-
Start Preamble
AGENCY:
U.S. International Development Finance Corporation (DFC).
ACTION:
Notice of a new system of records.
SUMMARY:
The Better Utilization of Investments Leading to Development (BUILD) Act of 2018 created the U.S. International Development Finance Corporation (DFC) by bringing together the Overseas Private Investment Corporation (OPIC) and the Development Credit Authority (DCA) office of the U.S. Agency for International Development (USAID). Section 1466(a)-(b) of the Act provides that all completed administrative actions shall apply, while all pending proceedings shall continue, through the transition to the DFC. Accordingly, DFC is issuing a revised system of records modifying all the systems of records previously published under OPIC's authority.
DATES:
The systems are effective upon publication in today's Federal Register, with the exception of changes to the routine uses, which are effective August 17, 2020, unless we receive comments that result in a contrary determination.
ADDRESSES:
Written comments may be submitted by any of the following methods:
- Mail: Mark Rein, Office of the Chief Information Officer, U.S. International Development Finance Corporation, 1100 New York Avenue NW, Washington, DC 20527.
- Email: fedreg@dfc.gov.
Instructions: All submissions received must include the system name and number for the system to which the comments relate. Please note that all written comments received in response to this notice will be considered public records.
Start Further InfoFOR FURTHER INFORMATION CONTACT:
Chief Information Officer, Mark Rein, (202) 336-8404.
End Further Info End Preamble Start Supplemental InformationSUPPLEMENTARY INFORMATION:
I. Background: OPIC previously published System of Records Notices (SORN) at 64 FR 37152 (Jul. 9 1999), 69 FR 59279 (Oct. 4, 2004), 74 FR 16430 (Apr. 10, 2009), and 80 FR 30288 (May 27, 2015). These SORNs were transferred to DFC under the BUILD Act of 2018. In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, DFC proposes to: Delete OPIC-3 as this has been replaced by GSA/GOVT-7. Delete OPIC-7 as this has been replaced by OPM/GOVT-3. Delete OPIC-9 and OPIC-14 as these have been replaced by OPM/GOVT-1. Delete OPIC-17 as this has been replaced by GSA/GOVT-4. Delete OPIC-1, OPIC-14, OPIC-19, and OPIC-22 as these have been replaced by DFC/03. Delete OPIC-10 as this has been replaced by DFC/04. Delete OPIC-2, OPIC-5, OPIC-6, OPIC-8, OPIC-12, OPIC-13, OPIC-15, OPIC-16, OPIC-20, and OPIC-21 as these files are no longer maintained. OPIC-4 is renumbered DFC/04 and amended to include records previously covered by OPIC-10. OPIC-11 is renumbered DFC/07. OPIC-12 is renumbered DFC/08 and renamed Executive Photographs. OPIC-18 is renumbered DFC/06 and renamed Board of Directors. OPIC-22 is renumbered DFC/03. OPIC-23 is renumbered DFC/02. Add DFC/01, Oracle E-Business Suite (EBS) and DFC/05, FedTalent.
II. Privacy Act: The Privacy Act of 1974, as amended, embodies fair information practice principles in a statutory framework governing the means by which Federal agencies collect, maintain, use, and disseminate individuals' records. The Privacy Act applies to records about individuals; Start Printed Page 43211these records are maintained in a “system of records,” which refers to a group of any records under the control of an agency from which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to the individual. The Privacy Act defines an individual as a United States citizen or an alien lawfully admitted for permanent residence. Individuals may request access to their own records that are maintained in a system of records in the possession or under the control of the DFC by complying with Privacy Act regulations at 22 Code of Federal Regulations (CFR) Part 707 and following the procedures outlined in the Records Access, Contesting Record, and Notification Procedures sections of this notice. The Privacy Act requires each agency to publish in the Federal Register a description denoting the existence and character of each system of records that the agency maintains and the routine uses of each system. In accordance with 5 U.S.C. 552a(r), the DFC has provided a report of this system of records to the Office of Management and Budget (OMB) and to Congress. As this revision is significant, a full list of the Agency's systems of records is set forth below.
SYSTEM NAME AND NUMBER:
Oracle E-Business Suite (EBS), DFC/01.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
1100 New York Avenue NW, Washington, DC 20527.
SYSTEM MANAGER(S):
Business System Owner, Managing Director, Financial Management, U.S. International Development Finance Corporation, 1100 New York Avenue NW, Washington, DC 20527; Phone: (202) 336-8400. Technical System Owner, Business Information Systems Director, Office of the Chief Information Officer, U.S. International Development Finance Corporation, 1100 New York Avenue NW, Washington, DC 20527; Phone: (202) 336-8400.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Where applicable, electronic payments are required under Federal Acquisition Regulation 52.232-25. Electronic payments require a Taxpayer Identification Number (TIN) data element. Federal financial mandates and legal authorities govern financial management systems that support the collection of the information in EBS. These mandates and authorities include the Chief Financial Officers Act of 1990, Public Law 101-576, and the Federal Financial Management Improvement Act (FFMIA) of 1996, Public Law 104-208, as well as guidance issued by OMB: OMB Circular A-123, Management's Responsibility for Internal Control; OMB Memorandum 16-11, Improving Administrative Functions Through Shared Services; and OMB Memorandum 13-08, Improving Financial Systems Through Shared Services.
PURPOSE(S) OF THE SYSTEM:
The primary purpose of Oracle EBS is to function as the financial system of record for the Agency. It is the primary application employed to record all financial transactions related to the Agency's administrative business accounting and working capital budgets.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The categories of individuals and entities covered by this system are identified as Federal government agencies and institutions; state and local government agencies and institutions; domestic private individuals, entities, and institutions conducting business with the Agency; full- and part-time employees of the Agency; Personal Services Contractors (PSC); foreign government agencies and institutions; foreign private individuals, entities, and institutions conducting business with the Agency; and foreign entities and institutions who act as participants or intermediaries in financial transactions with the Agency.
CATEGORIES OF RECORDS IN THE SYSTEM:
Personally identifiable records that are stored in the system consist of individual or company names, points of contact, mailing addresses, remittance addresses, telephone numbers, contract/award numbers, email addresses, TIN, Social Security Numbers (SSN), Data Universal Numbering System (DUNS) numbers, and bank account information including routing numbers, account numbers, Society for Worldwide Interbank Financial Telecommunication (SWIFT) codes, International Bank Account Numbers (IBAN), and account titles.
RECORD SOURCE CATEGORIES:
Insight (Salesforce.com) (DFC/02): The Agency's back office software that collects data from external customers completing and submitting web-based business application electronic forms. Insight is DFC's back-office data collection system where business- and product specific information is processed. System for Award Management (SAM) (GSA/GOVT-9): The U.S. Government's official vendor portal where vendors self-maintain their business information. Carlson Wagonlit Sato Travel E2 Solutions System (E2) (GSA/GOVT-4): An electronic travel system that includes travel authorizations, travel vouchers, and miscellaneous reimbursements data that is directly received from the customer or employee.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside of DFC as a routine use under U.S.C. 552a(b)(3), as stated in the Notice and here for this modification. This modification includes a new routine use for the Do Not Pay initiative in compliance with Improper Payments, which is compatible with the following routine uses of this system of records of a financial management system: (1) The two required routine uses identified in OMB M-17-12 for notice and breach notification, which is compatible with the necessity of the government to deal with breaches; and (2) routine use for contractors, grantees, etc., and system support, which is compatible with the need of contractor support for Financial Systems. The other routine uses are compatible with the EBS system of records as a financial system. The routine use satisfies the compatibility requirement of the Privacy Act. The records or information contained therein may specifically be disclosed as a routine use, as stated below. The Agency will, when so authorized, make the determination as to the relevancy of a record prior to its decision to disclose:
A. To the Department of Treasury for Administering the Do Not Pay Initiative under the Improper Payments Elimination and Recovery Improvement Act of 2012 (IPERIA). As required by IPERIA, the Bipartisan Budget Act of 2013, and the Federal Improper Payments Coordination Act of 2015 (FIPCA), records maintained in this system will be disclosed to (a) a Federal or state agency, its employees, agents (including contractors of its agents) or contractors; or, (b) a fiscal or financial agent designated by the Bureau of Fiscal Service or other Department of the Treasury bureau or office, including employees, agents, or contractors of such agent; or, (c) a contractor of the Bureau of Fiscal Service, for the purpose of identifying, preventing, and Start Printed Page 43212recovering improper payments to an applicant for, or recipient of, Federal funds. Records disclosed under this routing use may be used to conduct computerized comparison to identify, prevent, and recover improper payments, and to identify and mitigate fraud, waste, and abuse in federal payments.
B. Disclosure for Enforcement, Statutory, and Regulatory Purposes. Information may be disclosed to the appropriate Federal, state, local, foreign, or self-regulatory organization or agency responsible for investigating, prosecuting, enforcing, implementing, issuing, or carrying out a statute, rule, regulation, order, policy, or license if the information may be relevant to a potential violation of civil or criminal law, rule, regulation, order, policy, or license.
C. Disclosure to Another Federal Agency When Requesting Information. Information may be disclosed to a Federal agency in the executive, legislative, or judicial branch of government in connection with the hiring, retaining, or assigning of an employee; the issuance of a security clearance; the conducting of a security or suitability investigation of an individual; the classifying of jobs; the letting of a contract; the issuance of a license, grant, or other benefits by the receiving entity; or the lawful statutory, administrative, or investigative purpose of the receiving entity to the extent that the information is relevant and necessary to the receiving entity's decision on the matter.
D. Disclosure to a Member of Congress and Congressional Inquiries. Information may be disclosed to a congressional office in response to an inquiry from the congressional office made at the request of the individual to whom the record pertains.
E. Disclosure to the Department of Justice (DOJ), a Court, an Adjudicative Body or Administrative Tribunal, or a Party in Litigation. Information may be disclosed to DOJ, a court, an adjudicative body or administrative tribunal, a party in litigation, or a witness if the Agency (or in the case of an Office of Inspector General (OIG) system, the OIG) determines, in its sole discretion, that the information is relevant and necessary to the matter.
F. Disclosure to the Merit Systems Protection Board (MSPB), the Office of Government Ethics (OGE), Equal Employment Opportunity Commission (EEOC), and Office of Special Counsel (OSC). Information may be disclosed to the EEOC, the MSPB, the OGE, or the OSC to the extent determined to be relevant and necessary to carrying out their authorized functions.
G. Disclosure to the EEOC, the Office of Personnel Management (OPM), or the Fair Labor Relations Authority (FLRA) In Response to a Formal Grievance, Complaint, or Appeal Filed by an Employee. Information may be disclosed to the EEOC, OPM, FLRA, or other agency grievance examiner, formal complaints examiner, arbitrator, or other duly authorized official engaged in the investigation or settlement of a grievance, complaint, or appeal filed by an employee.
H. Disclosure When Security or Confidentiality Has Been Compromised. Information may be disclosed when (1) it is suspected or confirmed that security or confidentiality of information has been compromised; (2) the Agency has determined that, as a result of the suspected or confirmed compromise, there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of the system or other systems or programs (whether maintained by the Agency or another agency or entity) that rely upon the compromised information; and (3) the disclosure is made to such agencies, entities, and persons who are reasonably necessary to assist in connection with the Agency's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.
I. Disclosure to Contractors, Agents, and Others. Information may be disclosed to contractors, agents, or others performing work on a contract, service, cooperative agreement, job, or other activity for the Agency and who have a need to access the information in the performance of their duties or activities for the Agency.
J. Disclosure to Any Source from Which Additional Information Is Requested During the Acquisition and Procurement Contract Lifecycle Management Process. Information may be disclosed in connection with the requisitioning, commitments, obligations, invoicing, travel expense reimbursements, and reimbursements to employees for local travel expenses and other ancillary expenses.
K. Disclosure of Information in Connection with Business Transaction Activities to a Federal Agency. Information may be disclosed to the Treasury Department via electronic file to enable processing of business payment and payable commitments for the life of each business transaction.
L. Disclosure of Information in Connection with Business Transaction Activities to a Federal Agency. Information may be disclosed to a Federal agency in connection with initial due diligence processes in assessing new business transaction proposals and as part of the improper payment risk mitigation process that occurs for the life of each business transaction.
M. Disclosure of Information to Another Federal Agency, a Court, or a Third Party. Information may be disclosed where the counterparty to a business transaction has not remitted agreed upon and contracted fees for an extended period of time.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are stored in paper and electronic form.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records can be retrieved by transaction record number, name, address, telephone numbers and other identifying information.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained and disposed of as prescribed under the National Archives and Records Administration (NARA) General Records Schedule. The information used to enter data into EBS is maintained for seven years. Paper records are disposed of by shredding or pulping, and records maintained on electronic media are degaussed or erased in accordance with the applicable records retention schedule and NARA guidelines.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Access to records in this system is controlled and managed pursuant to applicable policies and rules, including OPM's Information and Security & Privacy Policy. The use of password protection, system authentication, and other system protection methods also provides additional safeguards to restrict access. System access and access to the records contained within the system are limited to those individuals who have an official need for system access in order to perform their official responsibilities and duties.
NOTIFICATION PROCEDURES:
Requests by individuals concerning the existence of a record may be submitted in writing, addressed to the system manager above. The request must comply with the requirements of 22 CFR 707.21.
RECORD ACCESS PROCEDURES:
Same as above.Start Printed Page 43213
CONTESTING RECORD PROCEDURES:
Requests by individuals to amend their record must be submitted in writing, addressed to the system manager above. Requests for amendments to records and requests for review of a refusal to amend a record must comply with the requirements of 22 CFR 707.23.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
Not Applicable.
SYSTEM NAME AND NUMBER:
Salesforce Customer Relationship Management System (“Insight”); DFC/02.
SYSTEM CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The system is located in an Enterprise Government Cloud Service environment. The system is hosted at secured Salesforce General Services Administration (GSA) data centers (NA-21) located in Washington, DC and Chicago, IL; one site acts as the active host and the alternative site acts as the disaster recovery location operating under near-real time replication protocol.
SYSTEM MANAGER(S):
Business System Owner, Managing Director for Finance Program Systems and Procedures, U.S. International Development Finance Corporation, 1100 New York Avenue NW, Washington, DC 20527; Phone: (202) 336-8400. Technical Systems Owner, Business Information Systems Director, U.S. International Development Finance Corporation, 1100 New York Avenue NW, Washington, DC 20527; Phone: (202) 336-8400.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The system covers individuals representing, guaranteeing, sponsoring, owning, or managing a potential or actual DFC project under all DFC products. Information about these individuals is entered directly into the system by potential clients filling out application forms on the Agency's electronic forms web-portal or manually when DFC officers input data during a project's lifecycle.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system contains the information needed for processing Agency projects and contains information about individuals and other entities involved in those projects. Depending on the level of connection of an individual to the project, personal information on the individual may be maintained. This includes full name, date of birth, country of birth, citizenship, personally identifying number, address, contact information, and professional experience.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
BUILD Act, 22 U.S.C. 9601 et seq.; 44 U.S.C. 3101, et seq.
PURPOSE OF THE SYSTEM:
This system will facilitate project lifecycle management from project intake to project closeout for all DFC products. The information in the system will be used to administer the projects as necessary, including internally tracking and managing client contact information and the status (but not the detailed results) of Know Your Customer (KYC) due diligence performed on businesses and individuals associated with each project. Data from this system may also be used for evaluating the effectiveness of DFC's products and programs and improving upon them.
RECORD SOURCE CATEGORIES:
Information is collected directly from clients using a public-facing web portal which collects customer and project data from applicants. Direct input: Some account, contact, and project data are input directly by DFC officers in the course of keeping project records up to date. Oracle EBS (DFC/01): Pertinent financial data is sent to Insight to provide DFC officers with accessible information related to project status.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records of information contained therein may specifically be disclosed outside of the Agency. The records or information contained therein may specifically be disclosed as a routine use, as stated below. The Agency will, when so authorized, make the determination as to the relevancy of a record prior to its decision to disclose information under the following circumstances:
A. Disclosure for Enforcement, Statutory, and Regulatory Purposes. Information may be disclosed to the appropriate Federal, state, local, foreign, or self-regulatory organization or agency responsible for investigating, prosecuting, enforcing, implementing, issuing, or carrying out a statute, rule, regulation, order, policy, or license if the information may be relevant to a potential violation of civil or criminal law, rule, regulation, order, policy, or license.
B. Disclosure to a Member of Congress and Congressional Inquiries. Information may be disclosed to a congressional office in response to an inquiry from the congressional office made at the request of the individual to whom the record pertains.
C. Disclosure to DOJ, a Court, an Adjudicative Body or Administrative Tribunal, or a Party in Litigation. Information may be disclosed to DOJ, a court, an adjudicative body or administrative tribunal, a party in litigation, or a witness if the Agency (or in the case of an OIG system, the OIG) determines, in its sole discretion, that the information is relevant and necessary to the matter.
D. Disclosure When Security or Confidentiality Has Been Compromised. Information may be disclosed when (1) it is suspected or confirmed that security or confidentiality of information has been compromised; (2) the Agency has determined that, as a result of the suspected or confirmed compromise, there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of the system or other systems or programs (whether maintained by the Agency or another agency or entity) that rely upon the compromised information; and (3) the disclosure is made to such agencies, entities, and persons who are reasonably necessary to assist in connection with the Agency's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.
E. Disclosure to Contractors, Agents, and Others. Information may be disclosed to contractors, agents, or others performing work on a contract, service, cooperative agreement, job, or other activity for the Agency and who have a need to access the information in the performance of their duties or activities for the Agency.
F. Disclosure to Any Source from Which Additional Information Is Requested During Commitment of Payments. As needed, Insight automatically transfers information to Oracle EBS (DFC/01) to commit payments from DFC as part of the Agency's core business transactions.
G. Disclosure of Information in Connection with Loan Payments to a Federal Agency. As needed, authorized DFC personnel manually input disbursement records into Oracle and the Treasury portal to enable loan payments.Start Printed Page 43214
H. Disclosure of Information in Connection with Business Transaction Activities to a Federal Agency. Information may be disclosed to a Federal agency in connection with initial due diligence processes in assessing new business transaction proposals and as part of the improper payment risk mitigation process that occurs for the life of each business transaction.
I. Disclosure of Information to Another Federal Agency, a Court, or a Third Party. Information may be disclosed where the counterparty to a business transaction has not remitted agreed upon and contracted fees for an extended period of time.
J. Disclosure of Credit to Credit Reporting Agencies. If deemed necessary, credit information will be disclosed as the running of credit checks is performed. These credit checks are conducted confidentially, following accepted best practices with widely known and reputable credit reporting agencies.
K. Disclosure of Non-Individual Information to Publicly Available websites: Authorized personnel utilize non-individual information from Insight (e.g., project descriptions and primary place of performance) for the following publicly available websites: USA Spending and Foreign Assistance.gov.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
System records are stored within secured Salesforce GSA data centers (NA-21) located in Washington, DC and Chicago, IL; one site acts as the active host and the alternative site acts as the disaster recovery location operating under near-real time replication protocol.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
The records may be retrieved by the project name, project number, company name, associated individual's name, or reporting tools provided on the system dashboards. Access to sensitive personally identifiable information (SPII) in the records is restricted to a small group of authorized government personnel who perform the KYC due diligence in the system, as needed. Access to the rest of the system is available to any Agency personnel with system access. The DFC uses two-factor authentication for Agency-specific users to access Insight outside of the Agency network. Any changes to the system are implemented through a change management process.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are maintained on an ongoing basis and updated by DFC staff assigned with managing the system. These records will follow the DFC's retention schedule based on project classification.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Access to records in this system is controlled and managed pursuant to applicable policies and rules, including OPM's Information and Security & Privacy Policy. These records and the technical hardware containing these records are maintained on premises in areas designated as restricted access. The use of password protection, system authentication, user profile restrictions, and other system protection methods also provides additional safeguards to restrict access. System access and access to the records contained within the system are limited to those individuals who have an official need for system access in order to perform their official responsibilities and duties.
NOTIFICATION PROCEDURES:
Requests by individuals concerning the existence of a record may be submitted in writing, addressed to the system manager above. The request must comply with the requirements of 22 CFR 707.21.
RECORD ACCESS PROCEDURES:
Same as above.
CONTESTING RECORD PROCEDURES:
Requests by individuals to amend their record must be submitted in writing, addressed to the system manager above. Requests for amendments to records and requests for review of a refusal to amend a record must comply with the requirements of 22 CFR 707.23.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
HISTORY:
Not Applicable.
SYSTEM NAME AND NUMBER:
Payroll, Time and Attendance, Retirement, and Leave Records, DFC/03.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
1100 New York Avenue NW, Washington, DC 20527.
SYSTEM MANAGER(S):
Business System Owner: Vice President and Chief Administrative Officer, U.S. International Development Finance Corporation, 1100 New York Avenue NW, Washington, DC 20527; Phone: (202) 336-8400.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 5101, et seq., Government Organization and Employees; 31 U.S.C. 3512, et seq., Executive Agency Accounting and Other Financial Management Reports and Plans; 31 U.S.C. 1101, et seq., the Budget and Fiscal, Budget, and Program Information; 5 CFR part 293, subpart B, Personnel Records Subject to the Privacy Act; 5 CFR part 297, Privacy Procedures for Personnel Records; Executive Order 9397 as amended by Executive Order 13478, relating to Federal Agency Use of Social Security Numbers; and Public Law 101-576 (Nov. 15, 1990), the Chief Financial Officers (CFO) Act of 1990.
PURPOSE(S) OF THE SYSTEM:
The primary purpose of the system is to manage personnel and payroll functions; ensure proper payment for salary and benefits; track time and attendance, leave, and other absences for reporting and compliance purposes; and facilitate reporting requirements to other Federal agencies, including the Department of the Treasury and OPM, for payroll, tax, and human capital management purposes.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals covered by the system include current and former DFC employees, emergency workers, volunteers, contractors, and applicants for Federal employment. This system may also include limited information regarding employee spouses, dependents, emergency contacts, beneficiaries, or estate trustees who meet the definition of “individual” as defined in the Privacy Act.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system maintains records including: (1) Employee Biographical and Employment Information: Employee name, other names used, citizenship, gender, date of birth, age, group affiliation, marital status, SSN, truncated SSN, legal status, place of birth, records related to position, occupation, duty location, security clearance, financial information, medical information, disability information, education information, driver's license, race, ethnicity, personal or work telephone number, personal and work email address, military status and service, home or mailing address, TIN, bank account information, professional licensing and credentials, family relationships, involuntary debt Start Printed Page 43215(garnishments or child support payments), employee common identifier (ECI), organization code, user identification, and any other employment information; (2) Third-Party Information: Spouse information, emergency contact, beneficiary information, savings bond co-owner name(s) and information, and family members and dependents information; (3) Salary and Benefits Information: Salary data, retirement data, tax data, deductions, health benefits, allowances, union dues, insurance data, Flexible Spending Account, Thrift Savings Plan information and contributions, pay plan, payroll records, awards, court order information, back pay information, debts owed to the government as a result of overpayment, refunds owed, or a debt referred for collection on a transferred employee or emergency worker; and (4) Timekeeping Information: Time and attendance records and leave records. This system may also contain correspondence, documents, and other information required to administer payroll, leave, and related functions.
RECORD SOURCE CATEGORIES:
Information is obtained from individuals on whom the records are maintained, official personnel records of individuals on whom the records are maintained, supervisors, timekeepers, previous employers, the Internal Revenue Service and state tax agencies, the Department of the Treasury, other Federal agencies, courts, state child support agencies, employing agency accounting offices, and third-party benefit providers.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information maintained in this system may be disclosed to authorized entities outside DFC for purposes determined to be relevant and necessary as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To DOJ, including Offices of the U.S. Attorneys, or other Federal agency conducting litigation or in proceedings before any court, adjudicative, or administrative body, when it is relevant or necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation: (1) DFC or any component of DFC; (2) Any DFC employee or former employee acting in his or her official capacity; (3) Any DFC employee or former employee acting in his or her individual capacity when DFC or DOJ has agreed to represent that employee or pay for private representation of the employee; or (4) The United States Government or any agency thereof, when DFC determines that DFC is likely to be affected by the proceeding.
B. To the Department of the Treasury or other Federal agency as required for payroll purposes, for preparation of payroll and other checks and electronic funds transfers to Federal, State, and local government agencies, non-governmental organizations, and individuals.
C. To the Department of the Treasury, Internal Revenue Service, and state and local tax authorities for which an employee is or was subject to tax regardless of whether tax is or was withheld in accordance with Treasury Fiscal Requirements, as required.
D. To OPM or its contractors in connection with programs administered by that office, including, but not limited to, the Federal Long-Term Care Insurance Program, the Federal Dental and Vision Insurance Program, the Flexible Spending Accounts for Federal Employees Program, and the electronic Human Resources Information Program.
E. To another Federal agency to which an employee or DFC emergency worker has transferred or to which a DFC volunteer transfers in a volunteer capacity.
F. To any criminal, civil, or regulatory law enforcement authority (whether Federal, state, territorial, local, tribal or foreign) when a record, either alone or in conjunction with other information, indicates a violation or potential violation of law—criminal, civil, or regulatory in nature, and the disclosure is compatible with the purpose for which the records were compiled.
G. To a congressional office in response to a written inquiry that an individual covered by the system, or the heir of such individual if the covered individual is deceased, has made to the office.
H. To Federal, state, or local agencies where necessary to enable the employee's, DFC emergency worker's, or DFC volunteer's agency to obtain information relevant to the hiring or retention of that employee, DFC emergency worker, or DFC volunteer, or the issuance of a security clearance, contract, license, grant, or other benefit.
I. To appropriate Federal and state agencies to provide reports including data on unemployment insurance.
J. To the Social Security Administration to credit the employee or emergency worker account for Old-Age, Survivors, and Disability Insurance (OASDI) and Medicare deductions.
K. To officials of labor organizations recognized under 5 U.S.C. Chapter 71 (Labor-Management Relations) for the purpose of providing information as to the identity of DFC employees contributing union dues each pay period and the amount of dues withheld from each contributor.
L. To employee or emergency worker associations to report dues deductions.
M. To insurance carriers to report employee or DFC emergency worker election information and withholdings for health insurance.
N. To charitable institutions when an employee designates an institution to receive contributions through salary deduction.
O. To the Department of the Treasury, Internal Revenue Service, or another Federal agency or its contractor, to disclose debtor information solely to aggregate information for the Internal Revenue Service to collect debts owed to the Federal Government through the offset of tax refunds.
P. To any creditor Federal agency seeking assistance for the purpose of that agency implementing administrative or salary offset procedures in the collection of unpaid financial obligations owed the United States Government from an individual.
Q. To any Federal agency where the individual debtor is employed or receiving some form of remuneration for the purpose of enabling that agency to collect debts on the employee's behalf by administrative or salary offset procedures under the provisions of the Debt Collection Act of 1982.
R. To the Department of the Treasury, Internal Revenue Service, and state and local authorities for the purpose of locating a debtor to collect a claim against the debtor.
S. To the Federal Retirement Thrift Investment Board's record keeper, which administers the Thrift Savings Plan, to report deductions, contributions, and loan payments.
T. To the Office of Child Support Enforcement, within the Administration for Children and Families, within the Department of Health and Human Services, for the purposes of locating individuals to establish paternity; establishing and modifying orders of child support; identifying sources of income; and for other child support enforcement actions as required by the Personal Responsibility and Work Opportunity Reconciliation Act of 1996.
U. To an expert, consultant, grantee, or contractor (including employees of the contractor) of DFC who performs services requiring access to these Start Printed Page 43216records on DFC's behalf to carry out the purposes of the system, including employment verifications, unemployment claims, W-2 processing services, leave and earning statements, and 1095-C Affordable Care Act statements.
V. To OPM Employee Express, which is an employee self-service system, to initiate personnel and payroll actions and to obtain payroll information.
W. To the Department of Labor for processing claims for employees, emergency workers, or volunteers injured on the job or claiming occupational illness.
X. To Federal agencies and organizations to support interfaces with other systems operated by the Federal agencies for which the employee or DOI emergency worker is employed, or the DFC volunteer is located, for the purpose of avoiding duplication, increasing data integrity, and streamlining government operations.
Y. To another Federal agency to provide information needed in the performance of official duties related to reconciling or reconstructing data files or to enable that agency to respond to an inquiry by the individual to whom the record pertains.
Z. To NARA to conduct records management inspections under the authority of 44 U.S.C. 2904 and 2906.
AA. To OMB during the coordination and clearance process in connection with legislative affairs as mandated by OMB Circular A-19.
BB. To Federal, state, territorial, local, tribal, or foreign agencies that have requested information relevant or necessary to the hiring, firing, or retention of an employee or contractor, regarding the issuance of a security clearance, license, contract, grant, or other benefit.
CC. To state, territorial, and local governments, and tribal organizations to provide information needed in response to court order and/or discovery purposes related to litigation, when the disclosure is compatible with the purpose for which the records were compiled.
DD. To the Department of the Treasury to recover debts owed to the United States.
EE. To the news media and the public, with the approval of the Public Affairs Officer in consultation with counsel and the Senior Agency Official for Privacy (SAOP), where there exists a legitimate public interest in the disclosure of the information or when disclosure is necessary to preserve confidence in the integrity of DFC or is necessary to demonstrate the accountability of DFC's officers, employees, or individuals covered by the system, except to the extent it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.
FF. To the Executive Office of the President in response to an inquiry from that office made at the request of the subject of a record or a third party on that person's behalf, or for a purpose compatible with the reason for which the records are collected or maintained.
GG. To other Federal agencies and organizations to provide payroll and personnel processing services under a shared service provider cross-servicing agreement for purposes relating to DFC payroll and personnel processing.
HH. To OPM, the Merit System Protection Board, Federal Labor Relations Authority, or the Equal Employment Opportunity Commission when requested in the performance of their authorized duties.
II. To state offices of unemployment compensation to assist in processing an individual's unemployment, survivor annuity, or health benefit claim, or for records reconciliation purposes.
JJ. To Federal Employees' Group Life Insurance or Health Benefits carriers in connection with survivor annuity or health benefits claims or records reconciliations.
KK. To any source from which additional information is requested by DFC relevant to a DFC determination concerning an individual's pay, leave, or travel expenses, to the extent necessary to identify the individual, inform the source of the purpose(s) of the request, and identify the type of information requested.
LL. To the Social Security Administration and the Department of the Treasury to disclose pay data on an annual basis, and as necessary to execute their statutory responsibilities for the effective administration of benefits programs, payroll, and taxes.
MM. To a Federal agency or in response to a congressional inquiry when additional or statistical information is requested relevant to a Federal benefit or program, such as the DFC Transit Fare Subsidy Program.
NN. To the Department of Health and Human Services for the purpose of providing information on new hires and quarterly wages as required under the Personal Responsibility and Work Opportunity Reconciliation Act of 1996.
OO. To appropriate agencies, entities, and persons when: (1) DFC suspects or has confirmed that there has been a breach of the system of records; (2) DFC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, DFC (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DFC's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
PP. To another Federal agency or Federal entity, when DFC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in: (1) Responding to a suspected or confirmed breach; or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
QQ. To an agency or organization for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.
RR. To a court, magistrate, or administrative tribunal, including disclosures to opposing counsel in the course of discovery, pursuant to appropriate court order or other judicial process in the course of criminal, civil, or administrative litigation.
SS. In an appropriate proceeding before a court, grand jury, or administrative or adjudicative body, when DOJ determines that the records are arguably relevant to the proceeding; or in an appropriate proceeding before an administrative or adjudicative body when the adjudicator determines the records to be relevant to the proceeding.
TT. Disclosure pursuant to 5 U.S.C. 552a(b)(12). Disclosures may be made from this system to consumer reporting agencies as defined in the Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Act of 1966 (31 U.S.C. 3701(a)(3)).
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained in manual, microfilm, microfiche, electronic, imaged, and computer printout form. Original input documents are stored in standard office filing equipment and/or as imaged documents on magnetic media at all locations which prepare and provide input documents and information for data processing. Paper records are maintained in file folders stored within locking filing cabinets or Start Printed Page 43217locked rooms in secured facilities with controlled access. Electronic records are stored in computers, removable drives, storage devices, electronic databases, and other electronic media under the control of DFC.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records may be retrieved by employee name, SSN, TIN, ECI, birth date, organizational code, or assigned person number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are maintained in accordance with OPM's Guide to Recordkeeping; General Records Schedule (GRS) 1.0 “Finance” and GRS 2.0 “Human Resources,” which are approved by NARA. The system generally maintains temporary records, and retention periods vary based on the type of record under each item and the needs of the Agency. Paper records are disposed of by shredding or pulping, and records maintained on electronic media are degaussed or erased in accordance with the applicable records retention schedule and NARA guidelines.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
During normal hours of operation, paper or micro format records are maintained in locked file cabinets in secured rooms under the control of authorized personnel. Information technology systems follow the National Institute of Standards and Technology (NIST) privacy and security standards developed to comply with the Privacy Act of 1974 as amended, 5 U.S.C. 552a; the Paperwork Reduction Act of 1995, Public Law 104-13; the Federal Information Security Modernization Act of 2014, Public Law 113-283, as codified at 44 U.S.C. 3551, et seq.; and the Federal Information Processing Standard 199, Standards for Security Categorization of Federal Information and Information Systems. Computer servers on which electronic records are stored are located in secured DFC facilities with physical, technical, and administrative levels of security to prevent unauthorized access to the DFC network and information assets. Security controls include encryption, firewalls, audit logs, and network system security monitoring. Electronic data is protected through user identification, passwords, database permissions, and software controls. Access to records in the system is limited to authorized personnel who have a need to access the records in the performance of their official duties, and each person's access is restricted to only the functions and data necessary to perform that person's job responsibilities. System administrators and authorized users for DFC are trained and required to follow established internal security protocols and must complete all security, privacy, and records management training, and sign DFC Rules of Behavior.
NOTIFICATION PROCEDURES:
Requests by individuals concerning the existence of a record may be submitted in writing, addressed to the system manager above. The request must comply with the requirements of 22 CFR 707.21.
RECORD ACCESS PROCEDURES:
Same as above.
CONTESTING RECORD PROCEDURES:
Requests by individuals to amend their record must be submitted in writing, addressed to the system manager above. Requests for amendments to records and requests for review of a refusal to amend a record must comply with the requirements of 22 CFR 707.23.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
Not Applicable.
SYSTEM NAME AND NUMBER:
Staff Central; DFC/04.
SECURITY CLASSIFICATION:
Sensitive but Unclassified.
SYSTEM LOCATION:
1100 New York Avenue NW, Washington, DC 20527.
SYSTEM MANAGER(S):
Business System Owner: Vice President and Chief Administrative Officer, U.S. International Development Finance Corporation, 1100 New York Avenue NW, Washington, DC 20527; Phone: (202) 336-8400.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The system covers individuals who are current and former employees of the DFC (including details, volunteers, and PSCs), as well as industrial contractors.
CATEGORIES OF RECORDS IN THE SYSTEM:
These are (1) security records, including records indicating level of building and network access, security badge number, and security clearance level and adjudication date; (2) emergency contact information records, including home address, phone number and email, emergency contact person information, and whether they possess first-aid or cardiopulmonary resuscitation (CPR) certification; (3) transportation subsidy information, including commuting address, commuting days, smart trip card number, and daily commuting expenses; and (4) employee entry and exit process records, including signatures and date stamps reflecting whether department employees have been briefed on the government's classified information program, the Corporation's security program, and the Corporation's records policies and procedures; have been advised of, and fully understand, applicable ethics provisions; and certifying that all required clearances for entry onboard or release of the employee's final paycheck have been obtained.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
General authority for agency records management is provided by 5 U.S.C. 301, Departmental Regulations, and 44 U.S.C. 3101, Records Management by Agency Heads. Additional authority to maintain security records is provided by 5 U.S.C. 3301, Examination, Selection and Placement, E.O. 10450, Clearance for Federal Employment, April 17, 1953, as amended; E.O. 12968, Access to Classified Information, August 4, 1995. Additional authority to maintain emergency contact information records is provided by Federal Preparedness Circular 65, Federal Executive Branch Continuity of Operations (COOP), July 26, 1999; E.O. 12656, Assignment of Emergency Preparedness Responsibilities, November 18, 1988, as amended; and Presidential Decision Directive 67, Enduring Constitutional Government and Continuity of Government Operations, October 21, 1998. Additional authority to maintain employee exit process records is provided by E.O. 12958, Classified National Security Information, April 17, 1995; 32 CFR 2003.20, Classified Information Non-Disclosure Agreement: SF-312; 5 CFR part 2637, Regulations Concerning Post Employment Conflicts of Interest; and Pub. L. l104-134, Debt Collection Improvement Act of 1996.
PURPOSE(S):
These records are used (1) as an easy reference record to determine the suitability and/or eligibility of employees and contractors for access to facilities, information systems, and classified information; (2) to account for and/or communicate with employees and contractors or their designees in the event of an emergency or disaster; (3) to process existing employees and contractors when their tenure with the Start Printed Page 43218DFC ends; and (4) to maintain a record of all debriefings and completed exit procedures for former employees.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
Security records are used (1) by the DFC human resources and security managers to check the status, level, and date received of security clearances, and (2) by the DFC departmental security officers to confirm that employees who require access to classified information have the appropriate level of security clearance. Emergency contact information records are used by (1) the DFC human resources and security managers to notify an employee's designee of an emergency that affects the employee or to account for an employee's whereabouts, especially in the event of a disaster; (2) the DFC human resources managers to communicate with an employee's designee regarding survivor benefits or other benefits or employment information in the event an employee becomes incapacitated or dies; and (3) the DFC security managers for emergency management or continuity of operations purposes. Employee exit process records are used by the DFC Agency managers to (1) verify that all departing employees have completed the checkout process and returned government property to the DFC, (2) ensure the security of the DFC-related information, (3) ensure that employees are briefed concerning postemployment restrictions; and (4) certify that all required clearances for release of the employee's final paycheck have been obtained. The DFC may disclose information contained in a record in this system of records under the routine uses listed in this notice without the consent of the individual if the disclosure is compatible with the purposes for which the record was collected. Disclosures may be made as follows: (1) In the event that information in this system of records indicates, either on its face or in connection with other information, a violation or potential violation of any applicable statute, regulation, or order of a competent authority, the DFC may disclose the relevant records to the appropriate agency, whether Federal, state, or local, charged with the responsibility of investigating or prosecuting that violation and/or charged with enforcing or implementing the statute, executive order, rule, regulation, or order issued pursuant thereto; (2) in a proceeding before a court or adjudicative body before which the DFC is authorized to appear when any of the following is a party to litigation or has an interest in litigation and information in this system is determined by the DFC to be arguably relevant to the litigation: The DFC; any DFC employee in his or her official capacity, or in his or her individual capacity where DOJ agrees to represent the employee; or the United States where the DFC determines that the litigation is likely to affect it; (3) to a court, a magistrate, administrative tribunal, or other adjudicatory body in the course of presenting evidence or argument, including disclosure to opposing counsel or witnesses in the course of civil discovery, litigation, or settlement negotiations, or in connection with criminal law proceedings; (4) to a Member of Congress or staff acting upon the Member's behalf when the Member or staff requests the information on behalf of, and at the written request of, the individual who is the subject of the record; (5) to another Federal agency or other public authority, in connection with the hiring or retention of an employee or other personnel action; the issuance of a security clearance; the reporting of an investigation of an employee; the letting of a contract; or the issuance of a license, grant, or other benefit, to the extent that the record is relevant and necessary to the receiving entity's decision on the matter; (6) to NARA and to GSA in records management inspections conducted under the authority of 44 U.S.C. 2904 and 2906; (7) to the employees of entities with which the DFC contracts for the purposes of performing any function that requires disclosure of records in this system. Before entering into such a contract, the DFC shall require the contractor to maintain Privacy Act safeguards as required under 5 U.S.C. 552a(m) with respect to the records in the system.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are stored in paper and electronic form.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records related to post-employment conflict of interest debriefings are retained for six years following separation from employment. All other records are retained for one year, unless authorized, following separation from employment or contractual relationship with the DFC. All records are destroyed pursuant to existing General Records Schedules and the DFC's records disposition schedules.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Access to records in this system is controlled and managed pursuant to applicable policies and rules, including OPM's Information and Security & Privacy Policy. These records and the technical hardware containing these records are maintained on premises in areas designated as restricted access. The use of password protection, system authentication, and other system protection methods also provides additional safeguards to restrict access. System access and access to the records contained within the system are limited to those individuals who have an official need for system access in order to perform their official responsibilities and duties.
NOTIFICATION PROCEDURES:
Requests by individuals concerning the existence of a record may be submitted in writing, addressed to the system manager above. The request must comply with the requirements of 22 CFR 707.21.
RECORD ACCESS PROCEDURES:
Same as above.
CONTESTING RECORD PROCEDURES:
Requests by individuals to amend their record must be submitted in writing, addressed to the system manager above. Requests for amendments to records and requests for review of a refusal to amend a record must comply with the requirements of 22 CFR 707.23.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
Not Applicable.
SYSTEM NAME AND NUMBER:
FedTalent, DFC/05.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
1100 New York Avenue NW, Washington, DC 20527.
SYSTEM MANAGER(S):
Business System Owner: Vice President and Chief Administrative Officer, U.S. International Development Finance Corporation, 1100 New York Avenue NW, Washington, DC 20527; Phone: (202) 336-8400. System Owner: DFC has entered into an agreement with the Department of the Interior (DOI), Interior Business Center (IBC), a Federal agency shared service provider, to host the FedTalent System on behalf of the Start Printed Page 43219DFC. DFC will retain ownership and control over its own data.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 4101, et seq., Government Organization and Employee Training; 5 U.S.C. 1302, 2951, 4118, 4506, 3101; 43 U.S.C. 1457; Title VI of the Civil Rights Act of 1964 as amended (42 U.S.C. 2000d); Executive Order 11348, Providing for Further Training of Government Employees, as amended by Executive Order 12107, Relating to Civil Service Commission and Labor Management in Federal Service; 5 CFR 410, Subpart C, Establishing and Implementing Training Programs; Americans with Disabilities Act (42 U.S.C. 12101); and the E-Government Act of 2002 (44 U.S.C. 3501, et seq.).
PURPOSE(S) OF THE SYSTEM:
The primary purposes of the system are to: (1) Manage training and learning programs; (2) plan and facilitate training courses including outreach, registration, enrollment, and payment; (3) maintain and validate training records for certification and mandatory compliance reporting; (4) meet Federal training statistical reporting requirements; (5) maintain class rosters and transcripts for course administrators, students, and learners; and (6) generate budget estimates for training requirements.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The system covers the following categories of individuals: (1) DFC employees, contractors, interns, emergency workers, volunteers, and appointees who receive training related to their official duties, whether or not sponsored by DFC divisions and offices; and (2) non-DFC individuals who participate in DFC-sponsored training and educational programs, or participate in DFC-sponsored meetings and activities related to training and educational programs. Non-DFC individuals may include individuals from other Federal, state, or local agencies, private or not-for-profit organizations, universities and other schools, and members of the public.
CATEGORIES OF RECORDS IN THE SYSTEM:
Training, educational, and learning management records may include course registration, attendance rosters, and course information including course title, class name, objectives, description, and who should attend; class status information including begin and end dates, responsible class instructor, completion status, and certification requirements; student transcripts (course(s) completed/not completed, test scores, acquired skills); and correspondence, reports, and documentation related to training, education, and learning management programs. These records may contain: Name, SSN, employee common identifier generated from the Federal Personnel and Payroll System (FPPS), login username, password, agency or organization affiliation, work or personal address, work or personal phone and fax number, work or personal email address, gender, date of birth, organization code, position title, occupational series, pay plan, grade level, supervisory status, type of appointment, education level, duty station code, agency, bureau, office, organization, supervisor's name and phone number, date of Federal service, date of organization or position assignment, date of last promotion, occupational category, race, national origin, and adjusted basic pay. Records may also include billing information such as responsible agency, TIN, DUNS number, purchase order numbers, agency location codes, and credit card information. Records maintained on non-DFC individuals are generally limited to name, agency or organization affiliation, address, work and personal phone and fax numbers, work and personal email addresses, supervisor name and contact information, position title, occupational series, and billing information. Note: Some of these records may also become part of the OPM/GOVT-1, General Personnel Records system.
RECORD SOURCE CATEGORIES:
Information about DFC employees is obtained directly from individuals on whom the records are maintained, supervisors, or existing DFC records. Historical employee training records may be obtained from other DFC learning management systems. Information from non-DFC individuals who register or participate in DFC-sponsored training programs is obtained from individuals through paper and electronic forms. Information may also be obtained by another agency, institution, or organization that sponsored the training event.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside the DFC as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To release statistical information and training reports to other organizations who are involved with the training.
B. To disclose information to other Government training facilities (Federal, state, and local) and to non-Government training facilities (private vendors of training courses or programs, private schools, etc.) for training purposes.
C. To provide transcript information to education institutions upon the student's request in order to facilitate transfer of credit to that institution, and to provide college and university officials with information about their students working in the Pathways Program, Volunteer Service, or other similar programs necessary to a student's obtaining credit for the experience.
D. To Federal, state, territorial, local, tribal, or foreign agencies that have requested information relevant or necessary to the hiring, firing, or retention of an employee or contractor, or the issuance of a security clearance, license, contract, grant, or other benefit, when the disclosure is compatible with the purpose for which the records were compiled.
E. To an expert, consultant, grantee, or contractor (including employees of the contractor) of the DFC who performs services requiring access to these records on the DFC's behalf to carry out the purposes of the system.
F. To share logistical or attendance information with partner agencies (Government or non-Government) who, based on cooperative training agreements, have a need to know.
G. To DOJ, including Offices of the U.S. Attorneys, or other Federal agency conducting litigation or in proceedings before any court, adjudicative, or administrative body, when it is relevant or necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation: (1) The DFC or any component of the DFC; (2) any DFC employee or former employee acting in his or her official capacity; (3) any DFC employee or former employee acting in his or her individual capacity when the DFC or DOJ has agreed to represent that employee or pay for private representation of the employee; or (4) the United States Government or any agency thereof, when DOJ determines that the DFC is likely to be affected by the proceeding.
H. To a congressional office when requesting information on behalf of, and at the request of, the individual who is the subject of the record.
I. To an official of another Federal, state, or local government or tribal Start Printed Page 43220organization to provide information needed in the performance of official duties related to reconciling or reconstructing data files, in support of the functions for which the records were collected and maintained, or to enable that agency to respond to an inquiry by the individual to whom the record pertains.
J. To representatives of NARA to conduct records management inspections under the authority of 44 U.S.C. 2904 and 2906.
K. To the Executive Office of the President in response to an inquiry from that office made at the request of the subject of a record or a third party on that person's behalf, or for a purpose compatible with the reason for which the records are collected or maintained.
L. To any criminal, civil, or regulatory law enforcement authority (whether Federal, state, territorial, local, tribal or foreign) when a record, either alone or in conjunction with other information, indicates a violation or potential violation of law—criminal, civil, or regulatory in nature, and the disclosure is compatible with the purpose for which the records were compiled.
M. To state, territorial, and local governments and tribal organizations to provide information needed in response to court order and/or discovery purposes related to litigation, when the disclosure is compatible with the purpose for which the records were compiled.
N. To appropriate agencies, entities, and persons when: (1) The DFC suspects or has confirmed that there has been a breach of the system of records; (2) the DFC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the DFC (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DFC's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
O. To another Federal agency or Federal entity, when the DFC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in: (1) Responding to a suspected or confirmed breach; or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
P. To OMB during the coordination and clearance process in connection with legislative affairs as mandated by OMB Circular A-19.
Q. To the news media and the public, with the approval of the Public Affairs Officer in consultation with counsel and the SAOP, where there exists a legitimate public interest in the disclosure of the information, except to the extent it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.
R. To OPM to disclose information on employee general training, including recommendations and completion, specialized training obtained, participation in government-sponsored training, or training history as required to provide workforce information for official personnel files. The collection of training data supports OPM's Government-wide reporting responsibilities and provides valuable input into the evaluation of human capital programs at numerous levels of Government. OPM's authority to require Federal agencies to report training data can be found in Title 5 United States Code, Chapter 4107 and part 410 of Title 5, CFR.
S. Pursuant to 5 U.S.C. 552a(b)(12), records may be disclosed to consumer reporting agencies as they are defined in the Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1966 (31 U.S.C. 3701(a)(3)).
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are stored in systems, databases, electronic media on hard disks, magnetic tapes, compact disks, and paper media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Information from this system is retrieved by either unique identifying fields (e.g., student name or email address) or by general category (e.g., course code, training location, class start date, registration date, affiliation, mandatory training compliance and payment status).
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained and disposed of as prescribed under the NARA General Records Schedule. Non-mission employee training program records are temporary and destroyed when three years old, or three years after superseded or obsolete, whichever is appropriate, but longer retention is authorized if required for business use. Individual employee training records are destroyed when superseded, three years old, or one year after employee separation, whichever comes first, but longer retention is authorized if required for business use. Ethics training records are destroyed when six years old or when superseded, whichever is later, but longer retention is authorized if required for business use.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
During normal hours of operation, paper or micro format records are maintained in locked file cabinets in secured rooms under the control of authorized personnel. Information technology systems follow the NIST privacy and security standards developed to comply with 43 CFR 2.226, the Privacy Act of 1974 as amended, 5 U.S.C. 552a; the Paperwork Reduction Act of 1995, Public Law 104-13; the Federal Information Security Modernization Act of 2014, Public Law 113-283, as codified at 44 U.S.C. 3551, et seq.; and the Federal Information Processing Standard 199, Standards for Security Categorization of Federal Information and Information Systems. Access to records in this system is controlled and managed pursuant to applicable policies and rules, including OPM's Information and Security & Privacy Policy. These records and the technical hardware containing these records are maintained on premises in areas designated as restricted access. The use of password protection, system authentication, and other system protection methods also provides additional safeguards to restrict access. System access and access to the records contained within the system are limited to those individuals who have an official need for system access in order to perform their official responsibilities and duties.
NOTIFICATION PROCEDURES:
Requests by individuals concerning the existence of a record may be submitted in writing, addressed to the system manager above. The request must comply with the requirements of 22 CFR 707.21.
RECORD ACCESS PROCEDURES:
Same as above.
CONTESTING RECORD PROCEDURES:
Requests by individuals to amend their record must be submitted in writing, addressed to the system manager above. Requests for amendments to records and requests for review of a refusal to amend a record Start Printed Page 43221must comply with the requirements of 22 CFR 707.23.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
Not Applicable.
SYSTEM NAME AND NUMBER:
Directors (Current and Former), DFC/06.
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
U.S. International Development Finance Corporation, 1100 New York Avenue NW, Washington, DC 20527.
SYSTEM MANAGER(S):
Corporate Secretary, U.S. International Development Finance Corporation, 1100 New York Avenue NW, Washington, DC 20527; Phone: (202) 336-8400.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 301, Departmental Regulations; and 44 U.S.C. 3101, Records Management by Agency Heads.
PURPOSE(S) OF THE SYSTEM:
These records are used to track appointments to the Corporation's Board of Directors, and to maintain biographical information on Board Members to share among the groups identified under routine uses.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The categories of individuals covered by this system are identified as private and public sector members of DFC's Board of Directors, both current and former.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system contains (1) biographies of Board members; (2) photographs of Board members; (3) notices of commission dates or other types of appointment notices; (4) copies of Federal Register notices relating to members; and (5) resignation notices.
RECORD SOURCE CATEGORIES:
Information is obtained from individuals on whom the records are maintained.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
Information may be used to distribute to the general public, communications media, the Board of Directors, and employees of the Corporation general biographical information on Board Members.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are stored in file folders. Biographies of Board Members may be kept on the Corporation's internet web server and made available to the public at www.dfc.gov.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Hard copy files are indexed alphabetically by surname. Electronic files are maintained on the Corporation's computer network.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained permanently.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Access to records is limited to DFC employees who have an official need for the records. Internal procedures governing the use, transfer, and photocopying of the records have been established. Records in the system are maintained in a file cabinet located in the Corporate Secretary's Office. The office is locked each evening. Electronic records are protected from unauthorized access through password identification procedures and other system-based protection methods.
NOTIFICATION PROCEDURES:
Requests by individuals concerning the existence of a record may be submitted in writing, addressed to the system manager above. The request must comply with the requirements of 22 CFR 707.21.
RECORD ACCESS PROCEDURES:
Same as above.
CONTESTING RECORD PROCEDURES:
Requests by individuals to amend their record must be submitted in writing, addressed to the system manager above. Requests for amendments to records and requests for review of a refusal to amend a record must comply with the requirements of 22 CFR 707.23.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
Not Applicable.
SYSTEM NAME AND NUMBER:
Freedom of Information Act (FOIA) Requests and Appeals, DFC/07.
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
U.S. International Development Finance Corporation, 1100 New York Avenue NW, Washington, DC 20527.
SYSTEM MANAGER(S):
FOIA Director, Office of the General Counsel, U.S. International Development Finance Corporation, 1100 New York Avenue NW, Washington, DC 20527; Phone: (202) 336-8400.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
PURPOSE(S) OF THE SYSTEM:
The records are used to respond to FOIA requests and appeals pursuant to 5 U.S.C. 552.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The categories of individuals covered by this system are identified as individuals requesting information under FOIA.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system contains letters, correspondence, relevant data provided or referenced and responses to FOIA requests and appeals.
RECORD SOURCE CATEGORIES:
Information is obtained from individuals requesting information under FOIA, as well as assigned DFC attorneys or other pertinent DFC employees generating responses.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
Information may be used to (1) process individuals' FOIA requests; (2) provide a record of communications between the requester and the Corporation; (3) ensure that all relevant, necessary, and accurate data are available to support any process for appeal; and (4) prepare annual reports to DOJ as required by FOIA.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
The records are stored in electronic format on the Agency's network.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Files are indexed (1) numerically by fiscal year and the order they are received and (2) tagged with the name of the requester. Staff retrieves request files by both labels.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained: (1) For two years from the date of DFC's final response in cases where no adverse determination is Start Printed Page 43222made; (2) for six years from the date of DFC's response in cases where an adverse determination is made or the response to an appeal in cases where an appeal is filed; or (3) for six years from the date of the court's final order in cases involving litigation.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
The Agency's network complies with Federal security requirements and the FOIA files are locked to anyone not on the FOIA Office staff.
NOTIFICATION PROCEDURES:
Requests by individuals concerning the existence of a record may be submitted in writing, addressed to the system manager above. The request must comply with the requirements of 22 CFR 707.21.
RECORD ACCESS PROCEDURES:
Same as above.
CONTESTING RECORD PROCEDURES:
Requests by individuals to amend their record must be submitted in writing, addressed to the system manager above. Requests for amendments to records and requests for review of a refusal to amend a record must comply with the requirements of 22 CFR 707.23.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
Not Applicable.
SYSTEM NAME AND NUMBER:
Executive Photographs, DFC/08.
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
U.S. International Development Finance Corporation, 1100 New York Avenue NW, Washington, DC 20527.
SYSTEM MANAGER(S):
Vice President, Office of External Affairs, U.S. International Development Finance Corporation, 1100 New York Avenue NW, Washington, DC 20527; Phone: (202) 336-8400.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 301, Departmental Regulations; and 44 U.S.C. 3101, Records Management by Agency Heads.
PURPOSE(S) OF THE SYSTEM:
Photographs of Agency top leadership are retrieved by name to use in internal and external communications to publicize the Agency's mission and activities.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The categories of individuals covered by this system are identified as past and current Chief Executive Officers and Executive Vice Presidents, to include any officials in an acting capacity.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system contains (1) portrait shots and (2) candid shots of the relevant individuals taken while performing official functions or while involved in DFC-sponsored activities.
RECORD SOURCE CATEGORIES:
Photographs are taken by employees or agents of the Agency, or by third parties and submitted to the Agency for review by Agency staff before inclusion in the system.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
Photographs are used (1) in releases to local, national, and international communications media, (2) as communication material at conferences and speaking engagements where Agency staff participate in their official capacity, (3) to provide background information on the individuals, including public biographies, via the Agency's website, (4) in social media and other online postings regarding the activities of the individuals in their official capacity, and (5) in the Agency's publications.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Photographs are kept in electronic format on the network drive of the Agency's Office of External Affairs.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Photographs are stored in an electronic file organized by the name of the individual. When a photograph is required, a staff member will access the electronic file for the relevant individual and retrieve an appropriate photograph from those available.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are updated as needed and retained until no longer needed for business use.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Access to records is limited to DFC employees who have an official need for the records. Electronic records are protected from unauthorized access through password identification procedures and other system-based protection methods.
NOTIFICATION PROCEDURES:
Requests by individuals concerning the existence of a record may be submitted in writing, addressed to the system manager above. The request must comply with the requirements of 22 CFR 707.21.
RECORD ACCESS PROCEDURES:
Same as above.
CONTESTING RECORD PROCEDURES:
Requests by individuals to amend their record must be submitted in writing, addressed to the system manager above. Requests for amendments to records and requests for review of a refusal to amend a record must comply with the requirements of 22 CFR 707.23.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
Not Applicable.
Start SignatureEnd Signature End Supplemental InformationDated: July 13, 2020.
Mark Rein,
Chief Information Officer.
[FR Doc. 2020-15398 Filed 7-15-20; 8:45 am]
BILLING CODE 3210-02-P
Document Information
- Effective Date:
- 8/17/2020
- Published:
- 07/16/2020
- Department:
- 606
- Entry Type:
- Notice
- Action:
- Notice of a new system of records.
- Document Number:
- 2020-15398
- Dates:
- The systems are effective upon publication in today's Federal Register, with the exception of changes to the routine uses, which are effective August 17, 2020, unless we receive comments that result in a contrary determination.
- Pages:
- 43210-43222 (13 pages)
- PDF File:
- 2020-15398.pdf