General Services Administration

GSA/GOVT-10

SYSTEM NAME:

Login.gov  (August 24, 2016,  81 FR 57912)

SYSTEM LOCATION:

The system is maintained for GSA under contract. Contact the System Manager for additional information.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Anyone is able to create an account.

CATEGORIES OF RECORDS IN THE SYSTEM:

Records may include, but are not limited to: Biographical data such as name, address, email, password, phone number, birth date, social security number. Use of the system, and contribution of personal information, is completely voluntary.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

E-Government Act of 2002 (P.L. 107-347, 44 U.S.C. 3501 note).

PURPOSE(S):

To enable users to control how government interacts with them and their personal information, and to aid and assist users in interacting with the government. Users interacting with local, state, or federal agency developed applications may be asked to authorize the application to access system resources, such as their personal profile information. If a user authorizes use of his or her information, the agency application will be given programmatic access to the user's account resources. Profile, usage, and system information may be accessed by system managers, technical support and designated analysts in the course of their official duties.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

Information from this system also may be disclosed as a routine use:
a. In any legal proceeding, where pertinent, to which GSA, a GSA employee, or the United States is a party before a court or administrative body.

b. To a Federal, State, local, or foreign agency responsible for investigating, prosecuting, enforcing, or carrying out a statute, rule, regulation, or order when GSA becomes aware of a violation or potential violation of civil or criminal law or regulation.

c. To a Member of Congress or his or her staff on behalf of and at the request of the individual who is the subject of the record.

d. To the Office of Personnel Management (OPM), the Office of Management and Budget (OMB), and the Government Accountability Office (GAO) in accordance their responsibilities for evaluating Federal programs.

e. To an expert, consultant, or contractor of GSA in the performance of a Federal duty to which the information is relevant.

f. To the National Archives and Records Administration (NARA) for records management purposes.

g. To a Federal agency in connection with the hiring or retention of an employee; the issuance of a security clearance; the reporting of an investigation; the letting of a contract; or the issuance of a grant, license, or other benefit to the extent that the information is relevant and necessary to a decision.

h. To appropriate agencies, entities, and persons when (1) the Agency suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; (2) The Agency has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by GSA or another agency or entity) that rely upon the compromised information; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with GSA's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

i. To federal, state, or local government agencies or entities for purposes of complying with any legally authorized order or request of such an entity that is made in carrying out the entity's official responsibilities.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:


STORAGE:

All records are stored electronically in a database. Personally Identifiable Information (PII) is encrypted.

RETRIEVABILITY:

Records are retrieved using an authorization protocol. A user of the system grants explicit authorization to an application or government agency to access his or her profile.

SAFEGUARDS:

Access to the database is maintained behind a firewall certified in accordance with National Institute of Standards and Technology standards and information in the database is encrypted.

Records access is limited to authorized individuals and protected with two-factor authentication, and databases are behind a firewall. PII is encrypted at rest, and all transmissions of any information over external networks are encrypted. All passwords, encryption algorithms and firewalls are compliant with National Institute of Standards and Technology standards.

RETENTION AND DISPOSAL:

System records are retained and disposed of according to GSA records maintenance and disposition schedules and the requirements of the National Archives and Records Administration. The initial implementation of this has a limited scope of users. The option for users to delete their own information will be functional in a future version of the application. Physical records are disposed of by cross-cut shredding or burning as scheduled in the handbook, GSA Records Maintenance and Disposition System (CIO P. 1820.1).

SYSTEM MANAGER(S) AND ADDRESS:

Director, Login.gov, General Services Administration, 1800 F Street NW., Washington, DC 20405; ATTN: https://www.login.gov.

NOTIFICATION PROCEDURE:

Individuals or users maintain their own information. Inquires can be made via the Web site at https://login.gov/‚Äč or at the above address under `System Manager and Address'.

RECORD ACCESS PROCEDURES:

Individuals or users wishing to access their own records may do so by password or by contacting the system administrator at the above address.

CONTESTING RECORD PROCEDURES:

Individuals or users of the system may amend their own records online.

RECORD SOURCE CATEGORIES:

The sources for information in the system are the individuals (or system users) for whom the records are maintained, and third-party applications which the user has authorized to contribute information to his or her account.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

None.

FEDERAL REGISTER HISTORY:

August 24, 2016, 81 FR 57912