Privacy Act of 1974; System of Records, 4891-4893 [2024-01452]

Agencies

• Agency for International Development

[Federal Register Volume 89, Number 17 (Thursday, January 25, 2024)]
[Notices]
[Pages 4891-4893]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-01452]


========================================================================
Notices
                                                Federal Register
________________________________________________________________________

This section of the FEDERAL REGISTER contains documents other than rules 
or proposed rules that are applicable to the public. Notices of hearings 
and investigations, committee meetings, agency decisions and rulings, 
delegations of authority, filing of petitions and applications and agency 
statements of organization and functions are examples of documents 
appearing in this section.

========================================================================


Federal Register / Vol. 89, No. 17 / Thursday, January 25, 2024 / 
Notices

[[Page 4891]]



AGENCY FOR INTERNATIONAL DEVELOPMENT


Privacy Act of 1974; System of Records

AGENCY: Agency for International for Development (USAID).

ACTION: Notice of new privacy act system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974 (section 
522a of title 5 of the United States Code [U.S.C.]), the United States 
Agency for International Development (USAID) proposes to establish a 
new System of Records titled, ``USAID 36: Private Sector Engagement 
Records.'' The purpose of the system is to administer USAID's Private 
Sector Engagement Policy and enhance the risk management activities in 
support of its trade and investment support services. This System of 
Records includes a Customer Relationship Management (CRM) tool that 
will function as a data warehouse that maintains information on 
business entities and their representatives that express interest in 
supporting or potentially supporting USAID's mission in foreign 
development. This information will be used by USAID to enhance 
transparency, improve coordination, as well as for monitoring and 
evaluation by USAID program offices.

DATES: Submit comments on or before February 26, 2024. This modified 
system of records will be effective February 26, 2024 upon publication. 
The Routine Uses are effective at the close of the comment period.

ADDRESSES: You may submit comments:

Electronic

     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the instructions on the website for submitting comments.
     Email: [email protected].

Paper

     Fax: 202-916-4946.
     Mail: Chief Privacy Officer, United States Agency for 
International Development, 1300 Pennsylvania Avenue NW, Washington, DC 
20523.

FOR FURTHER INFORMATION CONTACT: Ms. Celida A. Malone, USAID Privacy 
Program at United States Agency for International Development, Bureau 
for Management, Office of the Chief Information Officer, Information 
Assurance Division: ATTN: USAID Privacy Program, 1300 Pennsylvania 
Avenue NW, Washington, DC 20523, or by phone number at 202-916-4605.

SUPPLEMENTARY INFORMATION: The Private Sector Engagement (PSE) System 
of Records collects information on businesses, vendors, foundations and 
philanthropies, business associations, labor organizations, investment 
entities, and other private sector entities and their representatives 
that express interest in doing business in USAID-supported countries. 
USAID uses this information to improve collaboration and increase two-
way trade and investment between the United States and USAID-supported 
countries, and to catalyze private sector resources to advance, 
sustain, and support U.S. global development and humanitarian 
assistance objectives.
    USAID engages private sector entities in a variety of ways 
including, but not limited to: facilitating investment and transactions 
in beneficiary countries; co-funding public-private partnership 
programs and activities; reducing investment and programmatic risks; 
connecting businesses with U.S. government trade and investment support 
services; collaborating on public policy issues of mutual interest in 
USAID presence countries; exchanging information, perspectives, and 
analysis on issues of mutual interest; and advancing U.S. global 
development and humanitarian assistance objectives through private-
sector investment and partnership.
    This System of Records is designed to improve this engagement and 
enhance USAID's ability to manage its relationships with companies and 
other private sector entities interested in supporting U.S. global 
development and humanitarian assistance objectives in USAID supported 
countries.

    Dated: November 29, 2023.
Mark Joseph Johnson,
Chief Privacy Officer, United States Agency for International 
Development.

SYSTEM NAME AND NUMBER:
    USAID-36, Private Sector Engagement Records.

SECURITY CLASSIFICATION:
    Sensitive But Unclassified.

SYSTEM LOCATION:
    United States Agency for International Development (USAID), 1300 
Pennsylvania Avenue NW, Washington, DC 20523; Salesforce, 7600 Doane 
Drive, Manassas, VA 20109; and other USAID facilities in the United 
States and throughout the world.

SYSTEM MANAGER:
    Managing Director, Relationship Management Systems, USAID Private 
Sector Engagement Hub, Bureau for Inclusive Growth, Partnerships, and 
Innovation (IPI/PSE), United States Agency for International 
Development (USAID), 1300 Pennsylvania Avenue NW, Washington, DC 20004. 
Email: [email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The Foreign Assistance Act of 1961 (FAA), as amended; and African 
Growth and Opportunity Act (AGOA) and Millennium Challenge Act 
Modernization Act (MCA Modernization Act), Public Law 115-167 Title II 
(2018).

PURPOSE OF THE SYSTEM:
    The purpose of the system is to administer USAID's Private Sector 
Engagement Policy and enhance the risk management activities in support 
of its trade and investment support services. This System of Records 
includes a Customer Relationship Management (CRM) tool that will 
function as a data warehouse that maintains information on the 
directors, officers and employees of business entities that express 
interest in supporting or potentially supporting USAID's mission in 
foreign development. This information will be used by USAID to enhance 
transparency, improve coordination, as well as for monitoring and 
evaluation by USAID program offices.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This System of Records contains information about representatives 
of

[[Page 4892]]

current, former, and prospective applicants to USAID Private Sector 
Engagement programs, as well as personal and professional references of 
partners and participants supporting USAID Private Sector Engagement 
programs.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system maintains personal and commercial information, which 
includes:
     Contact information: name, business email address, 
business phone number(s), fax number, business address, title/position;
     Biometric identifiers or data: photos, signatures;
     Demographic information: sex/gender, marital status, 
personal and professional designations;
     System and User Activity Logs: users' login and system use 
activity including the date and time of each login, user activity 
within source IP address, geolocation, web browser, and computer 
platform;
     Organization Documents: business plans, proposals, company 
profiles, and/or business registration documents;
     Contracts and Agreements: memoranda of understanding, 
management agreements, non-disclosure agreements etc.; and
     Financial information: credit history information, 
regulatory compliance information, business taxpayer identification 
numbers, and investor commitments.

RECORD SOURCE CATEGORIES:
    Information in this system is obtained from: authorized 
representatives of participating businesses and entities; employees of 
participating Federal agencies; existing USAID information systems; 
commercially licensed, publicly-available sources of business 
information; and U.S. Federal government data sources, registries, and 
listings, such as but not limited to the U.S. Department of Commerce 
Consolidated Screening List.
    This information may be collected through a variety of electronic 
and non-electronic means, including: meetings and information that have 
been volunteered by the organization and individual (e.g., business 
cards); emails and email signatures; registration for and/or 
participation in USAID events (e.g., business roundtables); social 
media outlets; electronic feedback submissions; electronic requests for 
more information from the Agency; and contacting the Agency through 
various Agency-sponsored websites.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the information 
contained in this system may be disclosed to authorized entities, as is 
determined to be relevant and necessary, outside USAID as a routine use 
pursuant to 5 U.S.C. 552a(b)(3) as follows:
    (1) To third-party service providers contracted by USAID to 
facilitate and/or coordinate public-private collaboration and 
cooperation events and activities on behalf of USAID, such as but not 
limited to training, outreach, marketing, and matchmaking activities.
    (2) To an agency or organization, including the USAID's Office of 
Inspector General, for the purpose of performing audit or oversight 
operations as authorized by law, but only such information as is 
necessary and relevant to such audit or oversight function.
    (3) To the Department of Justice or other appropriate United States 
Government Agency when the records are arguably relevant to a 
proceeding in a court or other tribunal in which USAID or a USAID 
official, in his or her official capacity, is a party or has an 
interest, or when the litigation is likely to affect USAID.
    (4) In the event of an indication of a violation or potential 
violation of law, whether civil, criminal or regulatory in nature, and 
whether arising by statute or particular program pursuant thereto, to 
the appropriate agency, whether federal, state, local, or foreign, 
charged with the responsibility of investigating or prosecuting such 
violation or charged with enforcing or implementing the statute, or 
rule, regulation or order involved.
    (5) To appropriate officials and employees of a federal agency or 
entity when the information is relevant and necessary to a decision 
concerning the hiring or retention of an employee; the issuance of a 
security clearance; the reporting of an investigation of an employee; 
the assignment, detail, or deployment of an employee; the letting of a 
contract; or the approval of a grant or other benefits.
    (6) To provide information to a congressional office from the 
record of an individual in response to an inquiry from that 
congressional office made at the request of the individual to whom the 
record pertains.
    (7) To a court, magistrate, or other administrative body in the 
course of presenting evidence, including disclosures to counsel or 
witnesses in the course of civil discovery, litigation, or settlement 
negotiations, or in connection with criminal proceedings, when the 
USAID is a party to the proceeding or has a significant interest in the 
proceeding.
    (8) To the National Archives and Records Administration for the 
purposes of records management inspections conducted under the 
authority of 44 U.S.C. 2904 and 2906.
    (9) To disclose information to the Equal Employment Opportunity 
Commission when requested in connection with investigations into 
alleged or possible discrimination practices in the Federal sector, 
compliance by Federal agencies with the Uniform Guidelines on Employee 
Selection Procedures or other functions vested in the Commission and to 
otherwise ensure compliance with the provisions of 5 U.S.C. 7201.
    (10) To appropriate agencies, entities, and persons when: (a) USAID 
suspects or has confirmed that there has been a breach of the system of 
records; (b) USAID has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, USAID 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (c) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with USAID's efforts to respond to the suspected 
or confirmed breach or to prevent, minimize, or remedy such harm.
    (11) To another Federal Department or Agency or Federal entity, 
when USAID determines information from this system of records is 
reasonably necessary to assist the recipient Department or Agency or 
entity in: (a) responding to a suspected or confirmed breach; or (b) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
programs and operations), the Federal Government, or national security, 
that might result from a suspected or confirmed breach.
    (12) To another agency or agent of a Government jurisdiction within 
or under the control of the U.S. lawfully engaged in national security 
or homeland defense when disclosure is undertaken for intelligence, 
counterintelligence activities (as defined by 50 U.S.C. 3003(3)), 
counterterrorism, homeland security, or related law enforcement 
purposes, as authorized by U.S. law or Executive Order.
    (13) To either House of Congress, or, to the extent of matter 
within its jurisdiction, any committee or subcommittee thereof, any 
joint

[[Page 4893]]

committee of Congress or subcommittee of any such joint committee. 5 
U.S.C. 552a(b)(9).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    All information contained in the System of Records is stored in 
electronic format. The data is encrypted at rest and in transit using 
Agency-approved, Federal Information Processing Standards (FIPS) 
compliant encryption mechanisms consistent with policy directives in 
USAID Automated Directive System 545, Information System Security. 
Users must be authenticated to the system where records are stored to 
retrieve the data.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    USAID's staff retrieves Private Sector Engagement records by entity 
name, affiliate/representative name, USAID assigned identifiers, and 
any other identifying data specified in the ``Categories of Records.''

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Private Sector Engagement records are retained, retired, and 
destroyed in accordance with the USAID Automated Directive System, 
Chapter 502, The USAID Records Management Program, and the USAID 
Records Disposition Schedules as approved by the National Archives and 
Records Administration (NARA). More specific information may be 
obtained by emailing USAID's Records Office at 
[email protected].

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Safeguards are implemented in accordance with the Privacy Act and 
the Federal Information Security Modernization Act of 2014 (FISMA), as 
well as the applicable system and business policies and procedures. 
These safeguards are evaluated on a recurring basis to ensure continued 
effective protections of the information contained within this System 
of Records.
    To minimize the risk of unauthorized access, the System of Records 
employs various security controls, including explicit user access 
approval, multi-factor authentication, role-based access controls, data 
encryption, and routine monitoring of system and user activity used to 
maintain administrative records and perform other functions inherent in 
the administration and security of these records.
    USAID has implemented controls to minimize the risk of compromising 
the information that is being processed, collected, transmitted and 
stored. Safeguards for systems, data, facilities, and storage 
containers/media include, but are not limited to the following 
administrative, technical and physical safeguards:
     Administrative--Security and Privacy program management 
functions including trained staff, implemented risk management 
frameworks and strategies, policies and procedures; security and 
privacy awareness and training; incident response and contingency 
plans; periodic privacy and security assessments; user agreements and 
access rules; and personnel security clearances and/or background 
checks as required.
     Technical--Access controls to limit access to only 
authorized personnel and to allow access only to the information 
required to perform official duties as assigned; audit controls to 
monitor activities on systems containing PII or other sensitive 
information; data protection which includes encryption of data-at-rest 
and in-transit; and person and/or entity identification and 
authentication to prevent unauthorized access to information or 
information systems.
     Physical Controls--Facility access controls include one or 
more of the following: guards and locked gates, doors, cabinets, etc. 
to limit physical access to systems, facilities, rooms, or other areas 
where sensitive data is stored.

RECORD ACCESS PROCEDURES:
    Under the Privacy Act, individuals may request access to records 
about themselves. These individuals must be limited to citizens of the 
United States or aliens lawfully admitted for permanent residence. If a 
Federal department or agency, or a person who is not the individual who 
is the subject of the records, requests access to records about an 
individual, the written consent of the individual who is the subject of 
the records is required.
    Individuals seeking access to information about themselves 
contained in this system of records should address inquiries to the 
Bureau for Management, Office of Management Services, Information and 
Records Division (M/MS/IRD), USAID Annex--Room 2.4.0C, 1300 
Pennsylvania Avenue NW, Washington, DC 20523. The requester may 
complete and sign a USAID Form 507-1, Certification of Identity Form, 
or submit signed, written requests that should include the individual's 
full name, current address, telephone number, and this System of 
Records Notice number. In addition, the requester must provide either a 
notarized statement or an unsworn declaration made in accordance with 
28 U.S.C. 1746, in the following format:
    If executed outside the United States: ``I declare (or certify, 
verify, or state) under penalty of perjury under the laws of the United 
States of America that the foregoing is true and correct. Executed on 
(date). (Signature).''
    If executed within the United States, its territories, possessions, 
or commonwealths: ``I declare (or certify, verify, or state) under 
penalty of perjury that the foregoing is true and correct. Executed on 
(date). (Signature).''

CONTESTING RECORD PROCEDURES:
    The USAID rules for accessing records, contesting contents, and 
appealing initial agency determinations are contained in 22 CFR 212 or 
may be obtained from the program manager or system owner.

NOTIFICATION PROCEDURES:
    Individuals seeking to determine if information about themselves is 
contained in this System of Records should address inquiries to the 
Bureau for Management, Office of Management Services, Information and 
Records Division (M/MS/IRD), USAID Annex--Room 2.4.0C, 1300 
Pennsylvania Avenue NW, Washington, DC 20523. Individuals may complete 
and sign a USAID Form 507-1, Certification of Identity Form, or submit 
signed, written requests that should include the individual's full 
name, current address, and telephone number. In addition, the requester 
must provide either a notarized statement or an unsworn declaration 
made in accordance with 28 U.S.C. 1746, in the following format:
    If executed outside the United States: ``I declare (or certify, 
verify, or state) under penalty of perjury under the laws of the United 
States of America that the foregoing is true and correct. Executed on 
(date). (Signature).''
    If executed within the United States, its territories, possessions, 
or commonwealths: ``I declare (or certify, verify, or state) under 
penalty of perjury that the foregoing is true and correct. Executed on 
(date). (Signature).''

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

Celida Ann Malone,
Government Privacy Task Lead.
[FR Doc. 2024-01452 Filed 1-24-24; 8:45 am]
BILLING CODE 6116-01-P