AGENCY:

Millennium Challenge Corporation.

ACTION:

Notice of a new system of records.

SUMMARY:

The Millennium Challenge Corporation (MCC) proposes to add a new system of records to its inventory of records systems subject to the Privacy Act of 1974, as amended. This action complies with the requirements of the Privacy Act to publish in the Federal Register notice of MCCs intent to collect and maintain records.

DATES:

Comments must be received no later than November 30, 2022.

ADDRESSES:

Send written comments to the Millennium Challenge Corporation, ATTN: Christopher Ice, Chief Privacy Officer, Department of Administration and Finance, 1099 Fourteenth Street NW, Suite 700, Washington, DC 20005-3550.

FOR FURTHER INFORMATION CONTACT:

Christopher E. Ice, Chief Privacy Officer, Millennium Challenge Corporation, icece@mcc.gov, (202) 521-2652, or Miguel G. Adams, Deputy Privacy Officer, Millennium Challenge Corporation, adamsmg@mcc.gov, (202) 521-3574.

SUPPLEMENTARY INFORMATION:

MCC is giving notice of a system of records pursuant to the Privacy Act of 1974 (5 U.S.C. 552a) for the MCC Evidence Platform. This platform is used to disseminate the data and documentation produced by MCC-funded data activities. The records information collected is required for researchers to obtain or retain a benefit of accessing MCC-funded data managed and shared through a public-facing platform by University of Michigan's Interagency Consortium for Political and Social Research (ICPSR). To manage access to specific data that must be protected to maintain data respondent confidentiality, ICPSR acts as MCC's data steward. The information collection is used by ICPSR to review and vet data users requesting access to restricted-use data. The information collected includes: (i) Restricted Data Use Agreement (RDUA) signed by both the data user and a representative of their institution; (ii) Documentation of Institutional Review Board (IRB) approval or exemption; (iii) research proposal; (iv) name and contact information of all researchers at the institution who will have access to the data; (v) list of data sets requested and why needed; and (vi) CV/Resume/Biosketch for each user that will access the restricted-use data.

SYSTEM NAME AND NUMBER:

MCC-Evidence Platform. MCC-003.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Millennium Challenge Corporation—1099 Fourteenth Street NW, Suite 700, Washington, DC 20005-3550

ICPSR—330 Packard Street, Ann Arbor, MI 48104

SYSTEM MANAGER(S):

My H. Le, Director Digital Services, Millennium Challenge Corporation, lemh@mcc.gov, 202-521-3664.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

22 U.S.C. 7705, Chapter 84—Millennium Challenge.

PURPOSE(S) OF THE SYSTEM:

The system will:

• Store and share de-identified data for public-use—To directly replace the MCC Evaluation Catalog, the platform is the mechanism by which MCC shares data and documentation that is de-identified by MCC contractors, reviewed for clearance by the MCC Disclosure Review Board (DRB), and posted to the new platform.
• Store and share restricted-access data—Given promises of confidentiality and MCC's commitments to protecting the privacy of data activity participants, some data cannot be de-identified in a way that reduces re-identification risk and retains the usability of the data for accountability and learning objectives. In cases where limited data sharing is facilitated by the informed consent process, this data can be prepared for sharing through a restricted-access mechanism which carefully protects access to data for specific statistical analysis. The platform is the mechanism by which MCC shares restricted-access data through an ICPSR-managed Virtual Data Enclave (VDE) following preparation by MCC contractors, review by the MCC DRB, and deposit of the restricted-access data with ICPSR.
• Collects:

(i) Restricted Data Use Agreement (RDUA) signed by both the data user and a representative of their institution;

(ii) Documentation of Institutional Review Board (IRB) approval or exemption;

(iii) Research proposal;

(iv) Name and contact information of all researchers at the institution who will have access to the data;

(v) List of data sets requested and why needed; and

(vi) CV/Resume/Biosketch—defining the qualifications the individual has to lead statistical analysis of the proposed research analysis. Start Printed Page 71688

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

• US Congress, staffers, and general public;
• Country partners; and
• Academic researchers, faculty, and students.

CATEGORIES OF RECORDS IN THE SYSTEM:

(i) Restricted Data Use Agreement (RDUA) signed by both the data user and a representative of their institution; (ii) Documentation of Institutional Review Board (IRB) approval or exemption; (iii) research proposal; (iv) name and contact information of all researchers at the institution who will have access to the data; (v) list of data sets requested and why needed; and (vi) CV/Resume/Biosketch—defining the qualifications the individual has to lead statistical analysis of the proposed research analysis.

RECORD SOURCE CATEGORIES:

From the individual.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed to authorized entities, as determined to be relevant and necessary, outside MCC as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

• Audits and oversight;
• Congressional inquiries;
• For investigations of potential violations of law;
• With the National Archives and Records Administration (NARA) for records management purposes; and
• For data breach and mitigation response.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

This system is electronically stored on a central computer database, hosted by ICPSR.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are retrievable by personal name, organizational affiliation name, or a combination of search functions.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

MCC retains records in accordance with the National Archives and Records Administration (NARA), General Records Schedule (GRS).

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

MCC safeguards the information in accordance with applicable laws, rules, and policies, including the Federal Information Security Modernization Act of 2014; OMB Circular A-130, Management of Federal Resources; and MCC policies and procedures. MCC protects records from unauthorized access through appropriate administrative, physical, and technical safeguards. These safeguards include restricting access to authorized personnel who have need-to-know, and the process of authentication using user identifications (IDs) and passwords that function as an identity and authentication method of access. Personnel with authorized access to the system have received training in the proper handling of Privacy Act information and in information security requirements for both paper copies and electronically stored information.

RECORD ACCESS PROCEDURES:

Individuals seeking knowledge of the system's records must submit a written request to the MCC Privacy Officer, at the above mailing address, clearly marked as “Privacy Act Request” on the envelope and letter. The request must include the requestor's full name, current address, the name or number of the system to be searched, and if possible, the record identification number. The request must be signed by either notarized signature or by signature under penalty of perjury under 28 U.S.C. 1746.

CONTESTING RECORD PROCEDURES:

Same as the Records Access Procedure above; the request should also clearly and concisely describe the information contested, the reasons for contesting it, and the proposed amendment sought, pursuant to 45 CFR 5b.7.

NOTIFICATION PROCEDURES:

Same as Records Access Procedures.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.