[Federal Register Volume 87, Number 91 (Wednesday, May 11, 2022)]
[Notices]
[Pages 28791-28794]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-10092]


-----------------------------------------------------------------------

AGENCY FOR INTERNATIONAL DEVELOPMENT


Privacy Act of 1974; System of Records

AGENCY: Agency for International Development (USAID).

ACTION: Notice of modified Privacy Act system of records.

-----------------------------------------------------------------------

SUMMARY: The United States Agency for International Development (USAID) 
is issuing public notice of its intent to modify the system of records 
maintained in accordance with the Privacy Act of 1974, as amended, 
titled, `USAID-30, Google Apps Business Edition, published July 27, 
2011. This action is necessary to meet the requirements of the Privacy 
Act to publish in the Federal Register a notice of the existence and 
character of record systems maintained by the agency. USAID is 
modifying this SORN to update the system of records name from Google 
Apps Business Edition to Google Workspace (Enterprise Edition,) as well 
as to update the following sections: ``System Location;'' ``System 
Manager;'' ``Categories of Records in the System'' to include all PII 
that is collected; ``Routine Uses of Records Maintained in the System 
Including Categories of Users and Purposes of Such Uses'' to detail 
whom the information can be shared with as Blanket Routines Uses is in 
the previous SORN; ``Policies and Practices for Retention and Disposal 
of Records'' adding the approved NARA disposition schedule; and 
``Administrative, Technical, and Physical Safeguards.'' The proposed 
updates will allow USAID users to utilize the Google Workspace System 
for online messaging and collaboration.

DATES: Submit comments on or before 10 June 2022. This modified system 
of records will be effective 10 June 2022 upon publication. The Routine 
Uses are effective at the close of the comment period.

ADDRESSES: You may submit comments:

Electronic

     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions on the website for submitting comments.
     Email: [email protected].

Paper

     Fax: 202-916-4946.
     Mail: Chief Privacy Officer, United States Agency for 
International Development, 1300 Pennsylvania Avenue NW, Washington, DC 
20523.

FOR FURTHER INFORMATION CONTACT: Ms. Celida A. Malone, USAID Privacy 
Program at United States Agency for International Development, Bureau 
for Management, Office of the Chief Information Officer, Information 
Assurance Division: ATTN: USAID Privacy Program, 1300 Pennsylvania 
Avenue NW, Washington, DC 20523, or by phone number at 202-916-4605.

SUPPLEMENTARY INFORMATION: USAID is modifying this SORN to update the 
system of records name and modify its SORN to reflect various changes 
and updates required by OMB Circular A-108. The proposed updates will 
allow USAID users to utilize the Google Workspace System for online 
messaging and collaboration.

SYSTEM NAME AND NUMBER:
    USAID -30, Google Workspace (Enterprise Edition).

SECURITY CLASSIFICATION:
    Sensitive But Unclassified.

SYSTEM LOCATION:
    United States Agency for International Development, 1300 
Pennsylvania Avenue NW, Washington, DC 20523 and Google Data Centers 
(CONUS and EU only). In addition, some workforce members may download 
and store information from the system. Those copies are located within 
the employees' or contractors' offices or on encrypted USAID-issued 
workstations.

SYSTEM MANAGER(S):
    Malcolm Dicko, 1300 Pennsylvania Avenue NW, Washington, DC 20523. 
Email: [email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    22 U.S.C. chapter 32, subchapter 1, Foreign Assistance Act of 1961, 
as amended; 5 U.S.C 301 Departmental Regulations; and 44 U.S.C. 3101-
3103 Records Management.

PURPOSE(S) OF THE SYSTEM:
    USAID established this system of records to facilitate connections 
and ensure efficient collaboration among USAID employees, contractors, 
grantees and members of the public, support the USAID workforce's 
ability to communicate, store files and engage with the American 
public, using various cloud-based apps, such as Gmail, Hangouts, 
Calendar, Drive, Docs, Sheets, Slides, Sites, Groups, etc.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system contains records of current and former employees, 
contractors, consultants, and partners who work in support of the 
Agency's mission. This system also covers members of the public who 
engage with USAID.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system maintains information related to the documents, 
messages, calendar entries, and other work-related records of USAID 
account holders. It also maintains information related to functionality 
of specific applications, including:
     User's Biographical Information, such as: Name, personal 
home address, home phone number, mobile phone number, email address, 
date of birth, social security number, and personal photograph
     User's Professional Information, such as: Organization/
office assignment, position/title, business phone number, business 
email address, business address, taxpayer or employer ID number
     Collaboration records, such as email correspondence, 
instant messaging transcripts, calendars and tasks
     Financial information, such as account and transaction 
information maintained to facilitate payroll functions
     Video conferencing information, such as video and audio 
recordings and meeting participants

[[Page 28792]]

     Other Biographical information users may voluntarily 
provide, and
     System Generated information, such as username, password, 
user log-in information, IP address, date and time of access, queries 
run, passcodes and other information required for system administration 
and security.

RECORD SOURCE CATEGORIES:
    The records contained in this system will be provided and updated 
by the individual who is the subject of the record, or by members of 
the USAID workforce during the performance of their official duties.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b), all or a portion of the records contained in this system of 
records may be disclosed outside USAID as a routine use pursuant to 5 
U.S.C. 552a(b)(3) as follows:
    (1) To consumer reporting agencies in order to obtain consumer 
credit reports.
    (2) To federal, international, state, and local law enforcement 
agencies, U.S. Government Agencies, courts, the Department of State, 
Foreign Governments, to the extent necessary to further the purposes of 
an investigation.
    (3) Results of the investigation may be disclosed to the Department 
of State or other Federal Agencies for the purposes of granting 
physical and/or logical access to federally owned or controlled 
facilities and/or information systems in accordance with the 
requirements set forth in HSPD-12.
    (4) To a court, magistrate, or other administrative body in the 
course of presenting evidence, including disclosures to counsel or 
witnesses in the course of civil discovery, litigation, or settlement 
negotiations or in connection with criminal proceedings, when USAID is 
a party to the proceeding or has a significant interest in the 
proceeding, to the extent that the information is determined to be 
relevant and necessary.
    (5) To the Department of Justice or other appropriate United States 
Government Agency when the records are arguably relevant to a 
proceeding in a court or other tribunal in which USAID or a USAID 
official in his or her official capacity is a party or has an interest, 
or when the litigation is likely to affect USAID.
    (6) In the event of an indication of a violation or potential 
violation of law, whether civil, criminal or regulatory in nature, and 
whether arising by statute or particular program pursuant thereto, to 
the appropriate agency, whether federal, state, local or foreign, 
charged with the responsibility of investigating or prosecuting such 
violation or charged with enforcing or implementing the statute, or 
rule, regulation, or order issued pursuant thereto.
    (7) To the Department of State and its posts abroad for the purpose 
of transmission of information between organizational units of USAID, 
or for purposes related to the responsibilities of the Department of 
State in conducting United States foreign policy or protecting United 
States citizens, such as the assignment of employees to positions 
abroad, the reporting of accidents abroad, ensuring fiscal 
accountability in transporting the effects personnel stationed at 
embassies, evacuation of employees and dependents, and other purposes 
for which officers and employees of the Department of State have a need 
for the records in the performance of their duties.
    (8) To a foreign government or international agency in response to 
its request for information to facilitate the conduct of U.S. relations 
with that government or agency through the issuance of such documents 
as visas, country clearances, identification cards, drivers' licenses, 
diplomatic lists, licenses to import or export personal effects, and 
other official documents and permits routinely required in connection 
with the official service or travel abroad of the individual and his or 
her dependents.
    (9) To Federal agencies with which USAID has entered into an 
agreement to provide services to assist USAID in carrying out its 
functions under the Foreign Assistance Act of 1961, as amended. Such 
disclosures would be for the purpose of transmission of information 
between organizational units of USAID; of providing to the original 
employing agency information concerning the services of its employee 
while under the supervision of USAID, including performance 
evaluations, reports of conduct, awards and commendations, and 
information normally obtained in the course of personnel administration 
and employee supervision; or of providing other information directly 
related to the purposes of the inter-agency agreement as set forth 
therein, and necessary and relevant to its implementation.
    (10) To appropriate officials and employees of a federal agency or 
entity when the information is relevant to a decision concerning the 
hiring, appointment, or retention of an employee; the assignment, 
detail or deployment of an employee; the issuance, renewal, suspension, 
or revocation of a security clearance; the execution of a security or 
suitability investigation; the letting of a contract; or the issuance 
of a grant or benefit.
    (11) To the National Archives and Records Administration for the 
purposes of records management inspections conducted under the 
authority of 44 U.S.C. 2904 and 2906.
    (12) To the Office of Management and Budget (OMB), in connection 
with review of private relief legislation, as set forth in OMB Circular 
A-19, at any stage of the legislative coordination and clearance 
process, as set forth in that Circular.
    (13) To a former employee of USAID for purposes of responding to an 
official inquiry by a federal, state, or local government entity or 
professional licensing authority, in accordance with applicable agency 
regulations; or facilitating communications with a former employee that 
may be necessary for personnel-related or other official purposes where 
the agency requires information and/or consultation assistance from the 
former employee regarding a matter within that person's former area of 
responsibility.
    (14) To appropriate agencies, entities, and persons when (a) USAID 
suspects or has confirmed that there has been a breach of the system of 
records, (b) USAID has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, USAID 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (c) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with USAID's efforts to respond to the suspected 
or confirmed breach or to prevent, minimize, or remedy such harm.
    (15) To another Federal Department or Agency or Federal entity, 
when USAID determines information from this system of records is 
reasonably necessary to assist the recipient Department or Agency or 
entity in: (a) Responding to a suspected or confirmed breach; or (b) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
programs and operations), the Federal Government, or national security, 
that might result from a suspected or confirmed breach.
    (16) To a Member of Congress or to a Congressional staff member in 
response to an inquiry of the Congressional office, made at the written 
request of the constituent about whom the record is maintained.

[[Page 28793]]

    (17) To designated Agency personnel for the purpose of performing 
an authorized audit or oversight function.
    (18) To the Office of Management and Budget (OMB), the General 
Accountability Office (GAO), or other Federal agency when the 
information is required for program evaluation purposes.
    (19) To the Internal Revenue Service and the Social Security 
Administration for the purposes of reporting earnings information.
    (20) To unions recognized as exclusive bargaining representatives 
of the individual, the Foreign Service Grievance Board in the course of 
the Board's consideration of matters properly before it, the Federal 
Labor Relations Authority, and other parties responsible for the 
administration of the Federal labor-management program for the purpose 
of processing any corrective action, or grievances, or conducting 
administrative hearings or appeals, or if needed in the performance of 
other authorized duties.
    (21) To attorneys, union representatives, or other persons 
designated by USAID employees in writing to represent them in 
complaints, grievance, appeal, or litigation cases.
    (22) To the Federal Bureau of Investigation, the Department of 
Homeland Security, the National Counter-Terrorism Center (NCTC), the 
Terrorist Screening Center (TSC), or other appropriate federal 
agencies, for the integration and use of such information to protect 
against terrorism, if that record is about one or more individuals 
known, or suspected, to be or to have been involved in activities 
constituting, in preparation for, in aid of, or related to terrorism. 
Such information may be further disseminated by recipient agencies to 
Federal, State, local, territorial, tribal, and foreign government 
authorities, and to support private sector processes as contemplated in 
Homeland Security Presidential Directive/HSPD-6 and other relevant laws 
and directives, for terrorist screening, threat-protection and other 
homeland security purposes.
    (23) To foreign law enforcement, security, investigatory, or 
administrative authorities to comply with requirements imposed by, or 
to claim rights conferred in, international agreements and arrangements 
including those regulating the stationing and status in foreign 
countries of USAID personnel.
    (24) To an appeal, grievance, hearing, or complaints examiner; an 
equal employment opportunity investigator, arbitrator, or mediator; 
and/or an exclusive representative or other person authorized to 
investigate or settle a grievance, complaint, or appeal filed by an 
individual who is the subject of the record.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Electronic records are maintained in user-authenticated, password-
protected systems. All records are accessed only by authorized 
personnel who have a need to access the records in the performance of 
their official duties.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrievable by a combination of first and last name, 
email address, and other unique identifiers as configured by the 
program office for their program requirements.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are retained for 10-year retention rule for all data 
contained within Google Drive and Google mail. There are exceptions for 
specific users as required by NARA, FOIA, and USAID Records Management.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    USAID safeguards records in this system according to applicable 
rules and policies, including all applicable USAID Automated Directive 
Systems (ADS) operational policies. USAID has implemented controls to 
minimize the risk of compromising the information that is being stored. 
Access to the system containing the records is limited to those 
individuals who have a need to know the information for performance of 
their official duties and who have appropriate clearances and 
permissions. USAID ensures that the practices stated in the Google 
Workspace Privacy Impact Assessment are followed by leveraging standard 
operating procedures (SOP), training, policies, rules of behavior, and 
auditing and accountability.
    Cloud systems are authorized to operate separately by the USAID AO 
at the moderate level. All USAID Users utilize two-factor 
authentication to access Google Workspace Applications.
    Google Mail DLP actively scans all outbound messages for defined 
PII elements and quarantines emails that may violate defined 
transmission rules. Messages are then manually released by an approved 
administrator.

RECORD ACCESS PROCEDURES:
    Individuals seeking access to information about themselves 
contained in this system of records should address inquiries to the 
Bureau for Management, Office of Management Services, Information and 
Records Division (M/MS/IRD), USAID Annex--Room 2.4.0C, 1300 
Pennsylvania Avenue NW, Washington, DC 20523. The requester may 
complete and sign a USAID Form 507-1, Certification of Identity Form or 
submit signed, written requests that should include the individual's 
full name, current address, telephone number, and this System of 
Records Notice number. In addition, the requester must provide either a 
notarized statement or an unsworn declaration made in accordance with 
28 U.S.C. 1746, in the following format:
    If executed outside the United States: ``I declare (or certify, 
verify, or state) under penalty of perjury under the laws of the United 
States of America that the foregoing is true and correct. Executed on 
(date). (Signature).''
    If executed within the United States, its territories, possessions, 
or commonwealths: ``I declare (or certify, verify, or state) under 
penalty of perjury that the foregoing is true and correct. Executed on 
(date). (Signature).''

CONTESTING RECORD PROCEDURES:
    The USAID rules for accessing records, contesting contents, and 
appealing initial agency determinations are contained in 22 CFR part 
212 or may be obtained from the program manager or system owner.

NOTIFICATION PROCEDURES:
    Individuals seeking to determine if information about themselves is 
contained in this system of records should address inquiries to the 
Bureau for Management, Office of Management Services, Information and 
Records Division (M/MS/IRD), USAID Annex--Room 2.4.0C, 1300 
Pennsylvania Avenue NW, Washington, DC 20523. Individuals may complete 
and sign a USAID Form 507-1, Certification of Identity Form or submit 
signed, written requests that should include the individual's full 
name, current address, and telephone number. In addition, the requester 
must provide either a notarized statement or an unsworn declaration 
made in accordance with 28 U.S.C. 1746, in the following format:
    If executed outside the United States: ``I declare (or certify, 
verify, or state) under penalty of perjury under the laws of the United 
States of America that the foregoing is true and correct. Executed on 
(date). (Signature).''
    If executed within the United States, its territories, possessions, 
or commonwealths: ``I declare (or certify, verify, or state) under 
penalty of perjury that the foregoing is true and correct. Executed on 
(date). (Signature).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

[[Page 28794]]

HISTORY:
    76 FR 44888, July 27, 2011.

Celida Ann Malone,
Government Privacy Task Lead.
[FR Doc. 2022-10092 Filed 5-10-22; 8:45 am]
BILLING CODE 6116-01-P