AGENCY:

Agency for International for Development (USAID).

ACTION:

Notice of new privacy act system of records.

SUMMARY:

The Agency for International Development (USAID) proposes to establish a new system of records titled, “USAID–38: Responsibility, Safeguarding, and Compliance Case Management System (RSC CMS)” subject to the Privacy Act of 1974, as amended. The purpose of publishing this notice is to meet federal requirements and promote consistent maintenance of USAID RSC CMS records. The new system is a dedicated incident and case management system which will contain records that capture reports of misconduct allegations and issues related to USAID programming and supports USAID's ability to monitor and respond to misconduct.

DATES:

Submit comments on or before March 11, 2024. This new system of records will be effective upon publication. The Routine Uses are effective at the close of the comment period.

ADDRESSES:

You may submit comments:

Electronic

• Federal eRulemaking Portal:https://www.regulations.gov. Follow the instructions on the website for submitting comments.

• Email: Privacy@usaid.gov.

Paper

• Fax: 202–916–4946.

• Mail: Chief Privacy Officer, United States Agency for International Development, 1300 Pennsylvania Avenue NW, Washington, DC 20523.

FOR FURTHER INFORMATION CONTACT:

Ms. Celida A. Malone, USAID Privacy Program at United States Agency for International Development, Bureau for Management, Office of the Chief Information Officer, Information Assurance Division: ATTN: USAID Privacy Program, 1300 Pennsylvania Avenue, NW, Washington, DC 20523, or by phone number at 202–916–4605.

SUPPLEMENTARY INFORMATION:

USAID proposes to establish a new System of Records subject to the Privacy Act of 1974, 5 U.S.C. 552a. The new system, Responsibility, Safeguarding, and Compliance Case Management System (RSC CMS), is a dedicated incident and case management system which will contain records that capture reports of misconduct allegations and issues from all partner types, including grantees, contractors, public international organizations, and sub awardees. This collection supports USAID's ability to monitor and respond to allegations of any partners engaging in misconduct and prohibited activities. RSC CMS will provide a coordinated, streamlined, and consistent mechanism for the Agency to receive, track and respond to allegations of misconduct consistent with the statutory authorities for the collection. This system will assist USAID in documenting, recording and responding to safeguarding allegations and managing administrative actions, such as suspension and debarment proceedings, related to misconduct allegations of all types, including fraud, waste, and abuse. The system will also assist USAID in tracking and documenting USAID's assistance appeal resolution process that gives implementing partners the right to appeal an Agreement Officer's final decision.

Dated: November 9, 2023

Mark Joseph Johnson,

Chief Privacy Officer, United States Agency for International Development.

SYSTEM NAME AND NUMBER:

USAID–38, Responsibility, Safeguarding, and Compliance Case Management System (RSC CMS).

SECURITY CLASSIFICATION:

Sensitive But Unclassified. Start Printed Page 9114

SYSTEM LOCATION:

USAID AWS East for ServiceNow MID Servers (AWS US–EAST–1): 7600 Doane Drive, Manassas VA, 20109); and ServiceNow's data centers (primary in Culpepper, VA and alternate in Miami, FL) for ServiceNow SaaS/PaaS.

SYSTEM MANAGER(S):

Position: Compliance Division Chief.

Office: Bureau for Management/Management Policy, Budget, and Performance/Compliance (M/MPBP/COMP).

Email: disclosures@usaid.gov.

Address: 500 D Street SW, Washington DC, 20024.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM

Foreign Assistance Act of 1961, as amended. Executive Order 12549, 2 CFR part 180, 2 CFR 200.342 and 700.14, 2 CFR subtitle A, chapter I, parts 175, 180, 182, and 183. 2 CFR subtitle A, chapter I, parts 175, 180, 182, and 183.

PURPOSE(S) OF THE SYSTEM:

Responsibility, Safeguarding, and Compliance Case Management System (RSC CMS) is a comprehensive system which will be used to, record, investigate, track, respond to and report on allegations of misconduct including sexual exploitation and abuse (SEA), trafficking in persons (TIP), and child abuse, exploitation, and neglect (CAEN) allegations that USAID (“Agency”) receives. The RSC CMS is a dedicated incident and case management module to support a coordinated, streamlined, and consistent response to all misconduct allegations and issues from all partner types, including grantees, contractors, public international organizations, and sub awardees. The RSC CMS will contain information needed to track and take administrative actions, such as suspension and debarment, in response to misconduct allegations of all types, including safeguarding violations and allegations of fraud, waste, and abuse. It will also contain information related to USAID's assistance appeal resolution process that gives implementing partners the right to appeal an Agreement Officer's final decision.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM

The System of Records covers individuals related to current, former and prospective deal participants (individuals and businesses), applicants, USAID employees, contractors, contractor employees, executives, managers, and personal and professional references associated with the deal applicants and participants; USAID's implementing partners, portfolio companies, service providers, participating United States Government (USG) Agency administrators, and certain other individuals associated, affiliated with or involved with USAID.

CATEGORIES OF RECORDS IN THE SYSTEM

This system consists of records created or compiled during suspension and debarment and other administrative actions, USAID Office of Inspector General referrals, and disclosures of misconduct including sexual exploitation and abuse; child exploitation, abuse and neglect; and trafficking in persons associated with partners supporting USAID programs. These records contain names, position titles, email addresses, physical addresses, email address, system account creation date and time, last login, IP address, and browser type.

RECORD SOURCE CATEGORIES

USAID implementing partners, the USAID Office of Inspector General, media, civil society organizations, witnesses, survivors, and USAID workforce.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the information contained in this system may be disclosed to authorized entities, as is determined to be relevant and necessary, outside USAID as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

(1) To coordinators of the various USAID business development and entrepreneurial events, such as training, outreach, marketing, and matchmaking activities.

(2) To an agency or organization, including the USAID's Office of Inspector General, for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.

(3) In the event of an indication of a violation or potential violation of law, whether civil, criminal or regulatory in nature, and whether arising by statute or particular program pursuant thereto, to the appropriate agency, whether federal, state, local, or foreign, charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing the statute, or rule, regulation or order involved.

(4) To a Federal, State, or local agency maintaining civil, criminal, or other relevant enforcement information or other pertinent information if necessary to obtain information relevant to an Agency decision concerning the hiring or retention of an employee; the issuance of a security clearance; the reporting of an investigation of an employee; the assignment, detail, or deployment of an employee; the letting of a contract; or the approval of a grant or other benefits.

(5) To provide information to a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of that individual.

(6) To a court, magistrate, or other administrative body in the course of presenting evidence, including disclosures to counsel or witnesses in the course of civil discovery, litigation, or settlement negotiations or in connection with criminal proceedings, when the USAID is a party to the proceeding or has a significant interest in the proceeding, to the extent that the information is determined to be relevant and necessary.

(7) To disclose information to officials of the Merit Systems Protection Board or the Office of the Special Counsel, when requested in connection with appeals, special studies of the civil service and other merit systems, review of OPM rules and regulations, investigations of alleged or possible prohibited personnel practices, and such other functions, e.g., as promulgated in 5 U.S.C. 1205 and 1206, or as may be authorized by law.

(8) To the National Archives and Records Administration for the purposes of records management inspections conducted under the authority of 44 U.S.C. 2904 and 2906.

(9) To disclose information to the Equal Employment Opportunity Commission when requested in connection with investigations into alleged or possible discrimination practices in the Federal sector, compliance by Federal agencies with the Uniform Guidelines on Employee Selection Procedures or other functions vested in the Commission and to otherwise ensure compliance with the provisions of 5 U.S.C. 7201.

(10) To appropriate agencies, entities, and persons when (a) USAID suspects or has confirmed that there has been a breach of the System of Records, (b) USAID has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, USAID (including its information systems, programs, and operations), the Federal Government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist with Start Printed Page 9115 USAID's efforts to respond to the suspected or confirmed breach and/or to prevent, minimize, or remedy such harm.

(11) To another Federal agency or Federal entity when USAID determines information from this System of Records is reasonably necessary to assist the recipient agency or entity in: (a) responding to a suspected or confirmed breach; or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

(12) To another agency or agent of a Government jurisdiction within or under the control of the U.S., lawfully engaged in national security or homeland defense when disclosure is undertaken for intelligence, counterintelligence activities (as defined by 50 U.S.C. 3003(3)), counterterrorism, homeland security, or related law enforcement purposes, as authorized by U.S. law or Executive Order.

(13) To either House of Congress, or, to the extent of matter within its jurisdiction, any committee or subcommittee thereof, any joint committee of Congress or subcommittee of any such joint committee.” 5 U.S.C. 552a(b)(9).

(14) To the Department of State and its posts abroad for the purpose of transmission of information between organizational units of the Agency, or for purposes related to the responsibilities of the Department of State in conducting United States foreign policy or protecting United States citizens, such as the assignment of employees to positions abroad, the reporting of accidents abroad, evacuation of employees and dependents, and other purposes for which officers and employees of the Department of State have a need for the records in the performance of their duties.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

All information contained in the System of Record is stored in electronic format. The data is encrypted at rest and in transit using Agency approved FIPS-compliant encryption solutions.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are retrieved by case identification number or by the name of the individual or organization that is the subject of a disclosure, referral, or administrative action. Users must be properly authenticated in the system to retrieve the data.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records are maintained and dispositioned in accordance with USAID Automated Directive System, Chapter 502 Records Management policy and the General Records Schedule/USAID Combined Records Disposition Schedules on a retention schedule of five years which are consistent with guidance established by the National Archives and Records Administration.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Technical, administrative, and physical security safeguards are implemented in accordance with the requirements of the Privacy Act, the Federal Information Security Modernization Act (FISMA), and USAID Automated Directive System privacy and security policies and system specific operating procedures. Detailed implementation descriptions are documented in the RSC CMS Privacy Impact Assessment and System Security Plan and include but are not limited to the following security controls to ensure the confidentiality and integrity of the data and records that are stored, processed, and transmitted: user awareness training, rules of behavior, and user agreements; logical and physical access; system and communications protections; identification and authentication; media protection; and audit and accountability controls. User access and roles are explicitly approved and assigned specific permissions to prevent, restrict, or allow individuals with the appropriate clearances and need to know access to the system and/or information only to the degree necessary in the performance of their official associated duties. These controls are monitored and assessed on a continuous basis to ensure the safeguards remain effective throughout the system and data lifecycles.

RECORD ACCESS PROCEDURES:

Under the Privacy Act, individuals may request access to records about themselves. These individuals must be limited to citizens of the United States or aliens lawfully admitted for permanent residence. If a Federal Department or Agency or a person who is not the individual who is the subject of the records, requests access to records about an individual, the written consent of the individual who is the subject of the records is required.

Individuals seeking access to information about themselves contained in this System of Records should address inquiries to the Bureau for Management, Office of Management Services, Information and Records Division (M/MS/IRD), USAID Annex—Room 2.4.0C, 1300 Pennsylvania Avenue NW, Washington, DC 20523. The requester may complete and sign a USAID Form 507–1, Certification of Identity Form or submit signed, written requests that should include the individual's full name, current address, telephone number and this System of Records Notice number. In addition, the requester must provide either a notarized statement or an unsworn declaration made in accordance with 28 U.S.C. 1746, in the following format:

If executed outside the United States: “I declare (or certify, verify, or state) under penalty of perjury under the laws of the United States of America that the foregoing is true and correct. Executed on (date). (Signature).”

If executed within the United States, its territories, possessions, or commonwealths: “I declare (or certify, verify, or state) under penalty of perjury that the foregoing is true and correct. Executed on (date). (Signature).”

CONTESTING RECORD PROCEDURES:

The USAID rules for accessing records, contesting contents, and appealing initial agency determinations are contained in 22 CFR part 212 or may be obtained from the program manager or system owner.

NOTIFICATION PROCEDURES:

Individuals seeking to determine if information about themselves is contained in this System of Records should address inquiries to the Bureau for Management, Office of Management Services, Information and Records Division (M/MS/IRD), USAID Annex—Room 2.4.0C, 1300 Pennsylvania Avenue NW, Washington, DC 20523. Individuals may complete and sign a USAID Form 507–1, Certification of Identity Form or submit signed, written requests that should include the individual's full name, current address, and telephone number. In addition, the requester must provide either a notarized statement or an unsworn declaration made in accordance with 28 U.S.C. 1746, in the following format:

If executed outside the United States: “I declare (or certify, verify, or state) under penalty of perjury under the laws of the United States of America that the foregoing is true and correct. Executed on (date). (Signature).”

If executed within the United States, its territories, possessions, or Start Printed Page 9116 commonwealths: “I declare (or certify, verify, or state) under penalty of perjury that the foregoing is true and correct. Executed on (date). (Signature).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

To the extent permitted under the Privacy Act of 1974, 5 U.S.C. 552a(k)(2), this system has been exempted from the provisions of the Privacy Act of 1974 that permit access and correction. However, USAID may, in its discretion, fully grant individual requests for access and correction if it determines that the exercise of these rights will not interfere with an interest that the exemption is intended to protect. The exemption from access is limited in some instances by law to information that would reveal the identity of a confidential source.

Pursuant to 5 U.S.C. 552a(k)(2), this system is exempt from the following provisions of the Privacy Act of 1974, subject to the limitations set forth in that subsection: 5 U.S.C. 552a (c)(3); (d); (e)(1); (e)(4)(G); (e)(4)(H); and (f)(2) through (5). Pursuant to 5 U.S.C. 552a(k)(5), this system is exempt from the following provisions of the Privacy Act, subject to the limitations set forth in that subsection: 5 U.S.C. 552a(c)(3) and (d).

HISTORY:

None.