[Federal Register Volume 85, Number 137 (Thursday, July 16, 2020)]
[Notices]
[Pages 43210-43222]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-15398]


=======================================================================
-----------------------------------------------------------------------

U.S. INTERNATIONAL DEVELOPMENT FINANCE CORPORATION


Privacy Act of 1974; System of Records

AGENCY: U.S. International Development Finance Corporation (DFC).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: The Better Utilization of Investments Leading to Development 
(BUILD) Act of 2018 created the U.S. International Development Finance 
Corporation (DFC) by bringing together the Overseas Private Investment 
Corporation (OPIC) and the Development Credit Authority (DCA) office of 
the U.S. Agency for International Development (USAID). Section 1466(a)-
(b) of the Act provides that all completed administrative actions shall 
apply, while all pending proceedings shall continue, through the 
transition to the DFC. Accordingly, DFC is issuing a revised system of 
records modifying all the systems of records previously published under 
OPIC's authority.

DATES: The systems are effective upon publication in today's Federal 
Register, with the exception of changes to the routine uses, which are 
effective August 17, 2020, unless we receive comments that result in a 
contrary determination.

ADDRESSES: Written comments may be submitted by any of the following 
methods:
     Mail: Mark Rein, Office of the Chief Information Officer, 
U.S. International Development Finance Corporation, 1100 New York 
Avenue NW, Washington, DC 20527.
     Email: [email protected].
    Instructions: All submissions received must include the system name 
and number for the system to which the comments relate. Please note 
that all written comments received in response to this notice will be 
considered public records.

FOR FURTHER INFORMATION CONTACT: Chief Information Officer, Mark Rein, 
(202) 336-8404.

SUPPLEMENTARY INFORMATION: 
    I. Background: OPIC previously published System of Records Notices 
(SORN) at 64 FR 37152 (Jul. 9 1999), 69 FR 59279 (Oct. 4, 2004), 74 FR 
16430 (Apr. 10, 2009), and 80 FR 30288 (May 27, 2015). These SORNs were 
transferred to DFC under the BUILD Act of 2018. In accordance with the 
Privacy Act of 1974, 5 U.S.C. 552a, DFC proposes to: Delete OPIC-3 as 
this has been replaced by GSA/GOVT-7. Delete OPIC-7 as this has been 
replaced by OPM/GOVT-3. Delete OPIC-9 and OPIC-14 as these have been 
replaced by OPM/GOVT-1. Delete OPIC-17 as this has been replaced by 
GSA/GOVT-4. Delete OPIC-1, OPIC-14, OPIC-19, and OPIC-22 as these have 
been replaced by DFC/03. Delete OPIC-10 as this has been replaced by 
DFC/04. Delete OPIC-2, OPIC-5, OPIC-6, OPIC-8, OPIC-12, OPIC-13, OPIC-
15, OPIC-16, OPIC-20, and OPIC-21 as these files are no longer 
maintained. OPIC-4 is renumbered DFC/04 and amended to include records 
previously covered by OPIC-10. OPIC-11 is renumbered DFC/07. OPIC-12 is 
renumbered DFC/08 and renamed Executive Photographs. OPIC-18 is 
renumbered DFC/06 and renamed Board of Directors. OPIC-22 is renumbered 
DFC/03. OPIC-23 is renumbered DFC/02. Add DFC/01, Oracle E-Business 
Suite (EBS) and DFC/05, FedTalent.
    II. Privacy Act: The Privacy Act of 1974, as amended, embodies fair 
information practice principles in a statutory framework governing the 
means by which Federal agencies collect, maintain, use, and disseminate 
individuals' records. The Privacy Act applies to records about 
individuals;

[[Page 43211]]

these records are maintained in a ``system of records,'' which refers 
to a group of any records under the control of an agency from which 
information is retrieved by the name of an individual or by some 
identifying number, symbol, or other identifying particular assigned to 
the individual. The Privacy Act defines an individual as a United 
States citizen or an alien lawfully admitted for permanent residence. 
Individuals may request access to their own records that are maintained 
in a system of records in the possession or under the control of the 
DFC by complying with Privacy Act regulations at 22 Code of Federal 
Regulations (CFR) Part 707 and following the procedures outlined in the 
Records Access, Contesting Record, and Notification Procedures sections 
of this notice. The Privacy Act requires each agency to publish in the 
Federal Register a description denoting the existence and character of 
each system of records that the agency maintains and the routine uses 
of each system. In accordance with 5 U.S.C. 552a(r), the DFC has 
provided a report of this system of records to the Office of Management 
and Budget (OMB) and to Congress. As this revision is significant, a 
full list of the Agency's systems of records is set forth below.

SYSTEM NAME AND NUMBER:
    Oracle E-Business Suite (EBS), DFC/01.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    1100 New York Avenue NW, Washington, DC 20527.

SYSTEM MANAGER(S):
    Business System Owner, Managing Director, Financial Management, 
U.S. International Development Finance Corporation, 1100 New York 
Avenue NW, Washington, DC 20527; Phone: (202) 336-8400. Technical 
System Owner, Business Information Systems Director, Office of the 
Chief Information Officer, U.S. International Development Finance 
Corporation, 1100 New York Avenue NW, Washington, DC 20527; Phone: 
(202) 336-8400.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Where applicable, electronic payments are required under Federal 
Acquisition Regulation 52.232-25. Electronic payments require a 
Taxpayer Identification Number (TIN) data element. Federal financial 
mandates and legal authorities govern financial management systems that 
support the collection of the information in EBS. These mandates and 
authorities include the Chief Financial Officers Act of 1990, Public 
Law 101-576, and the Federal Financial Management Improvement Act 
(FFMIA) of 1996, Public Law 104-208, as well as guidance issued by OMB: 
OMB Circular A-123, Management's Responsibility for Internal Control; 
OMB Memorandum 16-11, Improving Administrative Functions Through Shared 
Services; and OMB Memorandum 13-08, Improving Financial Systems Through 
Shared Services.

PURPOSE(S) OF THE SYSTEM:
    The primary purpose of Oracle EBS is to function as the financial 
system of record for the Agency. It is the primary application employed 
to record all financial transactions related to the Agency's 
administrative business accounting and working capital budgets.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The categories of individuals and entities covered by this system 
are identified as Federal government agencies and institutions; state 
and local government agencies and institutions; domestic private 
individuals, entities, and institutions conducting business with the 
Agency; full- and part-time employees of the Agency; Personal Services 
Contractors (PSC); foreign government agencies and institutions; 
foreign private individuals, entities, and institutions conducting 
business with the Agency; and foreign entities and institutions who act 
as participants or intermediaries in financial transactions with the 
Agency.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Personally identifiable records that are stored in the system 
consist of individual or company names, points of contact, mailing 
addresses, remittance addresses, telephone numbers, contract/award 
numbers, email addresses, TIN, Social Security Numbers (SSN), Data 
Universal Numbering System (DUNS) numbers, and bank account information 
including routing numbers, account numbers, Society for Worldwide 
Interbank Financial Telecommunication (SWIFT) codes, International Bank 
Account Numbers (IBAN), and account titles.

RECORD SOURCE CATEGORIES:
    Insight (Salesforce.com) (DFC/02): The Agency's back office 
software that collects data from external customers completing and 
submitting web-based business application electronic forms. Insight is 
DFC's back-office data collection system where business- and product 
specific information is processed. System for Award Management (SAM) 
(GSA/GOVT-9): The U.S. Government's official vendor portal where 
vendors self-maintain their business information. Carlson Wagonlit Sato 
Travel E2 Solutions System (E2) (GSA/GOVT-4): An electronic travel 
system that includes travel authorizations, travel vouchers, and 
miscellaneous reimbursements data that is directly received from the 
customer or employee.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside of DFC as 
a routine use under U.S.C. 552a(b)(3), as stated in the Notice and here 
for this modification. This modification includes a new routine use for 
the Do Not Pay initiative in compliance with Improper Payments, which 
is compatible with the following routine uses of this system of records 
of a financial management system: (1) The two required routine uses 
identified in OMB M-17-12 for notice and breach notification, which is 
compatible with the necessity of the government to deal with breaches; 
and (2) routine use for contractors, grantees, etc., and system 
support, which is compatible with the need of contractor support for 
Financial Systems. The other routine uses are compatible with the EBS 
system of records as a financial system. The routine use satisfies the 
compatibility requirement of the Privacy Act. The records or 
information contained therein may specifically be disclosed as a 
routine use, as stated below. The Agency will, when so authorized, make 
the determination as to the relevancy of a record prior to its decision 
to disclose:
    A. To the Department of Treasury for Administering the Do Not Pay 
Initiative under the Improper Payments Elimination and Recovery 
Improvement Act of 2012 (IPERIA). As required by IPERIA, the Bipartisan 
Budget Act of 2013, and the Federal Improper Payments Coordination Act 
of 2015 (FIPCA), records maintained in this system will be disclosed to 
(a) a Federal or state agency, its employees, agents (including 
contractors of its agents) or contractors; or, (b) a fiscal or 
financial agent designated by the Bureau of Fiscal Service or other 
Department of the Treasury bureau or office, including employees, 
agents, or contractors of such agent; or, (c) a contractor of the 
Bureau of Fiscal Service, for the purpose of identifying, preventing, 
and

[[Page 43212]]

recovering improper payments to an applicant for, or recipient of, 
Federal funds. Records disclosed under this routing use may be used to 
conduct computerized comparison to identify, prevent, and recover 
improper payments, and to identify and mitigate fraud, waste, and abuse 
in federal payments.
    B. Disclosure for Enforcement, Statutory, and Regulatory Purposes. 
Information may be disclosed to the appropriate Federal, state, local, 
foreign, or self-regulatory organization or agency responsible for 
investigating, prosecuting, enforcing, implementing, issuing, or 
carrying out a statute, rule, regulation, order, policy, or license if 
the information may be relevant to a potential violation of civil or 
criminal law, rule, regulation, order, policy, or license.
    C. Disclosure to Another Federal Agency When Requesting 
Information. Information may be disclosed to a Federal agency in the 
executive, legislative, or judicial branch of government in connection 
with the hiring, retaining, or assigning of an employee; the issuance 
of a security clearance; the conducting of a security or suitability 
investigation of an individual; the classifying of jobs; the letting of 
a contract; the issuance of a license, grant, or other benefits by the 
receiving entity; or the lawful statutory, administrative, or 
investigative purpose of the receiving entity to the extent that the 
information is relevant and necessary to the receiving entity's 
decision on the matter.
    D. Disclosure to a Member of Congress and Congressional Inquiries. 
Information may be disclosed to a congressional office in response to 
an inquiry from the congressional office made at the request of the 
individual to whom the record pertains.
    E. Disclosure to the Department of Justice (DOJ), a Court, an 
Adjudicative Body or Administrative Tribunal, or a Party in Litigation. 
Information may be disclosed to DOJ, a court, an adjudicative body or 
administrative tribunal, a party in litigation, or a witness if the 
Agency (or in the case of an Office of Inspector General (OIG) system, 
the OIG) determines, in its sole discretion, that the information is 
relevant and necessary to the matter.
    F. Disclosure to the Merit Systems Protection Board (MSPB), the 
Office of Government Ethics (OGE), Equal Employment Opportunity 
Commission (EEOC), and Office of Special Counsel (OSC). Information may 
be disclosed to the EEOC, the MSPB, the OGE, or the OSC to the extent 
determined to be relevant and necessary to carrying out their 
authorized functions.
    G. Disclosure to the EEOC, the Office of Personnel Management 
(OPM), or the Fair Labor Relations Authority (FLRA) In Response to a 
Formal Grievance, Complaint, or Appeal Filed by an Employee. 
Information may be disclosed to the EEOC, OPM, FLRA, or other agency 
grievance examiner, formal complaints examiner, arbitrator, or other 
duly authorized official engaged in the investigation or settlement of 
a grievance, complaint, or appeal filed by an employee.
    H. Disclosure When Security or Confidentiality Has Been 
Compromised. Information may be disclosed when (1) it is suspected or 
confirmed that security or confidentiality of information has been 
compromised; (2) the Agency has determined that, as a result of the 
suspected or confirmed compromise, there is a risk of harm to economic 
or property interests, identity theft or fraud, or harm to the security 
or integrity of the system or other systems or programs (whether 
maintained by the Agency or another agency or entity) that rely upon 
the compromised information; and (3) the disclosure is made to such 
agencies, entities, and persons who are reasonably necessary to assist 
in connection with the Agency's efforts to respond to the suspected or 
confirmed compromise and prevent, minimize, or remedy such harm.
    I. Disclosure to Contractors, Agents, and Others. Information may 
be disclosed to contractors, agents, or others performing work on a 
contract, service, cooperative agreement, job, or other activity for 
the Agency and who have a need to access the information in the 
performance of their duties or activities for the Agency.
    J. Disclosure to Any Source from Which Additional Information Is 
Requested During the Acquisition and Procurement Contract Lifecycle 
Management Process. Information may be disclosed in connection with the 
requisitioning, commitments, obligations, invoicing, travel expense 
reimbursements, and reimbursements to employees for local travel 
expenses and other ancillary expenses.
    K. Disclosure of Information in Connection with Business 
Transaction Activities to a Federal Agency. Information may be 
disclosed to the Treasury Department via electronic file to enable 
processing of business payment and payable commitments for the life of 
each business transaction.
    L. Disclosure of Information in Connection with Business 
Transaction Activities to a Federal Agency. Information may be 
disclosed to a Federal agency in connection with initial due diligence 
processes in assessing new business transaction proposals and as part 
of the improper payment risk mitigation process that occurs for the 
life of each business transaction.
    M. Disclosure of Information to Another Federal Agency, a Court, or 
a Third Party. Information may be disclosed where the counterparty to a 
business transaction has not remitted agreed upon and contracted fees 
for an extended period of time.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored in paper and electronic form.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records can be retrieved by transaction record number, name, 
address, telephone numbers and other identifying information.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are retained and disposed of as prescribed under the 
National Archives and Records Administration (NARA) General Records 
Schedule. The information used to enter data into EBS is maintained for 
seven years. Paper records are disposed of by shredding or pulping, and 
records maintained on electronic media are degaussed or erased in 
accordance with the applicable records retention schedule and NARA 
guidelines.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Access to records in this system is controlled and managed pursuant 
to applicable policies and rules, including OPM's Information and 
Security & Privacy Policy. The use of password protection, system 
authentication, and other system protection methods also provides 
additional safeguards to restrict access. System access and access to 
the records contained within the system are limited to those 
individuals who have an official need for system access in order to 
perform their official responsibilities and duties.

NOTIFICATION PROCEDURES:
    Requests by individuals concerning the existence of a record may be 
submitted in writing, addressed to the system manager above. The 
request must comply with the requirements of 22 CFR 707.21.

RECORD ACCESS PROCEDURES:
    Same as above.

[[Page 43213]]

CONTESTING RECORD PROCEDURES:
    Requests by individuals to amend their record must be submitted in 
writing, addressed to the system manager above. Requests for amendments 
to records and requests for review of a refusal to amend a record must 
comply with the requirements of 22 CFR 707.23.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    Not Applicable.

SYSTEM NAME AND NUMBER:
    Salesforce Customer Relationship Management System (``Insight''); 
DFC/02.

SYSTEM CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The system is located in an Enterprise Government Cloud Service 
environment. The system is hosted at secured Salesforce General 
Services Administration (GSA) data centers (NA-21) located in 
Washington, DC and Chicago, IL; one site acts as the active host and 
the alternative site acts as the disaster recovery location operating 
under near-real time replication protocol.

SYSTEM MANAGER(S):
    Business System Owner, Managing Director for Finance Program 
Systems and Procedures, U.S. International Development Finance 
Corporation, 1100 New York Avenue NW, Washington, DC 20527; Phone: 
(202) 336-8400. Technical Systems Owner, Business Information Systems 
Director, U.S. International Development Finance Corporation, 1100 New 
York Avenue NW, Washington, DC 20527; Phone: (202) 336-8400.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The system covers individuals representing, guaranteeing, 
sponsoring, owning, or managing a potential or actual DFC project under 
all DFC products. Information about these individuals is entered 
directly into the system by potential clients filling out application 
forms on the Agency's electronic forms web-portal or manually when DFC 
officers input data during a project's lifecycle.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system contains the information needed for processing Agency 
projects and contains information about individuals and other entities 
involved in those projects. Depending on the level of connection of an 
individual to the project, personal information on the individual may 
be maintained. This includes full name, date of birth, country of 
birth, citizenship, personally identifying number, address, contact 
information, and professional experience.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    BUILD Act, 22 U.S.C. 9601 et seq.; 44 U.S.C. 3101, et seq.

PURPOSE OF THE SYSTEM:
    This system will facilitate project lifecycle management from 
project intake to project closeout for all DFC products. The 
information in the system will be used to administer the projects as 
necessary, including internally tracking and managing client contact 
information and the status (but not the detailed results) of Know Your 
Customer (KYC) due diligence performed on businesses and individuals 
associated with each project. Data from this system may also be used 
for evaluating the effectiveness of DFC's products and programs and 
improving upon them.

RECORD SOURCE CATEGORIES:
    Information is collected directly from clients using a public-
facing web portal which collects customer and project data from 
applicants. Direct input: Some account, contact, and project data are 
input directly by DFC officers in the course of keeping project records 
up to date. Oracle EBS (DFC/01): Pertinent financial data is sent to 
Insight to provide DFC officers with accessible information related to 
project status.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, these records of information contained 
therein may specifically be disclosed outside of the Agency. The 
records or information contained therein may specifically be disclosed 
as a routine use, as stated below. The Agency will, when so authorized, 
make the determination as to the relevancy of a record prior to its 
decision to disclose information under the following circumstances:
    A. Disclosure for Enforcement, Statutory, and Regulatory Purposes. 
Information may be disclosed to the appropriate Federal, state, local, 
foreign, or self-regulatory organization or agency responsible for 
investigating, prosecuting, enforcing, implementing, issuing, or 
carrying out a statute, rule, regulation, order, policy, or license if 
the information may be relevant to a potential violation of civil or 
criminal law, rule, regulation, order, policy, or license.
    B. Disclosure to a Member of Congress and Congressional Inquiries. 
Information may be disclosed to a congressional office in response to 
an inquiry from the congressional office made at the request of the 
individual to whom the record pertains.
    C. Disclosure to DOJ, a Court, an Adjudicative Body or 
Administrative Tribunal, or a Party in Litigation. Information may be 
disclosed to DOJ, a court, an adjudicative body or administrative 
tribunal, a party in litigation, or a witness if the Agency (or in the 
case of an OIG system, the OIG) determines, in its sole discretion, 
that the information is relevant and necessary to the matter.
    D. Disclosure When Security or Confidentiality Has Been 
Compromised. Information may be disclosed when (1) it is suspected or 
confirmed that security or confidentiality of information has been 
compromised; (2) the Agency has determined that, as a result of the 
suspected or confirmed compromise, there is a risk of harm to economic 
or property interests, identity theft or fraud, or harm to the security 
or integrity of the system or other systems or programs (whether 
maintained by the Agency or another agency or entity) that rely upon 
the compromised information; and (3) the disclosure is made to such 
agencies, entities, and persons who are reasonably necessary to assist 
in connection with the Agency's efforts to respond to the suspected or 
confirmed compromise and prevent, minimize, or remedy such harm.
    E. Disclosure to Contractors, Agents, and Others. Information may 
be disclosed to contractors, agents, or others performing work on a 
contract, service, cooperative agreement, job, or other activity for 
the Agency and who have a need to access the information in the 
performance of their duties or activities for the Agency.
    F. Disclosure to Any Source from Which Additional Information Is 
Requested During Commitment of Payments. As needed, Insight 
automatically transfers information to Oracle EBS (DFC/01) to commit 
payments from DFC as part of the Agency's core business transactions.
    G. Disclosure of Information in Connection with Loan Payments to a 
Federal Agency. As needed, authorized DFC personnel manually input 
disbursement records into Oracle and the Treasury portal to enable loan 
payments.

[[Page 43214]]

    H. Disclosure of Information in Connection with Business 
Transaction Activities to a Federal Agency. Information may be 
disclosed to a Federal agency in connection with initial due diligence 
processes in assessing new business transaction proposals and as part 
of the improper payment risk mitigation process that occurs for the 
life of each business transaction.
    I. Disclosure of Information to Another Federal Agency, a Court, or 
a Third Party. Information may be disclosed where the counterparty to a 
business transaction has not remitted agreed upon and contracted fees 
for an extended period of time.
    J. Disclosure of Credit to Credit Reporting Agencies. If deemed 
necessary, credit information will be disclosed as the running of 
credit checks is performed. These credit checks are conducted 
confidentially, following accepted best practices with widely known and 
reputable credit reporting agencies.
    K. Disclosure of Non-Individual Information to Publicly Available 
websites: Authorized personnel utilize non-individual information from 
Insight (e.g., project descriptions and primary place of performance) 
for the following publicly available websites: USA Spending and Foreign 
Assistance.gov.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    System records are stored within secured Salesforce GSA data 
centers (NA-21) located in Washington, DC and Chicago, IL; one site 
acts as the active host and the alternative site acts as the disaster 
recovery location operating under near-real time replication protocol.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    The records may be retrieved by the project name, project number, 
company name, associated individual's name, or reporting tools provided 
on the system dashboards. Access to sensitive personally identifiable 
information (SPII) in the records is restricted to a small group of 
authorized government personnel who perform the KYC due diligence in 
the system, as needed. Access to the rest of the system is available to 
any Agency personnel with system access. The DFC uses two-factor 
authentication for Agency-specific users to access Insight outside of 
the Agency network. Any changes to the system are implemented through a 
change management process.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained on an ongoing basis and updated by DFC staff 
assigned with managing the system. These records will follow the DFC's 
retention schedule based on project classification.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Access to records in this system is controlled and managed pursuant 
to applicable policies and rules, including OPM's Information and 
Security & Privacy Policy. These records and the technical hardware 
containing these records are maintained on premises in areas designated 
as restricted access. The use of password protection, system 
authentication, user profile restrictions, and other system protection 
methods also provides additional safeguards to restrict access. System 
access and access to the records contained within the system are 
limited to those individuals who have an official need for system 
access in order to perform their official responsibilities and duties.

NOTIFICATION PROCEDURES:
    Requests by individuals concerning the existence of a record may be 
submitted in writing, addressed to the system manager above. The 
request must comply with the requirements of 22 CFR 707.21.

RECORD ACCESS PROCEDURES:
    Same as above.

CONTESTING RECORD PROCEDURES:
    Requests by individuals to amend their record must be submitted in 
writing, addressed to the system manager above. Requests for amendments 
to records and requests for review of a refusal to amend a record must 
comply with the requirements of 22 CFR 707.23.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    None.

HISTORY:
    Not Applicable.

SYSTEM NAME AND NUMBER:
    Payroll, Time and Attendance, Retirement, and Leave Records, DFC/
03.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    1100 New York Avenue NW, Washington, DC 20527.

SYSTEM MANAGER(S):
    Business System Owner: Vice President and Chief Administrative 
Officer, U.S. International Development Finance Corporation, 1100 New 
York Avenue NW, Washington, DC 20527; Phone: (202) 336-8400.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 5101, et seq., Government Organization and Employees; 31 
U.S.C. 3512, et seq., Executive Agency Accounting and Other Financial 
Management Reports and Plans; 31 U.S.C. 1101, et seq., the Budget and 
Fiscal, Budget, and Program Information; 5 CFR part 293, subpart B, 
Personnel Records Subject to the Privacy Act; 5 CFR part 297, Privacy 
Procedures for Personnel Records; Executive Order 9397 as amended by 
Executive Order 13478, relating to Federal Agency Use of Social 
Security Numbers; and Public Law 101-576 (Nov. 15, 1990), the Chief 
Financial Officers (CFO) Act of 1990.

PURPOSE(S) OF THE SYSTEM:
    The primary purpose of the system is to manage personnel and 
payroll functions; ensure proper payment for salary and benefits; track 
time and attendance, leave, and other absences for reporting and 
compliance purposes; and facilitate reporting requirements to other 
Federal agencies, including the Department of the Treasury and OPM, for 
payroll, tax, and human capital management purposes.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by the system include current and former DFC 
employees, emergency workers, volunteers, contractors, and applicants 
for Federal employment. This system may also include limited 
information regarding employee spouses, dependents, emergency contacts, 
beneficiaries, or estate trustees who meet the definition of 
``individual'' as defined in the Privacy Act.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system maintains records including: (1) Employee Biographical 
and Employment Information: Employee name, other names used, 
citizenship, gender, date of birth, age, group affiliation, marital 
status, SSN, truncated SSN, legal status, place of birth, records 
related to position, occupation, duty location, security clearance, 
financial information, medical information, disability information, 
education information, driver's license, race, ethnicity, personal or 
work telephone number, personal and work email address, military status 
and service, home or mailing address, TIN, bank account information, 
professional licensing and credentials, family relationships, 
involuntary debt

[[Page 43215]]

(garnishments or child support payments), employee common identifier 
(ECI), organization code, user identification, and any other employment 
information; (2) Third-Party Information: Spouse information, emergency 
contact, beneficiary information, savings bond co-owner name(s) and 
information, and family members and dependents information; (3) Salary 
and Benefits Information: Salary data, retirement data, tax data, 
deductions, health benefits, allowances, union dues, insurance data, 
Flexible Spending Account, Thrift Savings Plan information and 
contributions, pay plan, payroll records, awards, court order 
information, back pay information, debts owed to the government as a 
result of overpayment, refunds owed, or a debt referred for collection 
on a transferred employee or emergency worker; and (4) Timekeeping 
Information: Time and attendance records and leave records. This system 
may also contain correspondence, documents, and other information 
required to administer payroll, leave, and related functions.

RECORD SOURCE CATEGORIES:
    Information is obtained from individuals on whom the records are 
maintained, official personnel records of individuals on whom the 
records are maintained, supervisors, timekeepers, previous employers, 
the Internal Revenue Service and state tax agencies, the Department of 
the Treasury, other Federal agencies, courts, state child support 
agencies, employing agency accounting offices, and third-party benefit 
providers.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information maintained in this system may be disclosed to authorized 
entities outside DFC for purposes determined to be relevant and 
necessary as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To DOJ, including Offices of the U.S. Attorneys, or other 
Federal agency conducting litigation or in proceedings before any 
court, adjudicative, or administrative body, when it is relevant or 
necessary to the litigation and one of the following is a party to the 
litigation or has an interest in such litigation: (1) DFC or any 
component of DFC; (2) Any DFC employee or former employee acting in his 
or her official capacity; (3) Any DFC employee or former employee 
acting in his or her individual capacity when DFC or DOJ has agreed to 
represent that employee or pay for private representation of the 
employee; or (4) The United States Government or any agency thereof, 
when DFC determines that DFC is likely to be affected by the 
proceeding.
    B. To the Department of the Treasury or other Federal agency as 
required for payroll purposes, for preparation of payroll and other 
checks and electronic funds transfers to Federal, State, and local 
government agencies, non-governmental organizations, and individuals.
    C. To the Department of the Treasury, Internal Revenue Service, and 
state and local tax authorities for which an employee is or was subject 
to tax regardless of whether tax is or was withheld in accordance with 
Treasury Fiscal Requirements, as required.
    D. To OPM or its contractors in connection with programs 
administered by that office, including, but not limited to, the Federal 
Long-Term Care Insurance Program, the Federal Dental and Vision 
Insurance Program, the Flexible Spending Accounts for Federal Employees 
Program, and the electronic Human Resources Information Program.
    E. To another Federal agency to which an employee or DFC emergency 
worker has transferred or to which a DFC volunteer transfers in a 
volunteer capacity.
    F. To any criminal, civil, or regulatory law enforcement authority 
(whether Federal, state, territorial, local, tribal or foreign) when a 
record, either alone or in conjunction with other information, 
indicates a violation or potential violation of law--criminal, civil, 
or regulatory in nature, and the disclosure is compatible with the 
purpose for which the records were compiled.
    G. To a congressional office in response to a written inquiry that 
an individual covered by the system, or the heir of such individual if 
the covered individual is deceased, has made to the office.
    H. To Federal, state, or local agencies where necessary to enable 
the employee's, DFC emergency worker's, or DFC volunteer's agency to 
obtain information relevant to the hiring or retention of that 
employee, DFC emergency worker, or DFC volunteer, or the issuance of a 
security clearance, contract, license, grant, or other benefit.
    I. To appropriate Federal and state agencies to provide reports 
including data on unemployment insurance.
    J. To the Social Security Administration to credit the employee or 
emergency worker account for Old-Age, Survivors, and Disability 
Insurance (OASDI) and Medicare deductions.
    K. To officials of labor organizations recognized under 5 U.S.C. 
Chapter 71 (Labor-Management Relations) for the purpose of providing 
information as to the identity of DFC employees contributing union dues 
each pay period and the amount of dues withheld from each contributor.
    L. To employee or emergency worker associations to report dues 
deductions.
    M. To insurance carriers to report employee or DFC emergency worker 
election information and withholdings for health insurance.
    N. To charitable institutions when an employee designates an 
institution to receive contributions through salary deduction.
    O. To the Department of the Treasury, Internal Revenue Service, or 
another Federal agency or its contractor, to disclose debtor 
information solely to aggregate information for the Internal Revenue 
Service to collect debts owed to the Federal Government through the 
offset of tax refunds.
    P. To any creditor Federal agency seeking assistance for the 
purpose of that agency implementing administrative or salary offset 
procedures in the collection of unpaid financial obligations owed the 
United States Government from an individual.
    Q. To any Federal agency where the individual debtor is employed or 
receiving some form of remuneration for the purpose of enabling that 
agency to collect debts on the employee's behalf by administrative or 
salary offset procedures under the provisions of the Debt Collection 
Act of 1982.
    R. To the Department of the Treasury, Internal Revenue Service, and 
state and local authorities for the purpose of locating a debtor to 
collect a claim against the debtor.
    S. To the Federal Retirement Thrift Investment Board's record 
keeper, which administers the Thrift Savings Plan, to report 
deductions, contributions, and loan payments.
    T. To the Office of Child Support Enforcement, within the 
Administration for Children and Families, within the Department of 
Health and Human Services, for the purposes of locating individuals to 
establish paternity; establishing and modifying orders of child 
support; identifying sources of income; and for other child support 
enforcement actions as required by the Personal Responsibility and Work 
Opportunity Reconciliation Act of 1996.
    U. To an expert, consultant, grantee, or contractor (including 
employees of the contractor) of DFC who performs services requiring 
access to these

[[Page 43216]]

records on DFC's behalf to carry out the purposes of the system, 
including employment verifications, unemployment claims, W-2 processing 
services, leave and earning statements, and 1095-C Affordable Care Act 
statements.
    V. To OPM Employee Express, which is an employee self-service 
system, to initiate personnel and payroll actions and to obtain payroll 
information.
    W. To the Department of Labor for processing claims for employees, 
emergency workers, or volunteers injured on the job or claiming 
occupational illness.
    X. To Federal agencies and organizations to support interfaces with 
other systems operated by the Federal agencies for which the employee 
or DOI emergency worker is employed, or the DFC volunteer is located, 
for the purpose of avoiding duplication, increasing data integrity, and 
streamlining government operations.
    Y. To another Federal agency to provide information needed in the 
performance of official duties related to reconciling or reconstructing 
data files or to enable that agency to respond to an inquiry by the 
individual to whom the record pertains.
    Z. To NARA to conduct records management inspections under the 
authority of 44 U.S.C. 2904 and 2906.
    AA. To OMB during the coordination and clearance process in 
connection with legislative affairs as mandated by OMB Circular A-19.
    BB. To Federal, state, territorial, local, tribal, or foreign 
agencies that have requested information relevant or necessary to the 
hiring, firing, or retention of an employee or contractor, regarding 
the issuance of a security clearance, license, contract, grant, or 
other benefit.
    CC. To state, territorial, and local governments, and tribal 
organizations to provide information needed in response to court order 
and/or discovery purposes related to litigation, when the disclosure is 
compatible with the purpose for which the records were compiled.
    DD. To the Department of the Treasury to recover debts owed to the 
United States.
    EE. To the news media and the public, with the approval of the 
Public Affairs Officer in consultation with counsel and the Senior 
Agency Official for Privacy (SAOP), where there exists a legitimate 
public interest in the disclosure of the information or when disclosure 
is necessary to preserve confidence in the integrity of DFC or is 
necessary to demonstrate the accountability of DFC's officers, 
employees, or individuals covered by the system, except to the extent 
it is determined that release of the specific information in the 
context of a particular case would constitute an unwarranted invasion 
of personal privacy.
    FF. To the Executive Office of the President in response to an 
inquiry from that office made at the request of the subject of a record 
or a third party on that person's behalf, or for a purpose compatible 
with the reason for which the records are collected or maintained.
    GG. To other Federal agencies and organizations to provide payroll 
and personnel processing services under a shared service provider 
cross-servicing agreement for purposes relating to DFC payroll and 
personnel processing.
    HH. To OPM, the Merit System Protection Board, Federal Labor 
Relations Authority, or the Equal Employment Opportunity Commission 
when requested in the performance of their authorized duties.
    II. To state offices of unemployment compensation to assist in 
processing an individual's unemployment, survivor annuity, or health 
benefit claim, or for records reconciliation purposes.
    JJ. To Federal Employees' Group Life Insurance or Health Benefits 
carriers in connection with survivor annuity or health benefits claims 
or records reconciliations.
    KK. To any source from which additional information is requested by 
DFC relevant to a DFC determination concerning an individual's pay, 
leave, or travel expenses, to the extent necessary to identify the 
individual, inform the source of the purpose(s) of the request, and 
identify the type of information requested.
    LL. To the Social Security Administration and the Department of the 
Treasury to disclose pay data on an annual basis, and as necessary to 
execute their statutory responsibilities for the effective 
administration of benefits programs, payroll, and taxes.
    MM. To a Federal agency or in response to a congressional inquiry 
when additional or statistical information is requested relevant to a 
Federal benefit or program, such as the DFC Transit Fare Subsidy 
Program.
    NN. To the Department of Health and Human Services for the purpose 
of providing information on new hires and quarterly wages as required 
under the Personal Responsibility and Work Opportunity Reconciliation 
Act of 1996.
    OO. To appropriate agencies, entities, and persons when: (1) DFC 
suspects or has confirmed that there has been a breach of the system of 
records; (2) DFC has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, DFC (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with DFC's efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm.
    PP. To another Federal agency or Federal entity, when DFC 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in: (1) Responding 
to a suspected or confirmed breach; or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    QQ. To an agency or organization for the purpose of performing 
audit or oversight operations as authorized by law, but only such 
information as is necessary and relevant to such audit or oversight 
function.
    RR. To a court, magistrate, or administrative tribunal, including 
disclosures to opposing counsel in the course of discovery, pursuant to 
appropriate court order or other judicial process in the course of 
criminal, civil, or administrative litigation.
    SS. In an appropriate proceeding before a court, grand jury, or 
administrative or adjudicative body, when DOJ determines that the 
records are arguably relevant to the proceeding; or in an appropriate 
proceeding before an administrative or adjudicative body when the 
adjudicator determines the records to be relevant to the proceeding.
    TT. Disclosure pursuant to 5 U.S.C. 552a(b)(12). Disclosures may be 
made from this system to consumer reporting agencies as defined in the 
Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims 
Act of 1966 (31 U.S.C. 3701(a)(3)).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are maintained in manual, microfilm, microfiche, 
electronic, imaged, and computer printout form. Original input 
documents are stored in standard office filing equipment and/or as 
imaged documents on magnetic media at all locations which prepare and 
provide input documents and information for data processing. Paper 
records are maintained in file folders stored within locking filing 
cabinets or

[[Page 43217]]

locked rooms in secured facilities with controlled access. Electronic 
records are stored in computers, removable drives, storage devices, 
electronic databases, and other electronic media under the control of 
DFC.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by employee name, SSN, TIN, ECI, birth 
date, organizational code, or assigned person number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained in accordance with OPM's Guide to 
Recordkeeping; General Records Schedule (GRS) 1.0 ``Finance'' and GRS 
2.0 ``Human Resources,'' which are approved by NARA. The system 
generally maintains temporary records, and retention periods vary based 
on the type of record under each item and the needs of the Agency. 
Paper records are disposed of by shredding or pulping, and records 
maintained on electronic media are degaussed or erased in accordance 
with the applicable records retention schedule and NARA guidelines.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    During normal hours of operation, paper or micro format records are 
maintained in locked file cabinets in secured rooms under the control 
of authorized personnel. Information technology systems follow the 
National Institute of Standards and Technology (NIST) privacy and 
security standards developed to comply with the Privacy Act of 1974 as 
amended, 5 U.S.C. 552a; the Paperwork Reduction Act of 1995, Public Law 
104-13; the Federal Information Security Modernization Act of 2014, 
Public Law 113-283, as codified at 44 U.S.C. 3551, et seq.; and the 
Federal Information Processing Standard 199, Standards for Security 
Categorization of Federal Information and Information Systems. Computer 
servers on which electronic records are stored are located in secured 
DFC facilities with physical, technical, and administrative levels of 
security to prevent unauthorized access to the DFC network and 
information assets. Security controls include encryption, firewalls, 
audit logs, and network system security monitoring. Electronic data is 
protected through user identification, passwords, database permissions, 
and software controls. Access to records in the system is limited to 
authorized personnel who have a need to access the records in the 
performance of their official duties, and each person's access is 
restricted to only the functions and data necessary to perform that 
person's job responsibilities. System administrators and authorized 
users for DFC are trained and required to follow established internal 
security protocols and must complete all security, privacy, and records 
management training, and sign DFC Rules of Behavior.

NOTIFICATION PROCEDURES:
    Requests by individuals concerning the existence of a record may be 
submitted in writing, addressed to the system manager above. The 
request must comply with the requirements of 22 CFR 707.21.

RECORD ACCESS PROCEDURES:
    Same as above.

CONTESTING RECORD PROCEDURES:
    Requests by individuals to amend their record must be submitted in 
writing, addressed to the system manager above. Requests for amendments 
to records and requests for review of a refusal to amend a record must 
comply with the requirements of 22 CFR 707.23.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    Not Applicable.

SYSTEM NAME AND NUMBER:
    Staff Central; DFC/04.

SECURITY CLASSIFICATION:
    Sensitive but Unclassified.

SYSTEM LOCATION:
    1100 New York Avenue NW, Washington, DC 20527.

SYSTEM MANAGER(S):
    Business System Owner: Vice President and Chief Administrative 
Officer, U.S. International Development Finance Corporation, 1100 New 
York Avenue NW, Washington, DC 20527; Phone: (202) 336-8400.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The system covers individuals who are current and former employees 
of the DFC (including details, volunteers, and PSCs), as well as 
industrial contractors.

CATEGORIES OF RECORDS IN THE SYSTEM:
    These are (1) security records, including records indicating level 
of building and network access, security badge number, and security 
clearance level and adjudication date; (2) emergency contact 
information records, including home address, phone number and email, 
emergency contact person information, and whether they possess first-
aid or cardiopulmonary resuscitation (CPR) certification; (3) 
transportation subsidy information, including commuting address, 
commuting days, smart trip card number, and daily commuting expenses; 
and (4) employee entry and exit process records, including signatures 
and date stamps reflecting whether department employees have been 
briefed on the government's classified information program, the 
Corporation's security program, and the Corporation's records policies 
and procedures; have been advised of, and fully understand, applicable 
ethics provisions; and certifying that all required clearances for 
entry onboard or release of the employee's final paycheck have been 
obtained.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    General authority for agency records management is provided by 5 
U.S.C. 301, Departmental Regulations, and 44 U.S.C. 3101, Records 
Management by Agency Heads. Additional authority to maintain security 
records is provided by 5 U.S.C. 3301, Examination, Selection and 
Placement, E.O. 10450, Clearance for Federal Employment, April 17, 
1953, as amended; E.O. 12968, Access to Classified Information, August 
4, 1995. Additional authority to maintain emergency contact information 
records is provided by Federal Preparedness Circular 65, Federal 
Executive Branch Continuity of Operations (COOP), July 26, 1999; E.O. 
12656, Assignment of Emergency Preparedness Responsibilities, November 
18, 1988, as amended; and Presidential Decision Directive 67, Enduring 
Constitutional Government and Continuity of Government Operations, 
October 21, 1998. Additional authority to maintain employee exit 
process records is provided by E.O. 12958, Classified National Security 
Information, April 17, 1995; 32 CFR 2003.20, Classified Information 
Non-Disclosure Agreement: SF-312; 5 CFR part 2637, Regulations 
Concerning Post Employment Conflicts of Interest; and Pub. L. l104-134, 
Debt Collection Improvement Act of 1996.

PURPOSE(S):
    These records are used (1) as an easy reference record to determine 
the suitability and/or eligibility of employees and contractors for 
access to facilities, information systems, and classified information; 
(2) to account for and/or communicate with employees and contractors or 
their designees in the event of an emergency or disaster; (3) to 
process existing employees and contractors when their tenure with the

[[Page 43218]]

DFC ends; and (4) to maintain a record of all debriefings and completed 
exit procedures for former employees.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    Security records are used (1) by the DFC human resources and 
security managers to check the status, level, and date received of 
security clearances, and (2) by the DFC departmental security officers 
to confirm that employees who require access to classified information 
have the appropriate level of security clearance. Emergency contact 
information records are used by (1) the DFC human resources and 
security managers to notify an employee's designee of an emergency that 
affects the employee or to account for an employee's whereabouts, 
especially in the event of a disaster; (2) the DFC human resources 
managers to communicate with an employee's designee regarding survivor 
benefits or other benefits or employment information in the event an 
employee becomes incapacitated or dies; and (3) the DFC security 
managers for emergency management or continuity of operations purposes. 
Employee exit process records are used by the DFC Agency managers to 
(1) verify that all departing employees have completed the checkout 
process and returned government property to the DFC, (2) ensure the 
security of the DFC-related information, (3) ensure that employees are 
briefed concerning postemployment restrictions; and (4) certify that 
all required clearances for release of the employee's final paycheck 
have been obtained. The DFC may disclose information contained in a 
record in this system of records under the routine uses listed in this 
notice without the consent of the individual if the disclosure is 
compatible with the purposes for which the record was collected. 
Disclosures may be made as follows: (1) In the event that information 
in this system of records indicates, either on its face or in 
connection with other information, a violation or potential violation 
of any applicable statute, regulation, or order of a competent 
authority, the DFC may disclose the relevant records to the appropriate 
agency, whether Federal, state, or local, charged with the 
responsibility of investigating or prosecuting that violation and/or 
charged with enforcing or implementing the statute, executive order, 
rule, regulation, or order issued pursuant thereto; (2) in a proceeding 
before a court or adjudicative body before which the DFC is authorized 
to appear when any of the following is a party to litigation or has an 
interest in litigation and information in this system is determined by 
the DFC to be arguably relevant to the litigation: The DFC; any DFC 
employee in his or her official capacity, or in his or her individual 
capacity where DOJ agrees to represent the employee; or the United 
States where the DFC determines that the litigation is likely to affect 
it; (3) to a court, a magistrate, administrative tribunal, or other 
adjudicatory body in the course of presenting evidence or argument, 
including disclosure to opposing counsel or witnesses in the course of 
civil discovery, litigation, or settlement negotiations, or in 
connection with criminal law proceedings; (4) to a Member of Congress 
or staff acting upon the Member's behalf when the Member or staff 
requests the information on behalf of, and at the written request of, 
the individual who is the subject of the record; (5) to another Federal 
agency or other public authority, in connection with the hiring or 
retention of an employee or other personnel action; the issuance of a 
security clearance; the reporting of an investigation of an employee; 
the letting of a contract; or the issuance of a license, grant, or 
other benefit, to the extent that the record is relevant and necessary 
to the receiving entity's decision on the matter; (6) to NARA and to 
GSA in records management inspections conducted under the authority of 
44 U.S.C. 2904 and 2906; (7) to the employees of entities with which 
the DFC contracts for the purposes of performing any function that 
requires disclosure of records in this system. Before entering into 
such a contract, the DFC shall require the contractor to maintain 
Privacy Act safeguards as required under 5 U.S.C. 552a(m) with respect 
to the records in the system.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored in paper and electronic form.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records related to post-employment conflict of interest debriefings 
are retained for six years following separation from employment. All 
other records are retained for one year, unless authorized, following 
separation from employment or contractual relationship with the DFC. 
All records are destroyed pursuant to existing General Records 
Schedules and the DFC's records disposition schedules.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Access to records in this system is controlled and managed pursuant 
to applicable policies and rules, including OPM's Information and 
Security & Privacy Policy. These records and the technical hardware 
containing these records are maintained on premises in areas designated 
as restricted access. The use of password protection, system 
authentication, and other system protection methods also provides 
additional safeguards to restrict access. System access and access to 
the records contained within the system are limited to those 
individuals who have an official need for system access in order to 
perform their official responsibilities and duties.

NOTIFICATION PROCEDURES:
    Requests by individuals concerning the existence of a record may be 
submitted in writing, addressed to the system manager above. The 
request must comply with the requirements of 22 CFR 707.21.

RECORD ACCESS PROCEDURES:
    Same as above.

CONTESTING RECORD PROCEDURES:
    Requests by individuals to amend their record must be submitted in 
writing, addressed to the system manager above. Requests for amendments 
to records and requests for review of a refusal to amend a record must 
comply with the requirements of 22 CFR 707.23.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    Not Applicable.

SYSTEM NAME AND NUMBER:
    FedTalent, DFC/05.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    1100 New York Avenue NW, Washington, DC 20527.

SYSTEM MANAGER(S):
    Business System Owner: Vice President and Chief Administrative 
Officer, U.S. International Development Finance Corporation, 1100 New 
York Avenue NW, Washington, DC 20527; Phone: (202) 336-8400. System 
Owner: DFC has entered into an agreement with the Department of the 
Interior (DOI), Interior Business Center (IBC), a Federal agency shared 
service provider, to host the FedTalent System on behalf of the

[[Page 43219]]

DFC. DFC will retain ownership and control over its own data.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 4101, et seq., Government Organization and Employee 
Training; 5 U.S.C. 1302, 2951, 4118, 4506, 3101; 43 U.S.C. 1457; Title 
VI of the Civil Rights Act of 1964 as amended (42 U.S.C. 2000d); 
Executive Order 11348, Providing for Further Training of Government 
Employees, as amended by Executive Order 12107, Relating to Civil 
Service Commission and Labor Management in Federal Service; 5 CFR 410, 
Subpart C, Establishing and Implementing Training Programs; Americans 
with Disabilities Act (42 U.S.C. 12101); and the E-Government Act of 
2002 (44 U.S.C. 3501, et seq.).

PURPOSE(S) OF THE SYSTEM:
    The primary purposes of the system are to: (1) Manage training and 
learning programs; (2) plan and facilitate training courses including 
outreach, registration, enrollment, and payment; (3) maintain and 
validate training records for certification and mandatory compliance 
reporting; (4) meet Federal training statistical reporting 
requirements; (5) maintain class rosters and transcripts for course 
administrators, students, and learners; and (6) generate budget 
estimates for training requirements.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The system covers the following categories of individuals: (1) DFC 
employees, contractors, interns, emergency workers, volunteers, and 
appointees who receive training related to their official duties, 
whether or not sponsored by DFC divisions and offices; and (2) non-DFC 
individuals who participate in DFC-sponsored training and educational 
programs, or participate in DFC-sponsored meetings and activities 
related to training and educational programs. Non-DFC individuals may 
include individuals from other Federal, state, or local agencies, 
private or not-for-profit organizations, universities and other 
schools, and members of the public.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Training, educational, and learning management records may include 
course registration, attendance rosters, and course information 
including course title, class name, objectives, description, and who 
should attend; class status information including begin and end dates, 
responsible class instructor, completion status, and certification 
requirements; student transcripts (course(s) completed/not completed, 
test scores, acquired skills); and correspondence, reports, and 
documentation related to training, education, and learning management 
programs. These records may contain: Name, SSN, employee common 
identifier generated from the Federal Personnel and Payroll System 
(FPPS), login username, password, agency or organization affiliation, 
work or personal address, work or personal phone and fax number, work 
or personal email address, gender, date of birth, organization code, 
position title, occupational series, pay plan, grade level, supervisory 
status, type of appointment, education level, duty station code, 
agency, bureau, office, organization, supervisor's name and phone 
number, date of Federal service, date of organization or position 
assignment, date of last promotion, occupational category, race, 
national origin, and adjusted basic pay. Records may also include 
billing information such as responsible agency, TIN, DUNS number, 
purchase order numbers, agency location codes, and credit card 
information. Records maintained on non-DFC individuals are generally 
limited to name, agency or organization affiliation, address, work and 
personal phone and fax numbers, work and personal email addresses, 
supervisor name and contact information, position title, occupational 
series, and billing information. Note: Some of these records may also 
become part of the OPM/GOVT-1, General Personnel Records system.

RECORD SOURCE CATEGORIES:
    Information about DFC employees is obtained directly from 
individuals on whom the records are maintained, supervisors, or 
existing DFC records. Historical employee training records may be 
obtained from other DFC learning management systems. Information from 
non-DFC individuals who register or participate in DFC-sponsored 
training programs is obtained from individuals through paper and 
electronic forms. Information may also be obtained by another agency, 
institution, or organization that sponsored the training event.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside the DFC 
as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To release statistical information and training reports to other 
organizations who are involved with the training.
    B. To disclose information to other Government training facilities 
(Federal, state, and local) and to non-Government training facilities 
(private vendors of training courses or programs, private schools, 
etc.) for training purposes.
    C. To provide transcript information to education institutions upon 
the student's request in order to facilitate transfer of credit to that 
institution, and to provide college and university officials with 
information about their students working in the Pathways Program, 
Volunteer Service, or other similar programs necessary to a student's 
obtaining credit for the experience.
    D. To Federal, state, territorial, local, tribal, or foreign 
agencies that have requested information relevant or necessary to the 
hiring, firing, or retention of an employee or contractor, or the 
issuance of a security clearance, license, contract, grant, or other 
benefit, when the disclosure is compatible with the purpose for which 
the records were compiled.
    E. To an expert, consultant, grantee, or contractor (including 
employees of the contractor) of the DFC who performs services requiring 
access to these records on the DFC's behalf to carry out the purposes 
of the system.
    F. To share logistical or attendance information with partner 
agencies (Government or non-Government) who, based on cooperative 
training agreements, have a need to know.
    G. To DOJ, including Offices of the U.S. Attorneys, or other 
Federal agency conducting litigation or in proceedings before any 
court, adjudicative, or administrative body, when it is relevant or 
necessary to the litigation and one of the following is a party to the 
litigation or has an interest in such litigation: (1) The DFC or any 
component of the DFC; (2) any DFC employee or former employee acting in 
his or her official capacity; (3) any DFC employee or former employee 
acting in his or her individual capacity when the DFC or DOJ has agreed 
to represent that employee or pay for private representation of the 
employee; or (4) the United States Government or any agency thereof, 
when DOJ determines that the DFC is likely to be affected by the 
proceeding.
    H. To a congressional office when requesting information on behalf 
of, and at the request of, the individual who is the subject of the 
record.
    I. To an official of another Federal, state, or local government or 
tribal

[[Page 43220]]

organization to provide information needed in the performance of 
official duties related to reconciling or reconstructing data files, in 
support of the functions for which the records were collected and 
maintained, or to enable that agency to respond to an inquiry by the 
individual to whom the record pertains.
    J. To representatives of NARA to conduct records management 
inspections under the authority of 44 U.S.C. 2904 and 2906.
    K. To the Executive Office of the President in response to an 
inquiry from that office made at the request of the subject of a record 
or a third party on that person's behalf, or for a purpose compatible 
with the reason for which the records are collected or maintained.
    L. To any criminal, civil, or regulatory law enforcement authority 
(whether Federal, state, territorial, local, tribal or foreign) when a 
record, either alone or in conjunction with other information, 
indicates a violation or potential violation of law--criminal, civil, 
or regulatory in nature, and the disclosure is compatible with the 
purpose for which the records were compiled.
    M. To state, territorial, and local governments and tribal 
organizations to provide information needed in response to court order 
and/or discovery purposes related to litigation, when the disclosure is 
compatible with the purpose for which the records were compiled.
    N. To appropriate agencies, entities, and persons when: (1) The DFC 
suspects or has confirmed that there has been a breach of the system of 
records; (2) the DFC has determined that as a result of the suspected 
or confirmed breach there is a risk of harm to individuals, the DFC 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with DFC's efforts to respond to the suspected or 
confirmed breach or to prevent, minimize, or remedy such harm.
    O. To another Federal agency or Federal entity, when the DFC 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in: (1) Responding 
to a suspected or confirmed breach; or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    P. To OMB during the coordination and clearance process in 
connection with legislative affairs as mandated by OMB Circular A-19.
    Q. To the news media and the public, with the approval of the 
Public Affairs Officer in consultation with counsel and the SAOP, where 
there exists a legitimate public interest in the disclosure of the 
information, except to the extent it is determined that release of the 
specific information in the context of a particular case would 
constitute an unwarranted invasion of personal privacy.
    R. To OPM to disclose information on employee general training, 
including recommendations and completion, specialized training 
obtained, participation in government-sponsored training, or training 
history as required to provide workforce information for official 
personnel files. The collection of training data supports OPM's 
Government-wide reporting responsibilities and provides valuable input 
into the evaluation of human capital programs at numerous levels of 
Government. OPM's authority to require Federal agencies to report 
training data can be found in Title 5 United States Code, Chapter 4107 
and part 410 of Title 5, CFR.
    S. Pursuant to 5 U.S.C. 552a(b)(12), records may be disclosed to 
consumer reporting agencies as they are defined in the Fair Credit 
Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act 
of 1966 (31 U.S.C. 3701(a)(3)).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored in systems, databases, electronic media on hard 
disks, magnetic tapes, compact disks, and paper media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Information from this system is retrieved by either unique 
identifying fields (e.g., student name or email address) or by general 
category (e.g., course code, training location, class start date, 
registration date, affiliation, mandatory training compliance and 
payment status).

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are retained and disposed of as prescribed under the NARA 
General Records Schedule. Non-mission employee training program records 
are temporary and destroyed when three years old, or three years after 
superseded or obsolete, whichever is appropriate, but longer retention 
is authorized if required for business use. Individual employee 
training records are destroyed when superseded, three years old, or one 
year after employee separation, whichever comes first, but longer 
retention is authorized if required for business use. Ethics training 
records are destroyed when six years old or when superseded, whichever 
is later, but longer retention is authorized if required for business 
use.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    During normal hours of operation, paper or micro format records are 
maintained in locked file cabinets in secured rooms under the control 
of authorized personnel. Information technology systems follow the NIST 
privacy and security standards developed to comply with 43 CFR 2.226, 
the Privacy Act of 1974 as amended, 5 U.S.C. 552a; the Paperwork 
Reduction Act of 1995, Public Law 104-13; the Federal Information 
Security Modernization Act of 2014, Public Law 113-283, as codified at 
44 U.S.C. 3551, et seq.; and the Federal Information Processing 
Standard 199, Standards for Security Categorization of Federal 
Information and Information Systems. Access to records in this system 
is controlled and managed pursuant to applicable policies and rules, 
including OPM's Information and Security & Privacy Policy. These 
records and the technical hardware containing these records are 
maintained on premises in areas designated as restricted access. The 
use of password protection, system authentication, and other system 
protection methods also provides additional safeguards to restrict 
access. System access and access to the records contained within the 
system are limited to those individuals who have an official need for 
system access in order to perform their official responsibilities and 
duties.

NOTIFICATION PROCEDURES:
    Requests by individuals concerning the existence of a record may be 
submitted in writing, addressed to the system manager above. The 
request must comply with the requirements of 22 CFR 707.21.

RECORD ACCESS PROCEDURES:
    Same as above.

CONTESTING RECORD PROCEDURES:
    Requests by individuals to amend their record must be submitted in 
writing, addressed to the system manager above. Requests for amendments 
to records and requests for review of a refusal to amend a record

[[Page 43221]]

must comply with the requirements of 22 CFR 707.23.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    Not Applicable.

SYSTEM NAME AND NUMBER:
    Directors (Current and Former), DFC/06.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    U.S. International Development Finance Corporation, 1100 New York 
Avenue NW, Washington, DC 20527.

SYSTEM MANAGER(S):
    Corporate Secretary, U.S. International Development Finance 
Corporation, 1100 New York Avenue NW, Washington, DC 20527; Phone: 
(202) 336-8400.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301, Departmental Regulations; and 44 U.S.C. 3101, Records 
Management by Agency Heads.

PURPOSE(S) OF THE SYSTEM:
    These records are used to track appointments to the Corporation's 
Board of Directors, and to maintain biographical information on Board 
Members to share among the groups identified under routine uses.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The categories of individuals covered by this system are identified 
as private and public sector members of DFC's Board of Directors, both 
current and former.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system contains (1) biographies of Board members; (2) 
photographs of Board members; (3) notices of commission dates or other 
types of appointment notices; (4) copies of Federal Register notices 
relating to members; and (5) resignation notices.

RECORD SOURCE CATEGORIES:
    Information is obtained from individuals on whom the records are 
maintained.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    Information may be used to distribute to the general public, 
communications media, the Board of Directors, and employees of the 
Corporation general biographical information on Board Members.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored in file folders. Biographies of Board Members 
may be kept on the Corporation's internet web server and made available 
to the public at www.dfc.gov.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Hard copy files are indexed alphabetically by surname. Electronic 
files are maintained on the Corporation's computer network.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are retained permanently.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Access to records is limited to DFC employees who have an official 
need for the records. Internal procedures governing the use, transfer, 
and photocopying of the records have been established. Records in the 
system are maintained in a file cabinet located in the Corporate 
Secretary's Office. The office is locked each evening. Electronic 
records are protected from unauthorized access through password 
identification procedures and other system-based protection methods.

NOTIFICATION PROCEDURES:
    Requests by individuals concerning the existence of a record may be 
submitted in writing, addressed to the system manager above. The 
request must comply with the requirements of 22 CFR 707.21.

RECORD ACCESS PROCEDURES:
    Same as above.

CONTESTING RECORD PROCEDURES:
    Requests by individuals to amend their record must be submitted in 
writing, addressed to the system manager above. Requests for amendments 
to records and requests for review of a refusal to amend a record must 
comply with the requirements of 22 CFR 707.23.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    Not Applicable.

SYSTEM NAME AND NUMBER:
    Freedom of Information Act (FOIA) Requests and Appeals, DFC/07.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    U.S. International Development Finance Corporation, 1100 New York 
Avenue NW, Washington, DC 20527.

SYSTEM MANAGER(S):
    FOIA Director, Office of the General Counsel, U.S. International 
Development Finance Corporation, 1100 New York Avenue NW, Washington, 
DC 20527; Phone: (202) 336-8400.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 552.

PURPOSE(S) OF THE SYSTEM:
    The records are used to respond to FOIA requests and appeals 
pursuant to 5 U.S.C. 552.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The categories of individuals covered by this system are identified 
as individuals requesting information under FOIA.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system contains letters, correspondence, relevant data provided 
or referenced and responses to FOIA requests and appeals.

RECORD SOURCE CATEGORIES:
    Information is obtained from individuals requesting information 
under FOIA, as well as assigned DFC attorneys or other pertinent DFC 
employees generating responses.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    Information may be used to (1) process individuals' FOIA requests; 
(2) provide a record of communications between the requester and the 
Corporation; (3) ensure that all relevant, necessary, and accurate data 
are available to support any process for appeal; and (4) prepare annual 
reports to DOJ as required by FOIA.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    The records are stored in electronic format on the Agency's 
network.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Files are indexed (1) numerically by fiscal year and the order they 
are received and (2) tagged with the name of the requester. Staff 
retrieves request files by both labels.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are retained: (1) For two years from the date of DFC's 
final response in cases where no adverse determination is

[[Page 43222]]

made; (2) for six years from the date of DFC's response in cases where 
an adverse determination is made or the response to an appeal in cases 
where an appeal is filed; or (3) for six years from the date of the 
court's final order in cases involving litigation.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The Agency's network complies with Federal security requirements 
and the FOIA files are locked to anyone not on the FOIA Office staff.

NOTIFICATION PROCEDURES:
    Requests by individuals concerning the existence of a record may be 
submitted in writing, addressed to the system manager above. The 
request must comply with the requirements of 22 CFR 707.21.

RECORD ACCESS PROCEDURES:
    Same as above.

CONTESTING RECORD PROCEDURES:
    Requests by individuals to amend their record must be submitted in 
writing, addressed to the system manager above. Requests for amendments 
to records and requests for review of a refusal to amend a record must 
comply with the requirements of 22 CFR 707.23.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    Not Applicable.

SYSTEM NAME AND NUMBER:
    Executive Photographs, DFC/08.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    U.S. International Development Finance Corporation, 1100 New York 
Avenue NW, Washington, DC 20527.

SYSTEM MANAGER(S):
    Vice President, Office of External Affairs, U.S. International 
Development Finance Corporation, 1100 New York Avenue NW, Washington, 
DC 20527; Phone: (202) 336-8400.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301, Departmental Regulations; and 44 U.S.C. 3101, Records 
Management by Agency Heads.

PURPOSE(S) OF THE SYSTEM:
    Photographs of Agency top leadership are retrieved by name to use 
in internal and external communications to publicize the Agency's 
mission and activities.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The categories of individuals covered by this system are identified 
as past and current Chief Executive Officers and Executive Vice 
Presidents, to include any officials in an acting capacity.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system contains (1) portrait shots and (2) candid shots of the 
relevant individuals taken while performing official functions or while 
involved in DFC-sponsored activities.

RECORD SOURCE CATEGORIES:
    Photographs are taken by employees or agents of the Agency, or by 
third parties and submitted to the Agency for review by Agency staff 
before inclusion in the system.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    Photographs are used (1) in releases to local, national, and 
international communications media, (2) as communication material at 
conferences and speaking engagements where Agency staff participate in 
their official capacity, (3) to provide background information on the 
individuals, including public biographies, via the Agency's website, 
(4) in social media and other online postings regarding the activities 
of the individuals in their official capacity, and (5) in the Agency's 
publications.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Photographs are kept in electronic format on the network drive of 
the Agency's Office of External Affairs.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Photographs are stored in an electronic file organized by the name 
of the individual. When a photograph is required, a staff member will 
access the electronic file for the relevant individual and retrieve an 
appropriate photograph from those available.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are updated as needed and retained until no longer needed 
for business use.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Access to records is limited to DFC employees who have an official 
need for the records. Electronic records are protected from 
unauthorized access through password identification procedures and 
other system-based protection methods.

NOTIFICATION PROCEDURES:
    Requests by individuals concerning the existence of a record may be 
submitted in writing, addressed to the system manager above. The 
request must comply with the requirements of 22 CFR 707.21.

RECORD ACCESS PROCEDURES:
    Same as above.

CONTESTING RECORD PROCEDURES:
    Requests by individuals to amend their record must be submitted in 
writing, addressed to the system manager above. Requests for amendments 
to records and requests for review of a refusal to amend a record must 
comply with the requirements of 22 CFR 707.23.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    Not Applicable.

    Dated: July 13, 2020.
Mark Rein,
Chief Information Officer.
[FR Doc. 2020-15398 Filed 7-15-20; 8:45 am]
 BILLING CODE 3210-02-P