AGENCY:
Agency for International Development (USAID).
ACTION:
Notice of modified Privacy Act system of records.
SUMMARY:
The United States Agency for International Development (USAID) is issuing public notice of its intent to modify the system of records maintained in accordance with the Privacy Act of 1974, as amended, titled, `USAID-30, Google Apps Business Edition, published July 27, 2011. This action is necessary to meet the requirements of the Privacy Act to publish in the Federal Register a notice of the existence and character of record systems maintained by the agency. USAID is modifying this SORN to update the system of records name from Google Apps Business Edition to Google Workspace (Enterprise Edition,) as well as to update the following sections: “System Location;” “System Manager;” “Categories of Records in the System” to include all PII that is collected; “Routine Uses of Records Maintained in the System Including Categories of Users and Purposes of Such Uses” to detail whom the information can be shared with as Blanket Routines Uses is in the previous SORN; “Policies and Practices for Retention and Disposal of Records” adding the approved NARA disposition schedule; and “Administrative, Technical, and Physical Safeguards.” The proposed updates will allow USAID users to utilize the Google Workspace System for online messaging and collaboration.
DATES:
Submit comments on or before 10 June 2022. This modified system of records will be effective 10 June 2022 upon publication. The Routine Uses are effective at the close of the comment period.
ADDRESSES:
You may submit comments:
Electronic
• Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions on the website for submitting comments.
• Email: Privacy@usaid.gov.
Paper
• Fax: 202-916-4946.
• Mail: Chief Privacy Officer, United States Agency for International Development, 1300 Pennsylvania Avenue NW, Washington, DC 20523.
FOR FURTHER INFORMATION CONTACT:
Ms. Celida A. Malone, USAID Privacy Program at United States Agency for International Development, Bureau for Management, Office of the Chief Information Officer, Information Assurance Division: ATTN: USAID Privacy Program, 1300 Pennsylvania Avenue NW, Washington, DC 20523, or by phone number at 202-916-4605.
SUPPLEMENTARY INFORMATION:
USAID is modifying this SORN to update the system of records name and modify its SORN to reflect various changes and updates required by OMB Circular A-108. The proposed updates will allow USAID users to utilize the Google Workspace System for online messaging and collaboration.
SYSTEM NAME AND NUMBER:
USAID -30, Google Workspace (Enterprise Edition).
SECURITY CLASSIFICATION:
Sensitive But Unclassified.
SYSTEM LOCATION:
United States Agency for International Development, 1300 Pennsylvania Avenue NW, Washington, DC 20523 and Google Data Centers (CONUS and EU only). In addition, some workforce members may download and store information from the system. Those copies are located within the employees' or contractors' offices or on encrypted USAID-issued workstations.
SYSTEM MANAGER(S):
Malcolm Dicko, 1300 Pennsylvania Avenue NW, Washington, DC 20523. Email: mdicko@usaid.gov.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
22 U.S.C. chapter 32, subchapter 1, Foreign Assistance Act of 1961, as amended; 5 U.S.C 301 Departmental Regulations; and 44 U.S.C. 3101-3103 Records Management.
PURPOSE(S) OF THE SYSTEM:
USAID established this system of records to facilitate connections and ensure efficient collaboration among USAID employees, contractors, grantees and members of the public, support the USAID workforce's ability to communicate, store files and engage with the American public, using various cloud-based apps, such as Gmail, Hangouts, Calendar, Drive, Docs, Sheets, Slides, Sites, Groups, etc.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
This system contains records of current and former employees, contractors, consultants, and partners who work in support of the Agency's mission. This system also covers members of the public who engage with USAID.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system maintains information related to the documents, messages, calendar entries, and other work-related records of USAID account holders. It also maintains information related to functionality of specific applications, including:
- User's Biographical Information, such as: Name, personal home address, home phone number, mobile phone number, email address, date of birth, social security number, and personal photograph
- User's Professional Information, such as: Organization/office assignment, position/title, business phone number, business email address, business address, taxpayer or employer ID number
- Collaboration records, such as email correspondence, instant messaging transcripts, calendars and tasks
- Financial information, such as account and transaction information maintained to facilitate payroll functions
• Video conferencing information, such as video and audio recordings and meeting participants
- Other Biographical information users may voluntarily provide, and
- System Generated information, such as username, password, user log-in information, IP address, date and time of access, queries run, passcodes and other information required for system administration and security.
RECORD SOURCE CATEGORIES:
The records contained in this system will be provided and updated by the individual who is the subject of the record, or by members of the USAID workforce during the performance of their official duties.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b), all or a portion of the records contained in this system of records may be disclosed outside USAID as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
(1) To consumer reporting agencies in order to obtain consumer credit reports.
(2) To federal, international, state, and local law enforcement agencies, U.S. Government Agencies, courts, the Department of State, Foreign Governments, to the extent necessary to further the purposes of an investigation.
(3) Results of the investigation may be disclosed to the Department of State or other Federal Agencies for the purposes of granting physical and/or logical access to federally owned or controlled facilities and/or information systems in accordance with the requirements set forth in HSPD-12.
(4) To a court, magistrate, or other administrative body in the course of presenting evidence, including disclosures to counsel or witnesses in the course of civil discovery, litigation, or settlement negotiations or in connection with criminal proceedings, when USAID is a party to the proceeding or has a significant interest in the proceeding, to the extent that the information is determined to be relevant and necessary.
(5) To the Department of Justice or other appropriate United States Government Agency when the records are arguably relevant to a proceeding in a court or other tribunal in which USAID or a USAID official in his or her official capacity is a party or has an interest, or when the litigation is likely to affect USAID.
(6) In the event of an indication of a violation or potential violation of law, whether civil, criminal or regulatory in nature, and whether arising by statute or particular program pursuant thereto, to the appropriate agency, whether federal, state, local or foreign, charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing the statute, or rule, regulation, or order issued pursuant thereto.
(7) To the Department of State and its posts abroad for the purpose of transmission of information between organizational units of USAID, or for purposes related to the responsibilities of the Department of State in conducting United States foreign policy or protecting United States citizens, such as the assignment of employees to positions abroad, the reporting of accidents abroad, ensuring fiscal accountability in transporting the effects personnel stationed at embassies, evacuation of employees and dependents, and other purposes for which officers and employees of the Department of State have a need for the records in the performance of their duties.
(8) To a foreign government or international agency in response to its request for information to facilitate the conduct of U.S. relations with that government or agency through the issuance of such documents as visas, country clearances, identification cards, drivers' licenses, diplomatic lists, licenses to import or export personal effects, and other official documents and permits routinely required in connection with the official service or travel abroad of the individual and his or her dependents.
(9) To Federal agencies with which USAID has entered into an agreement to provide services to assist USAID in carrying out its functions under the Foreign Assistance Act of 1961, as amended. Such disclosures would be for the purpose of transmission of information between organizational units of USAID; of providing to the original employing agency information concerning the services of its employee while under the supervision of USAID, including performance evaluations, reports of conduct, awards and commendations, and information normally obtained in the course of personnel administration and employee supervision; or of providing other information directly related to the purposes of the inter-agency agreement as set forth therein, and necessary and relevant to its implementation.
(10) To appropriate officials and employees of a federal agency or entity when the information is relevant to a decision concerning the hiring, appointment, or retention of an employee; the assignment, detail or deployment of an employee; the issuance, renewal, suspension, or revocation of a security clearance; the execution of a security or suitability investigation; the letting of a contract; or the issuance of a grant or benefit.
(11) To the National Archives and Records Administration for the purposes of records management inspections conducted under the authority of 44 U.S.C. 2904 and 2906.
(12) To the Office of Management and Budget (OMB), in connection with review of private relief legislation, as set forth in OMB Circular A-19, at any stage of the legislative coordination and clearance process, as set forth in that Circular.
(13) To a former employee of USAID for purposes of responding to an official inquiry by a federal, state, or local government entity or professional licensing authority, in accordance with applicable agency regulations; or facilitating communications with a former employee that may be necessary for personnel-related or other official purposes where the agency requires information and/or consultation assistance from the former employee regarding a matter within that person's former area of responsibility.
(14) To appropriate agencies, entities, and persons when (a) USAID suspects or has confirmed that there has been a breach of the system of records, (b) USAID has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, USAID (including its information systems, programs, and operations), the Federal Government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with USAID's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
(15) To another Federal Department or Agency or Federal entity, when USAID determines information from this system of records is reasonably necessary to assist the recipient Department or Agency or entity in: (a) Responding to a suspected or confirmed breach; or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs and operations), the Federal Government, or national security, that might result from a suspected or confirmed breach.
(16) To a Member of Congress or to a Congressional staff member in response to an inquiry of the Congressional office, made at the written request of the constituent about whom the record is maintained.
(17) To designated Agency personnel for the purpose of performing an authorized audit or oversight function.
(18) To the Office of Management and Budget (OMB), the General Accountability Office (GAO), or other Federal agency when the information is required for program evaluation purposes.
(19) To the Internal Revenue Service and the Social Security Administration for the purposes of reporting earnings information.
(20) To unions recognized as exclusive bargaining representatives of the individual, the Foreign Service Grievance Board in the course of the Board's consideration of matters properly before it, the Federal Labor Relations Authority, and other parties responsible for the administration of the Federal labor-management program for the purpose of processing any corrective action, or grievances, or conducting administrative hearings or appeals, or if needed in the performance of other authorized duties.
(21) To attorneys, union representatives, or other persons designated by USAID employees in writing to represent them in complaints, grievance, appeal, or litigation cases.
(22) To the Federal Bureau of Investigation, the Department of Homeland Security, the National Counter-Terrorism Center (NCTC), the Terrorist Screening Center (TSC), or other appropriate federal agencies, for the integration and use of such information to protect against terrorism, if that record is about one or more individuals known, or suspected, to be or to have been involved in activities constituting, in preparation for, in aid of, or related to terrorism. Such information may be further disseminated by recipient agencies to Federal, State, local, territorial, tribal, and foreign government authorities, and to support private sector processes as contemplated in Homeland Security Presidential Directive/HSPD-6 and other relevant laws and directives, for terrorist screening, threat-protection and other homeland security purposes.
(23) To foreign law enforcement, security, investigatory, or administrative authorities to comply with requirements imposed by, or to claim rights conferred in, international agreements and arrangements including those regulating the stationing and status in foreign countries of USAID personnel.
(24) To an appeal, grievance, hearing, or complaints examiner; an equal employment opportunity investigator, arbitrator, or mediator; and/or an exclusive representative or other person authorized to investigate or settle a grievance, complaint, or appeal filed by an individual who is the subject of the record.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Electronic records are maintained in user-authenticated, password-protected systems. All records are accessed only by authorized personnel who have a need to access the records in the performance of their official duties.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrievable by a combination of first and last name, email address, and other unique identifiers as configured by the program office for their program requirements.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained for 10-year retention rule for all data contained within Google Drive and Google mail. There are exceptions for specific users as required by NARA, FOIA, and USAID Records Management.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
USAID safeguards records in this system according to applicable rules and policies, including all applicable USAID Automated Directive Systems (ADS) operational policies. USAID has implemented controls to minimize the risk of compromising the information that is being stored. Access to the system containing the records is limited to those individuals who have a need to know the information for performance of their official duties and who have appropriate clearances and permissions. USAID ensures that the practices stated in the Google Workspace Privacy Impact Assessment are followed by leveraging standard operating procedures (SOP), training, policies, rules of behavior, and auditing and accountability.
Cloud systems are authorized to operate separately by the USAID AO at the moderate level. All USAID Users utilize two-factor authentication to access Google Workspace Applications.
Google Mail DLP actively scans all outbound messages for defined PII elements and quarantines emails that may violate defined transmission rules. Messages are then manually released by an approved administrator.
RECORD ACCESS PROCEDURES:
Individuals seeking access to information about themselves contained in this system of records should address inquiries to the Bureau for Management, Office of Management Services, Information and Records Division (M/MS/IRD), USAID Annex—Room 2.4.0C, 1300 Pennsylvania Avenue NW, Washington, DC 20523. The requester may complete and sign a USAID Form 507-1, Certification of Identity Form or submit signed, written requests that should include the individual's full name, current address, telephone number, and this System of Records Notice number. In addition, the requester must provide either a notarized statement or an unsworn declaration made in accordance with 28 U.S.C. 1746, in the following format:
If executed outside the United States: “I declare (or certify, verify, or state) under penalty of perjury under the laws of the United States of America that the foregoing is true and correct. Executed on (date). (Signature).”
If executed within the United States, its territories, possessions, or commonwealths: “I declare (or certify, verify, or state) under penalty of perjury that the foregoing is true and correct. Executed on (date). (Signature).”
CONTESTING RECORD PROCEDURES:
The USAID rules for accessing records, contesting contents, and appealing initial agency determinations are contained in 22 CFR part 212 or may be obtained from the program manager or system owner.
NOTIFICATION PROCEDURES:
Individuals seeking to determine if information about themselves is contained in this system of records should address inquiries to the Bureau for Management, Office of Management Services, Information and Records Division (M/MS/IRD), USAID Annex—Room 2.4.0C, 1300 Pennsylvania Avenue NW, Washington, DC 20523. Individuals may complete and sign a USAID Form 507-1, Certification of Identity Form or submit signed, written requests that should include the individual's full name, current address, and telephone number. In addition, the requester must provide either a notarized statement or an unsworn declaration made in accordance with 28 U.S.C. 1746, in the following format:
If executed outside the United States: “I declare (or certify, verify, or state) under penalty of perjury under the laws of the United States of America that the foregoing is true and correct. Executed on (date). (Signature).”
If executed within the United States, its territories, possessions, or commonwealths: “I declare (or certify, verify, or state) under penalty of perjury that the foregoing is true and correct. Executed on (date). (Signature).
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
76 FR 44888, July 27, 2011.
Celida Ann Malone,
Government Privacy Task Lead.
[FR Doc. 2022-10092 Filed 5-10-22; 8:45 am]
BILLING CODE 6116-01-P