to know the information to carry out 
national security, law enforcement, immigration, intelligence, or other 
functions consistent with the routine uses set forth in this system of 
records notice. USDA is publishing the routine uses pursuant to which 
it may disclose information about individuals to the extent the 
disclosure is consistent with the purpose for which the information was 
collected. Routine uses include disclosure to external Web applications 
upon user request, to other government agencies for law enforcement 
purposes if the record on its face or in conjunction with other records 
indicates a violation of law, to a court or adjudicative body if 
relevant and necessary to appropriate litigation, to a congressional 
office upon written request of the individual, to other government 
entities of USDA partners upon user request, to USDA contractors or 
industry to identify fraud, waste, or abuse to the Department of 
Justice if relevant and necessary for appropriate litigation, or to 
agencies, entities, or persons to prevent or remedy security breach. 
The authority for maintaining this system is derived from: Government 
Paperwork Elimination Act (GPEA, Pub. L. 105-277) of 1998; Freedom to 
E-File Act (Pub. L. 106-222) of 2000; Electronic Signatures in Global 
and National Commerce Act (E-SIGN, Pub. L. 106-229) of 2000; 
eGovernment Act of 2002 (H.R. 2458).
    Probable or potential effects on the privacy of individuals:
    Although there is some risk to the privacy of individuals, that 
risk is outweighed by the benefits to those individuals who will be 
able to access multiple programs and applications with a single login. 
In addition, the safeguards in place will protect against unauthorized 
disclosure. Records are accessible only to individuals who are 
authorized, and physical and electronic safeguards are employed to 
ensure security. eAuthentication has a current Authority to Operate 
obtained via the completion Certification and Accreditation based on 
the Risk Management Framework. A satisfactory risk assessment has been 
performed.
    OMB information collection requirements:
    OMB information collection approval: OMB No. 0503-0014

[FR Doc. 2017-01767 Filed 1-25-17; 8:45 am]
 BILLING CODE 3410-ZV-P

8503 Notices Federal Register Vol. 82, No. 16 Thursday, January 26, 2017 This section of the FEDERAL REGISTER • Mail: Adam Zeimet, Branch Chief, system of records include: Updating the contains documents other than rules or Identity Access Branch, system location, storage policies, storage proposed rules that are applicable to the eAuthentication, 2150 Centre Avenue, safeguards, retention and disposal public. Notices of hearings and investigations, Building A, Suite 350, Fort Collins, policies; the system manager’s location; committee meetings, agency decisions and Colorado 80526. the practice of identity proofing rulings, delegations of authority, filing of • Instructions: All submissions individuals; record retrieval; and the petitions and applications and agency statements of organization and functions are received must include the agency name notification, record access, & contesting examples of documents appearing in this and docket number for this rulemaking. procedures in order to be consistent section. All comments received will be posted with the Department’s best practices. without change to http:// In addition, the routine uses were www.regulations.gov, including any amended as follows: DEPARTMENT OF AGRICULTURE personal information provided. • Routine Use 1. is modified adding • Docket: For access to the docket to account management and user profile Office of the Secretary read background documents or management comments received, go to http:// • Routine Use 8. is added to permit Privacy Act of 1974; Revised System of www.regulations.gov. another federal agency or federal entity Records to investigate breaches and remedy risk FOR FURTHER INFORMATION CONTACT: For AGENCY: Office of the Chief Information general questions, please contact: Adam to individuals Zeimet, Program Manager, (970) 295– • Routine Use 9. is added for Officer, USDA. 5678, 2150 Centre Avenue, Building A, disclosure to credit bureaus to conduct ACTION: Notice of the revision of Privacy identity proofing Suite 350, Fort Collins, Colorado 80526. Act system of records. • Routine Use 10. is added for For privacy issues, please contact: disclosure for contractors to assist in SUMMARY: In accordance with the Kelvin Fairfax, Chief Privacy Officer, administering the program Privacy Act of 1974, the Department of Technology Planning, Architecture and • Routine Use 11. Is added for Agriculture proposes to revise an E-Government, Office of the Chief disclosure of records to other federal existing Department of Agriculture Information Officer, Department of agencies system of records notice now titled, Agriculture, Washington, DC 20250. USDA/OCIO–2 eAuthentication Service SUPPLEMENTARY INFORMATION: Dated: January 18, 2017. (eAuth). The USDA eAuth provides the Michael T. Scuse, I. Background Acting Secretary of Agriculture. public and government businesses with a single sign-on capability for USDA The USDA eAuthentication Service provides USDA Agency customers and SYSTEM OF RECORDS applications, management of user credentials, and verification of identity, employee’s single sign-on capability and USDA/OCIO–2 authorization, and electronic signatures. electronic authentication and USDA’s eAuth collects customer authorization for USDA Web SYSTEM NAME: information through an electronic self- applications and services. Through an USDA/OCIO–2 eAuthentication registration process provided through online self-registration process, USDA Service the eAuth Web site. This System of Agency customers and employees can obtain accounts as authorized users that SECURITY CLASSIFICATION: Records Notice was previously published as ‘‘USDA eAuthentication will provide access to USDA resources Unclassified. Service’’ in Federal Register Vol. 77, without needing to re-authenticate SYSTEM LOCATION: No. 50 on Wednesday, March 14, 2012. within the context of a single Internet session. Once an account is activated, USDA—National Information The revision reflects updates to the users may use the associated user ID Technology Center (NITC), 8930 Ward system name; the system location; and password that they created to access Pkwy, Kansas City, MO 64114. routine uses; storage policies; USDA resources that are protected by USDA—St. Louis Enterprise Data safeguards; retention and disposal; eAuthentication. Information stored in Center, 4300 Goodfellow Boulevard, St. identity proofing individuals, the the eAuthentication Service may be Louis, MO 63120 US. system manager; and notification, record access, and contesting shared with other USDA components, as CATEGORIES OF INDIVIDUALS COVERED BY THE procedures. well as appropriate Federal, State, local, SYSTEM: tribal, foreign, or international This system contains records on DATES: Submit comments on or before government agencies as outlined in the March 7, 2017. This new system will be individuals who applied for and were routine uses or authorized by statute. granted access to USDA applications effective March 7, 2017. This sharing will take place only after and services that are protected by ADDRESSES: You may submit comments, USDA determines that the receiving jstallworth on DSK7TPTVN1PROD with NOTICES eAuthentication. This includes but not identified by docket number USDA/ component or agency has a need to limited to public citizens, federal OCIO–2 by one of the following know the information to carry out employees, contractor employees, methods: agency mission, national security, law affiliates, etc. • Federal e-Rulemaking Portal: http:// enforcement, immigration, intelligence, www.regulations.gov. Follow the or other functions consistent with the CATEGORIES OF RECORDS IN THE SYSTEM: instructions for submitting comments. routine uses set forth in this system of The eAuthentication system will • Fax: (970) 295–5238. records notice. The revisions to this collect the information including but VerDate Sep<11>2014 15:10 Jan 25, 2017 Jkt 241001 PO 00000 Frm 00001 Fmt 4703 Sfmt 4703 E:\FR\FM\26JAN1.SGM 26JAN1

8504 Federal Register / Vol. 82, No. 16 / Thursday, January 26, 2017 / Notices not limited to name, address, country of enforcing, investigating, or prosecuting 7. To appropriate agencies, entities, residence, telephone, email address, such violation or charged with enforcing and persons when (1) USDA suspects or date of birth, user name, password, SSN or implementing the statute, or rule, has confirmed that the security or (Capture Temporarily), challenge regulation, or order issued pursuant confidentiality of information in the question, and challenge answer. The thereto, if the information disclosed is system of records has been latter two types of information are used relevant to any enforcement, regulatory, compromised; (2) USDA has determined to validate a customer’s identity for investigative, or prosecutive that as a result of the suspected or password reset. The system will request responsibility of the receiving entity. confirmed breach there is a risk of harm social security number for online Referral to the appropriate agency, to individuals, USDA (including its identity proofing services through a whether Federal, State, local, or foreign, information systems, programs, and verification process implemented with a charged with the responsibility of operations), the Federal Government, or credit bureau. investigating or prosecuting violation of national security; and (3) the disclosure law, or of enforcing or implementing a AUTHORITY FOR MAINTENANCE ON THE SYSTEM: made to such agencies, entities, and statute, rule, regulation, or order issued Government Paperwork Elimination persons is reasonably necessary to assist pursuant thereto, of any record within Act (GPEA, Pub. L. 105–277) of 1998; in connection with USDA’s efforts to this system when information available Freedom to E-File Act (Pub. L. 106–222) respond to the suspected or confirmed indicates a violation or potential of 2000; Electronic Signatures in Global compromise and prevent, minimize, or violation of law, whether civil, criminal, and National Commerce Act (E–SIGN, remedy such harm. or regulatory in nature. Pub. L. 106–229) of 2000; eGovernment 3. To a court or adjudicative body in 8. To another Federal agency or Act of 2002 (H.R. 2458/Pub. L. 107– 347); GRAMM-LEACH-BLILEY ACT a proceeding when: (a) USDA or any Federal entity, when information from (Pub L. 106–102). component thereof; or (b) any employee this system of records is reasonably of USDA in his or her official capacity; necessary to assist the recipient agency PURPOSE(S): or (c) any employee of USDA in his or or entity in (1) responding to a The records in this system are used to her individual capacity where USDA suspected or confirmed breach or (2) electronically authenticate and has agreed to represent the employee; or preventing, minimizing, or remedying authorize users accessing protected (d) the United States Government, is a the risk of harm to individuals, the USDA applications and services. party to litigation or has an interest in agency (including its information eAuthentication shares the user such litigation, and by careful review, systems, programs and operations), the information with authorized federal USDA determines that the records are Federal Government, or national agencies or contractor systems both relevant and necessary to the security. supporting a federal agency mission for litigation and the use of such records is centralized account management and therefore deemed by USDA to be for a 9. Disclosure to credit bureaus to user profile management for USDA. purpose that is compatible with the conduct online identity proofing of purpose for which USDA collected the users including but not limited to public ROUTINE USES OF RECORDS MAINTAINED IN THE records. citizens, federal employees, contractor SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES. RECORDS IN THIS 4. To a congressional office in employees, affiliates, etc., for the SYSTEM MAY BE DISCLOSED AS FOLLOWS: response to an inquiry made at the purpose of remotely verifying the users 1. To external Web applications or written request of the individual to identity in using eAuthentication information technology systems whom the record pertains. account management practices (e.g. integrated with the government’s 5. Disclosure at the individuals’ Issuing an account & credential, and federated architecture for request to any Federal department, account recovery). authentication, identity management, State, local agencies, or USDA partners 10. Contract Disclosure. If the and user profile management for USDA. including but not limited to contractor Department contracts with an entity for Prior to any disclosure of information systems supporting the government the purpose of performing any function under this architecture, the user will mission utilizing or interfacing with that requires disclosure of records request access to an external application eAuthentication to provide electronic including but not limited to helpdesk with their USDA credential. All external authentication. The disclosure of this operations, password resets, system applications will have undergone information is required to securely administration, application operations, rigorous testing before joining the provide, monitor, and analyze the requested program, service, registration, program support. The Department may architecture. The eAuthentication or other transaction. disclose the records as a routine use to Service acts as a single sign-on point for 6. To the Department of Justice when: those contract employees. Before USDA Agency applications, allowing a USDA customer to sign onto any USDA (a) USDA or any component thereof; or entering into such a contract, the applications for which they have been (b) any employee of USDA in his or her Department shall require the contractor authorized. official capacity where the Department to maintain Privacy Act safeguards as 2. When a record on its face, or in of Justice has agreed to represent the required under 5 U.S.C. 552a(m) with conjunction with other records, employee; or (d) the United States respect to the records in the system. indicates a violation or potential Government, is a party to litigation or 11. Disclosure may be made to a violation of law, whether civil, criminal, has an interest in such litigation, and by private contractor or Federal agency for or regulatory in nature, and whether careful review, USDA determines that jstallworth on DSK7TPTVN1PROD with NOTICES the purpose of collating, analyzing, arising by general statute or particular the records are both relevant and aggregating or otherwise refining program, statute, or by regulation, rule, necessary to the litigation and the use of records for official business in this or order issued pursuant thereto, such records by the Department of system. The contractor or Federal disclosure may be made to the Justice is therefore deemed by USDA to agency will be required to maintain appropriate agency, whether Federal, be for a purpose that is compatible with Privacy Act safeguards with respect to foreign, State, local, tribal, or other the purpose for which USDA collected these records. public authority responsible for the records. VerDate Sep<11>2014 15:10 Jan 25, 2017 Jkt 241001 PO 00000 Frm 00002 Fmt 4703 Sfmt 4703 E:\FR\FM\26JAN1.SGM 26JAN1

Federal Register / Vol. 82, No. 16 / Thursday, January 26, 2017 / Notices 8505 POLICIES/PRACTICES FOR STORING, RETRIEVING, SYSTEM MANAGER AND ADDRESS: CONTESTING RECORD PROCEDURES: ACCESSING, RETAINING, AND DISPOSING OF Any individual may contest Program Manager—Identity and RECORDS IN THE SYSTEM: Access Management, 2150 Centre information contained within a record STORAGE: Avenue, Fort Collins, CO 80526 in the system that pertains to him/her by submitting a written request to the Records are stored and maintained NOTIFICATION PROCEDURE: system manager at the address above. electronically on USDA owned and Individuals seeking notification of Include the reason for contesting the operated systems in Kansas City, MO and access to any record contained in record and the proposed amendment to and St. Louis, Missouri. this system of records, or seeking to the information with supporting RETRIEVABILITY: contest its content, may submit a documentation to show how the record request in writing to the Headquarters or is inaccurate. Records can be retrieved by a search component’s FOIA Officer, whose of user profile attributes including but RECORD SOURCE CATEGORIES: contact information can be found at not limited to Personal Identity http://www.da.usda.gov/foia.htm under Information maintained in the system Verification (HSPD–12 PID) card ‘‘contacts.’’ If an individual believes will be submitted but not limited to identifiers, UserName (Login ID), Last more than one component maintains public citizens, federal employees, Name, First Name, Email, system ID Privacy Act records concerning him or contractor employees, affiliates, etc.. (eAuth Internal ID), challenge question, her the individual may submit the When a user wishes to transact with and challenge answer. The latter two request to the Chief FOIA Officer, USDA or its partner organizations types of information are used to validate Department of Agriculture, 1400 electronically, the user must enter a customer’s identity for helpdesk Independence Avenue SW., name, address, country of residence, services only those individuals with Washington, DC 20250. telephone, date of birth, username, and approved access rights have this When seeking records about yourself password. To elevate the user to authority and data accessibility. USDA from this system of records or any other conduct official business with USDA staff and contractors (acting as Departmental system of records your the user must be identity proofed authorized agents) access information request must conform with the Privacy requiring social security number being that is necessary to fulfill customer Act regulations set forth in 6 CFR part queried through a national credit requests, provide end-user technical 5. You must first verify your identity, bureau. As the USDA eAuthentication support and to operate and administer meaning that you must provide your full Service is integrated with other the system. name, current address and date and government or private sector place of birth. You must sign your authentication systems, data may be SAFEGUARDS: obtained from those systems to facilitate request, and your signature must either Records are accessible only to be notarized or submitted under 28 single-sign on capabilities with the authorized personnel. Protection of the U.S.C. 1746, a law that permits user’s permission. records is ensured by appropriate statements to be made under penalty of EXEMPTIONS CLAIMED FOR THIS SYSTEM: technical controls. The physical security perjury as a substitute for notarization. of the system is provided by restricted None. While no specific form is required, you building access. In addition, increased may obtain forms for this purpose from U.S. Department of Agriculture Narrative security is provided by encryption of the Chief FOIA Officer, Department of Statement on Revised eAuthentication data when transmitted. SSN is masked Agriculture, 1400 Independence Avenue System of Records Under the Privacy during the capture process when a user SW., Washington, DC 20250. In addition Act of 1974 USDA/OCIO–2 enters on the web form. The system has you should provide the following: eAuthentication Service undergone an Assessment and • An explanation of why you believe The U.S. Department of Agriculture Authorization (A&A) by the OCIO the Department would have information (USDA) eAuthentication Service Designated Approving Authority via on you, provides USDA Agency customers and Agricultural Security Operations Center • Identify which component(s) of the employees single sign-on capability and (ASOC). Department you believe may have the electronic authentication and information about you, authorization for USDA Web RETENTION AND DISPOSAL: • Specify when you believe the applications and services. Through an Records in this system will be records would have been created, online self-registration process, USDA retained in accordance with approved • Provide any other information that Agency customers and employees can retention schedules, including: (31) will help the FOIA staff determine obtain accounts as authorized users that General Retention Schedule (DAA– which USDA component agency may will provide access to USDA resources GRS–2013–0006–0004), which provides have responsive records, without needing to re-authenticate for annual cut-off and for destruction 6 • If your request is seeking records within the context of a single Internet years after cutoff or longer if required pertaining to another living individual, session. Once an account is activated, for business use; (61) General Retention you must include a statement from that users may use the associated user ID Schedule (N1–GRS–07–3, item 13a2), individual certifying his/her agreement and password that they created to access which provides for annual cut-off and for you to access his/her records. USDA resources that are protected by for destruction 7 years and 6 months to Without this bulleted information the eAuthentication. Information stored in 20 years to 6 months after cut-off; and the eAuthentication Service may be jstallworth on DSK7TPTVN1PROD with NOTICES component(s) may not be able to additional approved schedules may conduct an effective search, and your shared with other USDA components, as apply. Destruction of records shall occur request may be denied due to lack of well as appropriate Federal, State, local, in the manner(s) appropriate to the type specificity or lack of compliance with tribal, foreign, or international of record, such as but not limited to applicable regulations. government agencies as outlined in the shredding of paper records and/or routine uses or authorized by statute. deletion of computer records in RECORD ACCESS PROCEDURES: This sharing will take place only after accordance with federal requirements. See ‘‘Notification procedure’’ above. USDA determines that the receiving VerDate Sep<11>2014 15:10 Jan 25, 2017 Jkt 241001 PO 00000 Frm 00003 Fmt 4703 Sfmt 4703 E:\FR\FM\26JAN1.SGM 26JAN1

8506 Federal Register / Vol. 82, No. 16 / Thursday, January 26, 2017 / Notices component or agency has a need to DEPARTMENT OF COMMERCE closing period for their receipt is March know the information to carry out 7, 2017. national security, law enforcement, Foreign-Trade Zones Board A copy of the notification will be immigration, intelligence, or other [B–007–2017] available for public inspection at the functions consistent with the routine Office of the Executive Secretary, uses set forth in this system of records Foreign-Trade Zone (FTZ) 29— Foreign-Trade Zones Board, Room notice. USDA is publishing the routine Shelbyville, Kentucky, Notification of 21013, U.S. Department of Commerce, uses pursuant to which it may disclose Proposed Production Activity, Amcor 1401 Constitution Avenue NW., information about individuals to the Flexibles L.L.C., (Flexible Packaging Washington, DC 20230–0002, and in the extent the disclosure is consistent with Production, Warehousing, and ‘‘Reading Room’’ section of the Board’s the purpose for which the information Distribution), Shelbyville, Kentucky Web site, which is accessible via www.trade.gov/ftz. was collected. Routine uses include The Louisville and Jefferson County For further information, contact disclosure to external Web applications Riverport Authority, grantee of FTZ 29, Juanita H. Chen at Juanita.Chen@ upon user request, to other government submitted a notification of proposed trade.gov or (202) 482–1378. agencies for law enforcement purposes production activity to the FTZ Board on if the record on its face or in behalf of Amcor Flexibles L.L.C. Dated: January 17, 2017. conjunction with other records indicates (Amcor), located in Shelbyville, Elizabeth Whiteman, a violation of law, to a court or Kentucky. The notification conforming Acting Executive Secretary. adjudicative body if relevant and to the requirements of the regulations of [FR Doc. 2017–01708 Filed 1–25–17; 8:45 am] necessary to appropriate litigation, to a the FTZ Board (15 CFR 400.22) was BILLING CODE 3510–DS–P congressional office upon written received on January 11, 2017. request of the individual, to other A separate application for subzone government entities of USDA partners designation at the Amcor facility was DEPARTMENT OF COMMERCE submitted and will be processed under upon user request, to USDA contractors Foreign-Trade Zones Board Section 400.31 of the Board’s or industry to identify fraud, waste, or regulations. The facility will be used to [B–08–2017] abuse to the Department of Justice if produce, warehouse, and distribute relevant and necessary for appropriate flexible packaging used in pharma, food, Foreign-Trade Zone 157—Casper, litigation, or to agencies, entities, or home, and personal care products. Wyoming; Application for persons to prevent or remedy security Pursuant to 15 CFR 400.14(b), FTZ Reorganization Under Alternative Site breach. The authority for maintaining activity would be limited to the specific Framework this system is derived from: Government foreign-status materials and components Paperwork Elimination Act (GPEA, Pub. and specific finished products described An application has been submitted to L. 105–277) of 1998; Freedom to E-File in the submitted notification (as the Foreign-Trade Zones (FTZ) Board by Act (Pub. L. 106–222) of 2000; described below) and subsequently the Casper/Natrona County Electronic Signatures in Global and authorized by the FTZ Board. International Airport, grantee of FTZ National Commerce Act (E–SIGN, Pub. Production under FTZ procedures 157, requesting authority to reorganize L. 106–229) of 2000; eGovernment Act could exempt Amcor from customs duty the zone under the alternative site of 2002 (H.R. 2458). payments on the foreign-status framework (ASF) adopted by the FTZ components used in export production. Board (15 CFR Sec. 400.2(c)). The ASF Probable or potential effects on the is an option for grantees for the On its domestic sales, Amcor would be privacy of individuals: establishment or reorganization of zones able to choose the duty rates during Although there is some risk to the customs entry procedures that apply to: and can permit significantly greater privacy of individuals, that risk is Printed and non-printed, non-laminated flexibility in the designation of new outweighed by the benefits to those aluminum foil packaging (duty rate subzones or ‘‘usage-driven’’ FTZ sites individuals who will be able to access 3.0%); printed, laminated aluminum for operators/users located within a multiple programs and applications foil packaging (duty rate 3.7%); non- grantee’s ‘‘service area’’ in the context of with a single login. In addition, the printed aluminum foil laminated the FTZ Board’s standard 2,000-acre safeguards in place will protect against packaging (duty rate 0.0%); aluminum/ activation limit for a zone. The unauthorized disclosure. Records are plastic packaging (duty rate 4.2%); application was submitted pursuant to accessible only to individuals who are aluminum/plastic pouches (duty rate the Foreign-Trade Zones Act, as authorized, and physical and electronic 4.2%); aluminum/plastic tear strip (duty amended (19 U.S.C. 81a–81u), and the safeguards are employed to ensure rate 4.2%); and, aluminum foil (not regulations of the Board (15 CFR part security. eAuthentication has a current laminated) (duty rate 3.0%) for the 400). It was formally docketed on foreign-status inputs noted below. January 17, 2017. Authority to Operate obtained via the Customs duties also could possibly be FTZ 157 was approved by the FTZ completion Certification and deferred or reduced on foreign-status Board on January 19, 1989 (Board Order Accreditation based on the Risk production equipment. 426, 54 FR 5532, February 3, 1989) and Management Framework. A satisfactory expanded on September 3, 2010 (Board The components and materials risk assessment has been performed. Order 1707, 75 FR 56987–56988, sourced from abroad include polyvinyl OMB information collection September 17, 2010). jstallworth on DSK7TPTVN1PROD with NOTICES chloride film, nylon film, aluminum requirements: foil, aluminum/plastic tear strip, and The current zone includes the OMB information collection approval: aluminum foil (not laminated) (duty rate following sites: Site 1 (492 acres)— OMB No. 0503–0014 ranges from 3.0% to 5.8%). Casper/Natrona County International Public comment is invited from Airport, 8500 Airport Parkway, Casper; [FR Doc. 2017–01767 Filed 1–25–17; 8:45 am] interested parties. Submissions shall be and, Site 2 (984 acres)—Casper Logistics BILLING CODE 3410–ZV–P addressed to the Board’s Executive Hub, 6 Mile Road and Morgan Street, Secretary at the address below. The Casper. VerDate Sep<11>2014 15:10 Jan 25, 2017 Jkt 241001 PO 00000 Frm 00004 Fmt 4703 Sfmt 4703 E:\FR\FM\26JAN1.SGM 26JAN1


Document Created: 2017-01-26 00:05:10
Document Modified: 2017-01-26 00:05:10
CategoryRegulatory Information
CollectionFederal Register
sudoc ClassAE 2.7:
GS 4.107:
AE 2.106:
PublisherOffice of the Federal Register, National Archives and Records Administration
SectionNotices
ActionNotice of the revision of Privacy Act system of records.
DatesSubmit comments on or before March 7, 2017. This new system will be effective March 7, 2017.
ContactFor general questions, please contact: Adam Zeimet, Program Manager, (970) 295-5678, 2150 Centre Avenue, Building A, Suite 350, Fort Collins, Colorado 80526. For privacy issues, please contact: Kelvin Fairfax, Chief Privacy Officer, Technology Planning, Architecture and E-Government, Office of the Chief Information Officer, Department of Agriculture, Washington, DC 20250.
FR Citation82 FR 8503 
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR