[Federal Register Volume 85, Number 137 (Thursday, July 16, 2020)]
[Notices]
[Pages 43210-43222]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-15398]
=======================================================================
-----------------------------------------------------------------------
U.S. INTERNATIONAL DEVELOPMENT FINANCE CORPORATION
Privacy Act of 1974; System of Records
AGENCY: U.S. International Development Finance Corporation (DFC).
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: The Better Utilization of Investments Leading to Development
(BUILD) Act of 2018 created the U.S. International Development Finance
Corporation (DFC) by bringing together the Overseas Private Investment
Corporation (OPIC) and the Development Credit Authority (DCA) office of
the U.S. Agency for International Development (USAID). Section 1466(a)-
(b) of the Act provides that all completed administrative actions shall
apply, while all pending proceedings shall continue, through the
transition to the DFC. Accordingly, DFC is issuing a revised system of
records modifying all the systems of records previously published under
OPIC's authority.
DATES: The systems are effective upon publication in today's Federal
Register, with the exception of changes to the routine uses, which are
effective August 17, 2020, unless we receive comments that result in a
contrary determination.
ADDRESSES: Written comments may be submitted by any of the following
methods:
Mail: Mark Rein, Office of the Chief Information Officer,
U.S. International Development Finance Corporation, 1100 New York
Avenue NW, Washington, DC 20527.
Email: [email protected].
Instructions: All submissions received must include the system name
and number for the system to which the comments relate. Please note
that all written comments received in response to this notice will be
considered public records.
FOR FURTHER INFORMATION CONTACT: Chief Information Officer, Mark Rein,
(202) 336-8404.
SUPPLEMENTARY INFORMATION:
I. Background: OPIC previously published System of Records Notices
(SORN) at 64 FR 37152 (Jul. 9 1999), 69 FR 59279 (Oct. 4, 2004), 74 FR
16430 (Apr. 10, 2009), and 80 FR 30288 (May 27, 2015). These SORNs were
transferred to DFC under the BUILD Act of 2018. In accordance with the
Privacy Act of 1974, 5 U.S.C. 552a, DFC proposes to: Delete OPIC-3 as
this has been replaced by GSA/GOVT-7. Delete OPIC-7 as this has been
replaced by OPM/GOVT-3. Delete OPIC-9 and OPIC-14 as these have been
replaced by OPM/GOVT-1. Delete OPIC-17 as this has been replaced by
GSA/GOVT-4. Delete OPIC-1, OPIC-14, OPIC-19, and OPIC-22 as these have
been replaced by DFC/03. Delete OPIC-10 as this has been replaced by
DFC/04. Delete OPIC-2, OPIC-5, OPIC-6, OPIC-8, OPIC-12, OPIC-13, OPIC-
15, OPIC-16, OPIC-20, and OPIC-21 as these files are no longer
maintained. OPIC-4 is renumbered DFC/04 and amended to include records
previously covered by OPIC-10. OPIC-11 is renumbered DFC/07. OPIC-12 is
renumbered DFC/08 and renamed Executive Photographs. OPIC-18 is
renumbered DFC/06 and renamed Board of Directors. OPIC-22 is renumbered
DFC/03. OPIC-23 is renumbered DFC/02. Add DFC/01, Oracle E-Business
Suite (EBS) and DFC/05, FedTalent.
II. Privacy Act: The Privacy Act of 1974, as amended, embodies fair
information practice principles in a statutory framework governing the
means by which Federal agencies collect, maintain, use, and disseminate
individuals' records. The Privacy Act applies to records about
individuals;
[[Page 43211]]
these records are maintained in a ``system of records,'' which refers
to a group of any records under the control of an agency from which
information is retrieved by the name of an individual or by some
identifying number, symbol, or other identifying particular assigned to
the individual. The Privacy Act defines an individual as a United
States citizen or an alien lawfully admitted for permanent residence.
Individuals may request access to their own records that are maintained
in a system of records in the possession or under the control of the
DFC by complying with Privacy Act regulations at 22 Code of Federal
Regulations (CFR) Part 707 and following the procedures outlined in the
Records Access, Contesting Record, and Notification Procedures sections
of this notice. The Privacy Act requires each agency to publish in the
Federal Register a description denoting the existence and character of
each system of records that the agency maintains and the routine uses
of each system. In accordance with 5 U.S.C. 552a(r), the DFC has
provided a report of this system of records to the Office of Management
and Budget (OMB) and to Congress. As this revision is significant, a
full list of the Agency's systems of records is set forth below.
SYSTEM NAME AND NUMBER:
Oracle E-Business Suite (EBS), DFC/01.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
1100 New York Avenue NW, Washington, DC 20527.
SYSTEM MANAGER(S):
Business System Owner, Managing Director, Financial Management,
U.S. International Development Finance Corporation, 1100 New York
Avenue NW, Washington, DC 20527; Phone: (202) 336-8400. Technical
System Owner, Business Information Systems Director, Office of the
Chief Information Officer, U.S. International Development Finance
Corporation, 1100 New York Avenue NW, Washington, DC 20527; Phone:
(202) 336-8400.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Where applicable, electronic payments are required under Federal
Acquisition Regulation 52.232-25. Electronic payments require a
Taxpayer Identification Number (TIN) data element. Federal financial
mandates and legal authorities govern financial management systems that
support the collection of the information in EBS. These mandates and
authorities include the Chief Financial Officers Act of 1990, Public
Law 101-576, and the Federal Financial Management Improvement Act
(FFMIA) of 1996, Public Law 104-208, as well as guidance issued by OMB:
OMB Circular A-123, Management's Responsibility for Internal Control;
OMB Memorandum 16-11, Improving Administrative Functions Through Shared
Services; and OMB Memorandum 13-08, Improving Financial Systems Through
Shared Services.
PURPOSE(S) OF THE SYSTEM:
The primary purpose of Oracle EBS is to function as the financial
system of record for the Agency. It is the primary application employed
to record all financial transactions related to the Agency's
administrative business accounting and working capital budgets.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The categories of individuals and entities covered by this system
are identified as Federal government agencies and institutions; state
and local government agencies and institutions; domestic private
individuals, entities, and institutions conducting business with the
Agency; full- and part-time employees of the Agency; Personal Services
Contractors (PSC); foreign government agencies and institutions;
foreign private individuals, entities, and institutions conducting
business with the Agency; and foreign entities and institutions who act
as participants or intermediaries in financial transactions with the
Agency.
CATEGORIES OF RECORDS IN THE SYSTEM:
Personally identifiable records that are stored in the system
consist of individual or company names, points of contact, mailing
addresses, remittance addresses, telephone numbers, contract/award
numbers, email addresses, TIN, Social Security Numbers (SSN), Data
Universal Numbering System (DUNS) numbers, and bank account information
including routing numbers, account numbers, Society for Worldwide
Interbank Financial Telecommunication (SWIFT) codes, International Bank
Account Numbers (IBAN), and account titles.
RECORD SOURCE CATEGORIES:
Insight (Salesforce.com) (DFC/02): The Agency's back office
software that collects data from external customers completing and
submitting web-based business application electronic forms. Insight is
DFC's back-office data collection system where business- and product
specific information is processed. System for Award Management (SAM)
(GSA/GOVT-9): The U.S. Government's official vendor portal where
vendors self-maintain their business information. Carlson Wagonlit Sato
Travel E2 Solutions System (E2) (GSA/GOVT-4): An electronic travel
system that includes travel authorizations, travel vouchers, and
miscellaneous reimbursements data that is directly received from the
customer or employee.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside of DFC as
a routine use under U.S.C. 552a(b)(3), as stated in the Notice and here
for this modification. This modification includes a new routine use for
the Do Not Pay initiative in compliance with Improper Payments, which
is compatible with the following routine uses of this system of records
of a financial management system: (1) The two required routine uses
identified in OMB M-17-12 for notice and breach notification, which is
compatible with the necessity of the government to deal with breaches;
and (2) routine use for contractors, grantees, etc., and system
support, which is compatible with the need of contractor support for
Financial Systems. The other routine uses are compatible with the EBS
system of records as a financial system. The routine use satisfies the
compatibility requirement of the Privacy Act. The records or
information contained therein may specifically be disclosed as a
routine use, as stated below. The Agency will, when so authorized, make
the determination as to the relevancy of a record prior to its decision
to disclose:
A. To the Department of Treasury for Administering the Do Not Pay
Initiative under the Improper Payments Elimination and Recovery
Improvement Act of 2012 (IPERIA). As required by IPERIA, the Bipartisan
Budget Act of 2013, and the Federal Improper Payments Coordination Act
of 2015 (FIPCA), records maintained in this system will be disclosed to
(a) a Federal or state agency, its employees, agents (including
contractors of its agents) or contractors; or, (b) a fiscal or
financial agent designated by the Bureau of Fiscal Service or other
Department of the Treasury bureau or office, including employees,
agents, or contractors of such agent; or, (c) a contractor of the
Bureau of Fiscal Service, for the purpose of identifying, preventing,
and
[[Page 43212]]
recovering improper payments to an applicant for, or recipient of,
Federal funds. Records disclosed under this routing use may be used to
conduct computerized comparison to identify, prevent, and recover
improper payments, and to identify and mitigate fraud, waste, and abuse
in federal payments.
B. Disclosure for Enforcement, Statutory, and Regulatory Purposes.
Information may be disclosed to the appropriate Federal, state, local,
foreign, or self-regulatory organization or agency responsible for
investigating, prosecuting, enforcing, implementing, issuing, or
carrying out a statute, rule, regulation, order, policy, or license if
the information may be relevant to a potential violation of civil or
criminal law, rule, regulation, order, policy, or license.
C. Disclosure to Another Federal Agency When Requesting
Information. Information may be disclosed to a Federal agency in the
executive, legislative, or judicial branch of government in connection
with the hiring, retaining, or assigning of an employee; the issuance
of a security clearance; the conducting of a security or suitability
investigation of an individual; the classifying of jobs; the letting of
a contract; the issuance of a license, grant, or other benefits by the
receiving entity; or the lawful statutory, administrative, or
investigative purpose of the receiving entity to the extent that the
information is relevant and necessary to the receiving entity's
decision on the matter.
D. Disclosure to a Member of Congress and Congressional Inquiries.
Information may be disclosed to a congressional office in response to
an inquiry from the congressional office made at the request of the
individual to whom the record pertains.
E. Disclosure to the Department of Justice (DOJ), a Court, an
Adjudicative Body or Administrative Tribunal, or a Party in Litigation.
Information may be disclosed to DOJ, a court, an adjudicative body or
administrative tribunal, a party in litigation, or a witness if the
Agency (or in the case of an Office of Inspector General (OIG) system,
the OIG) determines, in its sole discretion, that the information is
relevant and necessary to the matter.
F. Disclosure to the Merit Systems Protection Board (MSPB), the
Office of Government Ethics (OGE), Equal Employment Opportunity
Commission (EEOC), and Office of Special Counsel (OSC). Information may
be disclosed to the EEOC, the MSPB, the OGE, or the OSC to the extent
determined to be relevant and necessary to carrying out their
authorized functions.
G. Disclosure to the EEOC, the Office of Personnel Management
(OPM), or the Fair Labor Relations Authority (FLRA) In Response to a
Formal Grievance, Complaint, or Appeal Filed by an Employee.
Information may be disclosed to the EEOC, OPM, FLRA, or other agency
grievance examiner, formal complaints examiner, arbitrator, or other
duly authorized official engaged in the investigation or settlement of
a grievance, complaint, or appeal filed by an employee.
H. Disclosure When Security or Confidentiality Has Been
Compromised. Information may be disclosed when (1) it is suspected or
confirmed that security or confidentiality of information has been
compromised; (2) the Agency has determined that, as a result of the
suspected or confirmed compromise, there is a risk of harm to economic
or property interests, identity theft or fraud, or harm to the security
or integrity of the system or other systems or programs (whether
maintained by the Agency or another agency or entity) that rely upon
the compromised information; and (3) the disclosure is made to such
agencies, entities, and persons who are reasonably necessary to assist
in connection with the Agency's efforts to respond to the suspected or
confirmed compromise and prevent, minimize, or remedy such harm.
I. Disclosure to Contractors, Agents, and Others. Information may
be disclosed to contractors, agents, or others performing work on a
contract, service, cooperative agreement, job, or other activity for
the Agency and who have a need to access the information in the
performance of their duties or activities for the Agency.
J. Disclosure to Any Source from Which Additional Information Is
Requested During the Acquisition and Procurement Contract Lifecycle
Management Process. Information may be disclosed in connection with the
requisitioning, commitments, obligations, invoicing, travel expense
reimbursements, and reimbursements to employees for local travel
expenses and other ancillary expenses.
K. Disclosure of Information in Connection with Business
Transaction Activities to a Federal Agency. Information may be
disclosed to the Treasury Department via electronic file to enable
processing of business payment and payable commitments for the life of
each business transaction.
L. Disclosure of Information in Connection with Business
Transaction Activities to a Federal Agency. Information may be
disclosed to a Federal agency in connection with initial due diligence
processes in assessing new business transaction proposals and as part
of the improper payment risk mitigation process that occurs for the
life of each business transaction.
M. Disclosure of Information to Another Federal Agency, a Court, or
a Third Party. Information may be disclosed where the counterparty to a
business transaction has not remitted agreed upon and contracted fees
for an extended period of time.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are stored in paper and electronic form.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records can be retrieved by transaction record number, name,
address, telephone numbers and other identifying information.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained and disposed of as prescribed under the
National Archives and Records Administration (NARA) General Records
Schedule. The information used to enter data into EBS is maintained for
seven years. Paper records are disposed of by shredding or pulping, and
records maintained on electronic media are degaussed or erased in
accordance with the applicable records retention schedule and NARA
guidelines.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Access to records in this system is controlled and managed pursuant
to applicable policies and rules, including OPM's Information and
Security & Privacy Policy. The use of password protection, system
authentication, and other system protection methods also provides
additional safeguards to restrict access. System access and access to
the records contained within the system are limited to those
individuals who have an official need for system access in order to
perform their official responsibilities and duties.
NOTIFICATION PROCEDURES:
Requests by individuals concerning the existence of a record may be
submitted in writing, addressed to the system manager above. The
request must comply with the requirements of 22 CFR 707.21.
RECORD ACCESS PROCEDURES:
Same as above.
[[Page 43213]]
CONTESTING RECORD PROCEDURES:
Requests by individuals to amend their record must be submitted in
writing, addressed to the system manager above. Requests for amendments
to records and requests for review of a refusal to amend a record must
comply with the requirements of 22 CFR 707.23.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
Not Applicable.
SYSTEM NAME AND NUMBER:
Salesforce Customer Relationship Management System (``Insight'');
DFC/02.
SYSTEM CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The system is located in an Enterprise Government Cloud Service
environment. The system is hosted at secured Salesforce General
Services Administration (GSA) data centers (NA-21) located in
Washington, DC and Chicago, IL; one site acts as the active host and
the alternative site acts as the disaster recovery location operating
under near-real time replication protocol.
SYSTEM MANAGER(S):
Business System Owner, Managing Director for Finance Program
Systems and Procedures, U.S. International Development Finance
Corporation, 1100 New York Avenue NW, Washington, DC 20527; Phone:
(202) 336-8400. Technical Systems Owner, Business Information Systems
Director, U.S. International Development Finance Corporation, 1100 New
York Avenue NW, Washington, DC 20527; Phone: (202) 336-8400.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The system covers individuals representing, guaranteeing,
sponsoring, owning, or managing a potential or actual DFC project under
all DFC products. Information about these individuals is entered
directly into the system by potential clients filling out application
forms on the Agency's electronic forms web-portal or manually when DFC
officers input data during a project's lifecycle.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system contains the information needed for processing Agency
projects and contains information about individuals and other entities
involved in those projects. Depending on the level of connection of an
individual to the project, personal information on the individual may
be maintained. This includes full name, date of birth, country of
birth, citizenship, personally identifying number, address, contact
information, and professional experience.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
BUILD Act, 22 U.S.C. 9601 et seq.; 44 U.S.C. 3101, et seq.
PURPOSE OF THE SYSTEM:
This system will facilitate project lifecycle management from
project intake to project closeout for all DFC products. The
information in the system will be used to administer the projects as
necessary, including internally tracking and managing client contact
information and the status (but not the detailed results) of Know Your
Customer (KYC) due diligence performed on businesses and individuals
associated with each project. Data from this system may also be used
for evaluating the effectiveness of DFC's products and programs and
improving upon them.
RECORD SOURCE CATEGORIES:
Information is collected directly from clients using a public-
facing web portal which collects customer and project data from
applicants. Direct input: Some account, contact, and project data are
input directly by DFC officers in the course of keeping project records
up to date. Oracle EBS (DFC/01): Pertinent financial data is sent to
Insight to provide DFC officers with accessible information related to
project status.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, these records of information contained
therein may specifically be disclosed outside of the Agency. The
records or information contained therein may specifically be disclosed
as a routine use, as stated below. The Agency will, when so authorized,
make the determination as to the relevancy of a record prior to its
decision to disclose information under the following circumstances:
A. Disclosure for Enforcement, Statutory, and Regulatory Purposes.
Information may be disclosed to the appropriate Federal, state, local,
foreign, or self-regulatory organization or agency responsible for
investigating, prosecuting, enforcing, implementing, issuing, or
carrying out a statute, rule, regulation, order, policy, or license if
the information may be relevant to a potential violation of civil or
criminal law, rule, regulation, order, policy, or license.
B. Disclosure to a Member of Congress and Congressional Inquiries.
Information may be disclosed to a congressional office in response to
an inquiry from the congressional office made at the request of the
individual to whom the record pertains.
C. Disclosure to DOJ, a Court, an Adjudicative Body or
Administrative Tribunal, or a Party in Litigation. Information may be
disclosed to DOJ, a court, an adjudicative body or administrative
tribunal, a party in litigation, or a witness if the Agency (or in the
case of an OIG system, the OIG) determines, in its sole discretion,
that the information is relevant and necessary to the matter.
D. Disclosure When Security or Confidentiality Has Been
Compromised. Information may be disclosed when (1) it is suspected or
confirmed that security or confidentiality of information has been
compromised; (2) the Agency has determined that, as a result of the
suspected or confirmed compromise, there is a risk of harm to economic
or property interests, identity theft or fraud, or harm to the security
or integrity of the system or other systems or programs (whether
maintained by the Agency or another agency or entity) that rely upon
the compromised information; and (3) the disclosure is made to such
agencies, entities, and persons who are reasonably necessary to assist
in connection with the Agency's efforts to respond to the suspected or
confirmed compromise and prevent, minimize, or remedy such harm.
E. Disclosure to Contractors, Agents, and Others. Information may
be disclosed to contractors, agents, or others performing work on a
contract, service, cooperative agreement, job, or other activity for
the Agency and who have a need to access the information in the
performance of their duties or activities for the Agency.
F. Disclosure to Any Source from Which Additional Information Is
Requested During Commitment of Payments. As needed, Insight
automatically transfers information to Oracle EBS (DFC/01) to commit
payments from DFC as part of the Agency's core business transactions.
G. Disclosure of Information in Connection with Loan Payments to a
Federal Agency. As needed, authorized DFC personnel manually input
disbursement records into Oracle and the Treasury portal to enable loan
payments.
[[Page 43214]]
H. Disclosure of Information in Connection with Business
Transaction Activities to a Federal Agency. Information may be
disclosed to a Federal agency in connection with initial due diligence
processes in assessing new business transaction proposals and as part
of the improper payment risk mitigation process that occurs for the
life of each business transaction.
I. Disclosure of Information to Another Federal Agency, a Court, or
a Third Party. Information may be disclosed where the counterparty to a
business transaction has not remitted agreed upon and contracted fees
for an extended period of time.
J. Disclosure of Credit to Credit Reporting Agencies. If deemed
necessary, credit information will be disclosed as the running of
credit checks is performed. These credit checks are conducted
confidentially, following accepted best practices with widely known and
reputable credit reporting agencies.
K. Disclosure of Non-Individual Information to Publicly Available
websites: Authorized personnel utilize non-individual information from
Insight (e.g., project descriptions and primary place of performance)
for the following publicly available websites: USA Spending and Foreign
Assistance.gov.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
System records are stored within secured Salesforce GSA data
centers (NA-21) located in Washington, DC and Chicago, IL; one site
acts as the active host and the alternative site acts as the disaster
recovery location operating under near-real time replication protocol.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
The records may be retrieved by the project name, project number,
company name, associated individual's name, or reporting tools provided
on the system dashboards. Access to sensitive personally identifiable
information (SPII) in the records is restricted to a small group of
authorized government personnel who perform the KYC due diligence in
the system, as needed. Access to the rest of the system is available to
any Agency personnel with system access. The DFC uses two-factor
authentication for Agency-specific users to access Insight outside of
the Agency network. Any changes to the system are implemented through a
change management process.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are maintained on an ongoing basis and updated by DFC staff
assigned with managing the system. These records will follow the DFC's
retention schedule based on project classification.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Access to records in this system is controlled and managed pursuant
to applicable policies and rules, including OPM's Information and
Security & Privacy Policy. These records and the technical hardware
containing these records are maintained on premises in areas designated
as restricted access. The use of password protection, system
authentication, user profile restrictions, and other system protection
methods also provides additional safeguards to restrict access. System
access and access to the records contained within the system are
limited to those individuals who have an official need for system
access in order to perform their official responsibilities and duties.
NOTIFICATION PROCEDURES:
Requests by individuals concerning the existence of a record may be
submitted in writing, addressed to the system manager above. The
request must comply with the requirements of 22 CFR 707.21.
RECORD ACCESS PROCEDURES:
Same as above.
CONTESTING RECORD PROCEDURES:
Requests by individuals to amend their record must be submitted in
writing, addressed to the system manager above. Requests for amendments
to records and requests for review of a refusal to amend a record must
comply with the requirements of 22 CFR 707.23.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
HISTORY:
Not Applicable.
SYSTEM NAME AND NUMBER:
Payroll, Time and Attendance, Retirement, and Leave Records, DFC/
03.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
1100 New York Avenue NW, Washington, DC 20527.
SYSTEM MANAGER(S):
Business System Owner: Vice President and Chief Administrative
Officer, U.S. International Development Finance Corporation, 1100 New
York Avenue NW, Washington, DC 20527; Phone: (202) 336-8400.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 5101, et seq., Government Organization and Employees; 31
U.S.C. 3512, et seq., Executive Agency Accounting and Other Financial
Management Reports and Plans; 31 U.S.C. 1101, et seq., the Budget and
Fiscal, Budget, and Program Information; 5 CFR part 293, subpart B,
Personnel Records Subject to the Privacy Act; 5 CFR part 297, Privacy
Procedures for Personnel Records; Executive Order 9397 as amended by
Executive Order 13478, relating to Federal Agency Use of Social
Security Numbers; and Public Law 101-576 (Nov. 15, 1990), the Chief
Financial Officers (CFO) Act of 1990.
PURPOSE(S) OF THE SYSTEM:
The primary purpose of the system is to manage personnel and
payroll functions; ensure proper payment for salary and benefits; track
time and attendance, leave, and other absences for reporting and
compliance purposes; and facilitate reporting requirements to other
Federal agencies, including the Department of the Treasury and OPM, for
payroll, tax, and human capital management purposes.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals covered by the system include current and former DFC
employees, emergency workers, volunteers, contractors, and applicants
for Federal employment. This system may also include limited
information regarding employee spouses, dependents, emergency contacts,
beneficiaries, or estate trustees who meet the definition of
``individual'' as defined in the Privacy Act.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system maintains records including: (1) Employee Biographical
and Employment Information: Employee name, other names used,
citizenship, gender, date of birth, age, group affiliation, marital
status, SSN, truncated SSN, legal status, place of birth, records
related to position, occupation, duty location, security clearance,
financial information, medical information, disability information,
education information, driver's license, race, ethnicity, personal or
work telephone number, personal and work email address, military status
and service, home or mailing address, TIN, bank account information,
professional licensing and credentials, family relationships,
involuntary debt
[[Page 43215]]
(garnishments or child support payments), employee common identifier
(ECI), organization code, user identification, and any other employment
information; (2) Third-Party Information: Spouse information, emergency
contact, beneficiary information, savings bond co-owner name(s) and
information, and family members and dependents information; (3) Salary
and Benefits Information: Salary data, retirement data, tax data,
deductions, health benefits, allowances, union dues, insurance data,
Flexible Spending Account, Thrift Savings Plan information and
contributions, pay plan, payroll records, awards, court order
information, back pay information, debts owed to the government as a
result of overpayment, refunds owed, or a debt referred for collection
on a transferred employee or emergency worker; and (4) Timekeeping
Information: Time and attendance records and leave records. This system
may also contain correspondence, documents, and other information
required to administer payroll, leave, and related functions.
RECORD SOURCE CATEGORIES:
Information is obtained from individuals on whom the records are
maintained, official personnel records of individuals on whom the
records are maintained, supervisors, timekeepers, previous employers,
the Internal Revenue Service and state tax agencies, the Department of
the Treasury, other Federal agencies, courts, state child support
agencies, employing agency accounting offices, and third-party benefit
providers.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the records or
information maintained in this system may be disclosed to authorized
entities outside DFC for purposes determined to be relevant and
necessary as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To DOJ, including Offices of the U.S. Attorneys, or other
Federal agency conducting litigation or in proceedings before any
court, adjudicative, or administrative body, when it is relevant or
necessary to the litigation and one of the following is a party to the
litigation or has an interest in such litigation: (1) DFC or any
component of DFC; (2) Any DFC employee or former employee acting in his
or her official capacity; (3) Any DFC employee or former employee
acting in his or her individual capacity when DFC or DOJ has agreed to
represent that employee or pay for private representation of the
employee; or (4) The United States Government or any agency thereof,
when DFC determines that DFC is likely to be affected by the
proceeding.
B. To the Department of the Treasury or other Federal agency as
required for payroll purposes, for preparation of payroll and other
checks and electronic funds transfers to Federal, State, and local
government agencies, non-governmental organizations, and individuals.
C. To the Department of the Treasury, Internal Revenue Service, and
state and local tax authorities for which an employee is or was subject
to tax regardless of whether tax is or was withheld in accordance with
Treasury Fiscal Requirements, as required.
D. To OPM or its contractors in connection with programs
administered by that office, including, but not limited to, the Federal
Long-Term Care Insurance Program, the Federal Dental and Vision
Insurance Program, the Flexible Spending Accounts for Federal Employees
Program, and the electronic Human Resources Information Program.
E. To another Federal agency to which an employee or DFC emergency
worker has transferred or to which a DFC volunteer transfers in a
volunteer capacity.
F. To any criminal, civil, or regulatory law enforcement authority
(whether Federal, state, territorial, local, tribal or foreign) when a
record, either alone or in conjunction with other information,
indicates a violation or potential violation of law--criminal, civil,
or regulatory in nature, and the disclosure is compatible with the
purpose for which the records were compiled.
G. To a congressional office in response to a written inquiry that
an individual covered by the system, or the heir of such individual if
the covered individual is deceased, has made to the office.
H. To Federal, state, or local agencies where necessary to enable
the employee's, DFC emergency worker's, or DFC volunteer's agency to
obtain information relevant to the hiring or retention of that
employee, DFC emergency worker, or DFC volunteer, or the issuance of a
security clearance, contract, license, grant, or other benefit.
I. To appropriate Federal and state agencies to provide reports
including data on unemployment insurance.
J. To the Social Security Administration to credit the employee or
emergency worker account for Old-Age, Survivors, and Disability
Insurance (OASDI) and Medicare deductions.
K. To officials of labor organizations recognized under 5 U.S.C.
Chapter 71 (Labor-Management Relations) for the purpose of providing
information as to the identity of DFC employees contributing union dues
each pay period and the amount of dues withheld from each contributor.
L. To employee or emergency worker associations to report dues
deductions.
M. To insurance carriers to report employee or DFC emergency worker
election information and withholdings for health insurance.
N. To charitable institutions when an employee designates an
institution to receive contributions through salary deduction.
O. To the Department of the Treasury, Internal Revenue Service, or
another Federal agency or its contractor, to disclose debtor
information solely to aggregate information for the Internal Revenue
Service to collect debts owed to the Federal Government through the
offset of tax refunds.
P. To any creditor Federal agency seeking assistance for the
purpose of that agency implementing administrative or salary offset
procedures in the collection of unpaid financial obligations owed the
United States Government from an individual.
Q. To any Federal agency where the individual debtor is employed or
receiving some form of remuneration for the purpose of enabling that
agency to collect debts on the employee's behalf by administrative or
salary offset procedures under the provisions of the Debt Collection
Act of 1982.
R. To the Department of the Treasury, Internal Revenue Service, and
state and local authorities for the purpose of locating a debtor to
collect a claim against the debtor.
S. To the Federal Retirement Thrift Investment Board's record
keeper, which administers the Thrift Savings Plan, to report
deductions, contributions, and loan payments.
T. To the Office of Child Support Enforcement, within the
Administration for Children and Families, within the Department of
Health and Human Services, for the purposes of locating individuals to
establish paternity; establishing and modifying orders of child
support; identifying sources of income; and for other child support
enforcement actions as required by the Personal Responsibility and Work
Opportunity Reconciliation Act of 1996.
U. To an expert, consultant, grantee, or contractor (including
employees of the contractor) of DFC who performs services requiring
access to these
[[Page 43216]]
records on DFC's behalf to carry out the purposes of the system,
including employment verifications, unemployment claims, W-2 processing
services, leave and earning statements, and 1095-C Affordable Care Act
statements.
V. To OPM Employee Express, which is an employee self-service
system, to initiate personnel and payroll actions and to obtain payroll
information.
W. To the Department of Labor for processing claims for employees,
emergency workers, or volunteers injured on the job or claiming
occupational illness.
X. To Federal agencies and organizations to support interfaces with
other systems operated by the Federal agencies for which the employee
or DOI emergency worker is employed, or the DFC volunteer is located,
for the purpose of avoiding duplication, increasing data integrity, and
streamlining government operations.
Y. To another Federal agency to provide information needed in the
performance of official duties related to reconciling or reconstructing
data files or to enable that agency to respond to an inquiry by the
individual to whom the record pertains.
Z. To NARA to conduct records management inspections under the
authority of 44 U.S.C. 2904 and 2906.
AA. To OMB during the coordination and clearance process in
connection with legislative affairs as mandated by OMB Circular A-19.
BB. To Federal, state, territorial, local, tribal, or foreign
agencies that have requested information relevant or necessary to the
hiring, firing, or retention of an employee or contractor, regarding
the issuance of a security clearance, license, contract, grant, or
other benefit.
CC. To state, territorial, and local governments, and tribal
organizations to provide information needed in response to court order
and/or discovery purposes related to litigation, when the disclosure is
compatible with the purpose for which the records were compiled.
DD. To the Department of the Treasury to recover debts owed to the
United States.
EE. To the news media and the public, with the approval of the
Public Affairs Officer in consultation with counsel and the Senior
Agency Official for Privacy (SAOP), where there exists a legitimate
public interest in the disclosure of the information or when disclosure
is necessary to preserve confidence in the integrity of DFC or is
necessary to demonstrate the accountability of DFC's officers,
employees, or individuals covered by the system, except to the extent
it is determined that release of the specific information in the
context of a particular case would constitute an unwarranted invasion
of personal privacy.
FF. To the Executive Office of the President in response to an
inquiry from that office made at the request of the subject of a record
or a third party on that person's behalf, or for a purpose compatible
with the reason for which the records are collected or maintained.
GG. To other Federal agencies and organizations to provide payroll
and personnel processing services under a shared service provider
cross-servicing agreement for purposes relating to DFC payroll and
personnel processing.
HH. To OPM, the Merit System Protection Board, Federal Labor
Relations Authority, or the Equal Employment Opportunity Commission
when requested in the performance of their authorized duties.
II. To state offices of unemployment compensation to assist in
processing an individual's unemployment, survivor annuity, or health
benefit claim, or for records reconciliation purposes.
JJ. To Federal Employees' Group Life Insurance or Health Benefits
carriers in connection with survivor annuity or health benefits claims
or records reconciliations.
KK. To any source from which additional information is requested by
DFC relevant to a DFC determination concerning an individual's pay,
leave, or travel expenses, to the extent necessary to identify the
individual, inform the source of the purpose(s) of the request, and
identify the type of information requested.
LL. To the Social Security Administration and the Department of the
Treasury to disclose pay data on an annual basis, and as necessary to
execute their statutory responsibilities for the effective
administration of benefits programs, payroll, and taxes.
MM. To a Federal agency or in response to a congressional inquiry
when additional or statistical information is requested relevant to a
Federal benefit or program, such as the DFC Transit Fare Subsidy
Program.
NN. To the Department of Health and Human Services for the purpose
of providing information on new hires and quarterly wages as required
under the Personal Responsibility and Work Opportunity Reconciliation
Act of 1996.
OO. To appropriate agencies, entities, and persons when: (1) DFC
suspects or has confirmed that there has been a breach of the system of
records; (2) DFC has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, DFC (including
its information systems, programs, and operations), the Federal
Government, or national security; and (3) the disclosure made to such
agencies, entities, and persons is reasonably necessary to assist in
connection with DFC's efforts to respond to the suspected or confirmed
breach or to prevent, minimize, or remedy such harm.
PP. To another Federal agency or Federal entity, when DFC
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in: (1) Responding
to a suspected or confirmed breach; or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
QQ. To an agency or organization for the purpose of performing
audit or oversight operations as authorized by law, but only such
information as is necessary and relevant to such audit or oversight
function.
RR. To a court, magistrate, or administrative tribunal, including
disclosures to opposing counsel in the course of discovery, pursuant to
appropriate court order or other judicial process in the course of
criminal, civil, or administrative litigation.
SS. In an appropriate proceeding before a court, grand jury, or
administrative or adjudicative body, when DOJ determines that the
records are arguably relevant to the proceeding; or in an appropriate
proceeding before an administrative or adjudicative body when the
adjudicator determines the records to be relevant to the proceeding.
TT. Disclosure pursuant to 5 U.S.C. 552a(b)(12). Disclosures may be
made from this system to consumer reporting agencies as defined in the
Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims
Act of 1966 (31 U.S.C. 3701(a)(3)).
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained in manual, microfilm, microfiche,
electronic, imaged, and computer printout form. Original input
documents are stored in standard office filing equipment and/or as
imaged documents on magnetic media at all locations which prepare and
provide input documents and information for data processing. Paper
records are maintained in file folders stored within locking filing
cabinets or
[[Page 43217]]
locked rooms in secured facilities with controlled access. Electronic
records are stored in computers, removable drives, storage devices,
electronic databases, and other electronic media under the control of
DFC.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records may be retrieved by employee name, SSN, TIN, ECI, birth
date, organizational code, or assigned person number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are maintained in accordance with OPM's Guide to
Recordkeeping; General Records Schedule (GRS) 1.0 ``Finance'' and GRS
2.0 ``Human Resources,'' which are approved by NARA. The system
generally maintains temporary records, and retention periods vary based
on the type of record under each item and the needs of the Agency.
Paper records are disposed of by shredding or pulping, and records
maintained on electronic media are degaussed or erased in accordance
with the applicable records retention schedule and NARA guidelines.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
During normal hours of operation, paper or micro format records are
maintained in locked file cabinets in secured rooms under the control
of authorized personnel. Information technology systems follow the
National Institute of Standards and Technology (NIST) privacy and
security standards developed to comply with the Privacy Act of 1974 as
amended, 5 U.S.C. 552a; the Paperwork Reduction Act of 1995, Public Law
104-13; the Federal Information Security Modernization Act of 2014,
Public Law 113-283, as codified at 44 U.S.C. 3551, et seq.; and the
Federal Information Processing Standard 199, Standards for Security
Categorization of Federal Information and Information Systems. Computer
servers on which electronic records are stored are located in secured
DFC facilities with physical, technical, and administrative levels of
security to prevent unauthorized access to the DFC network and
information assets. Security controls include encryption, firewalls,
audit logs, and network system security monitoring. Electronic data is
protected through user identification, passwords, database permissions,
and software controls. Access to records in the system is limited to
authorized personnel who have a need to access the records in the
performance of their official duties, and each person's access is
restricted to only the functions and data necessary to perform that
person's job responsibilities. System administrators and authorized
users for DFC are trained and required to follow established internal
security protocols and must complete all security, privacy, and records
management training, and sign DFC Rules of Behavior.
NOTIFICATION PROCEDURES:
Requests by individuals concerning the existence of a record may be
submitted in writing, addressed to the system manager above. The
request must comply with the requirements of 22 CFR 707.21.
RECORD ACCESS PROCEDURES:
Same as above.
CONTESTING RECORD PROCEDURES:
Requests by individuals to amend their record must be submitted in
writing, addressed to the system manager above. Requests for amendments
to records and requests for review of a refusal to amend a record must
comply with the requirements of 22 CFR 707.23.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
Not Applicable.
SYSTEM NAME AND NUMBER:
Staff Central; DFC/04.
SECURITY CLASSIFICATION:
Sensitive but Unclassified.
SYSTEM LOCATION:
1100 New York Avenue NW, Washington, DC 20527.
SYSTEM MANAGER(S):
Business System Owner: Vice President and Chief Administrative
Officer, U.S. International Development Finance Corporation, 1100 New
York Avenue NW, Washington, DC 20527; Phone: (202) 336-8400.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The system covers individuals who are current and former employees
of the DFC (including details, volunteers, and PSCs), as well as
industrial contractors.
CATEGORIES OF RECORDS IN THE SYSTEM:
These are (1) security records, including records indicating level
of building and network access, security badge number, and security
clearance level and adjudication date; (2) emergency contact
information records, including home address, phone number and email,
emergency contact person information, and whether they possess first-
aid or cardiopulmonary resuscitation (CPR) certification; (3)
transportation subsidy information, including commuting address,
commuting days, smart trip card number, and daily commuting expenses;
and (4) employee entry and exit process records, including signatures
and date stamps reflecting whether department employees have been
briefed on the government's classified information program, the
Corporation's security program, and the Corporation's records policies
and procedures; have been advised of, and fully understand, applicable
ethics provisions; and certifying that all required clearances for
entry onboard or release of the employee's final paycheck have been
obtained.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
General authority for agency records management is provided by 5
U.S.C. 301, Departmental Regulations, and 44 U.S.C. 3101, Records
Management by Agency Heads. Additional authority to maintain security
records is provided by 5 U.S.C. 3301, Examination, Selection and
Placement, E.O. 10450, Clearance for Federal Employment, April 17,
1953, as amended; E.O. 12968, Access to Classified Information, August
4, 1995. Additional authority to maintain emergency contact information
records is provided by Federal Preparedness Circular 65, Federal
Executive Branch Continuity of Operations (COOP), July 26, 1999; E.O.
12656, Assignment of Emergency Preparedness Responsibilities, November
18, 1988, as amended; and Presidential Decision Directive 67, Enduring
Constitutional Government and Continuity of Government Operations,
October 21, 1998. Additional authority to maintain employee exit
process records is provided by E.O. 12958, Classified National Security
Information, April 17, 1995; 32 CFR 2003.20, Classified Information
Non-Disclosure Agreement: SF-312; 5 CFR part 2637, Regulations
Concerning Post Employment Conflicts of Interest; and Pub. L. l104-134,
Debt Collection Improvement Act of 1996.
PURPOSE(S):
These records are used (1) as an easy reference record to determine
the suitability and/or eligibility of employees and contractors for
access to facilities, information systems, and classified information;
(2) to account for and/or communicate with employees and contractors or
their designees in the event of an emergency or disaster; (3) to
process existing employees and contractors when their tenure with the
[[Page 43218]]
DFC ends; and (4) to maintain a record of all debriefings and completed
exit procedures for former employees.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
Security records are used (1) by the DFC human resources and
security managers to check the status, level, and date received of
security clearances, and (2) by the DFC departmental security officers
to confirm that employees who require access to classified information
have the appropriate level of security clearance. Emergency contact
information records are used by (1) the DFC human resources and
security managers to notify an employee's designee of an emergency that
affects the employee or to account for an employee's whereabouts,
especially in the event of a disaster; (2) the DFC human resources
managers to communicate with an employee's designee regarding survivor
benefits or other benefits or employment information in the event an
employee becomes incapacitated or dies; and (3) the DFC security
managers for emergency management or continuity of operations purposes.
Employee exit process records are used by the DFC Agency managers to
(1) verify that all departing employees have completed the checkout
process and returned government property to the DFC, (2) ensure the
security of the DFC-related information, (3) ensure that employees are
briefed concerning postemployment restrictions; and (4) certify that
all required clearances for release of the employee's final paycheck
have been obtained. The DFC may disclose information contained in a
record in this system of records under the routine uses listed in this
notice without the consent of the individual if the disclosure is
compatible with the purposes for which the record was collected.
Disclosures may be made as follows: (1) In the event that information
in this system of records indicates, either on its face or in
connection with other information, a violation or potential violation
of any applicable statute, regulation, or order of a competent
authority, the DFC may disclose the relevant records to the appropriate
agency, whether Federal, state, or local, charged with the
responsibility of investigating or prosecuting that violation and/or
charged with enforcing or implementing the statute, executive order,
rule, regulation, or order issued pursuant thereto; (2) in a proceeding
before a court or adjudicative body before which the DFC is authorized
to appear when any of the following is a party to litigation or has an
interest in litigation and information in this system is determined by
the DFC to be arguably relevant to the litigation: The DFC; any DFC
employee in his or her official capacity, or in his or her individual
capacity where DOJ agrees to represent the employee; or the United
States where the DFC determines that the litigation is likely to affect
it; (3) to a court, a magistrate, administrative tribunal, or other
adjudicatory body in the course of presenting evidence or argument,
including disclosure to opposing counsel or witnesses in the course of
civil discovery, litigation, or settlement negotiations, or in
connection with criminal law proceedings; (4) to a Member of Congress
or staff acting upon the Member's behalf when the Member or staff
requests the information on behalf of, and at the written request of,
the individual who is the subject of the record; (5) to another Federal
agency or other public authority, in connection with the hiring or
retention of an employee or other personnel action; the issuance of a
security clearance; the reporting of an investigation of an employee;
the letting of a contract; or the issuance of a license, grant, or
other benefit, to the extent that the record is relevant and necessary
to the receiving entity's decision on the matter; (6) to NARA and to
GSA in records management inspections conducted under the authority of
44 U.S.C. 2904 and 2906; (7) to the employees of entities with which
the DFC contracts for the purposes of performing any function that
requires disclosure of records in this system. Before entering into
such a contract, the DFC shall require the contractor to maintain
Privacy Act safeguards as required under 5 U.S.C. 552a(m) with respect
to the records in the system.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are stored in paper and electronic form.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records related to post-employment conflict of interest debriefings
are retained for six years following separation from employment. All
other records are retained for one year, unless authorized, following
separation from employment or contractual relationship with the DFC.
All records are destroyed pursuant to existing General Records
Schedules and the DFC's records disposition schedules.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Access to records in this system is controlled and managed pursuant
to applicable policies and rules, including OPM's Information and
Security & Privacy Policy. These records and the technical hardware
containing these records are maintained on premises in areas designated
as restricted access. The use of password protection, system
authentication, and other system protection methods also provides
additional safeguards to restrict access. System access and access to
the records contained within the system are limited to those
individuals who have an official need for system access in order to
perform their official responsibilities and duties.
NOTIFICATION PROCEDURES:
Requests by individuals concerning the existence of a record may be
submitted in writing, addressed to the system manager above. The
request must comply with the requirements of 22 CFR 707.21.
RECORD ACCESS PROCEDURES:
Same as above.
CONTESTING RECORD PROCEDURES:
Requests by individuals to amend their record must be submitted in
writing, addressed to the system manager above. Requests for amendments
to records and requests for review of a refusal to amend a record must
comply with the requirements of 22 CFR 707.23.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
Not Applicable.
SYSTEM NAME AND NUMBER:
FedTalent, DFC/05.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
1100 New York Avenue NW, Washington, DC 20527.
SYSTEM MANAGER(S):
Business System Owner: Vice President and Chief Administrative
Officer, U.S. International Development Finance Corporation, 1100 New
York Avenue NW, Washington, DC 20527; Phone: (202) 336-8400. System
Owner: DFC has entered into an agreement with the Department of the
Interior (DOI), Interior Business Center (IBC), a Federal agency shared
service provider, to host the FedTalent System on behalf of the
[[Page 43219]]
DFC. DFC will retain ownership and control over its own data.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 4101, et seq., Government Organization and Employee
Training; 5 U.S.C. 1302, 2951, 4118, 4506, 3101; 43 U.S.C. 1457; Title
VI of the Civil Rights Act of 1964 as amended (42 U.S.C. 2000d);
Executive Order 11348, Providing for Further Training of Government
Employees, as amended by Executive Order 12107, Relating to Civil
Service Commission and Labor Management in Federal Service; 5 CFR 410,
Subpart C, Establishing and Implementing Training Programs; Americans
with Disabilities Act (42 U.S.C. 12101); and the E-Government Act of
2002 (44 U.S.C. 3501, et seq.).
PURPOSE(S) OF THE SYSTEM:
The primary purposes of the system are to: (1) Manage training and
learning programs; (2) plan and facilitate training courses including
outreach, registration, enrollment, and payment; (3) maintain and
validate training records for certification and mandatory compliance
reporting; (4) meet Federal training statistical reporting
requirements; (5) maintain class rosters and transcripts for course
administrators, students, and learners; and (6) generate budget
estimates for training requirements.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The system covers the following categories of individuals: (1) DFC
employees, contractors, interns, emergency workers, volunteers, and
appointees who receive training related to their official duties,
whether or not sponsored by DFC divisions and offices; and (2) non-DFC
individuals who participate in DFC-sponsored training and educational
programs, or participate in DFC-sponsored meetings and activities
related to training and educational programs. Non-DFC individuals may
include individuals from other Federal, state, or local agencies,
private or not-for-profit organizations, universities and other
schools, and members of the public.
CATEGORIES OF RECORDS IN THE SYSTEM:
Training, educational, and learning management records may include
course registration, attendance rosters, and course information
including course title, class name, objectives, description, and who
should attend; class status information including begin and end dates,
responsible class instructor, completion status, and certification
requirements; student transcripts (course(s) completed/not completed,
test scores, acquired skills); and correspondence, reports, and
documentation related to training, education, and learning management
programs. These records may contain: Name, SSN, employee common
identifier generated from the Federal Personnel and Payroll System
(FPPS), login username, password, agency or organization affiliation,
work or personal address, work or personal phone and fax number, work
or personal email address, gender, date of birth, organization code,
position title, occupational series, pay plan, grade level, supervisory
status, type of appointment, education level, duty station code,
agency, bureau, office, organization, supervisor's name and phone
number, date of Federal service, date of organization or position
assignment, date of last promotion, occupational category, race,
national origin, and adjusted basic pay. Records may also include
billing information such as responsible agency, TIN, DUNS number,
purchase order numbers, agency location codes, and credit card
information. Records maintained on non-DFC individuals are generally
limited to name, agency or organization affiliation, address, work and
personal phone and fax numbers, work and personal email addresses,
supervisor name and contact information, position title, occupational
series, and billing information. Note: Some of these records may also
become part of the OPM/GOVT-1, General Personnel Records system.
RECORD SOURCE CATEGORIES:
Information about DFC employees is obtained directly from
individuals on whom the records are maintained, supervisors, or
existing DFC records. Historical employee training records may be
obtained from other DFC learning management systems. Information from
non-DFC individuals who register or participate in DFC-sponsored
training programs is obtained from individuals through paper and
electronic forms. Information may also be obtained by another agency,
institution, or organization that sponsored the training event.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside the DFC
as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To release statistical information and training reports to other
organizations who are involved with the training.
B. To disclose information to other Government training facilities
(Federal, state, and local) and to non-Government training facilities
(private vendors of training courses or programs, private schools,
etc.) for training purposes.
C. To provide transcript information to education institutions upon
the student's request in order to facilitate transfer of credit to that
institution, and to provide college and university officials with
information about their students working in the Pathways Program,
Volunteer Service, or other similar programs necessary to a student's
obtaining credit for the experience.
D. To Federal, state, territorial, local, tribal, or foreign
agencies that have requested information relevant or necessary to the
hiring, firing, or retention of an employee or contractor, or the
issuance of a security clearance, license, contract, grant, or other
benefit, when the disclosure is compatible with the purpose for which
the records were compiled.
E. To an expert, consultant, grantee, or contractor (including
employees of the contractor) of the DFC who performs services requiring
access to these records on the DFC's behalf to carry out the purposes
of the system.
F. To share logistical or attendance information with partner
agencies (Government or non-Government) who, based on cooperative
training agreements, have a need to know.
G. To DOJ, including Offices of the U.S. Attorneys, or other
Federal agency conducting litigation or in proceedings before any
court, adjudicative, or administrative body, when it is relevant or
necessary to the litigation and one of the following is a party to the
litigation or has an interest in such litigation: (1) The DFC or any
component of the DFC; (2) any DFC employee or former employee acting in
his or her official capacity; (3) any DFC employee or former employee
acting in his or her individual capacity when the DFC or DOJ has agreed
to represent that employee or pay for private representation of the
employee; or (4) the United States Government or any agency thereof,
when DOJ determines that the DFC is likely to be affected by the
proceeding.
H. To a congressional office when requesting information on behalf
of, and at the request of, the individual who is the subject of the
record.
I. To an official of another Federal, state, or local government or
tribal
[[Page 43220]]
organization to provide information needed in the performance of
official duties related to reconciling or reconstructing data files, in
support of the functions for which the records were collected and
maintained, or to enable that agency to respond to an inquiry by the
individual to whom the record pertains.
J. To representatives of NARA to conduct records management
inspections under the authority of 44 U.S.C. 2904 and 2906.
K. To the Executive Office of the President in response to an
inquiry from that office made at the request of the subject of a record
or a third party on that person's behalf, or for a purpose compatible
with the reason for which the records are collected or maintained.
L. To any criminal, civil, or regulatory law enforcement authority
(whether Federal, state, territorial, local, tribal or foreign) when a
record, either alone or in conjunction with other information,
indicates a violation or potential violation of law--criminal, civil,
or regulatory in nature, and the disclosure is compatible with the
purpose for which the records were compiled.
M. To state, territorial, and local governments and tribal
organizations to provide information needed in response to court order
and/or discovery purposes related to litigation, when the disclosure is
compatible with the purpose for which the records were compiled.
N. To appropriate agencies, entities, and persons when: (1) The DFC
suspects or has confirmed that there has been a breach of the system of
records; (2) the DFC has determined that as a result of the suspected
or confirmed breach there is a risk of harm to individuals, the DFC
(including its information systems, programs, and operations), the
Federal Government, or national security; and (3) the disclosure made
to such agencies, entities, and persons is reasonably necessary to
assist in connection with DFC's efforts to respond to the suspected or
confirmed breach or to prevent, minimize, or remedy such harm.
O. To another Federal agency or Federal entity, when the DFC
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in: (1) Responding
to a suspected or confirmed breach; or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
P. To OMB during the coordination and clearance process in
connection with legislative affairs as mandated by OMB Circular A-19.
Q. To the news media and the public, with the approval of the
Public Affairs Officer in consultation with counsel and the SAOP, where
there exists a legitimate public interest in the disclosure of the
information, except to the extent it is determined that release of the
specific information in the context of a particular case would
constitute an unwarranted invasion of personal privacy.
R. To OPM to disclose information on employee general training,
including recommendations and completion, specialized training
obtained, participation in government-sponsored training, or training
history as required to provide workforce information for official
personnel files. The collection of training data supports OPM's
Government-wide reporting responsibilities and provides valuable input
into the evaluation of human capital programs at numerous levels of
Government. OPM's authority to require Federal agencies to report
training data can be found in Title 5 United States Code, Chapter 4107
and part 410 of Title 5, CFR.
S. Pursuant to 5 U.S.C. 552a(b)(12), records may be disclosed to
consumer reporting agencies as they are defined in the Fair Credit
Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act
of 1966 (31 U.S.C. 3701(a)(3)).
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are stored in systems, databases, electronic media on hard
disks, magnetic tapes, compact disks, and paper media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Information from this system is retrieved by either unique
identifying fields (e.g., student name or email address) or by general
category (e.g., course code, training location, class start date,
registration date, affiliation, mandatory training compliance and
payment status).
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained and disposed of as prescribed under the NARA
General Records Schedule. Non-mission employee training program records
are temporary and destroyed when three years old, or three years after
superseded or obsolete, whichever is appropriate, but longer retention
is authorized if required for business use. Individual employee
training records are destroyed when superseded, three years old, or one
year after employee separation, whichever comes first, but longer
retention is authorized if required for business use. Ethics training
records are destroyed when six years old or when superseded, whichever
is later, but longer retention is authorized if required for business
use.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
During normal hours of operation, paper or micro format records are
maintained in locked file cabinets in secured rooms under the control
of authorized personnel. Information technology systems follow the NIST
privacy and security standards developed to comply with 43 CFR 2.226,
the Privacy Act of 1974 as amended, 5 U.S.C. 552a; the Paperwork
Reduction Act of 1995, Public Law 104-13; the Federal Information
Security Modernization Act of 2014, Public Law 113-283, as codified at
44 U.S.C. 3551, et seq.; and the Federal Information Processing
Standard 199, Standards for Security Categorization of Federal
Information and Information Systems. Access to records in this system
is controlled and managed pursuant to applicable policies and rules,
including OPM's Information and Security & Privacy Policy. These
records and the technical hardware containing these records are
maintained on premises in areas designated as restricted access. The
use of password protection, system authentication, and other system
protection methods also provides additional safeguards to restrict
access. System access and access to the records contained within the
system are limited to those individuals who have an official need for
system access in order to perform their official responsibilities and
duties.
NOTIFICATION PROCEDURES:
Requests by individuals concerning the existence of a record may be
submitted in writing, addressed to the system manager above. The
request must comply with the requirements of 22 CFR 707.21.
RECORD ACCESS PROCEDURES:
Same as above.
CONTESTING RECORD PROCEDURES:
Requests by individuals to amend their record must be submitted in
writing, addressed to the system manager above. Requests for amendments
to records and requests for review of a refusal to amend a record
[[Page 43221]]
must comply with the requirements of 22 CFR 707.23.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
Not Applicable.
SYSTEM NAME AND NUMBER:
Directors (Current and Former), DFC/06.
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
U.S. International Development Finance Corporation, 1100 New York
Avenue NW, Washington, DC 20527.
SYSTEM MANAGER(S):
Corporate Secretary, U.S. International Development Finance
Corporation, 1100 New York Avenue NW, Washington, DC 20527; Phone:
(202) 336-8400.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 301, Departmental Regulations; and 44 U.S.C. 3101, Records
Management by Agency Heads.
PURPOSE(S) OF THE SYSTEM:
These records are used to track appointments to the Corporation's
Board of Directors, and to maintain biographical information on Board
Members to share among the groups identified under routine uses.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The categories of individuals covered by this system are identified
as private and public sector members of DFC's Board of Directors, both
current and former.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system contains (1) biographies of Board members; (2)
photographs of Board members; (3) notices of commission dates or other
types of appointment notices; (4) copies of Federal Register notices
relating to members; and (5) resignation notices.
RECORD SOURCE CATEGORIES:
Information is obtained from individuals on whom the records are
maintained.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
Information may be used to distribute to the general public,
communications media, the Board of Directors, and employees of the
Corporation general biographical information on Board Members.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are stored in file folders. Biographies of Board Members
may be kept on the Corporation's internet web server and made available
to the public at www.dfc.gov.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Hard copy files are indexed alphabetically by surname. Electronic
files are maintained on the Corporation's computer network.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained permanently.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Access to records is limited to DFC employees who have an official
need for the records. Internal procedures governing the use, transfer,
and photocopying of the records have been established. Records in the
system are maintained in a file cabinet located in the Corporate
Secretary's Office. The office is locked each evening. Electronic
records are protected from unauthorized access through password
identification procedures and other system-based protection methods.
NOTIFICATION PROCEDURES:
Requests by individuals concerning the existence of a record may be
submitted in writing, addressed to the system manager above. The
request must comply with the requirements of 22 CFR 707.21.
RECORD ACCESS PROCEDURES:
Same as above.
CONTESTING RECORD PROCEDURES:
Requests by individuals to amend their record must be submitted in
writing, addressed to the system manager above. Requests for amendments
to records and requests for review of a refusal to amend a record must
comply with the requirements of 22 CFR 707.23.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
Not Applicable.
SYSTEM NAME AND NUMBER:
Freedom of Information Act (FOIA) Requests and Appeals, DFC/07.
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
U.S. International Development Finance Corporation, 1100 New York
Avenue NW, Washington, DC 20527.
SYSTEM MANAGER(S):
FOIA Director, Office of the General Counsel, U.S. International
Development Finance Corporation, 1100 New York Avenue NW, Washington,
DC 20527; Phone: (202) 336-8400.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 552.
PURPOSE(S) OF THE SYSTEM:
The records are used to respond to FOIA requests and appeals
pursuant to 5 U.S.C. 552.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The categories of individuals covered by this system are identified
as individuals requesting information under FOIA.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system contains letters, correspondence, relevant data provided
or referenced and responses to FOIA requests and appeals.
RECORD SOURCE CATEGORIES:
Information is obtained from individuals requesting information
under FOIA, as well as assigned DFC attorneys or other pertinent DFC
employees generating responses.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
Information may be used to (1) process individuals' FOIA requests;
(2) provide a record of communications between the requester and the
Corporation; (3) ensure that all relevant, necessary, and accurate data
are available to support any process for appeal; and (4) prepare annual
reports to DOJ as required by FOIA.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
The records are stored in electronic format on the Agency's
network.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Files are indexed (1) numerically by fiscal year and the order they
are received and (2) tagged with the name of the requester. Staff
retrieves request files by both labels.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained: (1) For two years from the date of DFC's
final response in cases where no adverse determination is
[[Page 43222]]
made; (2) for six years from the date of DFC's response in cases where
an adverse determination is made or the response to an appeal in cases
where an appeal is filed; or (3) for six years from the date of the
court's final order in cases involving litigation.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
The Agency's network complies with Federal security requirements
and the FOIA files are locked to anyone not on the FOIA Office staff.
NOTIFICATION PROCEDURES:
Requests by individuals concerning the existence of a record may be
submitted in writing, addressed to the system manager above. The
request must comply with the requirements of 22 CFR 707.21.
RECORD ACCESS PROCEDURES:
Same as above.
CONTESTING RECORD PROCEDURES:
Requests by individuals to amend their record must be submitted in
writing, addressed to the system manager above. Requests for amendments
to records and requests for review of a refusal to amend a record must
comply with the requirements of 22 CFR 707.23.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
Not Applicable.
SYSTEM NAME AND NUMBER:
Executive Photographs, DFC/08.
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
U.S. International Development Finance Corporation, 1100 New York
Avenue NW, Washington, DC 20527.
SYSTEM MANAGER(S):
Vice President, Office of External Affairs, U.S. International
Development Finance Corporation, 1100 New York Avenue NW, Washington,
DC 20527; Phone: (202) 336-8400.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 301, Departmental Regulations; and 44 U.S.C. 3101, Records
Management by Agency Heads.
PURPOSE(S) OF THE SYSTEM:
Photographs of Agency top leadership are retrieved by name to use
in internal and external communications to publicize the Agency's
mission and activities.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The categories of individuals covered by this system are identified
as past and current Chief Executive Officers and Executive Vice
Presidents, to include any officials in an acting capacity.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system contains (1) portrait shots and (2) candid shots of the
relevant individuals taken while performing official functions or while
involved in DFC-sponsored activities.
RECORD SOURCE CATEGORIES:
Photographs are taken by employees or agents of the Agency, or by
third parties and submitted to the Agency for review by Agency staff
before inclusion in the system.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
Photographs are used (1) in releases to local, national, and
international communications media, (2) as communication material at
conferences and speaking engagements where Agency staff participate in
their official capacity, (3) to provide background information on the
individuals, including public biographies, via the Agency's website,
(4) in social media and other online postings regarding the activities
of the individuals in their official capacity, and (5) in the Agency's
publications.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Photographs are kept in electronic format on the network drive of
the Agency's Office of External Affairs.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Photographs are stored in an electronic file organized by the name
of the individual. When a photograph is required, a staff member will
access the electronic file for the relevant individual and retrieve an
appropriate photograph from those available.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are updated as needed and retained until no longer needed
for business use.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Access to records is limited to DFC employees who have an official
need for the records. Electronic records are protected from
unauthorized access through password identification procedures and
other system-based protection methods.
NOTIFICATION PROCEDURES:
Requests by individuals concerning the existence of a record may be
submitted in writing, addressed to the system manager above. The
request must comply with the requirements of 22 CFR 707.21.
RECORD ACCESS PROCEDURES:
Same as above.
CONTESTING RECORD PROCEDURES:
Requests by individuals to amend their record must be submitted in
writing, addressed to the system manager above. Requests for amendments
to records and requests for review of a refusal to amend a record must
comply with the requirements of 22 CFR 707.23.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
Not Applicable.
Dated: July 13, 2020.
Mark Rein,
Chief Information Officer.
[FR Doc. 2020-15398 Filed 7-15-20; 8:45 am]
BILLING CODE 3210-02-P