[Federal Register Volume 87, Number 225 (Wednesday, November 23, 2022)]
[Notices]
[Pages 71687-71688]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-25540]


=======================================================================
-----------------------------------------------------------------------

MILLENNIUM CHALLENGE CORPORATION

[MCC FR 22-16]


Privacy Act of 1974; System of Records

AGENCY: Millennium Challenge Corporation.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: The Millennium Challenge Corporation (MCC) proposes to add a 
new system of records to its inventory of records systems subject to 
the Privacy Act of 1974, as amended. This action complies with the 
requirements of the Privacy Act to publish in the Federal Register 
notice of MCCs intent to collect and maintain records.

DATES: Comments must be received no later than November 30, 2022.

ADDRESSES: Send written comments to the Millennium Challenge 
Corporation, ATTN: Christopher Ice, Chief Privacy Officer, Department 
of Administration and Finance, 1099 Fourteenth Street NW, Suite 700, 
Washington, DC 20005-3550.

FOR FURTHER INFORMATION CONTACT: Christopher E. Ice, Chief Privacy 
Officer, Millennium Challenge Corporation, [email protected], (202) 521-
2652, or Miguel G. Adams, Deputy Privacy Officer, Millennium Challenge 
Corporation, [email protected], (202) 521-3574.

SUPPLEMENTARY INFORMATION: MCC is giving notice of a system of records 
pursuant to the Privacy Act of 1974 (5 U.S.C. 552a) for the MCC 
Evidence Platform. This platform is used to disseminate the data and 
documentation produced by MCC-funded data activities. The records 
information collected is required for researchers to obtain or retain a 
benefit of accessing MCC-funded data managed and shared through a 
public-facing platform by University of Michigan's Interagency 
Consortium for Political and Social Research (ICPSR). To manage access 
to specific data that must be protected to maintain data respondent 
confidentiality, ICPSR acts as MCC's data steward. The information 
collection is used by ICPSR to review and vet data users requesting 
access to restricted-use data. The information collected includes: (i) 
Restricted Data Use Agreement (RDUA) signed by both the data user and a 
representative of their institution; (ii) Documentation of 
Institutional Review Board (IRB) approval or exemption; (iii) research 
proposal; (iv) name and contact information of all researchers at the 
institution who will have access to the data; (v) list of data sets 
requested and why needed; and (vi) CV/Resume/Biosketch for each user 
that will access the restricted-use data.

SYSTEM NAME AND NUMBER:
    MCC-Evidence Platform. MCC-003.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Millennium Challenge Corporation--1099 Fourteenth Street NW, Suite 
700, Washington, DC 20005-3550
    ICPSR--330 Packard Street, Ann Arbor, MI 48104

SYSTEM MANAGER(S):
    My H. Le, Director Digital Services, Millennium Challenge 
Corporation, [email protected], 202-521-3664.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    22 U.S.C. 7705, Chapter 84--Millennium Challenge.

PURPOSE(S) OF THE SYSTEM:
    The system will:
     Store and share de-identified data for public-use--To 
directly replace the MCC Evaluation Catalog, the platform is the 
mechanism by which MCC shares data and documentation that is de-
identified by MCC contractors, reviewed for clearance by the MCC 
Disclosure Review Board (DRB), and posted to the new platform.
     Store and share restricted-access data--Given promises of 
confidentiality and MCC's commitments to protecting the privacy of data 
activity participants, some data cannot be de-identified in a way that 
reduces re-identification risk and retains the usability of the data 
for accountability and learning objectives. In cases where limited data 
sharing is facilitated by the informed consent process, this data can 
be prepared for sharing through a restricted-access mechanism which 
carefully protects access to data for specific statistical analysis. 
The platform is the mechanism by which MCC shares restricted-access 
data through an ICPSR-managed Virtual Data Enclave (VDE) following 
preparation by MCC contractors, review by the MCC DRB, and deposit of 
the restricted-access data with ICPSR.
     Collects:
    (i) Restricted Data Use Agreement (RDUA) signed by both the data 
user and a representative of their institution;
    (ii) Documentation of Institutional Review Board (IRB) approval or 
exemption;
    (iii) Research proposal;
    (iv) Name and contact information of all researchers at the 
institution who will have access to the data;
    (v) List of data sets requested and why needed; and
    (vi) CV/Resume/Biosketch--defining the qualifications the 
individual has to lead statistical analysis of the proposed research 
analysis.

[[Page 71688]]

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
     US Congress, staffers, and general public;
     Country partners; and
     Academic researchers, faculty, and students.

CATEGORIES OF RECORDS IN THE SYSTEM:
    (i) Restricted Data Use Agreement (RDUA) signed by both the data 
user and a representative of their institution; (ii) Documentation of 
Institutional Review Board (IRB) approval or exemption; (iii) research 
proposal; (iv) name and contact information of all researchers at the 
institution who will have access to the data; (v) list of data sets 
requested and why needed; and (vi) CV/Resume/Biosketch--defining the 
qualifications the individual has to lead statistical analysis of the 
proposed research analysis.

RECORD SOURCE CATEGORIES:
    From the individual.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed to authorized 
entities, as determined to be relevant and necessary, outside MCC as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
     Audits and oversight;
     Congressional inquiries;
     For investigations of potential violations of law;
     With the National Archives and Records Administration 
(NARA) for records management purposes; and
     For data breach and mitigation response.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    This system is electronically stored on a central computer 
database, hosted by ICPSR.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrievable by personal name, organizational 
affiliation name, or a combination of search functions.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    MCC retains records in accordance with the National Archives and 
Records Administration (NARA), General Records Schedule (GRS).

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    MCC safeguards the information in accordance with applicable laws, 
rules, and policies, including the Federal Information Security 
Modernization Act of 2014; OMB Circular A-130, Management of Federal 
Resources; and MCC policies and procedures. MCC protects records from 
unauthorized access through appropriate administrative, physical, and 
technical safeguards. These safeguards include restricting access to 
authorized personnel who have need-to-know, and the process of 
authentication using user identifications (IDs) and passwords that 
function as an identity and authentication method of access. Personnel 
with authorized access to the system have received training in the 
proper handling of Privacy Act information and in information security 
requirements for both paper copies and electronically stored 
information.

RECORD ACCESS PROCEDURES:
    Individuals seeking knowledge of the system's records must submit a 
written request to the MCC Privacy Officer, at the above mailing 
address, clearly marked as ``Privacy Act Request'' on the envelope and 
letter. The request must include the requestor's full name, current 
address, the name or number of the system to be searched, and if 
possible, the record identification number. The request must be signed 
by either notarized signature or by signature under penalty of perjury 
under 28 U.S.C. 1746.

CONTESTING RECORD PROCEDURES:
    Same as the Records Access Procedure above; the request should also 
clearly and concisely describe the information contested, the reasons 
for contesting it, and the proposed amendment sought, pursuant to 45 
CFR 5b.7.

NOTIFICATION PROCEDURES:
    Same as Records Access Procedures.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

    Dated: November 18, 2022.
Thomas G. Hohenthaner,
Acting VP/General Counsel and Corporate Secretary.
[FR Doc. 2022-25540 Filed 11-22-22; 8:45 am]
BILLING CODE 9211-03-P