Privacy Act of 1974; New System of Records

Federal Register, Volume 83 Issue 120 (Thursday, June 21, 2018)

Federal Register Volume 83, Number 120 (Thursday, June 21, 2018)

Notices

Pages 28869-28870

From the Federal Register Online via the Government Publishing Office www.gpo.gov

FR Doc No: 2018-13305

=======================================================================

-----------------------------------------------------------------------

MILLENNIUM CHALLENGE CORPORATION

Privacy Act of 1974; New System of Records

AGENCY: Millennium Challenge Corporation (MCC).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: MCC proposes to add a new system of records to its inventory of records systems subject to the Privacy Act of 1974, as amended. This action complies with the requirements of the Privacy Act to publish in the Federal Register notice of the existence and character of records maintained by the agency. The system has been operational since June 29, 2016 without incident.

DATES: This action will be applicable without further notice 30 days after date of publication in the Federal Register.

ADDRESSES: Send written comments to the Millennium Challenge Corporation, ATTN: Vincent T. Groh, Chief Information Officer, Department of Administration and Finance, 1099 Fourteenth Street NW, Suite 700, Washington, DC, 20005-3550.

FOR FURTHER INFORMATION CONTACT: Miguel G. Adams, Chief Information Security Officer and Deputy Privacy Officer, Millennium Challenge Corporation, email protected, 202-521-3574.

SUPPLEMENTARY INFORMATION: MCC is giving notice of a system of records pursuant to the Privacy Act of 1974 (5 U.S.C. 552a) for the MCC-

Business Relations System (MCC-BRS). MCC utilizes MCC-BRS to provide automated processing of business transactions related MCC's mission of reducing global poverty through growth. MCC-BRS utilizes the Salesforce Government Cloud information system for collecting, storing, and processing the information. Various elements within MCC will utilize MCC-BRS for their business functions; they include the departments of Congressional and Public Affairs (CPA) Department, and the Department of Compact Operations (DCO). Business functions within DCO include the Finance, Investment and Trade (FIT), Environmental and Social Performance (ESP), and the Office of Strategic Partnerships (OSP).

Salesforce Government Cloud meets the federal government's objectives of cloud computing to reduce procurement and operating costs to the federal government. In addition, Salesforce Government Cloud meets the Federal Information Processing Standards Publication (FIPS)--

200, Minimum Security Requirements for Federal Information and Information Systems as an authorized Federal Risk and Authorization Management Program (FedRAMP) information system. MCC utilizes MCC-BRS to achieve the following business objectives: 1. To create and maintain a system that optimizes MCC's ability to analyze, manage, engage, and grow external stakeholders; 2. To create and manage business engagement opportunities that promote MCC's mission in an organized and efficient manner; 3. To provide in person or online event management and communications campaigns for external stakeholder engagement; and 4. To provide the agency with the means to: track and manage future financial

Page 28870

opportunity data, create and manage MCC event data, access dashboards, and generate accurate reporting and analytics.

SYSTEM NUMBER

MCC-001.

System Name:

MCC-Business Relations System (MCC-BRS).

System Classification:

Unclassified.

Categories of Individuals Covered by the System:

Records in this system process information on international and domestic contracting firm owners and employees, small to medium business owners and employees; and other individuals that are contacts or leads for potential vendors.

Categories of Records in the System:

The categories include: 1. Personally identifiable information (PII); such as, name, company name, job title, business address, business phone number, country or country region, email, and notes on a meeting or event; and 2. Meeting notes.

Authority for Maintenance of the System:

22 U.S.C. 7705, Chapter 84--Millennium Challenge.

Purpose of the System:

MCC staff will use the system to collect, store, and process business contact information that will contain PII. The information collected achieves MCC's core functions of reducing global poverty through economic growth by aligning business contacts with MCC's mission. The PII information collected is similar to the information on a business card. Using a customer relations management (CRM) increases accuracy and business efficiencies. In addition, MCC will utilize the system to process, store, and retain personal notations on meeting or business events. Personal notations can include information that promotes efficiencies in previous contact meetings, discussions, or events that have transpired in the past. Additionally, the system utilizes encrypted links to provide efficiencies in communications campaigns through mass email distribution, and event engagement opportunities to event attendees, or vendor groups.

Routine Use of Records Maintained in the System, Including Categeories of Users and the Purposes of Such Uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed to authorized entities, as determined to be relevant and necessary, outside MCC as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

Financial project monitoring or collections;

Due diligence background checks and screening;

Litigation or arbitration purposes;

Outside organizations contracted with OPIC for specific authorized activities;

National Archives and Records Administration (NARA) for records management purposes;

Contractors, interns, and government detailed personnel to perform OPIC authorized activities;

Audits and oversight;

Congressional inquiries;

Investigations of potential violations of law.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

This system is electronically stored in a government cloud service centrally located at a Salesforce GSA data center.

Safeguards:

MCC safeguards the information in accordance with applicable laws, rules and policies, including the Federal Information Security Modernization Act of 2014; OMB Circular A-130, Management of Federal Resources; Federal Risk and Authorization Management Program (FedRAMP); and MCC policies and procedures. MCC protects records from unauthorized access through appropriate administrative, physical, and technical safeguards. These safeguards include restricting access to authorized personnel who have need-to-know, and the process of authentication using user identifications (IDs) and passwords that function as an identity and authentication method of access. Personnel with authorized access to the system have received training in the proper handling of Privacy Act information and in information security requirements for both paper copies and electronically stored information.

Retention and Disposal:

MCC retains records in accordance with the National Archives and Records Administration (NARA), General Records Schedule (GRS).

Retrievability:

Records are retrievable by personal name, project name, or a combination of search functions available in the Salesforce CRM tool.

System Manager and Address:

Jason Bauer, Director of Finance, Investment and Trade (FIT), Department of Compact Operations, 1099 Fourteenth Street NW, Suite 700, Washington, DC, 20005-3550.

Notification Procedures:

Individuals seeking knowledge of the system's records must submit a written request to the MCC Privacy Officer, at the above mailing address, clearly marked as ``Privacy Act Request'' on the envelope and letter. The request must include the requestor's full name, current address, the name or number of the system to be searched, and if possible, the record identification number. The request must be signed by either notarized signature or by signature under penalty of perjury under 28 U.S.C. 1746.

Record Access Procedure:

Same as notification procedures.

Contesting Record Procedure:

Same as the notification procedure above; the request should also clearly and concisely describe the information contested, the reasons for contesting it, and the proposed amendment sought, pursuant to 45 CFR 5b.7.

Record Source Categories:

The federal employee collects and imports the contact information or event information directly to the system. Additionally, the www.MCC.gov public website events webform will import the contact information directly to the system.

Exemptions Claimed for the System:

None.

Dated: June 1, 2018.

Vincent T. Groh,

Privacy Officer for Millennium Challenge Corporation.

FR Doc. 2018-13305 Filed 6-20-18; 8:45 am

BILLING CODE 9211-03-P