89 FR 74 pgs. 26998-26999 - Privacy Act of 1974; System of Records
Type: NOTICEVolume: 89Number: 74Pages: 26998 - 26999
Pages: 26998, 26999FR document: [FR Doc. 2024-08000 Filed 4-15-24; 8:45 am]
Agency: Small Business Administration
Official PDF Version: PDF Version
[top]
SMALL BUSINESS ADMINISTRATION
Privacy Act of 1974; System of Records
AGENCY:
U.S. Small Business Administration.
ACTION:
Notice of a modified system of records.
SUMMARY:
The U.S. Small Business Administration (SBA) proposes to modify its system of records titled, Small Business Investment Company Information System (SBICIS) (SBA 40), to update its inventory of records systems subject to the Privacy Act of 1974, as amended. Publication of this notice complies with the Privacy Act and the Office of Management and Budget (OMB) Circular A-108 and Circular A-130. System of Records Notice (SORN) titled, Small Business Investment Company Information System (SBA 40), serves as a centralized and automated framework for the organization, retrieval, and analysis of SBIC information which supports the SBA's oversight and risk management roles for the SBIC program.
DATES:
Submit comments on or before May 16, 2024. This revised system will be effective upon publication. Routine uses will become effective on the date following the end of the comment period unless comments are received which result in a contrary determination.
ADDRESSES:
You may submit comments on this notice, identified by [DOCKET NUMBER SBA-2023-0014], by any of the following methods:
Federal e-Rulemaking Portal: http://www.regulations.gov: Follow the instructions for submitting comments. Mail/Hand Delivery/Courier: Submit written comments to: Kerry Vance, Director, Information Technology and Data Strategy, Office of Investment and Innovation, U.S. Small Business Administration, 409 3rd Street SW, Washington, DC 20416.
FOR FURTHER INFORMATION CONTACT:
General questions, please contact Kerry Vance, Director, Information Technology and Data Strategy, Office of Investment and Innovation, U.S. Small Business Administration, 409 3rd Street SW, Washington, DC 20416 or via email, Kerry.Vance@sba.gov, telephone 202-205-6160 or Kelvin L. Moore, Chief Information Security Officer, Office of the Chief Information Officer, U.S. Small Business Administration, 409 3rd Street SW, Suite 4000, Washington, DC 20416, email address: Kelvin.Moore@sba.gov, telephone 202-921-6273. For Privacy related matters, please contact LaWanda Burnette, Chief Privacy Officer, Office of the Chief Information Officer, or via email to Privacyofficer@sba.gov.
SUPPLEMENTARY INFORMATION:
The Privacy Act of 1974 (5 U.S.C. 552a), as amended, embodies fair information practice principles in a statutory framework governing how federal agencies collect, maintain, use, and disseminate individuals' personal information. The Privacy Act applies to records about individuals that are maintained in a "system of records." A system of records is any group of records under the control of a federal agency from which information is retrieved by the name of an individual or by a number, symbol or any other identifier assigned to the individual. The Privacy Act requires each federal agency to publish in the Federal Register a System of Records Notice (SORN) identifying and describing each system of records the agency maintains, the purpose for which the agency uses the Personally Identifiable Information (PII) in the system, the routine uses for which the agency discloses such information outside the agency, and how individuals can exercise their rights related to their PII information.
The modified Privacy Act system of records titled Small Business Investment Company Information System (SBICIS) (SBA 40) will be used to provide notice to current and former (i) prospective Small Business Investment Company license applicants, (ii) SBIC applicants, (iii) SBICs (solely for the purpose of this SORN, the term "SBIC" refers to each of (i), (ii), and (iii). This includes managers, executives, members, and employees associated or affiliated with an SBIC, and personal and professional references for certain of the foregoing. It also includes SBIC investors, SBIC portfolio companies, certain SBIC portfolio company employees, SBIC service providers, and certain other individuals associated, affiliated or involved with an SBIC.
Additionally, this modification to the system of records Small Business Investment Company Information System (SBICIS) (SBA 40) also includes changing the short name to SBA SBICIS 40 to easily identify the system short name with its numeric value. Lastly, this modification adds three new routine uses: (H), (I) and (J), respectively.
This system of records is comprised of electronic records managed by the Office of Investment and Innovation (OII). SBA SBICIS 40 will not have any undue impact on the privacy of individuals and its use is compatible with collection.
SYSTEM NAME AND NUMBER:
Small Business Investment Company Information System (SBA SBICIS 40).
SECURITY CLASSIFICATION:
Controlled Unclassified Information
SYSTEM LOCATION:
SBA Headquarters, 409 3rd Street SW, Washington, DC 20416 and vendor cloud platform.
SYSTEM MANAGER(S):
Kerry Vance, Director, Information Technology and Data Strategy, Office of Investment and Innovation, U.S. Small Business Administration, 409 3rd Street SW, Washington, DC 20416 or via email Kerry.Vance@sba.gov, telephone 202-205-6160.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
The Small Business Investment Act of 1958, as amended, 15 U.S.C. 661, et seq.
CATEGORIES OF RECORDS IN THE SYSTEM:
[top] Personal and commercial information (including name, address, telephone number, credit history, background information, business information, employer identification number, SBIC License number, financial information, investor commitments, identifying number or other personal identifiers, regulatory compliance information) on individuals and portfolio companies named in SBIC files.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the information contained in this system may be disclosed to authorized entities, as is determined to be relevant and necessary, outside SBA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To the Department of Justice (DOJ), including offices of the U.S. Attorneys, or other Federal agency conducting litigation or in proceedings before any court, adjudicative, or administrative body, when it is deemed by the SBA to be relevant or necessary to the litigation or SBA has an interest in such litigation when any of the following are a party to the litigation or have an interest in the litigation: (1) Any employee or former employee of the SBA in his or her official capacity; (2) Any employee or former employee of the SBA in his or her individual capacity when DOJ or SBA has agreed to represent the employee or a party to the litigation or have an interest in the litigation; or (3) The United States or any agency thereof.
B. To a Congressional office from the record of an individual in response to an inquiry from that Congressional office made at the request of the individual. The member's access rights are no greater than those of the individual.
C. To the National Archives and Records Administration (NARA) or General Services Administration (GSA) pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.
D. To an agency or organization, including the SBA's Office of Inspector General, for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.
E. To appropriate agencies, entities, and persons when: (1) The SBA suspects or has confirmed that the security or confidentiality of information processed and maintained by the SBA has been compromised, (2) the SBA has determined that as a result of the suspected or confirmed compromise, there is a risk of identity theft or fraud, harm to economic or property interests, harm to an individual, or harm to the security or integrity of this system or other systems or programs (whether maintained by SBA or any other agency or entity) that rely upon the compromised information; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the SBA's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.
F. To another Federal agency or Federal entity, when the SBA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in: (1) Responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
G. To another agency or agent of a government jurisdiction within or under the control of the U.S., lawfully engaged in national security or homeland defense when disclosure is undertaken for intelligence, counterintelligence activities (as defined by 50 U.S.C. 3003(3)), counterterrorism, homeland security, or related law enforcement purposes, as authorized by U.S. law or Executive Order.
H. To other Federal agencies or Federal entities when mandated by executive orders or statute, or as documented by a Memorandum of Understanding or Memorandum of Agreement or Information Exchange Agreement or Data Sharing Agreement ("Agreements") and approved by the applicable Authorizing Officials in compliance with the Privacy Act of 1974, as amended, 5 U.S.C. 552a and SBA's policies. These Agreements may be subject to review and approval by SBA's Office of General Counsel and SBA's Senior Agency Official for Privacy or designee and are for the purpose of performing analysis, metrics, or reports in support of marketing or initiatives and programs that SBICs may opt into participate in without any obligation or commitment.
I. To other Federal agencies or Federal entities in aggregate and anonymized for the purpose of marketing, trends, statistical analysis, forecasting, reporting, and research where the information must preserve anonymity.
J. To SBA contractors, grantees, interns, regulators, and experts who have been engaged by SBA to assist in the performance and performance improvement of a service related to this system of records and who need access to the records to perform this activity which may also include for regulatory purposes. Recipients of these records shall be required to comply with the requirements of the Privacy Act of 1974, as amended, 5 U.S.C. 552a.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
SBICIS records are retrieved by SBIC or Portfolio Company Name, affiliation with a particular SBIC personal identifier, SBA identifier, employer identification number, or any other data field that would enable SBA to perform its official duties.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are maintained in accordance with SBA Standard Operating Procedure (SOP) 00 41 latest edition, applicable General Records Schedules (GRS) and are disposed of in accordance with applicable SBA policies.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Information stored by SBICIS is stored electronically and supported by the applicable Privacy Impact Assessment(s). Data is protected through the implementation of access controls-least permissions, role-based user permissions, event logging, monitoring, security assessment and authorization reviews, encryption transmission and encrypted data at rest. Safeguards implemented comply to SBA policies, industry best practices, and Federal Government standards, memoranda, and circulars.
RECORD ACCESS PROCEDURES:
Individuals wishing to request access to records about them should submit a Privacy Act request to the SBA Chief, Freedom of Information and Privacy Act Office, U.S. Small Business Administration, 409 Third St. SW, Eighth Floor, Washington, DC 20416 or FOIA@sba.gov. Individuals must provide their full name, mailing address, personal email address, telephone number, and a detailed description of the records being requested. Individuals requesting access must also follow SBA's Privacy Act regulations regarding verification of identity and access to records (13 CFR part 102 subpart B).
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
[FR Doc. 2019-19153, Vol. 84, No. 172]
Jennifer Shieh,
Acting, Deputy Associate Administrator, Office of Investment and Innovation.
[FR Doc. 2024-08000 Filed 4-15-24; 8:45 am]
BILLING CODE 8026-09-P