AGENCY:
U.S. Small Business Administration.
ACTION:
Notice of a modified system of records.
SUMMARY:
The U.S. Small Business Administration (SBA) proposes to modify its system of records titled, Government Contracting and Business Development System (SBA 30), to its inventory of records systems subject to the Privacy Act of 1974, as amended. Publication of this notice complies with the Privacy Act and the Office of Management and Budget (OMB) Circulars A-108 and A-130 requirement for agencies to publish a notice in the Federal Register whenever the agency establishes a new, modified or rescinds a system of records. System of Records Notice (SORN) Government Contracting and Business Development System, (SBA 30), includes modifying authority, categories of individuals, categories of records, record source categories, and routine use. SBA 30 has expanded the scope of its system of records with additional applications serving a unique purpose for carrying out the mission of the SBA Office of Government Contracting and Business Development. SBA 30 collects personal, business, veteran status, and financial information to determine if applicants qualify and if current participants certify or are compliant with statutory and regulatory requirements for continued eligibility for participation in the following government programs: 8(a) Business Development Program, Mentor Protégé Program (MPP) formerly known as All Small Mentor Protégé Program (ASMPP), Women Owned Small Business (WOSB) Federal Contracting Program, Historically Underutilized Business Zone (HUBZone) Program, Veteran Owned Small Business (VOSB) Program and any future certification programs deemed necessary by congress or statute.
DATES:
Submit comments on or before February 16, 2023. This revised system will be effective upon publication.
ADDRESSES:
You may submit comments on this notice by any of the following methods:
Federal e-Rulemaking Portal: https://www.regulations.gov. Follow the instructions for submitting comments.
Mail/Hand Delivery/Courier: Submit written comments to: Ms. Beatrice Hidalgo, Office of Government Contracting and Business Development, U.S. Small Business Administration, 409 3rd Street SW, Suite 6300, Washington, DC 20416.
FOR FURTHER INFORMATION CONTACT:
General questions, please contact Ms. Hilary F. Cronin, Office of Government Contracting and Business Development, U.S. Small Business Administration, 409 3rd Street SW, Suite 6300, Washington, DC 20416 or via email Hilary.Cronin@sba.gov, telephone (202) 205-7055. For Privacy related matters, please contact Stephen Kucharski, (Acting) Chief Information Officer/Senior Agency Official for Privacy, Office of the Chief Information Officer, U.S. Small Business Administration, 409 3rd Street SW, Suite 4000, Washington, DC 20416 or via email to Privacyofficer@sba.gov.
SUPPLEMENTARY INFORMATION:
The Privacy Act of 1974 (5 U.S.C. 552a), as amended, embodies fair information practice principles in a statutory framework governing the means by which Federal agencies collect, maintain, use, and disseminate individuals' personal information. The Privacy Act applies to records about individuals that are maintained in a “system of records.” A system of records is a group of any records under the control of a Federal agency from which information is retrieved by the name of an individual or by a number, symbol or another identifier assigned to the individual. The Privacy Act requires each Federal agency to publish in the Federal Register a System of Records Notice (SORN) identifying and describing each system of records the agency maintains, the purposes for which the Agency uses the Personally Identifiable Information (PII) in the system, the routine uses for which the Agency discloses such information outside the Agency, and how individuals can exercise their rights related to their PII information.
The modified Privacy Act system of records for titled, Government Contracting and Business Development (GCBD) System, (SBA 30) will be used by small business, SBA personnel and overseen by Office of Government Contracting and Business Development. SBA 30 collects personal, business, and financial information and veteran status to determine if applicants are eligible and if current participants are compliant with statutory and regulatory requirements for continued eligibility for participation in the following government programs: 8(a) Business Development Program, MPP, WOSB Federal Contracting Program, HUBZone Program, and VOSB Federal Contracting Program. Multiple SBA IT systems/applications are used to certify the participants on an SBA platform.
Certify.sba.gov is a certification management system used for elements of initial certification and continuing eligibility functions for the 8(a) Business Development program and for MPP. Its primary component is a custom developed application which includes an interface for small businesses to manage their eligibility documents and applications for various contracting programs, as well as workflows for SBA staff.
WOSB.Certify.sba.gov is a certification management system used for elements of initial certification and continuing eligibility functions for the WOSB Program. Its primary component is a custom developed application which includes an interface for small businesses to manage their eligibility documents and applications for various contracting programs, as well as workflows for SBA staff. HUBZone Certification Tracking System (HCTS) is a certification management system used for elements of initial certification and continuing eligibility for the HUBZone program. veterans.certify.sba.gov is a certification management system used for elements of initial application and continuing eligibility functions for the VOSB program. Its primary component is a custom developed application which includes an interface for small businesses to manage their eligibility documents and applications for various contracting programs, as well as workflows for SBA staff. To be eligible for certification in SBA's Veteran Small Business Certification Program, an applicant's small business must be owned and controlled by one or more qualifying veterans. A “qualifying veteran” is a veteran as defined by 38 U.S.C. 101(2) or a service-disabled veteran. The modification of SBA 30 will not have any undue impact on the privacy of individuals and its use is compatible with collection.
System Name and Number: Government Contracting and Business Development System, SBA 30.
System Classification: Unclassified.
System Location: SBA Headquarters, 409 3rd Street SW, Washington, DC 20416.
System Manager(s): Hilary F. Cronin, Office of Government Contracting and Business Development, U.S. Small Business Administration, 409 3rd Street SW, Suite 6300, Washington, DC 20416.
Authority for Maintenance of the System: 15 U.S.C. 636 (j); 15 U.S.C. 637; 15 U.S.C. 657a(a); Public Law 105-13, 111 Stat. 26275 (15 U.S.C. 631); 13 CFR 125.9 and Section 862 of the National Defense Authorization Act for Fiscal Year 2021, Public Law 116-283, 134 Stat. 3388 (January 1, 2021) (NDAA 2021), amended 38 U.S.C. 8127.
Purposes of the System: To collect personal, business, and financial information used to determine eligibility of applicants and current participants in the Agency's certification program to include but not limited to: 8(a) Business Development Program, Mentor Protégé Program (MPP) formerly known as All Small Mentor Protégé Program (ASMPP), Women-Owned Small Business (WOSB) Federal Contracting Program, Historically Underutilized Business Zone (HUBZone) Program and Veteran Owned Small Business Program.
Categories of Individuals Covered by the System: Applicants and program participants in SBA's 8(a) Business Development program, Mentor Protégé Program, WOSB Federal Contracting Program, HUBZone Program, and VOSB Federal Contracting Program.
Categories of Records in the System: Personal, business, veteran status and financial information.
Record Source Categories: Small business applicants or participants in the 8(a) Business Development program, Mentor Protégé Program (formerly known as All Small Mentor Protégé Program (ASMPP), HUBZone Program, WOSB Federal Contracting Program, and VOSB Federal Contracting Program
Routine Uses of Records Maintained in the System, Including Categories of Users and Purposes of Such Uses: In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the information contained in this system may be disclosed to authorized entities, as is determined to be relevant and necessary, outside SBA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To the Department of Justice (DOJ), including offices of the U.S Attorneys, or other Federal agency conducting litigation or in proceedings before any court, adjudicative, or administrative body, when it is deemed by the SBA to be relevant and necessary to the litigation or the SBA has an interest in such litigation when any of the following are a party to the litigation or have an interest in the litigation: (1) Any employee or former employee of the SBA in his or her official capacity; (2) Any employee or former employee of the SBA in his or her individual capacity when DOJ or SBA has agreed to represent the employee or a party to the litigation or have an interest in the litigation; or (3) The United States or any agency thereof.
B. To a Congressional office from the record of an individual in response to an inquiry from that Congressional office made at the request of the individual. The member's access rights are no greater than those of the individual.
C. To the National Archives and Records Administration (NARA) or General Services Administration (GSA) pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.
D. To an agency or organization, including the SBA's Office of Inspector General, for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.
E. To appropriate agencies, entities, and persons when (1) SBA suspects or has confirmed that there has been a breach of the system of records, (2) SBA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, SBA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with SBA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
F. To another Federal agency or Federal entity, when SBA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
G. To another agency or agent of a Government jurisdiction within or under the control of the U.S., lawfully engaged in national security or homeland defense when disclosure is undertaken for intelligence, counterintelligence activities (as defined by 50 U.S.C. 3003(3)), counterterrorism, homeland security, or related law enforcement purposes, as authorized by U.S. law or Executive Order.
H. To SBA contractors, grantees, volunteers, interns, and experts who have been engaged by SBA to assist in the performance and performance improvement of a servicerelated to this system of records and who need access to the records to perform this activity. Recipients of these records shall be required to comply with the requirements of the Privacy Act of 1974, as amended, 5 U.S.C. Sec. 552a.
Policies and Practices for Storage of Records: Information is stored electronically and is protected through the implementation of multi-factor access controls, user permissions, event logging, and monitoring. External media are further protected using encryption.
Policies and Practices for Retrieval of Records: Records are retrieved by name of individual, business name, and Unique Entity Identifier (UEI).
Policies and Practices for Retention and Disposal of Records: Records are maintained in accordance with latest edition SBA Standard Operating Procedure (SOP) series 00 41, schedules Records Management Records 4.1 and Agency Accountability Records 5.7. Records maintained as part of the General Records Schedules (GRS) are disposed of in accordance with applicable SBA policies.
Administrative, Technical, and Physical Safeguards: Access and use are limited to persons with official need to know. Users are evaluated on a recurring basis to ensure need-to-know still exists. Safeguards are implemented in accordance with the Federal Information Security Modernization Act of 2014 (FISMA) and are evaluated on a recurring basis to ensure desired operation.
Record Access Procedures: Individuals wishing to request access to records about them should submit a Privacy Act request to the SBA Chief, Freedom of Information and Privacy Act Office, U.S. Small Business Administration, 409 Third St. SW, Eighth Floor, Washington, DC 20416 or FOIA@sba.gov. Individuals must provide their full name, mailing address, personal email address, telephone number, and a detailed description of the records being requested. Individuals requesting access must also follow SBA's Privacy Act regulations regarding verification of identity and access to records (13 CFR part 102 subpart B).
Contesting Record Procedures: Individuals wishing to contest information contained in records about them should submit a Privacy Act request to the SBA Chief, Freedom of Information and Privacy Act Office, U.S. Small Business Administration, 409 Third St. SW, Eighth Floor, Washington, DC 20416 or FOIA@sba.gov. Individuals must provide their full name, mailing address, personal email address, telephone number, and a detailed description of the records being requested. Requesting individuals must follow SBA's Privacy Act regulations regarding verification of identity and access to records (13 CFR part 102 subpart B).
Notification Procedures: Individuals may make record inquiries in person or in writing to the Systems Manager through the SBA Chief, Freedom of Information and Privacy Act Office, U.S. Small Business Administration, 409 Third St. SW, Eighth Floor, Washington, DC 20416 or FOIA@sba.gov.
Exemptions Promulgated for the System: None.
History: [FR Doc. 2004-54823, Vol. 69, No. 175]; and [FR Doc. 2021-07363, Vol. 86, No. 68]
Hilary Cronin,
Director of Technology Solutions, Office of Government Contracting and Business Development.
[FR Doc. 2023-00623 Filed 1-13-23; 8:45 am]
BILLING CODE 8026-09-P