[Federal Register Volume 86, Number 27 (Thursday, February 11, 2021)]
[Notices]
[Pages 9065-9066]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-02802]


=======================================================================
-----------------------------------------------------------------------

EXPORT-IMPORT BANK

[Public Notice: 2021-0001]


Privacy Act of 1974; System of Records

AGENCY: Export-Import Bank of the United States.

ACTION: Notice of new system of records.

-----------------------------------------------------------------------

SUMMARY: The Export-Import Bank of the United States (EXIM) proposes to 
add a new electronic System of Records, EXIM CRM (Customer Relationship 
Management), subject to the Privacy Act of 1974, as amended. This 
notice is necessary to meet the requirements of the Privacy Act which 
is to publish in the Federal Register a notice of the existence and 
character of records maintained by the agency. Included in this notice 
is the System of Records Notice (SORN) for EXIM CRM.

DATES: Comments must be received on or before March 15, 2021 to be 
assured of consideration.

ADDRESSES: Comments may be submitted electronically on 
www.regulations.gov or by mail to Tomeka Wray, Export-Import Bank of 
the United States, 811 Vermont Ave. NW, Washington, DC 20571.

FOR FURTHER INFORMATION CONTACT: Tomeka Wray, Export-Import Bank of the 
United States, 811 Vermont Ave. NW, Washington, DC 20571. Telephone 
number: 202.565.3996.

SUPPLEMENTARY INFORMATION: The EXIM CRM system is used to manage 
relationships with potential or current customers, partners, and other 
organizations and agencies involved in EXIM deals or whom EXIM works 
with in supporting U.S. exporters. EXIM CRM is comprised of a cloud-
based Salesforce application and a cloud-based HubSpot module 
connection integrating the HubSpot database to the Salesforce API.
SYSTEM OF RECORDS NOTICE
    EIB 21-01 EXIM CRM

SYSTEM NAME AND NUMBER:
    EIB 21-01 EXIM CRM, EXIM CRM

SECURITY CLASSIFICATION:
    Unclassified

SYSTEM LOCATION:
    EXIM CRM's Salesforce application is hosted in the Salesforce 
Government Cloud. The physical location and technical operation of the 
system is at the Salesforce Government Cloud's Chicago (Elk Grove 
Village, IL) and Washington (Ashburn, VA) data centers. The HubSpot 
application uses cloud storage and computes services from Amazon Web 
Services (AWS) and Google Cloud Platform (GCP). HubSpot's production 
infrastructure is centralized in AWS and GCP cloud hosting facilities, 
and is managed by the HubSpot engineering team.

SYSTEM MANAGER(S):
    Senior Vice President, Office of Small Business, Export-Import Bank 
of the United States, 811 Vermont Ave. NW, Washington, DC 20571.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The Export-Import Bank requests the information in this application 
under the following authorizations:
    Authority of the Export-Import Bank Act of 1945, as amended (12 
U.S.C. 635 et seq.), Executive Order 9397 as Amended by Executive Order 
13478 signed by President George W. Bush on November 18, 2008, Relating 
to Federal Agency Use of Social Security Numbers.

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system is to allow EXIM staff to manage 
relationships and track interactions with potential and existing 
customers, partners (e.g., registered brokers, lenders, and Regional 
Export Promotion Program (REPP) member organizations), and other 
organizations and agencies involved in EXIM deals or whom EXIM works 
with in supporting U.S. exporters. Additionally, EXIM CRM allows 
designated personnel from specific partner organizations to log in 
through Salesforce's Partner Portal to access resources and limited 
customer information that helps them support EXIM's customers.
    EXIM CRM is comprised of the following functional modules:
     Salesforce Customer Relationship Management
     Salesforce Partner Relationship Management
     HubSpot Marketing module, Enterprise version
    EXIM utilizes HubSpot Marketing Hub, integrated with Salesforce, 
for email automation and to host landing pages and contact forms used 
by the public when requesting information or follow up from EXIM.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The EXIM CRM system will contain current or potential customer 
information; partner organization information; EXIM employee and 
contractor information.

CATEGORIES OF RECORDS IN THE SYSTEM:
    EXIM CRM contains information related to individuals and corporate 
entities that are potential, current, or former customers, partners, or 
other organizations and agencies involved in EXIM transactions or whom 
EXIM works with in supporting U.S. exporters. The EXIM CRM system 
contains information on EXIM employees and contractors who are users of 
the system.
    For customer, partner, and other organization or agency 
information--company name, individual contact names, email address, 
race, ethnicity, business address, phone number, company website, 
number of employees, annual revenue, DUNS Number, TINS, IBANs, NAICS 
Code, industry, products exported, EXIM transaction number, EXIM Master 
Guarantee Agreement Number, EXIM Delegated Authority Lender Agreement 
Number.
    For EXIM employees and contractors--individual name, work email 
address, phone number.

RECORD SOURCE CATEGORIES:
    The record information contained in EXIM CRM is obtained using one 
of three methods: Manual entry, direct database connection to supply 
the required information, or through importing source flat files to the 
EXIM CRM database.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures that are generally permitted under 
5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed to authorized 
entities, as is determined to be relevant and necessary, outside EXIM 
as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    a. For EXIM employees to support current or potential customers.
    b. For EXIM employees to support current or potential partners.
    c. To lenders for the purposes of applying for and servicing an 
EXIM loan guarantee.
    d. To registered insurance brokers for the purpose of applying for 
and servicing an EXIM export credit insurance policy.

[[Page 9066]]

    e. To provide information to a Federal agency partner including the 
Department of Commerce (DOC), Small Business Administrations (SBA), 
U.S. Trade & Development Agency (USTDA), and Development Finance 
Corporation (DFC) based on customer need for the purpose of linking 
U.S. businesses to available government business resources.
    f. To provide information to partner state governments, local 
governments, non-profit business development and assistance 
organizations based on customer need for the purpose of linking U.S. 
businesses to exporting and other business resources.
    g. To provide information to a Congressional Office from the record 
of an individual in response to an inquiry from that Office.
    h. To disclose information to EXIM contractors supporting EXIM 
authorized activities.
    i. For investigations of potential violations of law.
    j. For litigation.
    k. By National Archives and Records Administration for record 
management inspections in its role as Archivist.
    l. For data breach and mitigation response.
    m. To disclose pertinent information to the appropriate Federal, 
State, or local agency responsible for investigating, prosecuting, 
enforcing, or implementing a statute, rule, regulation or another 
purpose, when the disclosing agency becomes aware of an indication of a 
violation or potential violation of civil or criminal law or 
regulations.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    On electronic digital media in encrypted format within the 
Salesforce Government Cloud controlled environment and accessed only by 
authorized personnel.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Information may be retrieved by business entity name, individual 
name, or email address.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    All records shall be retained and disposed of in accordance with 
EXIM directives, EXIM's Record Schedule DAA-GRS2017-0002-0002, and 
General Records Schedule GRS 6.5 Item 020.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Information will be stored in electronic format within EXIM CRM. 
EXIM CRM has configurable, layered data sharing and permissions 
features to ensure users have proper access. Access to Salesforce and 
HubSpot is restricted to EXIM personnel who need it for their job. 
Authorized users have access only to the data and functions required to 
perform their job functions. Designated personnel at specific lender, 
insurance broker, and Regional Export Promotion Program (REPP) partner 
organizations are granted limited access to EXIM CRM through 
Salesforce's Partner Portal. This access is managed via Salesforce's 
and HubSpot's System Administration, User, and security functions.
    Salesforce Government Cloud is compliant with the Federal Risk and 
Authorization Management Program (FedRAMP). The PII information in EXIM 
CRM will be encrypted and stored in place, and HTTPS protocol will be 
employed in accessing Salesforce.
    HubSpot is hosted in AWS and GCP environments that are FedRAMP 
compliant, and ISO 27001 certified. The PII information in EXIM CRM 
will be encrypted and stored in place, and HTTPS protocol will be 
employed in accessing HubSpot.

RECORD ACCESS PROCEDURES:
    Individuals wishing to make an amendment of records about them 
should write to: Senior Vice President, Office of Small Business, 
Export-Import Bank of the United States, 811 Vermont Ave. NW, 
Washington, DC 20571.
    And provide the following information:

1. Name.
2. Employer Identification Number (EIN) or Social Security Number, as 
applicable.
3. Type of information requested.
4. Signature.

CONTESTING RECORD PROCEDURES:
    Individuals wishing to contest records about them should write to: 
Senior Vice President, Office of Small Business, Export-Import Bank of 
the United States, 811 Vermont Ave. NW, Washington, DC 20571.
    And provide the following information:

1. Name.
2. Employer Identification Number (EIN) or Social Security Number, as 
applicable.
3. Signature.
4. Precise identification of the information to be amended.

NOTIFICATION PROCEDURES:
    Individuals wishing to determine whether this system of records 
contains information about them may do so by writing to: Senior Vice 
President, Office of Small Business, Export-Import Bank of the United 
States, 811 Vermont Ave. NW, Washington, DC 20571.
    And provide the following information:

1. Name.
2. Employer Identification Number (EIN) or Social Security Number, as 
applicable.
3. Type of information requested.
4. Address to which the information should be sent.
5. Signature.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

Bassam Doughman,
IT Specialist.
[FR Doc. 2021-02802 Filed 2-10-21; 8:45 am]
BILLING CODE 6690-01-P