[Federal Register Volume 88, Number 67 (Friday, April 7, 2023)]
[Notices]
[Pages 20848-20850]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-07395]


 ========================================================================
 Notices
                                                 Federal Register
 ________________________________________________________________________
 
 This section of the FEDERAL REGISTER contains documents other than rules 
 or proposed rules that are applicable to the public. Notices of hearings 
 and investigations, committee meetings, agency decisions and rulings, 
 delegations of authority, filing of petitions and applications and agency 
 statements of organization and functions are examples of documents 
 appearing in this section.
 
 ========================================================================
 

  Federal Register / Vol. 88 , No. 67 / Friday, April 7, 2023 / 
Notices  

[[Page 20848]]



AGENCY FOR INTERNATIONAL DEVELOPMENT


Privacy Act of 1974; System of Records

AGENCY: Agency for International for Development (USAID).

ACTION: Notice of Modified Privacy Act System of Records.

-----------------------------------------------------------------------

SUMMARY: The United States Agency for International Development 
proposes to modify various sections of the existing System of Records 
Notice titled USAID-28, USAID Personnel Locator System consistent with 
the requirements detailed in OMB Circular A-108: Federal Agency 
Responsibilities for Review, Reporting and Publication Under the 
Privacy Act. USAID is providing notice of its intent to change the name 
of the system to USAID-28, Emergency Notification System, and to update 
various sections of the existing System of Records Notice in accordance 
with OMB guidance. The system will collect Personally Identifiable 
Information (PII) necessary to provide rapid communications regarding 
emergencies and urgent situations, such as office dismissal, and 
closure situations that impact access to USAID facilities. USAID is 
issuing this Notice to clarify the purpose for which the information is 
collected, update the authorities, and to expand upon the routine uses 
for the information maintained in this system. All other changes to the 
Notice are administrative in nature.

DATES: Submit comments on or before 15 May 2023. This modified system 
of records will be effective 15 May 2023 upon publication. The Routine 
Uses are effective at the close of the comment period.

ADDRESSES: You may submit comments:

Electronic

     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions on the website for submitting comments.
     Email: [email protected].

Paper

     Fax: 202-916-4946.
     Mail: Chief Privacy Officer, United States Agency for 
International Development, 1300 Pennsylvania Avenue NW, Washington, DC 
20523.

FOR FURTHER INFORMATION CONTACT: Ms. Celida A. Malone, USAID Privacy 
Program at United States Agency for International Development, Bureau 
for Management, Office of the Chief Information Officer, Information 
Assurance Division: ATTN: USAID Privacy Program, 1300 Pennsylvania 
Avenue NW, Washington, DC 20523, or by phone number at 202-916-4605.

SUPPLEMENTARY INFORMATION: USAID is modifying the SORN to change the 
name from USAID-28--Personnel Locator System to USAID-28: Emergency 
Notification System (ENS) and update elements of the SORN contents to 
increase transparency into the Agency's enhanced capacity to transform 
and modernize the rapid delivery of emergency communications. The 
Categories of Records in the System was significantly modified to 
reduce the amount of Personally Identifiable Information (PII) that is 
collected. This information is used to enable the system owner to 
target emergency notifications to employees, contractors and others who 
may be affected by emergency situations at or near an USAID facility.

Dated: May 25, 2022.

Mark Joseph Johnson.
Chief Privacy Officer, United States Agency for International 
Development.

SYSTEM NAME AND NUMBER:
    USAID-28: Emergency Notification System (ENS).

SECURITY CLASSIFICATION:
    Sensitive But Unclassified.

SYSTEM LOCATION:
    Records are maintained at the United States Agency for 
International Development, Bureau for Management, Office of Management 
Services, Headquarters Management Division, 1300 Pennsylvania Ave. NW, 
Washington, DC 20523. The cloud-based servers are managed at data 
operations centers located in Santa Clara, CA and Ashburn, VA.

SYSTEM MANAGER:
    Continuity Program Manager, United States Agency for International 
Development, Bureau for Management, Office of Management Services, 
Headquarters Management Division, 1300 Pennsylvania Avenue NW, 
Washington, DC 20523. Email: [email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Homeland Security Act of 2002, Public Law 107-296, Sec.  501-521, 
National Continuity Policy Implementation Plan, Federal Continuity 
Directive, Federal Executive Branch National Continuity Program and 
Requirements, National Security Presidential Directive-51/Homeland 
Security Presidential Directive-20; and 5 U.S.C. 301.

PURPOSE OF THE SYSTEM:
    The purpose of the Emergency Notification System (ENS) is to 
maintain current, up-to-date emergency contact information for USAID 
employees and contractors. Using multiple communication pathways, such 
as email, text-to-voice phone calls, short message service (SMS) text 
messages, computer desktop pop-up messages and/or public social media 
postings, ENS provides high-speed message delivery to all workforce 
members in response to threat alerts issued by the Department of 
Homeland Security, USAID's Critical Coordination Unit and Facilities 
Management staff, and local emergency officials regarding weather-
related emergencies, or other urgent situations that may disrupt the 
operations and accessibility of a USAID facility/worksite. It also 
enables USAID, emergency responders, and others to account for 
workforce members during an emergency.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by this system include, but are not limited to: 
current and former USAID employees; personal services contractors; 
institutional support contractors; consultants; detailees; fellows; 
interns; and volunteers.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records maintained in this system contain contact information 
necessary to ensure the timely emergency notification to USAID 
workforce

[[Page 20849]]

members. The types of personal information include
     Employee Contact Information includes: Name; home phone 
number; personal cell phone number; personal email address; official or 
work phone number; official or work email address; assigned office; 
work location; emergency contact name; emergency contact phone number; 
and emergency contact alternate number.

RECORD SOURCE CATEGORIES:
    The information maintained in this system is obtained from 
employees, contractors, consultants, detailees, fellows, interns, and 
volunteers who voluntarily register for ENS alerts. In addition, 
information is obtained from the Personal Identity Verification (PIV) 
Card Management System, USAID Human Capital and Talent Management 
(HCTM) Operational Databases, as well as organizations that employ/
sponsor contractors, interns, fellows, and volunteers.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed as a routine use 
as follows:
    (1) To Federal, state, tribal, local, international, or foreign 
governmental agencies or executive offices, relief agencies, and non-
governmental organizations, when disclosure is appropriate for 
performance of the official duties required in response to all-hazards 
and declared emergencies, including technical, manmade, or natural 
disasters.
    (2) To current and former Federal employees and contractors when 
the records are relevant and necessary to carry out emergency response 
activities.
    (3) To designated or identified emergency contacts of USAID 
workforce members, including current and former employees and 
contractors, when disclosure is necessary to protect public and 
personal health and safety during an emergency.
    (4) To Federal, state, local, foreign, tribal, or self-regulatory 
agencies or organizations responsible for investigating, prosecuting, 
enforcing, implementing, issuing, or carrying out a statute, rule, 
regulation, order, or policy whenever the information is relevant and 
necessary to respond to a potential violation of civil or criminal law, 
regulation, order, or policy.
    (5) To another Federal agency, to a court, magistrate, or other 
administrative tribunal in the course of an administrative or judicial 
proceeding, including disclosures to opposing counsel or witnesses 
(including expert witnesses) in the course of discovery or other pre-
hearing exchanges of information, litigation, or settlement 
negotiations, where relevant or potentially relevant to a proceeding, 
or in connection with criminal law proceedings, subject to USAID's 
determination that the disclosure of the records is a use of the 
information that is compatible with the purpose for which the records 
were collected.
    (6) To any component of the Department of Justice, or in a 
proceeding before a court, adjudicative body, or other administrative 
body before which the Agency is authorized to appear, when: (a) the 
Agency or any component thereof; or (b) any employee of the Agency in 
her or his official capacity; or (c) any employee of the Agency in his 
or her individual capacity where the Department of Justice or the 
Agency has agreed to represent the employee; or (d) the United States, 
when the Agency determines that litigation is likely to affect the 
Agency or any of its components, is a party to litigation or has an 
interest in such litigation, and the use of such records by the 
Department of Justice or the Agency is deemed by the Agency to be 
relevant and necessary to the litigation provided, however, that in 
each case it has been determined that the disclosure is compatible with 
the purpose for which the records were collected.
    (7) To the Department of Justice for the purpose of obtaining legal 
counsel, including whether the records or information in this system of 
records should be disclosed outside USAID.
    (8) To a Federal government agency or department that assists USAID 
for the purpose of vetting, and for the purposes of ensuring accuracy 
of existing records and updating government records when a match 
between an applicant and another database is identified.
    (9) To disclose information to contractors (personal service 
contractors or institutional support contractors) in furtherance of the 
contractor's work performance on behalf of the Federal government under 
a contract, including contracts that support the vetting program.
    (10) To the National Archives and Records Administration for the 
purposes of records management inspections conducted under the 
authority of 44 U.S.C. 2904 and 2906 and in its role as Archivist.
    (11) To the Office of Management and Budget in connection with 
review of private relief legislation, as set forth in OMB Circular No. 
A-19, at any stage of the legislative coordination and clearance 
process as set forth in that Circular.
    (12) To appropriate agencies, entities, and persons when: (a) USAID 
suspects or has confirmed that there has been a breach of the system of 
records; (b) USAID has determined that, as a result of the suspected or 
confirmed breach, there is a risk of harm to individuals, USAID 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (c) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with USAID's efforts to respond to the suspected 
or confirmed breach or to prevent, minimize, or remedy such harm.
    (13) To another Federal agency or Federal entity when USAID 
determines information from this system of records is reasonably 
necessary to assist the recipient agency or entity in: (a) responding 
to a suspected or confirmed breach; or (b) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    (14) To Congressional offices in response to an inquiry from that 
office made at the request of the individual to whom the record 
pertains.
    (15) To the Office of the President in response to an inquiry from 
that Office made on behalf of, and at the request of, the subject of 
the record or third party acting on the subject's behalf.
    (16) To disclose information to officials of labor organizations 
when relevant and necessary to fulfill their duties of exclusive 
representation concerning personnel policies, practices, and matters 
affecting working conditions.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Electronic records in this system are maintained in user-
authenticated, password-protected systems. All records are accessed 
only by authorized personnel who have a need to access the records in 
the performance of their official duties.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    USAID records are retrievable by name, location, or any other 
identifier listed in the Categories of Records cited above.

[[Page 20850]]

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    The records are maintained in accordance with the National Archives 
and Records Administration (NARA), General Records Schedule No-1-Item 
18(a). Records are reviewed and updated annually. The records relating 
to a former employee may be retained for a period of three years after 
separation or transfer, if required to meet the business needs of the 
Agency.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    USAID safeguards records in this system according to applicable 
rules and policies, including all applicable USAID Automated Directive 
System operational policies. USAID has implemented controls to minimize 
the risk of compromising the information that is being stored. Access 
to the records in this system is limited to those individuals who have 
a need to know the information for performance of their official duties 
and who have appropriate clearances and permissions. USAID ensures the 
practices stated in the Emergency Notification System (ENS) Privacy 
Impact Assessment are followed by leveraging standard operating 
procedures (SOP), training, policies, rules of behavior, and auditing 
and accountability.

RECORD ACCESS PROCEDURES:
    Under the Privacy Act, individuals may request access to records 
about themselves. These individuals must be limited to citizens of the 
United States or aliens lawfully admitted for permanent residence. If a 
Federal Department or Agency or a person who is not the individual who 
is the subject of the records, requests access to records about an 
individual, the written consent of the individual who is the subject of 
the records is required.
    Individuals seeking access to information about themselves 
contained in this system of records should address inquiries to the 
Bureau for Management, Office of Management Services, Information and 
Records Division (M/MS/IRD), USAID Annex--Room 2.4.0C, 1300 
Pennsylvania Avenue NW, Washington, DC 20523. The requester may 
complete and sign a USAID Form 507-1, Certification of Identity Form or 
submit signed, written requests that should include the individual's 
full name, current address and telephone number, and this System of 
Records Notice number. In addition, the requester must provide either a 
notarized statement or an unsworn declaration made in accordance with 
28 U.S.C. 1746, in the following format:
    If executed outside the United States: ``I declare (or certify, 
verify, or state) under penalty of perjury under the laws of the United 
States of America that the foregoing is true and correct. Executed on 
(date). (Signature).''
    If executed within the United States, its territories, possessions, 
or commonwealths: ``I declare (or certify, verify, or state) under 
penalty of perjury that the foregoing is true and correct. Executed on 
(date). (Signature).''

CONTESTING RECORD PROCEDURES:
    The USAID rules for accessing records, contesting contents, and 
appealing initial Agency determinations are contained in 22 CFR 212 or 
may be obtained from the program manager or system owner.

NOTIFICATION PROCEDURES:
    Individuals seeking to determine if information about themselves is 
contained in this system of records should address inquiries to the 
Bureau for Management, Office of Management Services, Information and 
Records Division (M/MS/IRD), USAID Annex--Room 2.4.0C, 1300 
Pennsylvania Avenue NW, Washington, DC 20523. Individuals may complete 
and sign a USAID Form 507-1, Certification of Identity Form, or submit 
signed, written requests that should include the individual's full 
name, current address, and telephone number. In addition, the requester 
must provide either a notarized statement or an unsworn declaration 
made in accordance with 28 U.S.C. 1746, in the following format:
    If executed outside the United States: ``I declare (or certify, 
verify, or state) under penalty of perjury under the laws of the United 
States of America that the foregoing is true and correct. Executed on 
(date). (Signature).''
    If executed within the United States, its territories, possessions, 
or commonwealths: ``I declare (or certify, verify, or state) under 
penalty of perjury that the foregoing is true and correct. Executed on 
(date). (Signature).''

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    77 FR 64095, October 18, 2012.

Celida Ann Malone,
Government Privacy Task Lead.
[FR Doc. 2023-07395 Filed 4-6-23; 8:45 am]
BILLING CODE 6116-01-P