[Federal Register Volume 84, Number 172 (Thursday, September 5, 2019)]
[Notices]
[Pages 46769-46771]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-19153]


=======================================================================
-----------------------------------------------------------------------

SMALL BUSINESS ADMINISTRATION


Privacy Act of 1974; System of Records

AGENCY: U.S. Small Business Administration.

ACTION: Notice of a New System of Records.

-----------------------------------------------------------------------

SUMMARY: The U.S. Small Business Administration (SBA) proposes to add a 
new system of records entitled Small Business Investment Company 
Information System (SBA # 40) to its inventory of records systems 
subject to the Privacy Act of 1974, as amended. Publication of this 
notice complies with the Privacy Act and the Office of Management and 
Budget (OMB) Circular A-108 requirement for agencies to publish a 
notice in the Federal Register whenever the agency establishes a new 
system of records. The SBA is in the process of modernizing its 
technology supporting the Small Business Investment Company (SBIC) 
program to further enhance the SBA's regulatory oversight and risk 
management of the SBIC program using modern private equity and 
alternative investment analytics and tools. The technology includes a 
Customer Relationship Management (CRM) tool, an investment and risk 
management tool, an information portal, and a data warehouse with 
associated Application Programming Interfaces (APIs). Some records may 
be maintained electronically and in paper format for desktop access or 
if required for legal purposes.

DATES: This action will be effective without further notice on 
September 1, 2019 unless comments are received that would result in a 
contrary determination.

ADDRESSES: Submit written comments to Marja Maddrie, Business 
Operations Officer, Office of Investment and Innovation, U.S. Small 
Business Administration, 409 3rd Street SW, Suite 6300, Washington, DC, 
20416.

FOR FURTHER INFORMATION CONTACT: Marja Maddrie, Business Operations 
Officer, Office of Investment and Innovation, U.S. Small Business 
Administration, 409 3rd Street SW, Suite 6300, Washington, DC, 20416, 
202-205-6980.

SUPPLEMENTARY INFORMATION: The Privacy Act of 1974 (5 U.S.C. 552a), as 
amended, embodies fair information practice principles in a statutory 
framework governing the means by which Federal agencies collect, 
maintain, use, and disseminate individuals' personal information. The 
Privacy Act applies to records about individuals that are maintained in 
a ``system of records.'' A system of records is a group of any records 
under the control of a Federal agency from which information is 
retrieved by the name of an individual or by a number, symbol or other 
identifier assigned to the individual. The Privacy Act requires each 
Federal agency to publish in the Federal Register a System of Records 
Notice (SORN) identifying and describing each system of records the 
agency maintains, the purposes for which the Agency uses the Personally 
Identifiable Information (PII) in the system, the routine uses for 
which the Agency discloses such information outside the Agency, and how 
individuals can exercise their rights related to their PII information.

SYSTEM NAME AND NUMBER:
    Small Business Investment Company Information System (SBICIS), # 
40.

SYSTEM CLASSIFICATION:
    Unclassified.

[[Page 46770]]

SYSTEM LOCATION:
    SBA Headquarters, 409 3rd Street SW, Washington, DC, 20416.

SYSTEM MANAGER(S):
    Marja Maddrie, Business Operations Officer, Office of Investment 
and Innovation, U.S. Small Business Administration, 409 3rd Street SW, 
Suite 6300, Washington, DC, 20416.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The Small Business Investment Act of 1958, as amended, 15 U.S.C. 
661, et seq.

PURPOSES OF THE SYSTEM:
    The SBICIS serves a centralized and automated framework for the 
organization, retrieval, and analysis of SBIC information which 
supports the SBA's oversight and risk management roles for the SBIC 
program.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The system covers individuals related to current and former (i) 
prospective SBIC license applicants, (ii) SBIC applicants, and (iii) 
SBICs. (Solely for the purposes of this SORN, the term ``SBIC'' refers 
to each of (i), (ii) and (iii) in the preceding sentence.) This 
includes managers, executives, members, and employees associated or 
affiliated with an SBIC, and personal and professional references for 
certain of the foregoing. It also includes SBIC investors, SBIC 
portfolio companies, certain SBIC portfolio company employees, SBIC 
service providers, and certain other individuals associated, affiliated 
or involved with an SBIC.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Personal and commercial information (e.g., name, address, credit 
history, background information, business information, financial 
information, investor commitments, identifying number or other personal 
identifiers, regulatory compliance information) on individuals and 
portfolio companies named in SBIC files.

RECORD SOURCE CATEGORIES:
    Information contained within this system is obtained from SBICs, 
SBIC authorized representatives, SBIC investors, SBIC portfolio 
companies, SBA employees, and commercial industry and government 
sources.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the information 
contained in this system may be disclosed to authorized entities, as is 
determined to be relevant and necessary, outside SBA as a routine use 
pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To the Department of Justice (DOJ), including offices of the U.S 
Attorneys, or other Federal agency conducting litigation or in 
proceedings before any court, adjudicative, or administrative body, 
when it is deemed by the SBA to be relevant or necessary to the 
litigation or the SBA has an interest in such litigation when any of 
the following are a party to the litigation or have an interest in the 
litigation: (1) Any employee or former employee of the SBA in his or 
her official capacity; (2) Any employee or former employee of the SBA 
in his or her individual capacity when DOJ or SBA has agreed to 
represent the employee or a party to the litigation or have an interest 
in the litigation; or (3) The United States or any agency thereof.
    B. To a Congressional office from the record of an individual in 
response to an inquiry from that Congressional office made at the 
request of the individual. The member's access rights are no greater 
than those of the individual.
    C. To the National Archives and Records Administration (NARA) or 
General Services Administration (GSA) pursuant to records management 
inspections being conducted under the authority of 44 U.S.C. 2904 and 
2906.
    D. To an agency or organization, including the SBA's Office of 
Inspector General, for the purpose of performing audit or oversight 
operations as authorized by law, but only such information as is 
necessary and relevant to such audit or oversight function.
    E. To appropriate agencies, entities, and persons when: (1) The SBA 
suspects or has confirmed that the security or confidentiality of 
information processed and maintained by the SBA has been compromised, 
(2) the SBA has determined that as a result of the suspected or 
confirmed compromise, there is a risk of identity theft or fraud, harm 
to economic or property interests, harm to an individual, or harm to 
the security or integrity of this system or other systems or programs 
(whether maintained by SBA or any other agency or entity) that rely 
upon the compromised information; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with the SBA's efforts to respond to the suspected or 
confirmed compromise and prevent, minimize, or remedy such harm.
    F. To another Federal agency or Federal entity, when the SBA 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in: (1) Responding 
to a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    G. To another agency or agent of a Government jurisdiction within 
or under the control of the U.S., lawfully engaged in national security 
or homeland defense when disclosure is undertaken for intelligence, 
counterintelligence activities (as defined by 50 U.S.C. 3003(3)), 
counterterrorism, homeland security, or related law enforcement 
purposes, as authorized by U.S. law or Executive Order.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Information stored by SBICIS is stored electronically and is 
protected through the implementation of access controls, user 
permissions, event logging, and monitoring. External media are further 
protected using encryption.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    SBICIS records are retrieved by SBIC or Portfolio Company Name, 
affiliation with a particular SBIC personal identifier, SBA identifier, 
employee identification number, or any other data field that would 
enable SBA to perform its official duties.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained in accordance with SBA Standard Operating 
Procedure (SOP) 00 41 2, schedules 65:02 through 65:06. Records 
maintained as part of the General Records Schedules (GRS) are disposed 
of in accordance with applicable SBA policies.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Access and use are limited to persons with official need to know. 
Users are evaluated on a recurring basis to ensure need-to-know still 
exists. Safeguards are implemented in accordance with the Federal 
Information Security Modernization Act of 2014 (FISMA) and are 
evaluated on a recurring basis to ensure desired operation.

RECORD ACCESS PROCEDURES:
    Individuals wishing to request access to records about them should 
submit a Privacy Act request to the SBA Chief, Freedom of Information 
and Privacy Act

[[Page 46771]]

Office, U.S. Small Business Administration, 409 Third St. SW, Eighth 
Floor, Washington, DC 20416 or [email protected]. Individuals must provide 
their full name, mailing address, personal email address, telephone 
number, and a detailed description of the records being requested. 
Individuals requesting access must also follow SBA's Privacy Act 
regulations regarding verification of identity and access to records 
(13 CFR part 102 subpart B).

CONTESTING RECORD PROCEDURES:
    Individuals wishing to contest information contained in records 
about them should submit a Privacy Act request to the SBA Chief, 
Freedom of Information and Privacy Act Office, U.S. Small Business 
Administration, 409 Third St. SW, Eighth Floor, Washington, DC 20416 or 
[email protected]. Individuals must provide their full name, mailing 
address, personal email address, telephone number, and a detailed 
description of the records being requested. Requesting individuals must 
follow SBA's Privacy Act regulations regarding verification of identity 
and access to records (13 CFR part 102 subpart B).

NOTIFICATION PROCEDURES:
    Individuals may make record inquiries in person or in writing to 
the Systems Manager through the SBA Chief, Freedom of Information and 
Privacy Act Office, U.S. Small Business Administration, 409 Third St. 
SW, Eighth Floor, Washington, DC 20416 or [email protected].

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

    Dated: August 26, 2019.
Marja Maddrie,
Business Operations Officer, Office of Investment and Innovation.
[FR Doc. 2019-19153 Filed 9-4-19; 8:45 am]
BILLING CODE 8026-03-P