[Federal Register Volume 85, Number 147 (Thursday, July 30, 2020)]
[Notices]
[Pages 45946-45949]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-16567]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF STATE

[Public Notice: 11172]


Privacy Act of 1974; System of Records

AGENCY: Department of State.

ACTION: Notice of a Modified System of Records.

-----------------------------------------------------------------------

SUMMARY: Notice is hereby given that the Department of State proposes 
to amend an existing system of records, Educational and Cultural 
Exchange Program Records, State-08. The information collected and 
maintained in this system is in keeping with the Department's mission 
to promote mutual understanding between the people of the United States 
and the people of other countries by means of educational and cultural 
exchange. The information may be used to aid in the identification, 
selection, and placement of individuals for educational and cultural 
exchange grants/cooperative agreements and programs, in the 
administration of such awards and programs, and in maintaining contact 
with current and former educational and cultural exchange participants.

DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this system of 
records notice is effective upon publication, with the exception of the 
routine uses [(a)-(p)] that are subject to a 30-day period during which 
interested persons may submit comments to the Department. Please submit 
any comments by August 31, 2020.

ADDRESSES: Questions can be submitted by mail, email, or by calling 
John C. Sullivan, the Senior Agency Official for Privacy, on (202) 647-
6435. If mail, please write to: U.S. Department of State; Office of 
Global Information Systems, Privacy Staff; A/GIS/PRV; 2025 E Street NW, 
SA-09, NW 08-086B; Washington, DC 20006. If email, please address the 
email to the Senior Agency Official for Privacy, John C. Sullivan, at 
[email protected]. Please write ``Educational and Cultural Exchange 
Program Records, State-08'' on the envelope or the subject line of your 
email.

FOR FURTHER INFORMATION CONTACT: John C. Sullivan, Senior Agency 
Official for Privacy; U.S. Department of State; Office of Global 
Information Services, A/GIS; HST, 2201 C Street NW, HST-1417; 
Washington, DC 20520 or by calling (202) 647-6435.

SUPPLEMENTARY INFORMATION: This notice is being modified to reflect new 
OMB guidance. The modified system of records notice includes revisions 
and additions to the following sections: System Location, Categories of 
Individuals, Categories of Records, Routine Uses, and Safeguards.

System Name and Number:
    Educational and Cultural Affairs Exchange Program Records, State-
08.

Security Classification:
    Unclassified.

System Location:
    Department of State, State Annex 05, 2200 C Street NW, Washington, 
DC 20522, overseas at U.S. embassies, U.S. consulates general, U.S. 
consulates, U.S. missions. Files will also be stored within a 
government certified cloud, implemented by the Department of State and 
provided by a cloud-based provider.

System Manager(s):
    U.S. Department of State; Director, Office of Alumni Affairs, 
Bureau of Educational and Cultural Affairs; U.S. Department of State, 
SA-5, 2200 C Street NW, Washington, DC 20522-0500.

Authority for Maintenance of the System:
    5 U.S.C. 301 (Management of the Department of State); 22 U.S.C. 
2651a (Organization of the Department of State); 22 U.S.C. 3921 
(Management of service).

Purpose(s) of the System:
    The information maintained in this system is in keeping with the 
Department's mission to promote mutual understanding between the

[[Page 45947]]

people of the United States and the people of other countries by means 
of educational and cultural exchange. Records in this system are used 
to aid in the identification, selection, and placement of individuals 
for educational and cultural exchange grants and programs, for the 
administration of such grants/cooperative agreements and programs, for 
statistical and financial reporting, and for maintaining contact with 
current and former educational and cultural exchange participants.

Categories of Individuals Covered by the System:
    Applicants for participation in educational and cultural exchange 
programs; U.S. citizen applicants sponsored by the Bureau of 
Educational and Cultural Affairs (including unsuccessful applicants) to 
participate in outbound exchange programs; applicants to serve as host 
families for international exchange participants (including 
unsuccessful applicants); officials, owners, chief executives, and 
legal counsel of designated sponsors, including unsuccessful 
designation applicants; officials, owners, chief executives, legal 
counsel, and family members of host entities, to include host families, 
host organizations, and host employers. The Privacy Act defines an 
individual at 5 U.S.C. 552a(a)(2) as a United States citizen or lawful 
permanent resident.

Categories of Records in the System:
    Categories of records may include identifying information, such as, 
but not limited to, name, date of birth, gender, race, ethnicity, 
disability, U.S. and foreign home address, mailing and email addresses, 
telephone numbers, numeric identifier (such as employee identification 
number, Social Security number, or passport number), educational 
information, employment information, wage compensation information, 
financial information, academic transcripts, letters of reference, 
ratings by nongovernmental panel members, insurance vouchers and/or 
cards, medical information, criminal background checks, designation 
information, information gathered from other United States Government 
(USG) records systems such as SEVIS, press releases and media reporting 
(including print and online platforms).

Record Source Categories:
    These records contain information obtained directly from the 
individual who is the subject of these records, from implementing 
partner organizations, from other U.S. government agencies, schools, 
colleges and universities, designated sponsors, and from published 
material and other reference sources.

Routine Uses of Records Maintained in the System, Including Categories 
of Users and Purposes of Such Uses:
    Educational and Cultural Affairs Exchange Program Records, State-08 
may be disclosed:
    (a) To the general public, for participant directories and for 
program promotion;
    (b) To media, for program promotion;
    (c) To public and private sector partner organizations for the 
purposes of marketing, recruitment, alumni association affiliation, and 
as necessary for administration of programs as supervising 
organizations change and transfer roles;
    (d) To the J. William Fulbright Foreign Scholarship Board as 
necessary for oversight of the Fulbright and Humphrey Programs, and for 
communicating with current and former Fulbright and Humphrey grantees;
    (e) To officials of foreign governments, for participant vetting 
and selection; and for the procurement of necessary services for 
exchange program participants placed overseas, such as entry permits, 
residence registration, and documentation of academic affiliation;
    (f) To attorneys or other persons designated by participants to 
represent them;
    (g) To health insurance carriers contracting with the Bureau of 
Educational and Cultural Affairs to provide a health benefits plan for 
exchange participants, to identify enrollment in a plan, to verify 
eligibility for payment of a claim for health benefits, or to carry out 
the coordination or audit of benefit provisions of such contracts;
    (h) To participants' family members or other relatives designated 
by them to assist in case of emergency or matters related to the 
students' health, safety and welfare;
    (i) To the President of the United States, the Executive Office of 
the President, members of Congress, including legislative and 
appropriations committees charged with consideration of legislation and 
appropriations for the Bureau of Educational and Cultural Affairs, or 
representatives duly authorized by such, and U.S. state and local 
officials;
    (j) With officials of federal, state, municipal, foreign or 
international law enforcement or other relevant agency or organization 
as needed for security, law enforcement or counterterrorism purposes, 
such as: Investigative material, threat alerts and analyses, protective 
intelligence and counterintelligence information;
    (k) With the news media and the public when a matter involving the 
Department of State has become public knowledge; the Under Secretary 
for Public Diplomacy and Public Affairs determines that in response to 
the matter in the public domain, disclosure is necessary to provide an 
accurate factual record on the matter; and the Under Secretary for 
Public Diplomacy and Public Affairs determines that there is a 
legitimate public interest in the information disclosed;
    (l) To the Department of Justice when conducting litigation or in 
proceedings before any court;
    (m) To designated sponsors for the purpose of designation, 
enrollment, and the monitoring of category J nonimmigrants, as well as 
audit, oversight, and compliance enforcement.
    (n) To a contractor of the Department having need for the 
information in the performance of the contract, but not operating a 
system of records within the meaning of 5 U.S.C. 552a(m);
    (o) To appropriate agencies, entities, and persons when (1) the 
Department of State suspects or has confirmed that there has been a 
breach of the system of records; (2) the Department of State has 
determined that as a result of the suspected or confirmed breach there 
is a risk of harm to individuals, the Department of State (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with the Department of State efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm;
    (p) To another Federal agency or Federal entity, when the 
Department of State determines that information from this system of 
records is reasonably necessary to assist the recipient agency or 
entity in (1) responding to a suspected or confirmed breach or (2) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    The Department of State periodically publishes in the Federal 
Register its standard routine uses which apply to many of its Privacy 
Act systems of records. These notices appear in the form of a Prefatory 
Statement (published

[[Page 45948]]

in Volume 73, Number 136, Public Notice 6290, on July 15, 2008). All 
these standard routine uses apply to Educational and Cultural Affairs 
Exchange Program Records, State-08.

Policies and Practices for Storage of Records:
    Records are stored both in hard copy and on electronic media. A 
description of standard Department of State policies concerning storage 
of electronic records is found here https://fam.state.gov/FAM/05FAM/05FAM0440.html. All hard copies of records containing personal 
information are maintained in secured file cabinets in restricted 
areas, access to which is limited to authorized personnel only.

Policies and Practices For Retrieval of Records:
    Records covered by this SORN are retrievable by individual name and 
numeric identifier, as well as by each category of records in the 
system.

Policies and Practices for Retention and Disposal of Records:
    Records are retired and destroyed in accordance with published 
Department of State Records Disposition Schedules as approved by the 
National Archives and Records Administration (NARA) and outlined here 
https://foia.state.gov/Learn/RecordsDisposition.aspx. The retention 
period for these records spans from two years to 25 years depending on 
the specific purpose for the collection. More specific information may 
be obtained by writing to the following address: U.S. Department of 
State; Director, Office of Information Programs and Services; A/GIS/
IPS; 2201 C Street NW; Room B-266; Washington, DC 20520.

Administrative, Technical, and Physical Safeguards:
    All users are given cyber security awareness training which covers 
the procedures for handling Sensitive but Unclassified information, 
including personally identifiable information (PII). Annual refresher 
training is mandatory. In addition, all Foreign Service and Civil 
Service employees and those Locally Employed Staff who handle PII are 
required to take the Foreign Service Institute's distance learning 
course instructing employees on privacy and security requirements, 
including the rules of behavior for handling PII and the potential 
consequences if it is handled improperly.
    Access to the Department of State, its annexes and posts abroad is 
controlled by security guards and admission is limited to those 
individuals possessing a valid identification card or individuals under 
proper escort. It is Department policy that all paper records 
containing personal information are maintained in secured file cabinets 
in restricted areas, access to which is limited to authorized personnel 
only. Access to computerized files is password-protected and under the 
direct supervision of the system manager. The system manager has the 
capability of printing audit trails of access from the computer media, 
thereby permitting regular and ad hoc monitoring of computer usage. 
When it is determined that a user no longer needs access, the user 
account is disabled.
    Before being granted access to Educational and Cultural Affairs 
Exchange Program Records, a user must first be granted access to the 
Department of State computer system. Remote access to the Department of 
State network from non-Department owned systems is authorized only 
through a Department approved access program. Remote access to the 
network is configured with the authentication requirements contained in 
the Office of Management and Budget Circular Memorandum A-130. All 
Department of State employees and contractors with authorized access 
have undergone a background security investigation.
    The safeguards in the following paragraphs apply only to records 
that are maintained in cloud systems. All cloud systems that provide IT 
services and process Department of State information must be 
specifically authorized by the Department of State Authorizing Official 
and Senior Agency Official for Privacy.
    Only information that conforms with Department-specific definitions 
for FISMA low or moderate categorization are permissible for cloud 
usage unless specifically authorized by the Cloud Computing Governance 
Board. Specific security measures and safeguards will depend on the 
FISMA categorization of the information in a given cloud system. In 
accordance with Department policy, systems that process more sensitive 
information will require more stringent controls and review by 
Department cybersecurity experts prior to approval. Prior to operation, 
all Cloud systems must comply with applicable security measures that 
are outlined in FISMA, FedRAMP, OMB regulations, NIST Federal 
Information Processing Standards (FIPS) and Special Publication (SP), 
and Department of State policy and standards.
    All data stored in cloud environments categorized above a low FISMA 
impact risk level must be encrypted at rest and in-transit using a 
federally approved encryption mechanism. The encryption keys shall be 
generated, maintained, and controlled in a Department data center by 
the Department key management authority. Deviations from these 
encryption requirements must be approved in writing by the Authorizing 
Official.

Record Access Procedures:
    Individuals who wish to gain access to or to amend records 
pertaining to themselves should write to U.S. Department of State; 
Director, Office of Information Programs and Services; A/GIS/IPS; 2201 
C Street NW; Room B-266; Washington, DC 20520. The individual must 
specify that he or she wishes the Educational and Cultural Affairs 
Exchange Program Records to be checked. At a minimum, the individual 
must include: Full name (including maiden name, if appropriate) and any 
other names used; current mailing address and zip code; date and place 
of birth; notarized signature or statement under penalty of perjury; a 
brief description of the circumstances that caused the creation of the 
record (including the city and/or country and the approximate dates) 
which gives the individual cause to believe that the Educational and 
Cultural Affairs Exchange Program Records include records pertaining to 
him or her. Detailed instructions on Department of State procedures for 
accessing and amending records can be found at the Department's FOIA 
website located at https://foia.state.gov/Request/Guide.aspx.

Contesting Record Procedures:
    Individuals who wish to contest record procedures should write to 
U.S. Department of State; Director, Office of Information Programs and 
Services; A/GIS/IPS; 2201 C Street NW; Room B-266; Washington, DC 
20520.

Notification Procedures:
    Individuals who have reason to believe that this system of records 
may contain information pertaining to them may write to U.S. Department 
of State; Director, Office of Information Programs and Services; A/GIS/
IPS; 2201 C Street NW; Room B-266; Washington, DC 20520. The individual 
must specify that he or she wishes the Educational and Cultural Affairs 
Exchange Program Records to be checked. At a minimum, the individual 
must include: Full name (including maiden name, if appropriate) and any 
other names used; current mailing address and zip code; date and place 
of birth; notarized signature or statement under penalty of perjury; a 
brief description of the circumstances that caused the creation of the 
record

[[Page 45949]]

(including the city and/or country and the approximate dates) which 
gives the individual cause to believe that the Educational and Cultural 
Affairs Exchange Program Records include records pertaining to him or 
her.

Exemptions Promulgated for the System:
    None.

History:
    Previously published at 72 FR 45083.

John C. Sullivan,
Senior Agency Official for Privacy, Deputy Assistant Secretary, Office 
of Global Information Services, Bureau of Administration, Department of 
State.
[FR Doc. 2020-16567 Filed 7-29-20; 8:45 am]
BILLING CODE 4710-24-P