Privacy Act of 1974; System of Records, 26998-26999 [2024-08000]
Download as PDF
26998
Federal Register / Vol. 89, No. 74 / Tuesday, April 16, 2024 / Notices
public in accordance with the
provisions of 5 U.S.C. 552, will be
available for website viewing and
printing in the Commission’s Public
Reference Room, 100 F Street NE,
Washington, DC 20549, on official
business days between the hours of 10
a.m. and 3 p.m. Copies of the filing also
will be available for inspection and
copying at the principal offices of the
Participants. Do not include personal
identifiable information in submissions;
you should submit only information
that you wish to make available
publicly. We may redact in part or
withhold entirely from publication
submitted material that is obscene or
subject to copyright protection. All
submissions should refer to file number
4–698 and should be submitted on or
before May 7, 2024.
For the Commission, by the Division of
Trading and Markets, pursuant to delegated
authority.38
Sherry R. Haywood,
Assistant Secretary.
[FR Doc. 2024–07967 Filed 4–15–24; 8:45 am]
BILLING CODE 8011–01–P
SMALL BUSINESS ADMINISTRATION
Privacy Act of 1974; System of
Records
U.S. Small Business
Administration.
ACTION: Notice of a modified system of
records.
AGENCY:
The U.S. Small Business
Administration (SBA) proposes to
modify its system of records titled,
Small Business Investment Company
Information System (SBICIS) (SBA 40),
to update its inventory of records
systems subject to the Privacy Act of
1974, as amended. Publication of this
notice complies with the Privacy Act
and the Office of Management and
Budget (OMB) Circular A–108 and
Circular A–130. System of Records
Notice (SORN) titled, Small Business
Investment Company Information
System (SBA 40), serves as a centralized
and automated framework for the
organization, retrieval, and analysis of
SBIC information which supports the
SBA’s oversight and risk management
roles for the SBIC program.
DATES: Submit comments on or before
May 16, 2024. This revised system will
be effective upon publication. Routine
uses will become effective on the date
following the end of the comment
period unless comments are received
khammond on DSKJM1Z7X2PROD with NOTICES
SUMMARY:
38 17
CFR 200.30–3(a)(85).
VerDate Sep<11>2014
19:09 Apr 15, 2024
Jkt 262001
which result in a contrary
determination.
ADDRESSES: You may submit comments
on this notice, identified by [DOCKET
NUMBER SBA–2023–0014], by any of
the following methods:
Federal e-Rulemaking Portal: https://
www.regulations.gov: Follow the
instructions for submitting comments.
Mail/Hand Delivery/Courier: Submit
written comments to: Kerry Vance,
Director, Information Technology and
Data Strategy, Office of Investment and
Innovation, U.S. Small Business
Administration, 409 3rd Street SW,
Washington, DC 20416.
FOR FURTHER INFORMATION CONTACT:
General questions, please contact Kerry
Vance, Director, Information
Technology and Data Strategy, Office of
Investment and Innovation, U.S. Small
Business Administration, 409 3rd Street
SW, Washington, DC 20416 or via email,
Kerry.Vance@sba.gov, telephone 202–
205–6160 or Kelvin L. Moore, Chief
Information Security Officer, Office of
the Chief Information Officer, U.S.
Small Business Administration, 409 3rd
Street SW, Suite 4000, Washington, DC
20416, email address: Kelvin.Moore@
sba.gov, telephone 202–921–6273. For
Privacy related matters, please contact
LaWanda Burnette, Chief Privacy
Officer, Office of the Chief Information
Officer, or via email to Privacyofficer@
sba.gov.
SUPPLEMENTARY INFORMATION: The
Privacy Act of 1974 (5 U.S.C. 552a), as
amended, embodies fair information
practice principles in a statutory
framework governing how federal
agencies collect, maintain, use, and
disseminate individuals’ personal
information. The Privacy Act applies to
records about individuals that are
maintained in a ‘‘system of records.’’ A
system of records is any group of
records under the control of a federal
agency from which information is
retrieved by the name of an individual
or by a number, symbol or any other
identifier assigned to the individual.
The Privacy Act requires each federal
agency to publish in the Federal
Register a System of Records Notice
(SORN) identifying and describing each
system of records the agency maintains,
the purpose for which the agency uses
the Personally Identifiable Information
(PII) in the system, the routine uses for
which the agency discloses such
information outside the agency, and
how individuals can exercise their
rights related to their PII information.
The modified Privacy Act system of
records titled Small Business
Investment Company Information
System (SBICIS) (SBA 40) will be used
PO 00000
Frm 00143
Fmt 4703
Sfmt 4703
to provide notice to current and former
(i) prospective Small Business
Investment Company license applicants,
(ii) SBIC applicants, (iii) SBICs (solely
for the purpose of this SORN, the term
‘‘SBIC’’ refers to each of (i), (ii), and (iii).
This includes managers, executives,
members, and employees associated or
affiliated with an SBIC, and personal
and professional references for certain
of the foregoing. It also includes SBIC
investors, SBIC portfolio companies,
certain SBIC portfolio company
employees, SBIC service providers, and
certain other individuals associated,
affiliated or involved with an SBIC.
Additionally, this modification to the
system of records Small Business
Investment Company Information
System (SBICIS) (SBA 40) also includes
changing the short name to SBA SBICIS
40 to easily identify the system short
name with its numeric value. Lastly,
this modification adds three new
routine uses: (H), (I) and (J),
respectively.
This system of records is comprised of
electronic records managed by the
Office of Investment and Innovation
(OII). SBA SBICIS 40 will not have any
undue impact on the privacy of
individuals and its use is compatible
with collection.
SYSTEM NAME AND NUMBER:
Small Business Investment Company
Information System (SBA SBICIS 40).
SECURITY CLASSIFICATION:
Controlled Unclassified Information
SYSTEM LOCATION:
SBA Headquarters, 409 3rd Street SW,
Washington, DC 20416 and vendor
cloud platform.
SYSTEM MANAGER(S):
Kerry Vance, Director, Information
Technology and Data Strategy, Office of
Investment and Innovation, U.S. Small
Business Administration, 409 3rd Street
SW, Washington, DC 20416 or via email
Kerry.Vance@sba.gov, telephone 202–
205–6160.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
The Small Business Investment Act of
1958, as amended, 15 U.S.C. 661, et seq.
CATEGORIES OF RECORDS IN THE SYSTEM:
Personal and commercial information
(including name, address, telephone
number, credit history, background
information, business information,
employer identification number, SBIC
License number, financial information,
investor commitments, identifying
number or other personal identifiers,
regulatory compliance information) on
individuals and portfolio companies
named in SBIC files.
E:\FR\FM\16APN1.SGM
16APN1
Federal Register / Vol. 89, No. 74 / Tuesday, April 16, 2024 / Notices
khammond on DSKJM1Z7X2PROD with NOTICES
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
In addition to those disclosures
generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a
portion of the information contained in
this system may be disclosed to
authorized entities, as is determined to
be relevant and necessary, outside SBA
as a routine use pursuant to 5 U.S.C.
552a(b)(3) as follows:
A. To the Department of Justice (DOJ),
including offices of the U.S. Attorneys,
or other Federal agency conducting
litigation or in proceedings before any
court, adjudicative, or administrative
body, when it is deemed by the SBA to
be relevant or necessary to the litigation
or SBA has an interest in such litigation
when any of the following are a party
to the litigation or have an interest in
the litigation: (1) Any employee or
former employee of the SBA in his or
her official capacity; (2) Any employee
or former employee of the SBA in his or
her individual capacity when DOJ or
SBA has agreed to represent the
employee or a party to the litigation or
have an interest in the litigation; or (3)
The United States or any agency thereof.
B. To a Congressional office from the
record of an individual in response to
an inquiry from that Congressional
office made at the request of the
individual. The member’s access rights
are no greater than those of the
individual.
C. To the National Archives and
Records Administration (NARA) or
General Services Administration (GSA)
pursuant to records management
inspections being conducted under the
authority of 44 U.S.C. 2904 and 2906.
D. To an agency or organization,
including the SBA’s Office of Inspector
General, for the purpose of performing
audit or oversight operations as
authorized by law, but only such
information as is necessary and relevant
to such audit or oversight function.
E. To appropriate agencies, entities,
and persons when: (1) The SBA
suspects or has confirmed that the
security or confidentiality of
information processed and maintained
by the SBA has been compromised, (2)
the SBA has determined that as a result
of the suspected or confirmed
compromise, there is a risk of identity
theft or fraud, harm to economic or
property interests, harm to an
individual, or harm to the security or
integrity of this system or other systems
or programs (whether maintained by
SBA or any other agency or entity) that
rely upon the compromised
information; and (3) the disclosure
made to such agencies, entities, and
VerDate Sep<11>2014
19:09 Apr 15, 2024
Jkt 262001
persons is reasonably necessary to assist
in connection with the SBA’s efforts to
respond to the suspected or confirmed
compromise and prevent, minimize, or
remedy such harm.
F. To another Federal agency or
Federal entity, when the SBA
determines that information from this
system of records is reasonably
necessary to assist the recipient agency
or entity in: (1) Responding to a
suspected or confirmed breach or (2)
preventing, minimizing, or remedying
the risk of harm to individuals, the
recipient agency or entity (including its
information systems, programs, and
operations), the Federal Government, or
national security, resulting from a
suspected or confirmed breach.
G. To another agency or agent of a
government jurisdiction within or under
the control of the U.S., lawfully engaged
in national security or homeland
defense when disclosure is undertaken
for intelligence, counterintelligence
activities (as defined by 50 U.S.C.
3003(3)), counterterrorism, homeland
security, or related law enforcement
purposes, as authorized by U.S. law or
Executive Order.
H. To other Federal agencies or
Federal entities when mandated by
executive orders or statute, or as
documented by a Memorandum of
Understanding or Memorandum of
Agreement or Information Exchange
Agreement or Data Sharing Agreement
(‘‘Agreements’’) and approved by the
applicable Authorizing Officials in
compliance with the Privacy Act of
1974, as amended, 5 U.S.C. 552a and
SBA’s policies. These Agreements may
be subject to review and approval by
SBA’s Office of General Counsel and
SBA’s Senior Agency Official for
Privacy or designee and are for the
purpose of performing analysis, metrics,
or reports in support of marketing or
initiatives and programs that SBICs may
opt into participate in without any
obligation or commitment.
I. To other Federal agencies or Federal
entities in aggregate and anonymized for
the purpose of marketing, trends,
statistical analysis, forecasting,
reporting, and research where the
information must preserve anonymity.
J. To SBA contractors, grantees,
interns, regulators, and experts who
have been engaged by SBA to assist in
the performance and performance
improvement of a service related to this
system of records and who need access
to the records to perform this activity
which may also include for regulatory
purposes. Recipients of these records
shall be required to comply with the
requirements of the Privacy Act of 1974,
as amended, 5 U.S.C. 552a.
PO 00000
Frm 00144
Fmt 4703
Sfmt 4703
26999
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
SBICIS records are retrieved by SBIC
or Portfolio Company Name, affiliation
with a particular SBIC personal
identifier, SBA identifier, employer
identification number, or any other data
field that would enable SBA to perform
its official duties.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
Records are maintained in accordance
with SBA Standard Operating Procedure
(SOP) 00 41 latest edition, applicable
General Records Schedules (GRS) and
are disposed of in accordance with
applicable SBA policies.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
Information stored by SBICIS is stored
electronically and supported by the
applicable Privacy Impact
Assessment(s). Data is protected through
the implementation of access controls—
least permissions, role-based user
permissions, event logging, monitoring,
security assessment and authorization
reviews, encryption transmission and
encrypted data at rest. Safeguards
implemented comply to SBA policies,
industry best practices, and Federal
Government standards, memoranda, and
circulars.
RECORD ACCESS PROCEDURES:
Individuals wishing to request access
to records about them should submit a
Privacy Act request to the SBA Chief,
Freedom of Information and Privacy Act
Office, U.S. Small Business
Administration, 409 Third St. SW,
Eighth Floor, Washington, DC 20416 or
FOIA@sba.gov. Individuals must
provide their full name, mailing
address, personal email address,
telephone number, and a detailed
description of the records being
requested. Individuals requesting access
must also follow SBA’s Privacy Act
regulations regarding verification of
identity and access to records (13 CFR
part 102 subpart B).
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
[FR Doc. 2019–19153, Vol. 84, No.
172]
Jennifer Shieh,
Acting, Deputy Associate Administrator,
Office of Investment and Innovation.
[FR Doc. 2024–08000 Filed 4–15–24; 8:45 am]
BILLING CODE 8026–09–P
E:\FR\FM\16APN1.SGM
16APN1
Agencies
[Federal Register Volume 89, Number 74 (Tuesday, April 16, 2024)]
[Notices]
[Pages 26998-26999]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-08000]
=======================================================================
-----------------------------------------------------------------------
SMALL BUSINESS ADMINISTRATION
Privacy Act of 1974; System of Records
AGENCY: U.S. Small Business Administration.
ACTION: Notice of a modified system of records.
-----------------------------------------------------------------------
SUMMARY: The U.S. Small Business Administration (SBA) proposes to
modify its system of records titled, Small Business Investment Company
Information System (SBICIS) (SBA 40), to update its inventory of
records systems subject to the Privacy Act of 1974, as amended.
Publication of this notice complies with the Privacy Act and the Office
of Management and Budget (OMB) Circular A-108 and Circular A-130.
System of Records Notice (SORN) titled, Small Business Investment
Company Information System (SBA 40), serves as a centralized and
automated framework for the organization, retrieval, and analysis of
SBIC information which supports the SBA's oversight and risk management
roles for the SBIC program.
DATES: Submit comments on or before May 16, 2024. This revised system
will be effective upon publication. Routine uses will become effective
on the date following the end of the comment period unless comments are
received which result in a contrary determination.
ADDRESSES: You may submit comments on this notice, identified by
[DOCKET NUMBER SBA-2023-0014], by any of the following methods:
Federal e-Rulemaking Portal: https://www.regulations.gov: Follow the
instructions for submitting comments. Mail/Hand Delivery/Courier:
Submit written comments to: Kerry Vance, Director, Information
Technology and Data Strategy, Office of Investment and Innovation, U.S.
Small Business Administration, 409 3rd Street SW, Washington, DC 20416.
FOR FURTHER INFORMATION CONTACT: General questions, please contact
Kerry Vance, Director, Information Technology and Data Strategy, Office
of Investment and Innovation, U.S. Small Business Administration, 409
3rd Street SW, Washington, DC 20416 or via email, [email protected],
telephone 202-205-6160 or Kelvin L. Moore, Chief Information Security
Officer, Office of the Chief Information Officer, U.S. Small Business
Administration, 409 3rd Street SW, Suite 4000, Washington, DC 20416,
email address: [email protected], telephone 202-921-6273. For
Privacy related matters, please contact LaWanda Burnette, Chief Privacy
Officer, Office of the Chief Information Officer, or via email to
[email protected].
SUPPLEMENTARY INFORMATION: The Privacy Act of 1974 (5 U.S.C. 552a), as
amended, embodies fair information practice principles in a statutory
framework governing how federal agencies collect, maintain, use, and
disseminate individuals' personal information. The Privacy Act applies
to records about individuals that are maintained in a ``system of
records.'' A system of records is any group of records under the
control of a federal agency from which information is retrieved by the
name of an individual or by a number, symbol or any other identifier
assigned to the individual. The Privacy Act requires each federal
agency to publish in the Federal Register a System of Records Notice
(SORN) identifying and describing each system of records the agency
maintains, the purpose for which the agency uses the Personally
Identifiable Information (PII) in the system, the routine uses for
which the agency discloses such information outside the agency, and how
individuals can exercise their rights related to their PII information.
The modified Privacy Act system of records titled Small Business
Investment Company Information System (SBICIS) (SBA 40) will be used to
provide notice to current and former (i) prospective Small Business
Investment Company license applicants, (ii) SBIC applicants, (iii)
SBICs (solely for the purpose of this SORN, the term ``SBIC'' refers to
each of (i), (ii), and (iii). This includes managers, executives,
members, and employees associated or affiliated with an SBIC, and
personal and professional references for certain of the foregoing. It
also includes SBIC investors, SBIC portfolio companies, certain SBIC
portfolio company employees, SBIC service providers, and certain other
individuals associated, affiliated or involved with an SBIC.
Additionally, this modification to the system of records Small
Business Investment Company Information System (SBICIS) (SBA 40) also
includes changing the short name to SBA SBICIS 40 to easily identify
the system short name with its numeric value. Lastly, this modification
adds three new routine uses: (H), (I) and (J), respectively.
This system of records is comprised of electronic records managed
by the Office of Investment and Innovation (OII). SBA SBICIS 40 will
not have any undue impact on the privacy of individuals and its use is
compatible with collection.
SYSTEM NAME AND NUMBER:
Small Business Investment Company Information System (SBA SBICIS
40).
SECURITY CLASSIFICATION:
Controlled Unclassified Information
SYSTEM LOCATION:
SBA Headquarters, 409 3rd Street SW, Washington, DC 20416 and
vendor cloud platform.
SYSTEM MANAGER(S):
Kerry Vance, Director, Information Technology and Data Strategy,
Office of Investment and Innovation, U.S. Small Business
Administration, 409 3rd Street SW, Washington, DC 20416 or via email
[email protected], telephone 202-205-6160.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
The Small Business Investment Act of 1958, as amended, 15 U.S.C.
661, et seq.
CATEGORIES OF RECORDS IN THE SYSTEM:
Personal and commercial information (including name, address,
telephone number, credit history, background information, business
information, employer identification number, SBIC License number,
financial information, investor commitments, identifying number or
other personal identifiers, regulatory compliance information) on
individuals and portfolio companies named in SBIC files.
[[Page 26999]]
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the information
contained in this system may be disclosed to authorized entities, as is
determined to be relevant and necessary, outside SBA as a routine use
pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To the Department of Justice (DOJ), including offices of the
U.S. Attorneys, or other Federal agency conducting litigation or in
proceedings before any court, adjudicative, or administrative body,
when it is deemed by the SBA to be relevant or necessary to the
litigation or SBA has an interest in such litigation when any of the
following are a party to the litigation or have an interest in the
litigation: (1) Any employee or former employee of the SBA in his or
her official capacity; (2) Any employee or former employee of the SBA
in his or her individual capacity when DOJ or SBA has agreed to
represent the employee or a party to the litigation or have an interest
in the litigation; or (3) The United States or any agency thereof.
B. To a Congressional office from the record of an individual in
response to an inquiry from that Congressional office made at the
request of the individual. The member's access rights are no greater
than those of the individual.
C. To the National Archives and Records Administration (NARA) or
General Services Administration (GSA) pursuant to records management
inspections being conducted under the authority of 44 U.S.C. 2904 and
2906.
D. To an agency or organization, including the SBA's Office of
Inspector General, for the purpose of performing audit or oversight
operations as authorized by law, but only such information as is
necessary and relevant to such audit or oversight function.
E. To appropriate agencies, entities, and persons when: (1) The SBA
suspects or has confirmed that the security or confidentiality of
information processed and maintained by the SBA has been compromised,
(2) the SBA has determined that as a result of the suspected or
confirmed compromise, there is a risk of identity theft or fraud, harm
to economic or property interests, harm to an individual, or harm to
the security or integrity of this system or other systems or programs
(whether maintained by SBA or any other agency or entity) that rely
upon the compromised information; and (3) the disclosure made to such
agencies, entities, and persons is reasonably necessary to assist in
connection with the SBA's efforts to respond to the suspected or
confirmed compromise and prevent, minimize, or remedy such harm.
F. To another Federal agency or Federal entity, when the SBA
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in: (1) Responding
to a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
G. To another agency or agent of a government jurisdiction within
or under the control of the U.S., lawfully engaged in national security
or homeland defense when disclosure is undertaken for intelligence,
counterintelligence activities (as defined by 50 U.S.C. 3003(3)),
counterterrorism, homeland security, or related law enforcement
purposes, as authorized by U.S. law or Executive Order.
H. To other Federal agencies or Federal entities when mandated by
executive orders or statute, or as documented by a Memorandum of
Understanding or Memorandum of Agreement or Information Exchange
Agreement or Data Sharing Agreement (``Agreements'') and approved by
the applicable Authorizing Officials in compliance with the Privacy Act
of 1974, as amended, 5 U.S.C. 552a and SBA's policies. These Agreements
may be subject to review and approval by SBA's Office of General
Counsel and SBA's Senior Agency Official for Privacy or designee and
are for the purpose of performing analysis, metrics, or reports in
support of marketing or initiatives and programs that SBICs may opt
into participate in without any obligation or commitment.
I. To other Federal agencies or Federal entities in aggregate and
anonymized for the purpose of marketing, trends, statistical analysis,
forecasting, reporting, and research where the information must
preserve anonymity.
J. To SBA contractors, grantees, interns, regulators, and experts
who have been engaged by SBA to assist in the performance and
performance improvement of a service related to this system of records
and who need access to the records to perform this activity which may
also include for regulatory purposes. Recipients of these records shall
be required to comply with the requirements of the Privacy Act of 1974,
as amended, 5 U.S.C. 552a.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
SBICIS records are retrieved by SBIC or Portfolio Company Name,
affiliation with a particular SBIC personal identifier, SBA identifier,
employer identification number, or any other data field that would
enable SBA to perform its official duties.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are maintained in accordance with SBA Standard Operating
Procedure (SOP) 00 41 latest edition, applicable General Records
Schedules (GRS) and are disposed of in accordance with applicable SBA
policies.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Information stored by SBICIS is stored electronically and supported
by the applicable Privacy Impact Assessment(s). Data is protected
through the implementation of access controls--least permissions, role-
based user permissions, event logging, monitoring, security assessment
and authorization reviews, encryption transmission and encrypted data
at rest. Safeguards implemented comply to SBA policies, industry best
practices, and Federal Government standards, memoranda, and circulars.
RECORD ACCESS PROCEDURES:
Individuals wishing to request access to records about them should
submit a Privacy Act request to the SBA Chief, Freedom of Information
and Privacy Act Office, U.S. Small Business Administration, 409 Third
St. SW, Eighth Floor, Washington, DC 20416 or [email protected]. Individuals
must provide their full name, mailing address, personal email address,
telephone number, and a detailed description of the records being
requested. Individuals requesting access must also follow SBA's Privacy
Act regulations regarding verification of identity and access to
records (13 CFR part 102 subpart B).
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
[FR Doc. 2019-19153, Vol. 84, No. 172]
Jennifer Shieh,
Acting, Deputy Associate Administrator, Office of Investment and
Innovation.
[FR Doc. 2024-08000 Filed 4-15-24; 8:45 am]
BILLING CODE 8026-09-P