[Federal Register Volume 86, Number 221 (Friday, November 19, 2021)]
[Notices]
[Pages 64979-64982]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-25276]


-----------------------------------------------------------------------

SMALL BUSINESS ADMINISTRATION


Privacy Act of 1974; System of Records Notice

AGENCY: Small Business Administration.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: The U.S. Small Business Administration (SBA) proposes to 
modify its system ofrecords titled, Disaster Loan Case File, (SBA 20), 
to its inventory of records systems subject to thePrivacy Act of 1974, 
as amended. Publication of this notice complies with the Privacy Act 
and the Office of Management and Budget (OMB) Circular A-108 and 
Circular A-130. System of Records Notice (SORN) Disaster Loans Case 
Files, (SBA 20), includes modifying the name from ``Disaster Loan Case 
File'' to ``Disaster Loans Case Files'', modifying system location, 
contact information, authority, purpose, categories of individuals, 
categories of records, record source categories, routine use, storage, 
retention, retrieval, safeguards, record access, contesting, 
notification procedures, and supplemental information. SBA 20 has also 
expanded the scope of its system of records with additional 
applications and processes, serving a unique purpose for carrying out 
the mission of the SBA Office of Disaster Assistance.

[[Page 64980]]


DATES: Submit comments on or before December 20, 2021. This revised 
system will be effective upon publication.

ADDRESSES: You may submit comments on this notice by any of the 
following methods:
    Federal e-Rulemaking Portal: http://www.regulations.gov: Follow the 
instructions forsubmitting comments. Mail/Hand Delivery/Courier: Submit 
written comments to:Barbara Carson, Deputy Associate Administrator, 
Office of Disaster Assistance, U.S. SmallBusiness Administration, 409 
3rd Street SW, Suite 6032, Washington, DC 20416.

FOR FURTHER INFORMATION CONTACT: General questions, please contact 
Michael Yeager, Information Technology (IT) Director, Office of 
Disaster Assistance, U.S. Small Business Administration, 409 3rd Street 
SW, Suite 6032, Washington, DC 20416 or via email 
[email protected], telephone 202-205-6536. For Privacy related 
matters, please contact Keith A. Bluestein, Chief Information Officer/
Senior Agency Official for Privacy, Office of the Chief Information 
Officer, U.S. Small Business Administration, 409 3rd Street SW, Suite 
4000, Washington, DC 20416 or via email to [email protected].

SUPPLEMENTARY INFORMATION: The Privacy Act of 1974 (5 U.S.C. 552a), as 
amended, embodies fair information practice principles in a statutory 
framework governing how Federal agencies collect, maintain, use, and 
disseminate individuals' personal information. The Privacy Act applies 
to records about individuals that are maintained in a ``system of 
records.'' A system of records is a group of any records under the 
control of a federal agency from which information is retrieved by the 
name of an individual or by a number, symbol or another identifier 
assigned to the individual. The Privacy Act requires each Federal 
agency to publish in the Federal Register a System of Records Notice 
(SORN) identifying and describing each system of records the agency 
maintains, the purposes for which the Agency uses the Personally 
Identifiable Information (PII) in the system, the routine uses for 
which the Agency discloses such information outside the Agency, and how 
individuals can exercise their rights related to their PII information.
    The modified Privacy Act system of records titled Disaster Loan 
Case File, (SBA 20) will be used to provide notice to applicants and 
recipients of disaster assistance through its Office of Disaster 
Assistance (ODA), which coordinates low-interest, long-term loans for 
damages caused by a declared disaster for individuals, businesses of 
all sizes, private non-profit organizations, homeowners, and renters. 
SBA 20 also includes loan advances and grants administered by ODA, 
which are available to small businesses, including sole proprietors, 
and private non-profit organizations.
    SBA 20 collects information relating to pre-application 
registrants, disaster home andbusiness loan applicants, recipients of a 
disaster home and business loans from the time of pre-application 
registration, loan advance applicants and recipients, and grant 
applicants and recipients. Non-exhaustive list includes loan 
applications, loan advance applications, grant applications, supporting 
documentation, personal history, financial statements, tax information, 
credit information, investigative reports, appraisal reports, waivers, 
loan record transfers, correspondence, recommendations, authorizations, 
award amount, disbursement amount, loan term and rate, payment history, 
collateral, UCC filings and re-filings, collection and liquidation 
activities, settlements and compromises, bank information, field visit 
reports, borrower's insurance information and loan accounting 
information.
    Major application/system components to this system of records 
comprise of Disaster CreditManagement System(s), Shuttered Venue 
Operators Grant System (SVOG), Rapid Finance (RF) Portal, Ayaya 
Automated Interactive Voice Response (IVR), cloud services, legacyand 
multiple portals. The modification of SBA 20 will not have any undue 
impact on the privacy ofindividuals and its use is compatible with 
collection.

SYSTEM NAME AND NUMBER:
    Disaster Loans Case Files, (SBA 20).

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    SBA DCMS Operations Center, Herndon, VA, Washington, DC, Chicago, 
IL, other Salesforce, and Microsoft Offsite locations within the United 
States; Rapid Financein Bethesda, MD;

SYSTEM MANAGER(S):
    Michael Yeager, IT Director, Office of Disaster Assistance, U.S. 
Small Business Administration, 409 3rd Street SW, Suite 6032, 
Washington, DC 20416 or via email [email protected], telephone 
202-205-6536.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    15 U.S.C. 634(b)(6), 44 U.S.C. 3101The Economic Aid to Hard-Hit 
Small Businesses, Nonprofits and Venues Act, Public Law 116-260

PURPOSE(S) OF THE SYSTEM:
    SBA 20 collects information relating to pre-applicationregistrants, 
disaster home and business loan applicants, recipients of a disaster 
home andbusiness loans from the time of pre-application registration, 
loan advance applicants and recipients, and grant applicants and 
recipients.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals, businesses, principals, including sole proprietors, 
homeowners, renters, and non-profits.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Information relating to pre-application registrants, disaster home 
and business loan applicants, loan advance, grant applicants and 
recipients of loan advances, grants, disaster home and business loans. 
Included are name, business name, address, tax identification number, 
date of birth, telephone number, identification, loan information, loan 
advance, grant applications, supporting documents, personal history, 
financial statements, credit information, investigative reports, 
appraisers' reports, waivers, loan record transfers, correspondence, 
recommendations,authorizations, disbursement amount, term and rate, 
payment history, collateral, Uniform Commercial Code (UCC) filings and 
re-filings, collection and liquidation activities, financial 
statements, settlements and compromises, bank information, field visit 
reports, borrower's insurance information and loan accounting 
information.

RECORD SOURCE CATEGORIES:
    Subject, individuals, SBA employees, SBA contractors, financial 
institutions, credit reporting agencies, law enforcement agencies, 
Treasury Department and Federal Emergency Management Agency (FEMA).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDINGCATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act,all or a portion of the information 
contained in this system may be disclosed to authorizedentities, as is 
determined to be relevant and necessary, outside SBA as a routine use 
pursuant to 5U.S.C. 552a(b)(3) as follows:

[[Page 64981]]

    A. To the public on approved loans. This information includes 
recipient name and address, term and rate of the loan and the amount 
paid in full or charged off.
    B. To the public on approved loan advances and grants. This 
information includes recipient name, address, period of performance and 
amount of the loan advance or grant.
    C. To provide information to potential investors who are interested 
in bidding on loans made available by the Agency in a sale of assets. 
Investors will be required to execute a confidentiality agreement prior 
to reviewing any record or information.
    D. To the Federal, State, local or foreign agency or professional 
organization which has responsibility for investigating, prosecuting, 
or enforcing violations, statutes, rules, regulations or orders issued 
when the Agency identifies a record, either alone or in conjunction 
with other information, which indicates a violation or potential 
violation of law.
    E. To request information from a Federal, State, or local agency or 
a private credit agency maintaining civil, criminal, or other 
information relevant to determining an applicant's suitability for a 
loan, loan advance, or grant; this may be requested individually or 
part of a computer match.
    F. In response to a request from a State or Federal agency in 
connection with the issuance of a grant, loan or other benefit by that 
agency which is relevant to their decision on the matter; this may be 
requested individually or part of a computer match.
    G. To other Federal agencies to conduct computer matching programs 
to locate and identify delinquent SBA borrowers who are receiving 
Federal salaries or benefit payments. Disclosure will be made if the 
records indicate the loan is in default, at least 30 days past due or 
to update a previous disclosure. SBA will make disclosures to obtain 
repayments of debts under the provisions of the Debt Collection Act of 
1982 by voluntary repayment, or administrative or salary offset 
procedures.
    H. To a consumer reporting agency to also include information from 
the new ID Theft Form 3515.
    I. To provide the Internal Revenue Service (IRS) with access to an 
individual's records for an official audit to the extent the 
information is relevant to the IRS's function.
    J. To a court, magistrate, grand jury, or administrative tribunal, 
opposing counsel during such proceedings or in settlement negotiations 
when presenting evidence.
    K. To a Congressional office from an individual's record when that 
office is inquiring onthe individual's behalf; the Member's access 
rights are no greater than the individuals.
    L. In a proceeding before a court, or adjudicative body, or a 
dispute resolution body before which SBA is authorized to appear or 
before which any of the following is a party to litigation or has an 
interest in litigation, provided, however, that SBA determines that the 
use of such records is relevant and necessary to the litigation, and 
that, in each case, SBA determines that disclosure of the records to a 
court or other adjudicative body is a use of the information contained 
in the records that is a compatible purpose for which the records were 
collected: SBA, or any SBA component; any SBA employee in their 
official capacity; any SBA employee in their individual capacity where 
DOJ has agreed to represent the employee; or The United States 
Government, where SBA determines that litigation is likely to affect 
SBA or any of its components.
    M. To transmit data to U.S. Department of the Treasury to effect 
issuance of loan, loan advance, or grant funds to borrowers or 
recipients.
    N. To the Federal Emergency Management Agency (FEMA) to coordinate 
the issuance offederal disaster assistance to disaster victims and 
monitor for duplication.
    O. To the Department of Justice (DOJ), including offices of the U.S 
Attorneys, or other Federal agency conducting litigation or in 
proceedings before any court, adjudicative, or administrative body, 
when it is deemed by the SBA to be relevant or necessary to the 
litigation or the SBA has an interest in such litigation when any of 
the following are a party to the litigation or have an interest in the 
litigation: (1) Any employee or former employee of the SBA in his or 
her official capacity; (2) Any employee or former employee of the SBA 
in his or her individual capacity when DOJ or SBA has agreed to 
represent the employee or a party to the litigation or have an interest 
in the litigation; or (3)The United States or any agency thereof.
    P. To the National Archives and Records Administration (NARA) or 
General Services Administration (GSA) pursuant to records management 
inspections conducted under the authority of 44 U.S.C. 2904 and 2906.
    Q. To an agency or organization, including the SBA's Office of 
Inspector General, for the purpose of performing audit or oversight 
operations as authorized by law. but only such information as is 
necessary and relevant to such audit or oversight function.
    R. To appropriate agencies, entities, and persons when (1) SBA 
suspects or has confirmed that there has been a breach of the system of 
records, (2) SBA has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, SBA (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with SBA's efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm.
    S. To another Federal agency or Federal entity, when SBA determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach.
    T. To another agency or agent of a Government jurisdiction within 
or under the control of the U.S., lawfully engaged in national security 
or homeland defense when disclosure is undertaken for intelligence, 
counterintelligence activities (as defined by 50 U.S.C. 3003(3)), 
counterterrorism, homeland security, or related law enforcement 
purposes, as authorized by U.S. law or Executive Order.
    U. To SBA contractors, grantees, volunteers, interns, regulators, 
and experts who have been engaged by SBA to assist in the performance 
and performance improvement of a service related to this system of 
records and who need access to the records to perform this activity 
which may also include for regulatory purposes. Recipients of these 
records shall be required to comply with the requirements of the 
Privacy Act of 1974, as amended, 5 U.S.C. 552a.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Paper and electronic files.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by name of individual, business name, 
application number, grant number, Data Universal Numbering System, 
cross-referenced loan number or borrower's Social

[[Page 64982]]

Security Number or Employer Identification Number or FEMA registration 
number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained in accordance with latest edition SBA 
Standard Operating Procedure (SOP) series 00 41, schedules Records 
Management Records and Agency Accountability Records. Records 
maintained as part of the General Records Schedules (GRS) are disposed 
of in accordance with applicable SBA policies.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Access and use are limited to persons with official need to know. 
Users are evaluated on a recurring basis to ensure need-to-know still 
exists. Safeguards are implemented in accordance with the Federal 
Information Security Modernization Act of 2014 (FISMA) and are 
evaluated on a recurring basis to ensure desired operation.

RECORD ACCESS PROCEDURES:
    Individuals wishing to request access to records about them should 
submit a Privacy Act request to the SBA Chief, Freedom of Information 
and Privacy Act Office, U.S. Small Business Administration, 409 Third 
St. SW, Eighth Floor, Washington, DC 20416 or [email protected]. Individuals 
must provide their full name, mailing address, personal email address, 
telephone number, and a detailed description of the records requested. 
Individuals requesting access must also follow SBA's Privacy Act 
regulations regarding verification of identity and access to records 
(13 CFR part 102 subpart B).

CONTESTING RECORD PROCEDURES:
    Individuals wishing to contest information contained in records 
about them should submit a Privacy Act request to the SBA Chief, 
Freedom of Information and Privacy Act Office, U.S. Small Business 
Administration, 409 Third St. SW, Eighth Floor, Washington, DC 20416 or 
[email protected]. Individuals must provide their full name, mailing 
address, personal email address, telephone number, and a detailed 
description of the records requested. Requesting individuals must 
follow SBA's Privacy Act regulations regarding verification of identity 
and access to records (13 CFR part 102 subpart B).

NOTIFICATION PROCEDURES:
    Individuals may make record inquiries in person at the address 
listed below or in writing to the Systems Manager through the SBA 
Chief, Freedom of Information and Privacy Act Office, U.S. Small 
Business Administration, 409 Third St. SW, Eighth Floor, Washington, DC 
20416 or [email protected].

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    74 FR 14889 (April 1, 2009); 72 FR 48312 (August 23, 2007); 69 FR 
76964 (December 23, 2004); and 69 FR 58597 (September 30, 2004).

James Rivera,
Associate Administrator for Disaster Assistance, Office of Disaster 
Assistance.
[FR Doc. 2021-25276 Filed 11-18-21; 8:45 am]
BILLING CODE 8026-03-P