Privacy Act of 1974; System of Records, 4891-4893 [2024-01452]
Download as PDF
4891
Notices
Federal Register
Vol. 89, No. 17
Thursday, January 25, 2024
This section of the FEDERAL REGISTER
contains documents other than rules or
proposed rules that are applicable to the
public. Notices of hearings and investigations,
committee meetings, agency decisions and
rulings, delegations of authority, filing of
petitions and applications and agency
statements of organization and functions are
examples of documents appearing in this
section.
AGENCY FOR INTERNATIONAL
DEVELOPMENT
Privacy Act of 1974; System of
Records
Agency for International for
Development (USAID).
ACTION: Notice of new privacy act
system of records.
AGENCY:
Pursuant to the provisions of
the Privacy Act of 1974 (section 522a of
title 5 of the United States Code
[U.S.C.]), the United States Agency for
International Development (USAID)
proposes to establish a new System of
Records titled, ‘‘USAID 36: Private
Sector Engagement Records.’’ The
purpose of the system is to administer
USAID’s Private Sector Engagement
Policy and enhance the risk
management activities in support of its
trade and investment support services.
This System of Records includes a
Customer Relationship Management
(CRM) tool that will function as a data
warehouse that maintains information
on business entities and their
representatives that express interest in
supporting or potentially supporting
USAID’s mission in foreign
development. This information will be
used by USAID to enhance
transparency, improve coordination, as
well as for monitoring and evaluation by
USAID program offices.
DATES: Submit comments on or before
February 26, 2024. This modified
system of records will be effective
February 26, 2024 upon publication.
The Routine Uses are effective at the
close of the comment period.
ADDRESSES: You may submit comments:
khammond on DSKJM1Z7X2PROD with NOTICES
Electronic
• Federal eRulemaking Portal: https://
www.regulations.gov. Follow the
instructions on the website for
submitting comments.
• Email: Privacy@usaid.gov.
17:22 Jan 24, 2024
Jkt 262001
• Fax: 202–916–4946.
• Mail: Chief Privacy Officer, United
States Agency for International
Development, 1300 Pennsylvania
Avenue NW, Washington, DC 20523.
Ms.
Celida A. Malone, USAID Privacy
Program at United States Agency for
International Development, Bureau for
Management, Office of the Chief
Information Officer, Information
Assurance Division: ATTN: USAID
Privacy Program, 1300 Pennsylvania
Avenue NW, Washington, DC 20523, or
by phone number at 202–916–4605.
FOR FURTHER INFORMATION CONTACT:
The
Private Sector Engagement (PSE) System
of Records collects information on
businesses, vendors, foundations and
philanthropies, business associations,
labor organizations, investment entities,
and other private sector entities and
their representatives that express
interest in doing business in USAIDsupported countries. USAID uses this
information to improve collaboration
and increase two-way trade and
investment between the United States
and USAID-supported countries, and to
catalyze private sector resources to
advance, sustain, and support U.S.
global development and humanitarian
assistance objectives.
USAID engages private sector entities
in a variety of ways including, but not
limited to: facilitating investment and
transactions in beneficiary countries; cofunding public-private partnership
programs and activities; reducing
investment and programmatic risks;
connecting businesses with U.S.
government trade and investment
support services; collaborating on
public policy issues of mutual interest
in USAID presence countries;
exchanging information, perspectives,
and analysis on issues of mutual
interest; and advancing U.S. global
development and humanitarian
assistance objectives through privatesector investment and partnership.
This System of Records is designed to
improve this engagement and enhance
USAID’s ability to manage its
relationships with companies and other
private sector entities interested in
supporting U.S. global development and
humanitarian assistance objectives in
USAID supported countries.
SUPPLEMENTARY INFORMATION:
SUMMARY:
VerDate Sep<11>2014
Paper
PO 00000
Frm 00001
Fmt 4703
Sfmt 4703
Dated: November 29, 2023.
Mark Joseph Johnson,
Chief Privacy Officer, United States Agency
for International Development.
SYSTEM NAME AND NUMBER:
USAID–36, Private Sector Engagement
Records.
SECURITY CLASSIFICATION:
Sensitive But Unclassified.
SYSTEM LOCATION:
United States Agency for International
Development (USAID), 1300
Pennsylvania Avenue NW, Washington,
DC 20523; Salesforce, 7600 Doane Drive,
Manassas, VA 20109; and other USAID
facilities in the United States and
throughout the world.
SYSTEM MANAGER:
Managing Director, Relationship
Management Systems, USAID Private
Sector Engagement Hub, Bureau for
Inclusive Growth, Partnerships, and
Innovation (IPI/PSE), United States
Agency for International Development
(USAID), 1300 Pennsylvania Avenue
NW, Washington, DC 20004. Email:
crm@usaid.gov.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
The Foreign Assistance Act of 1961
(FAA), as amended; and African Growth
and Opportunity Act (AGOA) and
Millennium Challenge Act
Modernization Act (MCA
Modernization Act), Public Law 115–
167 Title II (2018).
PURPOSE OF THE SYSTEM:
The purpose of the system is to
administer USAID’s Private Sector
Engagement Policy and enhance the risk
management activities in support of its
trade and investment support services.
This System of Records includes a
Customer Relationship Management
(CRM) tool that will function as a data
warehouse that maintains information
on the directors, officers and employees
of business entities that express interest
in supporting or potentially supporting
USAID’s mission in foreign
development. This information will be
used by USAID to enhance
transparency, improve coordination, as
well as for monitoring and evaluation by
USAID program offices.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
This System of Records contains
information about representatives of
E:\FR\FM\25JAN1.SGM
25JAN1
4892
Federal Register / Vol. 89, No. 17 / Thursday, January 25, 2024 / Notices
current, former, and prospective
applicants to USAID Private Sector
Engagement programs, as well as
personal and professional references of
partners and participants supporting
USAID Private Sector Engagement
programs.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system maintains personal and
commercial information, which
includes:
• Contact information: name,
business email address, business phone
number(s), fax number, business
address, title/position;
• Biometric identifiers or data:
photos, signatures;
• Demographic information: sex/
gender, marital status, personal and
professional designations;
• System and User Activity Logs:
users’ login and system use activity
including the date and time of each
login, user activity within source IP
address, geolocation, web browser, and
computer platform;
• Organization Documents: business
plans, proposals, company profiles,
and/or business registration documents;
• Contracts and Agreements:
memoranda of understanding,
management agreements, non-disclosure
agreements etc.; and
• Financial information: credit
history information, regulatory
compliance information, business
taxpayer identification numbers, and
investor commitments.
khammond on DSKJM1Z7X2PROD with NOTICES
RECORD SOURCE CATEGORIES:
Information in this system is obtained
from: authorized representatives of
participating businesses and entities;
employees of participating Federal
agencies; existing USAID information
systems; commercially licensed,
publicly-available sources of business
information; and U.S. Federal
government data sources, registries, and
listings, such as but not limited to the
U.S. Department of Commerce
Consolidated Screening List.
This information may be collected
through a variety of electronic and nonelectronic means, including: meetings
and information that have been
volunteered by the organization and
individual (e.g., business cards); emails
and email signatures; registration for
and/or participation in USAID events
(e.g., business roundtables); social
media outlets; electronic feedback
submissions; electronic requests for
more information from the Agency; and
contacting the Agency through various
Agency-sponsored websites.
VerDate Sep<11>2014
17:22 Jan 24, 2024
Jkt 262001
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
In addition to those disclosures
generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a
portion of the information contained in
this system may be disclosed to
authorized entities, as is determined to
be relevant and necessary, outside
USAID as a routine use pursuant to 5
U.S.C. 552a(b)(3) as follows:
(1) To third-party service providers
contracted by USAID to facilitate and/or
coordinate public-private collaboration
and cooperation events and activities on
behalf of USAID, such as but not limited
to training, outreach, marketing, and
matchmaking activities.
(2) To an agency or organization,
including the USAID’s Office of
Inspector General, for the purpose of
performing audit or oversight operations
as authorized by law, but only such
information as is necessary and relevant
to such audit or oversight function.
(3) To the Department of Justice or
other appropriate United States
Government Agency when the records
are arguably relevant to a proceeding in
a court or other tribunal in which
USAID or a USAID official, in his or her
official capacity, is a party or has an
interest, or when the litigation is likely
to affect USAID.
(4) In the event of an indication of a
violation or potential violation of law,
whether civil, criminal or regulatory in
nature, and whether arising by statute or
particular program pursuant thereto, to
the appropriate agency, whether federal,
state, local, or foreign, charged with the
responsibility of investigating or
prosecuting such violation or charged
with enforcing or implementing the
statute, or rule, regulation or order
involved.
(5) To appropriate officials and
employees of a federal agency or entity
when the information is relevant and
necessary to a decision concerning the
hiring or retention of an employee; the
issuance of a security clearance; the
reporting of an investigation of an
employee; the assignment, detail, or
deployment of an employee; the letting
of a contract; or the approval of a grant
or other benefits.
(6) To provide information to a
congressional office from the record of
an individual in response to an inquiry
from that congressional office made at
the request of the individual to whom
the record pertains.
(7) To a court, magistrate, or other
administrative body in the course of
presenting evidence, including
disclosures to counsel or witnesses in
the course of civil discovery, litigation,
PO 00000
Frm 00002
Fmt 4703
Sfmt 4703
or settlement negotiations, or in
connection with criminal proceedings,
when the USAID is a party to the
proceeding or has a significant interest
in the proceeding.
(8) To the National Archives and
Records Administration for the
purposes of records management
inspections conducted under the
authority of 44 U.S.C. 2904 and 2906.
(9) To disclose information to the
Equal Employment Opportunity
Commission when requested in
connection with investigations into
alleged or possible discrimination
practices in the Federal sector,
compliance by Federal agencies with
the Uniform Guidelines on Employee
Selection Procedures or other functions
vested in the Commission and to
otherwise ensure compliance with the
provisions of 5 U.S.C. 7201.
(10) To appropriate agencies, entities,
and persons when: (a) USAID suspects
or has confirmed that there has been a
breach of the system of records; (b)
USAID has determined that as a result
of the suspected or confirmed breach
there is a risk of harm to individuals,
USAID (including its information
systems, programs, and operations), the
Federal Government, or national
security; and (c) the disclosure made to
such agencies, entities, and persons is
reasonably necessary to assist in
connection with USAID’s efforts to
respond to the suspected or confirmed
breach or to prevent, minimize, or
remedy such harm.
(11) To another Federal Department or
Agency or Federal entity, when USAID
determines information from this
system of records is reasonably
necessary to assist the recipient
Department or Agency or entity in: (a)
responding to a suspected or confirmed
breach; or (b) preventing, minimizing, or
remedying the risk of harm to
individuals, the recipient agency or
entity (including its information
systems, programs and operations), the
Federal Government, or national
security, that might result from a
suspected or confirmed breach.
(12) To another agency or agent of a
Government jurisdiction within or
under the control of the U.S. lawfully
engaged in national security or
homeland defense when disclosure is
undertaken for intelligence,
counterintelligence activities (as defined
by 50 U.S.C. 3003(3)), counterterrorism,
homeland security, or related law
enforcement purposes, as authorized by
U.S. law or Executive Order.
(13) To either House of Congress, or,
to the extent of matter within its
jurisdiction, any committee or
subcommittee thereof, any joint
E:\FR\FM\25JAN1.SGM
25JAN1
Federal Register / Vol. 89, No. 17 / Thursday, January 25, 2024 / Notices
committee of Congress or subcommittee
of any such joint committee. 5 U.S.C.
552a(b)(9).
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
All information contained in the
System of Records is stored in electronic
format. The data is encrypted at rest and
in transit using Agency-approved,
Federal Information Processing
Standards (FIPS) compliant encryption
mechanisms consistent with policy
directives in USAID Automated
Directive System 545, Information
System Security. Users must be
authenticated to the system where
records are stored to retrieve the data.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
USAID’s staff retrieves Private Sector
Engagement records by entity name,
affiliate/representative name, USAID
assigned identifiers, and any other
identifying data specified in the
‘‘Categories of Records.’’
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
Private Sector Engagement records are
retained, retired, and destroyed in
accordance with the USAID Automated
Directive System, Chapter 502, The
USAID Records Management Program,
and the USAID Records Disposition
Schedules as approved by the National
Archives and Records Administration
(NARA). More specific information may
be obtained by emailing USAID’s
Records Office at recordsinquiry@
usaid.gov.
khammond on DSKJM1Z7X2PROD with NOTICES
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
Safeguards are implemented in
accordance with the Privacy Act and the
Federal Information Security
Modernization Act of 2014 (FISMA), as
well as the applicable system and
business policies and procedures. These
safeguards are evaluated on a recurring
basis to ensure continued effective
protections of the information contained
within this System of Records.
To minimize the risk of unauthorized
access, the System of Records employs
various security controls, including
explicit user access approval, multifactor authentication, role-based access
controls, data encryption, and routine
monitoring of system and user activity
used to maintain administrative records
and perform other functions inherent in
the administration and security of these
records.
USAID has implemented controls to
minimize the risk of compromising the
information that is being processed,
collected, transmitted and stored.
VerDate Sep<11>2014
17:22 Jan 24, 2024
Jkt 262001
Safeguards for systems, data, facilities,
and storage containers/media include,
but are not limited to the following
administrative, technical and physical
safeguards:
• Administrative—Security and
Privacy program management functions
including trained staff, implemented
risk management frameworks and
strategies, policies and procedures;
security and privacy awareness and
training; incident response and
contingency plans; periodic privacy and
security assessments; user agreements
and access rules; and personnel security
clearances and/or background checks as
required.
• Technical—Access controls to limit
access to only authorized personnel and
to allow access only to the information
required to perform official duties as
assigned; audit controls to monitor
activities on systems containing PII or
other sensitive information; data
protection which includes encryption of
data-at-rest and in-transit; and person
and/or entity identification and
authentication to prevent unauthorized
access to information or information
systems.
• Physical Controls—Facility access
controls include one or more of the
following: guards and locked gates,
doors, cabinets, etc. to limit physical
access to systems, facilities, rooms, or
other areas where sensitive data is
stored.
RECORD ACCESS PROCEDURES:
Under the Privacy Act, individuals
may request access to records about
themselves. These individuals must be
limited to citizens of the United States
or aliens lawfully admitted for
permanent residence. If a Federal
department or agency, or a person who
is not the individual who is the subject
of the records, requests access to records
about an individual, the written consent
of the individual who is the subject of
the records is required.
Individuals seeking access to
information about themselves contained
in this system of records should address
inquiries to the Bureau for Management,
Office of Management Services,
Information and Records Division (M/
MS/IRD), USAID Annex—Room 2.4.0C,
1300 Pennsylvania Avenue NW,
Washington, DC 20523. The requester
may complete and sign a USAID Form
507–1, Certification of Identity Form, or
submit signed, written requests that
should include the individual’s full
name, current address, telephone
number, and this System of Records
Notice number. In addition, the
requester must provide either a
notarized statement or an unsworn
PO 00000
Frm 00003
Fmt 4703
Sfmt 4703
4893
declaration made in accordance with 28
U.S.C. 1746, in the following format:
If executed outside the United States:
‘‘I declare (or certify, verify, or state)
under penalty of perjury under the laws
of the United States of America that the
foregoing is true and correct. Executed
on (date). (Signature).’’
If executed within the United States,
its territories, possessions, or
commonwealths: ‘‘I declare (or certify,
verify, or state) under penalty of perjury
that the foregoing is true and correct.
Executed on (date). (Signature).’’
CONTESTING RECORD PROCEDURES:
The USAID rules for accessing
records, contesting contents, and
appealing initial agency determinations
are contained in 22 CFR 212 or may be
obtained from the program manager or
system owner.
NOTIFICATION PROCEDURES:
Individuals seeking to determine if
information about themselves is
contained in this System of Records
should address inquiries to the Bureau
for Management, Office of Management
Services, Information and Records
Division (M/MS/IRD), USAID Annex—
Room 2.4.0C, 1300 Pennsylvania
Avenue NW, Washington, DC 20523.
Individuals may complete and sign a
USAID Form 507–1, Certification of
Identity Form, or submit signed, written
requests that should include the
individual’s full name, current address,
and telephone number. In addition, the
requester must provide either a
notarized statement or an unsworn
declaration made in accordance with 28
U.S.C. 1746, in the following format:
If executed outside the United States:
‘‘I declare (or certify, verify, or state)
under penalty of perjury under the laws
of the United States of America that the
foregoing is true and correct. Executed
on (date). (Signature).’’
If executed within the United States,
its territories, possessions, or
commonwealths: ‘‘I declare (or certify,
verify, or state) under penalty of perjury
that the foregoing is true and correct.
Executed on (date). (Signature).’’
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
Celida Ann Malone,
Government Privacy Task Lead.
[FR Doc. 2024–01452 Filed 1–24–24; 8:45 am]
BILLING CODE 6116–01–P
E:\FR\FM\25JAN1.SGM
25JAN1
Agencies
[Federal Register Volume 89, Number 17 (Thursday, January 25, 2024)]
[Notices]
[Pages 4891-4893]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-01452]
========================================================================
Notices
Federal Register
________________________________________________________________________
This section of the FEDERAL REGISTER contains documents other than rules
or proposed rules that are applicable to the public. Notices of hearings
and investigations, committee meetings, agency decisions and rulings,
delegations of authority, filing of petitions and applications and agency
statements of organization and functions are examples of documents
appearing in this section.
========================================================================
Federal Register / Vol. 89, No. 17 / Thursday, January 25, 2024 /
Notices
[[Page 4891]]
AGENCY FOR INTERNATIONAL DEVELOPMENT
Privacy Act of 1974; System of Records
AGENCY: Agency for International for Development (USAID).
ACTION: Notice of new privacy act system of records.
-----------------------------------------------------------------------
SUMMARY: Pursuant to the provisions of the Privacy Act of 1974 (section
522a of title 5 of the United States Code [U.S.C.]), the United States
Agency for International Development (USAID) proposes to establish a
new System of Records titled, ``USAID 36: Private Sector Engagement
Records.'' The purpose of the system is to administer USAID's Private
Sector Engagement Policy and enhance the risk management activities in
support of its trade and investment support services. This System of
Records includes a Customer Relationship Management (CRM) tool that
will function as a data warehouse that maintains information on
business entities and their representatives that express interest in
supporting or potentially supporting USAID's mission in foreign
development. This information will be used by USAID to enhance
transparency, improve coordination, as well as for monitoring and
evaluation by USAID program offices.
DATES: Submit comments on or before February 26, 2024. This modified
system of records will be effective February 26, 2024 upon publication.
The Routine Uses are effective at the close of the comment period.
ADDRESSES: You may submit comments:
Electronic
Federal eRulemaking Portal: https://www.regulations.gov.
Follow the instructions on the website for submitting comments.
Email: [email protected].
Paper
Fax: 202-916-4946.
Mail: Chief Privacy Officer, United States Agency for
International Development, 1300 Pennsylvania Avenue NW, Washington, DC
20523.
FOR FURTHER INFORMATION CONTACT: Ms. Celida A. Malone, USAID Privacy
Program at United States Agency for International Development, Bureau
for Management, Office of the Chief Information Officer, Information
Assurance Division: ATTN: USAID Privacy Program, 1300 Pennsylvania
Avenue NW, Washington, DC 20523, or by phone number at 202-916-4605.
SUPPLEMENTARY INFORMATION: The Private Sector Engagement (PSE) System
of Records collects information on businesses, vendors, foundations and
philanthropies, business associations, labor organizations, investment
entities, and other private sector entities and their representatives
that express interest in doing business in USAID-supported countries.
USAID uses this information to improve collaboration and increase two-
way trade and investment between the United States and USAID-supported
countries, and to catalyze private sector resources to advance,
sustain, and support U.S. global development and humanitarian
assistance objectives.
USAID engages private sector entities in a variety of ways
including, but not limited to: facilitating investment and transactions
in beneficiary countries; co-funding public-private partnership
programs and activities; reducing investment and programmatic risks;
connecting businesses with U.S. government trade and investment support
services; collaborating on public policy issues of mutual interest in
USAID presence countries; exchanging information, perspectives, and
analysis on issues of mutual interest; and advancing U.S. global
development and humanitarian assistance objectives through private-
sector investment and partnership.
This System of Records is designed to improve this engagement and
enhance USAID's ability to manage its relationships with companies and
other private sector entities interested in supporting U.S. global
development and humanitarian assistance objectives in USAID supported
countries.
Dated: November 29, 2023.
Mark Joseph Johnson,
Chief Privacy Officer, United States Agency for International
Development.
SYSTEM NAME AND NUMBER:
USAID-36, Private Sector Engagement Records.
SECURITY CLASSIFICATION:
Sensitive But Unclassified.
SYSTEM LOCATION:
United States Agency for International Development (USAID), 1300
Pennsylvania Avenue NW, Washington, DC 20523; Salesforce, 7600 Doane
Drive, Manassas, VA 20109; and other USAID facilities in the United
States and throughout the world.
SYSTEM MANAGER:
Managing Director, Relationship Management Systems, USAID Private
Sector Engagement Hub, Bureau for Inclusive Growth, Partnerships, and
Innovation (IPI/PSE), United States Agency for International
Development (USAID), 1300 Pennsylvania Avenue NW, Washington, DC 20004.
Email: [email protected].
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
The Foreign Assistance Act of 1961 (FAA), as amended; and African
Growth and Opportunity Act (AGOA) and Millennium Challenge Act
Modernization Act (MCA Modernization Act), Public Law 115-167 Title II
(2018).
PURPOSE OF THE SYSTEM:
The purpose of the system is to administer USAID's Private Sector
Engagement Policy and enhance the risk management activities in support
of its trade and investment support services. This System of Records
includes a Customer Relationship Management (CRM) tool that will
function as a data warehouse that maintains information on the
directors, officers and employees of business entities that express
interest in supporting or potentially supporting USAID's mission in
foreign development. This information will be used by USAID to enhance
transparency, improve coordination, as well as for monitoring and
evaluation by USAID program offices.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
This System of Records contains information about representatives
of
[[Page 4892]]
current, former, and prospective applicants to USAID Private Sector
Engagement programs, as well as personal and professional references of
partners and participants supporting USAID Private Sector Engagement
programs.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system maintains personal and commercial information, which
includes:
Contact information: name, business email address,
business phone number(s), fax number, business address, title/position;
Biometric identifiers or data: photos, signatures;
Demographic information: sex/gender, marital status,
personal and professional designations;
System and User Activity Logs: users' login and system use
activity including the date and time of each login, user activity
within source IP address, geolocation, web browser, and computer
platform;
Organization Documents: business plans, proposals, company
profiles, and/or business registration documents;
Contracts and Agreements: memoranda of understanding,
management agreements, non-disclosure agreements etc.; and
Financial information: credit history information,
regulatory compliance information, business taxpayer identification
numbers, and investor commitments.
RECORD SOURCE CATEGORIES:
Information in this system is obtained from: authorized
representatives of participating businesses and entities; employees of
participating Federal agencies; existing USAID information systems;
commercially licensed, publicly-available sources of business
information; and U.S. Federal government data sources, registries, and
listings, such as but not limited to the U.S. Department of Commerce
Consolidated Screening List.
This information may be collected through a variety of electronic
and non-electronic means, including: meetings and information that have
been volunteered by the organization and individual (e.g., business
cards); emails and email signatures; registration for and/or
participation in USAID events (e.g., business roundtables); social
media outlets; electronic feedback submissions; electronic requests for
more information from the Agency; and contacting the Agency through
various Agency-sponsored websites.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the information
contained in this system may be disclosed to authorized entities, as is
determined to be relevant and necessary, outside USAID as a routine use
pursuant to 5 U.S.C. 552a(b)(3) as follows:
(1) To third-party service providers contracted by USAID to
facilitate and/or coordinate public-private collaboration and
cooperation events and activities on behalf of USAID, such as but not
limited to training, outreach, marketing, and matchmaking activities.
(2) To an agency or organization, including the USAID's Office of
Inspector General, for the purpose of performing audit or oversight
operations as authorized by law, but only such information as is
necessary and relevant to such audit or oversight function.
(3) To the Department of Justice or other appropriate United States
Government Agency when the records are arguably relevant to a
proceeding in a court or other tribunal in which USAID or a USAID
official, in his or her official capacity, is a party or has an
interest, or when the litigation is likely to affect USAID.
(4) In the event of an indication of a violation or potential
violation of law, whether civil, criminal or regulatory in nature, and
whether arising by statute or particular program pursuant thereto, to
the appropriate agency, whether federal, state, local, or foreign,
charged with the responsibility of investigating or prosecuting such
violation or charged with enforcing or implementing the statute, or
rule, regulation or order involved.
(5) To appropriate officials and employees of a federal agency or
entity when the information is relevant and necessary to a decision
concerning the hiring or retention of an employee; the issuance of a
security clearance; the reporting of an investigation of an employee;
the assignment, detail, or deployment of an employee; the letting of a
contract; or the approval of a grant or other benefits.
(6) To provide information to a congressional office from the
record of an individual in response to an inquiry from that
congressional office made at the request of the individual to whom the
record pertains.
(7) To a court, magistrate, or other administrative body in the
course of presenting evidence, including disclosures to counsel or
witnesses in the course of civil discovery, litigation, or settlement
negotiations, or in connection with criminal proceedings, when the
USAID is a party to the proceeding or has a significant interest in the
proceeding.
(8) To the National Archives and Records Administration for the
purposes of records management inspections conducted under the
authority of 44 U.S.C. 2904 and 2906.
(9) To disclose information to the Equal Employment Opportunity
Commission when requested in connection with investigations into
alleged or possible discrimination practices in the Federal sector,
compliance by Federal agencies with the Uniform Guidelines on Employee
Selection Procedures or other functions vested in the Commission and to
otherwise ensure compliance with the provisions of 5 U.S.C. 7201.
(10) To appropriate agencies, entities, and persons when: (a) USAID
suspects or has confirmed that there has been a breach of the system of
records; (b) USAID has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, USAID
(including its information systems, programs, and operations), the
Federal Government, or national security; and (c) the disclosure made
to such agencies, entities, and persons is reasonably necessary to
assist in connection with USAID's efforts to respond to the suspected
or confirmed breach or to prevent, minimize, or remedy such harm.
(11) To another Federal Department or Agency or Federal entity,
when USAID determines information from this system of records is
reasonably necessary to assist the recipient Department or Agency or
entity in: (a) responding to a suspected or confirmed breach; or (b)
preventing, minimizing, or remedying the risk of harm to individuals,
the recipient agency or entity (including its information systems,
programs and operations), the Federal Government, or national security,
that might result from a suspected or confirmed breach.
(12) To another agency or agent of a Government jurisdiction within
or under the control of the U.S. lawfully engaged in national security
or homeland defense when disclosure is undertaken for intelligence,
counterintelligence activities (as defined by 50 U.S.C. 3003(3)),
counterterrorism, homeland security, or related law enforcement
purposes, as authorized by U.S. law or Executive Order.
(13) To either House of Congress, or, to the extent of matter
within its jurisdiction, any committee or subcommittee thereof, any
joint
[[Page 4893]]
committee of Congress or subcommittee of any such joint committee. 5
U.S.C. 552a(b)(9).
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
All information contained in the System of Records is stored in
electronic format. The data is encrypted at rest and in transit using
Agency-approved, Federal Information Processing Standards (FIPS)
compliant encryption mechanisms consistent with policy directives in
USAID Automated Directive System 545, Information System Security.
Users must be authenticated to the system where records are stored to
retrieve the data.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
USAID's staff retrieves Private Sector Engagement records by entity
name, affiliate/representative name, USAID assigned identifiers, and
any other identifying data specified in the ``Categories of Records.''
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Private Sector Engagement records are retained, retired, and
destroyed in accordance with the USAID Automated Directive System,
Chapter 502, The USAID Records Management Program, and the USAID
Records Disposition Schedules as approved by the National Archives and
Records Administration (NARA). More specific information may be
obtained by emailing USAID's Records Office at
[email protected].
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Safeguards are implemented in accordance with the Privacy Act and
the Federal Information Security Modernization Act of 2014 (FISMA), as
well as the applicable system and business policies and procedures.
These safeguards are evaluated on a recurring basis to ensure continued
effective protections of the information contained within this System
of Records.
To minimize the risk of unauthorized access, the System of Records
employs various security controls, including explicit user access
approval, multi-factor authentication, role-based access controls, data
encryption, and routine monitoring of system and user activity used to
maintain administrative records and perform other functions inherent in
the administration and security of these records.
USAID has implemented controls to minimize the risk of compromising
the information that is being processed, collected, transmitted and
stored. Safeguards for systems, data, facilities, and storage
containers/media include, but are not limited to the following
administrative, technical and physical safeguards:
Administrative--Security and Privacy program management
functions including trained staff, implemented risk management
frameworks and strategies, policies and procedures; security and
privacy awareness and training; incident response and contingency
plans; periodic privacy and security assessments; user agreements and
access rules; and personnel security clearances and/or background
checks as required.
Technical--Access controls to limit access to only
authorized personnel and to allow access only to the information
required to perform official duties as assigned; audit controls to
monitor activities on systems containing PII or other sensitive
information; data protection which includes encryption of data-at-rest
and in-transit; and person and/or entity identification and
authentication to prevent unauthorized access to information or
information systems.
Physical Controls--Facility access controls include one or
more of the following: guards and locked gates, doors, cabinets, etc.
to limit physical access to systems, facilities, rooms, or other areas
where sensitive data is stored.
RECORD ACCESS PROCEDURES:
Under the Privacy Act, individuals may request access to records
about themselves. These individuals must be limited to citizens of the
United States or aliens lawfully admitted for permanent residence. If a
Federal department or agency, or a person who is not the individual who
is the subject of the records, requests access to records about an
individual, the written consent of the individual who is the subject of
the records is required.
Individuals seeking access to information about themselves
contained in this system of records should address inquiries to the
Bureau for Management, Office of Management Services, Information and
Records Division (M/MS/IRD), USAID Annex--Room 2.4.0C, 1300
Pennsylvania Avenue NW, Washington, DC 20523. The requester may
complete and sign a USAID Form 507-1, Certification of Identity Form,
or submit signed, written requests that should include the individual's
full name, current address, telephone number, and this System of
Records Notice number. In addition, the requester must provide either a
notarized statement or an unsworn declaration made in accordance with
28 U.S.C. 1746, in the following format:
If executed outside the United States: ``I declare (or certify,
verify, or state) under penalty of perjury under the laws of the United
States of America that the foregoing is true and correct. Executed on
(date). (Signature).''
If executed within the United States, its territories, possessions,
or commonwealths: ``I declare (or certify, verify, or state) under
penalty of perjury that the foregoing is true and correct. Executed on
(date). (Signature).''
CONTESTING RECORD PROCEDURES:
The USAID rules for accessing records, contesting contents, and
appealing initial agency determinations are contained in 22 CFR 212 or
may be obtained from the program manager or system owner.
NOTIFICATION PROCEDURES:
Individuals seeking to determine if information about themselves is
contained in this System of Records should address inquiries to the
Bureau for Management, Office of Management Services, Information and
Records Division (M/MS/IRD), USAID Annex--Room 2.4.0C, 1300
Pennsylvania Avenue NW, Washington, DC 20523. Individuals may complete
and sign a USAID Form 507-1, Certification of Identity Form, or submit
signed, written requests that should include the individual's full
name, current address, and telephone number. In addition, the requester
must provide either a notarized statement or an unsworn declaration
made in accordance with 28 U.S.C. 1746, in the following format:
If executed outside the United States: ``I declare (or certify,
verify, or state) under penalty of perjury under the laws of the United
States of America that the foregoing is true and correct. Executed on
(date). (Signature).''
If executed within the United States, its territories, possessions,
or commonwealths: ``I declare (or certify, verify, or state) under
penalty of perjury that the foregoing is true and correct. Executed on
(date). (Signature).''
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
Celida Ann Malone,
Government Privacy Task Lead.
[FR Doc. 2024-01452 Filed 1-24-24; 8:45 am]
BILLING CODE 6116-01-P