[Federal Register Volume 86, Number 27 (Thursday, February 11, 2021)]
[Notices]
[Pages 9065-9066]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-02802]
=======================================================================
-----------------------------------------------------------------------
EXPORT-IMPORT BANK
[Public Notice: 2021-0001]
Privacy Act of 1974; System of Records
AGENCY: Export-Import Bank of the United States.
ACTION: Notice of new system of records.
-----------------------------------------------------------------------
SUMMARY: The Export-Import Bank of the United States (EXIM) proposes to
add a new electronic System of Records, EXIM CRM (Customer Relationship
Management), subject to the Privacy Act of 1974, as amended. This
notice is necessary to meet the requirements of the Privacy Act which
is to publish in the Federal Register a notice of the existence and
character of records maintained by the agency. Included in this notice
is the System of Records Notice (SORN) for EXIM CRM.
DATES: Comments must be received on or before March 15, 2021 to be
assured of consideration.
ADDRESSES: Comments may be submitted electronically on
www.regulations.gov or by mail to Tomeka Wray, Export-Import Bank of
the United States, 811 Vermont Ave. NW, Washington, DC 20571.
FOR FURTHER INFORMATION CONTACT: Tomeka Wray, Export-Import Bank of the
United States, 811 Vermont Ave. NW, Washington, DC 20571. Telephone
number: 202.565.3996.
SUPPLEMENTARY INFORMATION: The EXIM CRM system is used to manage
relationships with potential or current customers, partners, and other
organizations and agencies involved in EXIM deals or whom EXIM works
with in supporting U.S. exporters. EXIM CRM is comprised of a cloud-
based Salesforce application and a cloud-based HubSpot module
connection integrating the HubSpot database to the Salesforce API.
SYSTEM OF RECORDS NOTICE
EIB 21-01 EXIM CRM
SYSTEM NAME AND NUMBER:
EIB 21-01 EXIM CRM, EXIM CRM
SECURITY CLASSIFICATION:
Unclassified
SYSTEM LOCATION:
EXIM CRM's Salesforce application is hosted in the Salesforce
Government Cloud. The physical location and technical operation of the
system is at the Salesforce Government Cloud's Chicago (Elk Grove
Village, IL) and Washington (Ashburn, VA) data centers. The HubSpot
application uses cloud storage and computes services from Amazon Web
Services (AWS) and Google Cloud Platform (GCP). HubSpot's production
infrastructure is centralized in AWS and GCP cloud hosting facilities,
and is managed by the HubSpot engineering team.
SYSTEM MANAGER(S):
Senior Vice President, Office of Small Business, Export-Import Bank
of the United States, 811 Vermont Ave. NW, Washington, DC 20571.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
The Export-Import Bank requests the information in this application
under the following authorizations:
Authority of the Export-Import Bank Act of 1945, as amended (12
U.S.C. 635 et seq.), Executive Order 9397 as Amended by Executive Order
13478 signed by President George W. Bush on November 18, 2008, Relating
to Federal Agency Use of Social Security Numbers.
PURPOSE(S) OF THE SYSTEM:
The purpose of this system is to allow EXIM staff to manage
relationships and track interactions with potential and existing
customers, partners (e.g., registered brokers, lenders, and Regional
Export Promotion Program (REPP) member organizations), and other
organizations and agencies involved in EXIM deals or whom EXIM works
with in supporting U.S. exporters. Additionally, EXIM CRM allows
designated personnel from specific partner organizations to log in
through Salesforce's Partner Portal to access resources and limited
customer information that helps them support EXIM's customers.
EXIM CRM is comprised of the following functional modules:
Salesforce Customer Relationship Management
Salesforce Partner Relationship Management
HubSpot Marketing module, Enterprise version
EXIM utilizes HubSpot Marketing Hub, integrated with Salesforce,
for email automation and to host landing pages and contact forms used
by the public when requesting information or follow up from EXIM.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The EXIM CRM system will contain current or potential customer
information; partner organization information; EXIM employee and
contractor information.
CATEGORIES OF RECORDS IN THE SYSTEM:
EXIM CRM contains information related to individuals and corporate
entities that are potential, current, or former customers, partners, or
other organizations and agencies involved in EXIM transactions or whom
EXIM works with in supporting U.S. exporters. The EXIM CRM system
contains information on EXIM employees and contractors who are users of
the system.
For customer, partner, and other organization or agency
information--company name, individual contact names, email address,
race, ethnicity, business address, phone number, company website,
number of employees, annual revenue, DUNS Number, TINS, IBANs, NAICS
Code, industry, products exported, EXIM transaction number, EXIM Master
Guarantee Agreement Number, EXIM Delegated Authority Lender Agreement
Number.
For EXIM employees and contractors--individual name, work email
address, phone number.
RECORD SOURCE CATEGORIES:
The record information contained in EXIM CRM is obtained using one
of three methods: Manual entry, direct database connection to supply
the required information, or through importing source flat files to the
EXIM CRM database.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures that are generally permitted under
5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed to authorized
entities, as is determined to be relevant and necessary, outside EXIM
as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
a. For EXIM employees to support current or potential customers.
b. For EXIM employees to support current or potential partners.
c. To lenders for the purposes of applying for and servicing an
EXIM loan guarantee.
d. To registered insurance brokers for the purpose of applying for
and servicing an EXIM export credit insurance policy.
[[Page 9066]]
e. To provide information to a Federal agency partner including the
Department of Commerce (DOC), Small Business Administrations (SBA),
U.S. Trade & Development Agency (USTDA), and Development Finance
Corporation (DFC) based on customer need for the purpose of linking
U.S. businesses to available government business resources.
f. To provide information to partner state governments, local
governments, non-profit business development and assistance
organizations based on customer need for the purpose of linking U.S.
businesses to exporting and other business resources.
g. To provide information to a Congressional Office from the record
of an individual in response to an inquiry from that Office.
h. To disclose information to EXIM contractors supporting EXIM
authorized activities.
i. For investigations of potential violations of law.
j. For litigation.
k. By National Archives and Records Administration for record
management inspections in its role as Archivist.
l. For data breach and mitigation response.
m. To disclose pertinent information to the appropriate Federal,
State, or local agency responsible for investigating, prosecuting,
enforcing, or implementing a statute, rule, regulation or another
purpose, when the disclosing agency becomes aware of an indication of a
violation or potential violation of civil or criminal law or
regulations.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
On electronic digital media in encrypted format within the
Salesforce Government Cloud controlled environment and accessed only by
authorized personnel.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Information may be retrieved by business entity name, individual
name, or email address.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
All records shall be retained and disposed of in accordance with
EXIM directives, EXIM's Record Schedule DAA-GRS2017-0002-0002, and
General Records Schedule GRS 6.5 Item 020.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Information will be stored in electronic format within EXIM CRM.
EXIM CRM has configurable, layered data sharing and permissions
features to ensure users have proper access. Access to Salesforce and
HubSpot is restricted to EXIM personnel who need it for their job.
Authorized users have access only to the data and functions required to
perform their job functions. Designated personnel at specific lender,
insurance broker, and Regional Export Promotion Program (REPP) partner
organizations are granted limited access to EXIM CRM through
Salesforce's Partner Portal. This access is managed via Salesforce's
and HubSpot's System Administration, User, and security functions.
Salesforce Government Cloud is compliant with the Federal Risk and
Authorization Management Program (FedRAMP). The PII information in EXIM
CRM will be encrypted and stored in place, and HTTPS protocol will be
employed in accessing Salesforce.
HubSpot is hosted in AWS and GCP environments that are FedRAMP
compliant, and ISO 27001 certified. The PII information in EXIM CRM
will be encrypted and stored in place, and HTTPS protocol will be
employed in accessing HubSpot.
RECORD ACCESS PROCEDURES:
Individuals wishing to make an amendment of records about them
should write to: Senior Vice President, Office of Small Business,
Export-Import Bank of the United States, 811 Vermont Ave. NW,
Washington, DC 20571.
And provide the following information:
1. Name.
2. Employer Identification Number (EIN) or Social Security Number, as
applicable.
3. Type of information requested.
4. Signature.
CONTESTING RECORD PROCEDURES:
Individuals wishing to contest records about them should write to:
Senior Vice President, Office of Small Business, Export-Import Bank of
the United States, 811 Vermont Ave. NW, Washington, DC 20571.
And provide the following information:
1. Name.
2. Employer Identification Number (EIN) or Social Security Number, as
applicable.
3. Signature.
4. Precise identification of the information to be amended.
NOTIFICATION PROCEDURES:
Individuals wishing to determine whether this system of records
contains information about them may do so by writing to: Senior Vice
President, Office of Small Business, Export-Import Bank of the United
States, 811 Vermont Ave. NW, Washington, DC 20571.
And provide the following information:
1. Name.
2. Employer Identification Number (EIN) or Social Security Number, as
applicable.
3. Type of information requested.
4. Address to which the information should be sent.
5. Signature.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
Bassam Doughman,
IT Specialist.
[FR Doc. 2021-02802 Filed 2-10-21; 8:45 am]
BILLING CODE 6690-01-P