83 FR 28869 - Privacy Act of 1974; New System of Records
MILLENNIUM CHALLENGE CORPORATION Federal Register Volume 83, Issue 120 (June 21, 2018)
Federal Register Volume 83, Issue 120 (June 21, 2018)
| Page Range | 28869-28870 | |
| FR Document | 2018-13305 |
[Federal Register Volume 83, Number 120 (Thursday, June 21, 2018)] [Notices] [Pages 28869-28870] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2018-13305] ======================================================================= ----------------------------------------------------------------------- MILLENNIUM CHALLENGE CORPORATION Privacy Act of 1974; New System of Records AGENCY: Millennium Challenge Corporation (MCC). ACTION: Notice of a new system of records. ----------------------------------------------------------------------- SUMMARY: MCC proposes to add a new system of records to its inventory of records systems subject to the Privacy Act of 1974, as amended. This action complies with the requirements of the Privacy Act to publish in the Federal Register notice of the existence and character of records maintained by the agency. The system has been operational since June 29, 2016 without incident. DATES: This action will be applicable without further notice 30 days after date of publication in the Federal Register. ADDRESSES: Send written comments to the Millennium Challenge Corporation, ATTN: Vincent T. Groh, Chief Information Officer, Department of Administration and Finance, 1099 Fourteenth Street NW, Suite 700, Washington, DC, 20005-3550. FOR FURTHER INFORMATION CONTACT: Miguel G. Adams, Chief Information Security Officer and Deputy Privacy Officer, Millennium Challenge Corporation, [email protected], 202-521-3574. SUPPLEMENTARY INFORMATION: MCC is giving notice of a system of records pursuant to the Privacy Act of 1974 (5 U.S.C. 552a) for the MCC- Business Relations System (MCC-BRS). MCC utilizes MCC-BRS to provide automated processing of business transactions related MCC's mission of reducing global poverty through growth. MCC-BRS utilizes the Salesforce Government Cloud information system for collecting, storing, and processing the information. Various elements within MCC will utilize MCC-BRS for their business functions; they include the departments of Congressional and Public Affairs (CPA) Department, and the Department of Compact Operations (DCO). Business functions within DCO include the Finance, Investment and Trade (FIT), Environmental and Social Performance (ESP), and the Office of Strategic Partnerships (OSP). Salesforce Government Cloud meets the federal government's objectives of cloud computing to reduce procurement and operating costs to the federal government. In addition, Salesforce Government Cloud meets the Federal Information Processing Standards Publication (FIPS)-- 200, Minimum Security Requirements for Federal Information and Information Systems as an authorized Federal Risk and Authorization Management Program (FedRAMP) information system. MCC utilizes MCC-BRS to achieve the following business objectives: 1. To create and maintain a system that optimizes MCC's ability to analyze, manage, engage, and grow external stakeholders; 2. To create and manage business engagement opportunities that promote MCC's mission in an organized and efficient manner; 3. To provide in person or online event management and communications campaigns for external stakeholder engagement; and 4. To provide the agency with the means to: track and manage future financial [[Page 28870]] opportunity data, create and manage MCC event data, access dashboards, and generate accurate reporting and analytics. SYSTEM NUMBER MCC-001. System Name: MCC-Business Relations System (MCC-BRS). System Classification: Unclassified. Categories of Individuals Covered by the System: Records in this system process information on international and domestic contracting firm owners and employees, small to medium business owners and employees; and other individuals that are contacts or leads for potential vendors. Categories of Records in the System: The categories include: 1. Personally identifiable information (PII); such as, name, company name, job title, business address, business phone number, country or country region, email, and notes on a meeting or event; and 2. Meeting notes. Authority for Maintenance of the System: 22 U.S.C. 7705, Chapter 84--Millennium Challenge. Purpose of the System: MCC staff will use the system to collect, store, and process business contact information that will contain PII. The information collected achieves MCC's core functions of reducing global poverty through economic growth by aligning business contacts with MCC's mission. The PII information collected is similar to the information on a business card. Using a customer relations management (CRM) increases accuracy and business efficiencies. In addition, MCC will utilize the system to process, store, and retain personal notations on meeting or business events. Personal notations can include information that promotes efficiencies in previous contact meetings, discussions, or events that have transpired in the past. Additionally, the system utilizes encrypted links to provide efficiencies in communications campaigns through mass email distribution, and event engagement opportunities to event attendees, or vendor groups. Routine Use of Records Maintained in the System, Including Categeories of Users and the Purposes of Such Uses: In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed to authorized entities, as determined to be relevant and necessary, outside MCC as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:Financial project monitoring or collections; Due diligence background checks and screening; Litigation or arbitration purposes; Outside organizations contracted with OPIC for specific authorized activities; National Archives and Records Administration (NARA) for records management purposes; Contractors, interns, and government detailed personnel to perform OPIC authorized activities; Audits and oversight; Congressional inquiries; Investigations of potential violations of law. Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system: Storage: This system is electronically stored in a government cloud service centrally located at a Salesforce GSA data center. Safeguards: MCC safeguards the information in accordance with applicable laws, rules and policies, including the Federal Information Security Modernization Act of 2014; OMB Circular A-130, Management of Federal Resources; Federal Risk and Authorization Management Program (FedRAMP); and MCC policies and procedures. MCC protects records from unauthorized access through appropriate administrative, physical, and technical safeguards. These safeguards include restricting access to authorized personnel who have need-to-know, and the process of authentication using user identifications (IDs) and passwords that function as an identity and authentication method of access. Personnel with authorized access to the system have received training in the proper handling of Privacy Act information and in information security requirements for both paper copies and electronically stored information. Retention and Disposal: MCC retains records in accordance with the National Archives and Records Administration (NARA), General Records Schedule (GRS). Retrievability: Records are retrievable by personal name, project name, or a combination of search functions available in the Salesforce CRM tool. System Manager and Address: Jason Bauer, Director of Finance, Investment and Trade (FIT), Department of Compact Operations, 1099 Fourteenth Street NW, Suite 700, Washington, DC, 20005-3550. Notification Procedures: Individuals seeking knowledge of the system's records must submit a written request to the MCC Privacy Officer, at the above mailing address, clearly marked as ``Privacy Act Request'' on the envelope and letter. The request must include the requestor's full name, current address, the name or number of the system to be searched, and if possible, the record identification number. The request must be signed by either notarized signature or by signature under penalty of perjury under 28 U.S.C. 1746. Record Access Procedure: Same as notification procedures. Contesting Record Procedure: Same as the notification procedure above; the request should also clearly and concisely describe the information contested, the reasons for contesting it, and the proposed amendment sought, pursuant to 45 CFR 5b.7. Record Source Categories: The federal employee collects and imports the contact information or event information directly to the system. Additionally, the www.MCC.gov public website events webform will import the contact information directly to the system. Exemptions Claimed for the System: None. Dated: June 1, 2018. Vincent T. Groh, Privacy Officer for Millennium Challenge Corporation. [FR Doc. 2018-13305 Filed 6-20-18; 8:45 am] BILLING CODE 9211-03-P
![Federal Register / Vol. 83, No. 120 / Thursday, June 21, 2018 / Notices 28869
technological information collection security procedures concerning the operational since June 29, 2016 without
and transmission techniques. delivery of materials by hand, express incident.
delivery, messenger, or courier service, DATES: This action will be applicable
III. Proposed Actions
please contact the OSHA Docket Office without further notice 30 days after date
This is an existing collection of at (202) 693–2350, (TTY (877) 889– of publication in the Federal Register.
information in use without an OMB 5627). ADDRESSES: Send written comments to
number. The proposed ICR includes Comments and submissions are the Millennium Challenge Corporation,
collection of information requirements posted without change at http:// ATTN: Vincent T. Groh, Chief
for: (1) Alliance agreement www.regulations.gov. Therefore, OSHA Information Officer, Department of
development, (2) the biannual Alliance cautions commenters about submitting Administration and Finance, 1099
Data Reporting Form, and (3) annual personal information such as their Fourteenth Street NW, Suite 700,
reports. The burden hours for the social security number and date of birth. Washington, DC, 20005–3550.
information collection requirements Although all submissions are listed in FOR FURTHER INFORMATION CONTACT:
contained in the proposed ICR would the http://www.regulations.gov index, Miguel G. Adams, Chief Information
result in a total initial burden hour some information (e.g., copyrighted Security Officer and Deputy Privacy
estimate of 2,210 hours. material) is not publicly available to Officer, Millennium Challenge
The Agency will summarize the read or download from this website. All Corporation, adamsmg@mcc.gov, 202–
comments submitted in response to this submissions, including copyrighted 521–3574.
notice and will include this summary in material, are available for inspection SUPPLEMENTARY INFORMATION: MCC is
the request to OMB to approve these and copying at the OSHA Docket Office. giving notice of a system of records
information collection requirements, Information on using the http:// pursuant to the Privacy Act of 1974 (5
and the associated templates and forms. www.regulations.gov website to submit
Type of Review: Existing collection in U.S.C. 552a) for the MCC–Business
comments and access the docket is Relations System (MCC–BRS). MCC
use without an OMB control number. available at the website’s ‘‘User Tips’’
Title: Information Collection utilizes MCC–BRS to provide automated
link. Contact the OSHA Docket Office processing of business transactions
Requirements for OSHA’s Alliance for information about materials not
Program. related MCC’s mission of reducing
available from the website, and for global poverty through growth. MCC–
OMB Control Number: 1218—0NEW. assistance in using the internet to locate
Affected Public: Businesses or other BRS utilizes the Salesforce Government
docket submissions. Cloud information system for collecting,
for-profits.
Number of Respondents: 250 V. Authority and Signature storing, and processing the information.
Frequency: Once, On occasion, Semi- Various elements within MCC will
Loren Sweatt, Deputy Assistant utilize MCC–BRS for their business
annually, Annually. Secretary of Labor for Occupational
Average Time per Response: Various. functions; they include the departments
Safety and Health, directed the of Congressional and Public Affairs
Total Number of Responses: 690. preparation of this notice. The authority
Estimated Total Burden Hours: 2,210. (CPA) Department, and the Department
for this notice is the Paperwork of Compact Operations (DCO). Business
Estimated Cost (Operation and
Reduction Act of 1995 (44 U.S.C. 3506 functions within DCO include the
Maintenance): $0.
et seq.) and Secretary of Labor’s Order Finance, Investment and Trade (FIT),
IV. Public Participation—Submission of No. 1–2012 (77 FR 3912). Environmental and Social Performance
Comments on This Notice and Internet Signed at Washington, DC, on June 18, (ESP), and the Office of Strategic
Access to Comments and Submissions 2018. Partnerships (OSP).
You may submit comments in Loren Sweatt, Salesforce Government Cloud meets
response to this document as follows: Deputy Assistant Secretary of Labor for the federal government’s objectives of
(1) Electronically at http:// Occupational Safety and Health. cloud computing to reduce procurement
www.regulations.gov, which is the [FR Doc. 2018–13324 Filed 6–20–18; 8:45 am] and operating costs to the federal
Federal eRulemaking Portal; (2) by BILLING CODE 4510–26–P government. In addition, Salesforce
facsimile (fax); or (3) by hard copy. All Government Cloud meets the Federal
comments, attachments, and other Information Processing Standards
material must identify the Agency name Publication (FIPS)—200, Minimum
and the OSHA docket number for the MILLENNIUM CHALLENGE Security Requirements for Federal
ICR (Docket No. OSHA–2018–0006). CORPORATION Information and Information Systems as
You may supplement electronic an authorized Federal Risk and
Privacy Act of 1974; New System of
submissions by uploading document Authorization Management Program
Records
files electronically. If you wish to mail (FedRAMP) information system. MCC
additional materials in reference to an AGENCY: Millennium Challenge utilizes MCC–BRS to achieve the
electronic or facsimile submission, you Corporation (MCC). following business objectives: 1. To
must submit them to the OSHA Docket ACTION: Notice of a new system of create and maintain a system that
Office (see the section of this notice records. optimizes MCC’s ability to analyze,
titled ADDRESSES). The additional manage, engage, and grow external
materials must clearly identify SUMMARY: MCC proposes to add a new stakeholders; 2. To create and manage
electronic comments by your name, system of records to its inventory of business engagement opportunities that
amozie on DSK3GDR082PROD with NOTICES1
date, and the docket number so the records systems subject to the Privacy promote MCC’s mission in an organized
Agency can attach them to your Act of 1974, as amended. This action and efficient manner; 3. To provide in
comments. complies with the requirements of the person or online event management and
Because of security procedures, the Privacy Act to publish in the Federal communications campaigns for external
use of regular mail may cause a Register notice of the existence and stakeholder engagement; and 4. To
significant delay in the receipt of character of records maintained by the provide the agency with the means to:
comments. For information about agency. The system has been track and manage future financial
VerDate Sep<11>2014 17:22 Jun 20, 2018 Jkt 244001 PO 00000 Frm 00069 Fmt 4703 Sfmt 4703 E:\FR\FM\21JNN1.SGM 21JNN1](https://thefederalregister.org/doc/83_FR_28989/page/1.svg)
![28870 Federal Register / Vol. 83, No. 120 / Thursday, June 21, 2018 / Notices
opportunity data, create and manage 552a(b) of the Privacy Act, all or a RETRIEVABILITY:
MCC event data, access dashboards, and portion of the records or information Records are retrievable by personal
generate accurate reporting and contained in this system may be name, project name, or a combination of
analytics. disclosed to authorized entities, as search functions available in the
determined to be relevant and Salesforce CRM tool.
SYSTEM NUMBER necessary, outside MCC as a routine use
SYSTEM MANAGER AND ADDRESS:
MCC–001. pursuant to 5 U.S.C. 552a(b)(3) as
follows: Jason Bauer, Director of Finance,
SYSTEM NAME: Investment and Trade (FIT), Department
• Financial project monitoring or
MCC–Business Relations System of Compact Operations, 1099 Fourteenth
collections;
(MCC–BRS). Street NW, Suite 700, Washington, DC,
• Due diligence background checks
SYSTEM CLASSIFICATION:
20005–3550.
and screening;
Unclassified. • Litigation or arbitration purposes; NOTIFICATION PROCEDURES:
CATEGORIES OF INDIVIDUALS COVERED BY THE
• Outside organizations contracted Individuals seeking knowledge of the
SYSTEM: with OPIC for specific authorized system’s records must submit a written
Records in this system process activities; request to the MCC Privacy Officer, at
information on international and • National Archives and Records the above mailing address, clearly
domestic contracting firm owners and Administration (NARA) for records marked as ‘‘Privacy Act Request’’ on the
employees, small to medium business management purposes; envelope and letter. The request must
owners and employees; and other • Contractors, interns, and include the requestor’s full name,
individuals that are contacts or leads for government detailed personnel to current address, the name or number of
potential vendors. perform OPIC authorized activities; the system to be searched, and if
• Audits and oversight; possible, the record identification
CATEGORIES OF RECORDS IN THE SYSTEM: number. The request must be signed by
• Congressional inquiries;
The categories include: 1. Personally either notarized signature or by
• Investigations of potential
identifiable information (PII); such as, signature under penalty of perjury
violations of law.
name, company name, job title, business under 28 U.S.C. 1746.
address, business phone number, POLICIES AND PRACTICES FOR STORING,
RECORD ACCESS PROCEDURE:
country or country region, email, and RETRIEVING, ACCESSING, RETAINING, AND
notes on a meeting or event; and 2. DISPOSING OF RECORDS IN THE SYSTEM: Same as notification procedures.
Meeting notes. CONTESTING RECORD PROCEDURE:
STORAGE:
AUTHORITY FOR MAINTENANCE OF THE SYSTEM: This system is electronically stored in Same as the notification procedure
22 U.S.C. 7705, Chapter 84— a government cloud service centrally above; the request should also clearly
Millennium Challenge. located at a Salesforce GSA data center. and concisely describe the information
contested, the reasons for contesting it,
PURPOSE OF THE SYSTEM: SAFEGUARDS: and the proposed amendment sought,
MCC staff will use the system to pursuant to 45 CFR 5b.7.
MCC safeguards the information in
collect, store, and process business
accordance with applicable laws, rules RECORD SOURCE CATEGORIES:
contact information that will contain
and policies, including the Federal The federal employee collects and
PII. The information collected achieves
Information Security Modernization Act imports the contact information or event
MCC’s core functions of reducing global
of 2014; OMB Circular A–130, information directly to the system.
poverty through economic growth by
Management of Federal Resources; Additionally, the www.MCC.gov public
aligning business contacts with MCC’s
Federal Risk and Authorization website events webform will import the
mission. The PII information collected
Management Program (FedRAMP); and contact information directly to the
is similar to the information on a
MCC policies and procedures. MCC system.
business card. Using a customer
protects records from unauthorized
relations management (CRM) increases EXEMPTIONS CLAIMED FOR THE SYSTEM:
access through appropriate
accuracy and business efficiencies. In None.
administrative, physical, and technical
addition, MCC will utilize the system to
safeguards. These safeguards include Dated: June 1, 2018.
process, store, and retain personal
restricting access to authorized Vincent T. Groh,
notations on meeting or business events.
personnel who have need-to-know, and
Personal notations can include Privacy Officer for Millennium Challenge
the process of authentication using user Corporation.
information that promotes efficiencies
identifications (IDs) and passwords that
in previous contact meetings, [FR Doc. 2018–13305 Filed 6–20–18; 8:45 am]
function as an identity and
discussions, or events that have BILLING CODE 9211–03–P
authentication method of access.
transpired in the past. Additionally, the
Personnel with authorized access to the
system utilizes encrypted links to
system have received training in the
provide efficiencies in communications NATIONAL SCIENCE FOUNDATION
proper handling of Privacy Act
campaigns through mass email
information and in information security
distribution, and event engagement Sunshine Act Meeting; National
requirements for both paper copies and
amozie on DSK3GDR082PROD with NOTICES1
opportunities to event attendees, or Science Board
electronically stored information.
vendor groups.
The National Science Board, pursuant
RETENTION AND DISPOSAL: to NSF regulations (45 CFR part 614),
ROUTINE USE OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGEORIES OF USERS AND MCC retains records in accordance the National Science Foundation Act, as
THE PURPOSES OF SUCH USES: with the National Archives and Records amended (42 U.S.C. 1862n–5), and the
In addition to those disclosures Administration (NARA), General Government in the Sunshine Act
generally permitted under 5 U.S.C. Records Schedule (GRS). (5 U.S.C. 552b), hereby gives notice of
VerDate Sep<11>2014 17:22 Jun 20, 2018 Jkt 244001 PO 00000 Frm 00070 Fmt 4703 Sfmt 4703 E:\FR\FM\21JNN1.SGM 21JNN1](https://thefederalregister.org/doc/83_FR_28989/page/2.svg)
Document Created: 2018-06-21 01:23:11
Document Modified: 2018-06-21 01:23:11
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Notice of a new system of records. | |
| Dates | This action will be applicable without further notice 30 days after date of publication in the Federal Register. | |
| Contact | Miguel G. Adams, Chief Information Security Officer and Deputy Privacy Officer, Millennium Challenge Corporation, [email protected], 202-521-3574. | |
| FR Citation | 83 FR 28869 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR