[Federal Register Volume 83, Number 120 (Thursday, June 21, 2018)]
[Notices]
[Pages 28869-28870]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-13305]


=======================================================================
-----------------------------------------------------------------------

MILLENNIUM CHALLENGE CORPORATION


Privacy Act of 1974; New System of Records

AGENCY: Millennium Challenge Corporation (MCC).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: MCC proposes to add a new system of records to its inventory 
of records systems subject to the Privacy Act of 1974, as amended. This 
action complies with the requirements of the Privacy Act to publish in 
the Federal Register notice of the existence and character of records 
maintained by the agency. The system has been operational since June 
29, 2016 without incident.

DATES: This action will be applicable without further notice 30 days 
after date of publication in the Federal Register.

ADDRESSES: Send written comments to the Millennium Challenge 
Corporation, ATTN: Vincent T. Groh, Chief Information Officer, 
Department of Administration and Finance, 1099 Fourteenth Street NW, 
Suite 700, Washington, DC, 20005-3550.

FOR FURTHER INFORMATION CONTACT: Miguel G. Adams, Chief Information 
Security Officer and Deputy Privacy Officer, Millennium Challenge 
Corporation, [email protected], 202-521-3574.

SUPPLEMENTARY INFORMATION: MCC is giving notice of a system of records 
pursuant to the Privacy Act of 1974 (5 U.S.C. 552a) for the MCC-
Business Relations System (MCC-BRS). MCC utilizes MCC-BRS to provide 
automated processing of business transactions related MCC's mission of 
reducing global poverty through growth. MCC-BRS utilizes the Salesforce 
Government Cloud information system for collecting, storing, and 
processing the information. Various elements within MCC will utilize 
MCC-BRS for their business functions; they include the departments of 
Congressional and Public Affairs (CPA) Department, and the Department 
of Compact Operations (DCO). Business functions within DCO include the 
Finance, Investment and Trade (FIT), Environmental and Social 
Performance (ESP), and the Office of Strategic Partnerships (OSP).
    Salesforce Government Cloud meets the federal government's 
objectives of cloud computing to reduce procurement and operating costs 
to the federal government. In addition, Salesforce Government Cloud 
meets the Federal Information Processing Standards Publication (FIPS)--
200, Minimum Security Requirements for Federal Information and 
Information Systems as an authorized Federal Risk and Authorization 
Management Program (FedRAMP) information system. MCC utilizes MCC-BRS 
to achieve the following business objectives: 1. To create and maintain 
a system that optimizes MCC's ability to analyze, manage, engage, and 
grow external stakeholders; 2. To create and manage business engagement 
opportunities that promote MCC's mission in an organized and efficient 
manner; 3. To provide in person or online event management and 
communications campaigns for external stakeholder engagement; and 4. To 
provide the agency with the means to: track and manage future financial

[[Page 28870]]

opportunity data, create and manage MCC event data, access dashboards, 
and generate accurate reporting and analytics.
SYSTEM NUMBER
    MCC-001.

System Name:
    MCC-Business Relations System (MCC-BRS).

System Classification:
    Unclassified.

Categories of Individuals Covered by the System:
    Records in this system process information on international and 
domestic contracting firm owners and employees, small to medium 
business owners and employees; and other individuals that are contacts 
or leads for potential vendors.

Categories of Records in the System:
    The categories include: 1. Personally identifiable information 
(PII); such as, name, company name, job title, business address, 
business phone number, country or country region, email, and notes on a 
meeting or event; and 2. Meeting notes.

Authority for Maintenance of the System:
    22 U.S.C. 7705, Chapter 84--Millennium Challenge.

Purpose of the System:
    MCC staff will use the system to collect, store, and process 
business contact information that will contain PII. The information 
collected achieves MCC's core functions of reducing global poverty 
through economic growth by aligning business contacts with MCC's 
mission. The PII information collected is similar to the information on 
a business card. Using a customer relations management (CRM) increases 
accuracy and business efficiencies. In addition, MCC will utilize the 
system to process, store, and retain personal notations on meeting or 
business events. Personal notations can include information that 
promotes efficiencies in previous contact meetings, discussions, or 
events that have transpired in the past. Additionally, the system 
utilizes encrypted links to provide efficiencies in communications 
campaigns through mass email distribution, and event engagement 
opportunities to event attendees, or vendor groups.

Routine Use of Records Maintained in the System, Including Categeories 
of Users and the Purposes of Such Uses:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed to authorized 
entities, as determined to be relevant and necessary, outside MCC as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
     Financial project monitoring or collections;
     Due diligence background checks and screening;
     Litigation or arbitration purposes;
     Outside organizations contracted with OPIC for specific 
authorized activities;
     National Archives and Records Administration (NARA) for 
records management purposes;
     Contractors, interns, and government detailed personnel to 
perform OPIC authorized activities;
     Audits and oversight;
     Congressional inquiries;
     Investigations of potential violations of law.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    This system is electronically stored in a government cloud service 
centrally located at a Salesforce GSA data center.

Safeguards:
    MCC safeguards the information in accordance with applicable laws, 
rules and policies, including the Federal Information Security 
Modernization Act of 2014; OMB Circular A-130, Management of Federal 
Resources; Federal Risk and Authorization Management Program (FedRAMP); 
and MCC policies and procedures. MCC protects records from unauthorized 
access through appropriate administrative, physical, and technical 
safeguards. These safeguards include restricting access to authorized 
personnel who have need-to-know, and the process of authentication 
using user identifications (IDs) and passwords that function as an 
identity and authentication method of access. Personnel with authorized 
access to the system have received training in the proper handling of 
Privacy Act information and in information security requirements for 
both paper copies and electronically stored information.

Retention and Disposal:
    MCC retains records in accordance with the National Archives and 
Records Administration (NARA), General Records Schedule (GRS).

Retrievability:
    Records are retrievable by personal name, project name, or a 
combination of search functions available in the Salesforce CRM tool.

System Manager and Address:
    Jason Bauer, Director of Finance, Investment and Trade (FIT), 
Department of Compact Operations, 1099 Fourteenth Street NW, Suite 700, 
Washington, DC, 20005-3550.

Notification Procedures:
    Individuals seeking knowledge of the system's records must submit a 
written request to the MCC Privacy Officer, at the above mailing 
address, clearly marked as ``Privacy Act Request'' on the envelope and 
letter. The request must include the requestor's full name, current 
address, the name or number of the system to be searched, and if 
possible, the record identification number. The request must be signed 
by either notarized signature or by signature under penalty of perjury 
under 28 U.S.C. 1746.

Record Access Procedure:
    Same as notification procedures.

Contesting Record Procedure:
    Same as the notification procedure above; the request should also 
clearly and concisely describe the information contested, the reasons 
for contesting it, and the proposed amendment sought, pursuant to 45 
CFR 5b.7.

Record Source Categories:
    The federal employee collects and imports the contact information 
or event information directly to the system. Additionally, the 
www.MCC.gov public website events webform will import the contact 
information directly to the system.

Exemptions Claimed for the System:
    None.

    Dated: June 1, 2018.
Vincent T. Groh,
Privacy Officer for Millennium Challenge Corporation.
[FR Doc. 2018-13305 Filed 6-20-18; 8:45 am]
BILLING CODE 9211-03-P