Privacy Act of 1974; System of Records

AGENCY:

General Services Administration (GSA).

ACTION:

Notice of a modified system of records.

SUMMARY:

Login.gov is a single sign-on platform to facilitate access to government services. GSA is modifying the routine uses applicable to the system of records by removing the words “NIST-compliant” from one existing Login.gov routine use and adding a new routine use for the system.

DATES:

The modifications to the system of records that are described in this notice are effective upon publication in today's Federal Register, with the exception of the one new routine use to allow Login.gov to mail users a confirmation or notification (see new routine use “j” below) which is effective September 11, 2017. Comments on that routine use must be submitted by September 11, 2017.

ADDRESSES:

Submit comments identified by “Notice-ID-2017-02, Notice of Modified System of Records” by any of the following methods:

• Regulations.gov: http://www.regulations.gov . Submit comments via the Federal eRulemaking portal by searching for Notice-ID-2017-02, Notice of Modified System of Records. Select the link “Comment Now” that corresponds with “Notice-ID-2017-02, Notice of Modified System of Records.” Follow the instructions provided on the screen. Please include your name, company name (if any), and “Notice-ID-2017-02, Notice of Modified System of Records” on your attached document.
• Mail: General Services Administration, Regulatory Secretariat Division (MVCB), 1800 F Street NW., Washington, DC 20405. ATTN: Ms. Sosa/Notice-ID-2017-02, Notice of Modified System of Records.

Instructions: Comments received generally will be posted without change to http://www.regulations.gov,, including any personal and/or business confidential information provided. To confirm receipt of your comment(s), please check http://www.regulations.gov,, approximately two to three days after submission to verify posting (except allow 30 days for posting of comments submitted by mail).

FOR FURTHER INFORMATION CONTACT:

Call the GSA Chief Privacy Officer at telephone 202-322-8246; or email gsa.privacyact@gsa.gov.

SUPPLEMENTARY INFORMATION:

GSA proposes to clarify an existing routine use and add a new routine use for Login.gov, a system of records subject to the Privacy Act of 1974, 5 U.S.C. 552a. The National Institute of Standards and Technology (NIST) develops information security standards and guidelines, including minimum requirements for Federal information systems, but does not endorse or certify specific implementations. Therefore, GSA is modifying existing routine use “b” to remove the reference to “NIST-compliant” third party identity proofing service providers. New routine use “j” will enable Login.gov to disclose a user's name and mailing address to the Government Publishing Office (GPO) to mail that user an address confirmation form or any other requested mailed notifications. Login.gov provides a single, secure platform through which members of the public can log-in and access services from partner agencies, and increases user security by facilitating identity proofing and authentication as necessary in order to access specific government services.

SYSTEM NAME AND NUMBER:

Login.gov, GSA/TTS-1.

SECURITY CLASSIFCATION:

Unclassified.

SYSTEM LOCATION:

The system is owned and maintained by GSA, housed in secure datacenters in continental United States. Contact the System Manager listed below for additional information.

SYSTEM MANAGER:

Joel Minton, Director, Login.gov, General Services Administration, 1800 F Street NW., Washington, DC 20405. https://www.Login.gov .

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed to authorized entities, as is determined to be relevant and necessary, outside GSA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

a. To the Department of Justice or other Federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body, when: (a) GSA or any component thereof, or (b) any employee of GSA in his/her official capacity, or (c) any employee of GSA in his/her individual capacity where DOJ or GSA has agreed to represent the employee, or (d) the United States or any agency thereof, is a party to the litigation or has an interest in such litigation, and GSA determines that the records are both relevant and necessary to the litigation.

b. To third party identity proofing services, as necessary to identity proof an individual for access to a service at the required level of assurance.

c. To an appropriate Federal, State, tribal, local, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations and such disclosure is proper and consistent with the official duties of the person making the disclosure.

d. To a Member of Congress or his or her staff in response to a request made on behalf of and at the request of the individual who is the subject of the record.

e. To the Office of Management and Budget (OMB) and the Government Accountability Office (GAO) in accordance with their responsibilities for evaluation or oversight of Federal programs.

f. To an expert, consultant, or contractor of GSA in the performance of a Federal duty to which the information is relevant.

g. To the National Archives and Records Administration (NARA) for records management purposes.

h. To appropriate agencies, entities, and persons when (1) GSA suspects or has confirmed that there has been a breach of the system of records; (2) GSA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, GSA (including its information systems, programs and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with GSA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

i. To another Federal agency or Federal entity, when GSA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

j. To the Government Publishing Office (GPO), when Login.gov needs to mail a user an address confirmation form or if a user requests mailed notifications of account changes or of proofing attempts.

History:

This notice modifies the routine use section of the system of records notice that is published in full at 82 FR 6552, January 19, 2017. The comments GSA received on that notice, and its responses to them, may be searched for and viewed on regulations.gov using Docket ID “GSA-GSA-2017-0002”.