Privacy Act of 1974 System of Records Notice, 19078-19080 [2021-07363]

Agencies

• SMALL BUSINESS ADMINISTRATION

[Federal Register Volume 86, Number 68 (Monday, April 12, 2021)]
[Notices]
[Pages 19078-19080]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-07363]


-----------------------------------------------------------------------

SMALL BUSINESS ADMINISTRATION


Privacy Act of 1974 System of Records Notice

AGENCY: U.S. Small Business Administration.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: The U.S. Small Business Administration (SBA) proposes to 
modify its system of records titled, Servicing and Contracts System/
Minority Enterprise Development Headquarters Repository (SBA 30), to 
its inventory of records systems subject to the Privacy Act of 1974 as 
amended. Publication of this notice complies with the Privacy Act and 
the Office of Management and Budget (OMB) Circulars A-108 and A-130 
requirement for agencies to publish a notice in the Federal Register 
whenever the agency establishes a new, modified or rescinds a system of 
records. System of Records Notice (SORN) Servicing and Contracts 
System/Minority Enterprise Development Headquarters Repository, (SBA 
30), includes modifying: System title, system location, contact 
information, authority, purpose, categories of individuals, categories 
of records, record source categories, routine use, storage, retention, 
retrieval safeguards, record access, contesting, and notification 
procedures. SBA 30 has expanded the scope of its system of records with 
additional applications serving a unique purpose for carrying out the 
mission of the SBA Office of Government Contracting and Business 
Development. To complement its expanded purpose, the modified system of 
record new title, Government Contracting and Business Development, (SBA 
30).

DATES: Submit comments on or before May 12, 2021. This revised system 
will be effective upon publication.

ADDRESSES: You may submit comments on this notice by any of the 
following methods: Federal e-Rulemaking Portal: https://www.regulations.gov. Follow the instructions for submitting comments. 
Mail/Hand Delivery/Courier: Submit written comments to: Dr. Francis 
Spampinato, Office of Government Contracting and Business Development, 
U.S. Small Business Administration, 409 3rd Street SW, Suite 6300, 
Washington, DC 20416.

FOR FURTHER INFORMATION CONTACT: General questions, please contact 
Hilary F. Cronin, Office of Government Contracting and Business 
Development, U.S. Small Business Administration, 409 3rd Street SW, 
Suite 6300, Washington, DC 20416 or via email [email protected], 
telephone (202) 205-7055.
    For Privacy related matters, please contact Keith A. Bluestein, 
Chief Information Officer/Senior Agency Official for Privacy, Office of 
the Chief Information Officer, U.S. Small Business Administration, 409 
3rd Street SW, Suite 4000, Washington, DC 20416 or via email to 
[email protected].

SUPPLEMENTARY INFORMATION: The Privacy Act of 1974 (5 U.S.C. 552a), as 
amended, embodies fair information practice principles in a statutory 
framework governing the means by which Federal agencies collect, 
maintain, use, and disseminate individuals' personal information. The 
Privacy Act applies to records about individuals that are maintained in 
a ``system of records.'' A system of records is a group of any records 
under the control of a Federal agency from which information is 
retrieved by the name of an individual or by a number, symbol or 
another identifier assigned to the individual. The Privacy Act requires 
each Federal agency to publish in the Federal Register a System of 
Records Notice (SORN) identifying and describing each system of records 
the agency maintains, the purposes for which the Agency uses the 
Personally Identifiable Information (PII) in the system, the routine 
uses for which the Agency discloses such information outside the 
Agency, and how individuals can exercise their rights related to their 
PII information.
    The modified Privacy Act system of records for titled, Servicing 
and Contracts System/Minority Enterprise Development Headquarters 
Repository, newly titled Government Contracting and Business 
Development (GCBD), (SBA 30) will be used by small business, SBA 
personnel and overseen by Office of Government Contracting and Business 
Development. SBA 30 collects personal, business and financial 
information to determine if applicants are eligible and if current 
participants are compliant with statutory and regulatory requirements 
for continued eligibility for participation in the following government 
programs: 8(a) Business Development Program, ASMPP, WOSB Federal 
Contracting Program and HUBZone. Multiple SBA IT systems/applications 
are used to certify the participants on an SBA platform.
    Certify.sba.gov is a certification management system used for 
elements of initial certification and continuing eligibility functions 
for the 8(a) Business Development program and ASMPP. Its primary 
component is a custom developed application which includes an interface 
for small businesses to manage their eligibility documents and 
applications for various contracting programs, as well as workflows for 
SBA staff and other government support staff. Beta.Certify is a 
certification management system used for elements of initial 
certification and continuing eligibility functions for the WOSB 
Program. Its primary component is a custom developed application which 
includes an interface for small businesses to manage their eligibility 
documents and applications for various contracting programs, as well as 
workflows for SBA staff and other government support staff. HUBZone

[[Page 19079]]

Certification Tracking System (HCTS) is a certification management 
system used for elements of initial certification and continuing 
eligibility for the HUBZone program. The modification of SBA 30 will 
not have any undue impact on the privacy of individuals and its use is 
compatible with collection.

SYSTEM NAME AND NUMBER:
    Government Contracting and Business Development System, SBA 30.

SYSTEM CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    SBA Headquarters, 409 3rd Street SW, Washington, DC 20416.

SYSTEM MANAGER(S):
    Hilary F. Cronin, Office of Government Contracting and Business 
Development, U.S. Small Business Administration, 409 3rd Street SW, 
Suite 6300, Washington, DC 20416.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    15 U.S.C. 636 (j); 15 U.S.C. 637; 15 U.S.C. 657 a (a); Public Law, 
105-13, 111 Stat 26275 (15 U.S.C. 631); and 13 CFR 125.9.

PURPOSES OF THE SYSTEM:
    To collect personal, business, and financial information used to 
determine eligibility of applicants and current participants in the 
Agency's certification program to include but not limited to: 8(a) 
Business Development Program, All Small Mentor Prot[eacute]g[eacute] 
Program (ASMPP), Women-Owned Small Business (WOSB) Federal Contracting 
Program and Historically Underutilized Business Zone (HUBZone) 
programs.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Applicants and program participants in SBA's 8(a) Business 
Development program, ASMPP Program, WOSB Federal Contracting Program, 
and HUBZone Program.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Personal, business, and financial information.

RECORD SOURCE CATEGORIES:
    Small business applicants or participants in the 8(a) Business 
Development program, ASMPP Program, HUBZone Program, and WOSB Program.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the information 
contained in this system may be disclosed to authorized entities, as is 
determined to be relevant and necessary, outside SBA as a routine use 
pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To the Department of Justice (DOJ), including offices of the U.S 
Attorneys, or other Federal agency conducting litigation or in 
proceedings before any court, adjudicative, or administrative body, 
when it is deemed by the SBA to be relevant or necessary to the 
litigation or the SBA has an interest in such litigation when any of 
the following are a party to the litigation or have an interest in the 
litigation: (1) Any employee or former employee of the SBA in his or 
her official capacity; (2) Any employee or former employee of the SBA 
in his or her individual capacity when DOJ or SBA has agreed to 
represent the employee or a party to the litigation or have an interest 
in the litigation; or (3) The United States or any agency thereof.
    B. To a Congressional office from the record of an individual in 
response to an inquiry from that Congressional office made at the 
request of the individual. The member's access rights are no greater 
than those of the individual.
    C. To the National Archives and Records Administration (NARA) or 
General Services Administration (GSA) pursuant to records management 
inspections being conducted under the authority of 44 U.S.C. 2904 and 
2906.
    D. To an agency or organization, including the SBA's Office of 
Inspector General, for the purpose of performing audit or oversight 
operations as authorized by law, but only such information as is 
necessary and relevant to such audit or oversight function.
    E. To appropriate agencies, entities, and persons when (1) SBA 
suspects or has confirmed that there has been a breach of the system of 
records, (2) SBA has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, SBA (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with SBA's efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm.
    F. To another Federal agency or Federal entity, when SBA determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach.
    G. To another agency or agent of a Government jurisdiction within 
or under the control of the U.S., lawfully engaged in national security 
or homeland defense when disclosure is undertaken for intelligence, 
counterintelligence activities (as defined by 50 U.S.C. 3003(3)), 
counterterrorism, homeland security, or related law enforcement 
purposes, as authorized by U.S. law or Executive Order.
    H. To SBA employees, contractors, grantees, and experts who have 
been engaged by SBA to assist in the performance and performance 
improvement of a service related to this system of records and who need 
access to the records to perform this activity. Recipients of these 
records shall be required to comply with the requirements of the 
Privacy Act of 1974, as amended, 5 U.S.C. Sec. 552a.
    I. To SBA employees, contractors, and other regulators for 
regulatory purposes.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Information is stored electronically and is protected through the 
implementation of multi-factor access controls, user permissions, event 
logging, and monitoring. External media are further protected using 
encryption.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by name of individual, business name, and 
Data Universal Numbering System.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained in accordance with latest edition SBA 
Standard Operating Procedure (SOP) series 00 41, schedules Records 
Management Records 4.1 and Agency Accountability Records 5.7. Records 
maintained as part of the General Records Schedules (GRS) are disposed 
of in accordance with applicable SBA policies.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Access and use are limited to persons with official need to know. 
Users are evaluated on a recurring basis to ensure need-to-know still 
exists. Safeguards are implemented in accordance with the Federal 
Information Security Modernization Act of 2014 (FISMA) and

[[Page 19080]]

are evaluated on a recurring basis to ensure desired operation.

RECORD ACCESS PROCEDURES:
    Individuals wishing to request access to records about them should 
submit a Privacy Act request to the SBA Chief, Freedom of Information 
and Privacy Act Office, U.S. Small Business Administration, 409 Third 
St. SW, Eighth Floor Washington, DC 20416 or [email protected]. Individuals 
must provide their full name, mailing address, personal email address, 
telephone number, and a detailed description of the records being 
requested. Individuals requesting access must also follow SBA's Privacy 
Act regulations regarding verification of identity and access to 
records (13 CFR part 102 subpart B).

CONTESTING RECORD PROCEDURES:
    Individuals wishing to contest information contained in records 
about them should submit a Privacy Act request to the SBA Chief, 
Freedom of Information and Privacy Act Office, U.S. Small Business 
Administration, 409 Third St. SW, Eighth Floor, Washington, DC 20416 or 
[email protected]. Individuals must provide their full name, mailing 
address, personal email address, telephone number, and a detailed 
description of the records being requested. Requesting individuals must 
follow SBA's Privacy Act regulations regarding verification of identity 
and access to records (13 CFR part 102 subpart B).

NOTIFICATION PROCEDURES:
    Individuals may make record inquiries in person or in writing to 
the Systems Manager through the SBA Chief, Freedom of Information and 
Privacy Act Office, U.S. Small Business Administration, 409 Third St. 
SW, Eighth Floor, Washington, DC 20416 or [email protected].

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
[FR Doc. 2004-54823, Vol. 69, No. 175]

Hilary F. Cronin,
Director of Technology Solutions, Office of Government Contracting and 
Business Development.
[FR Doc. 2021-07363 Filed 4-9-21; 8:45 am]
BILLING CODE 8026-03-P