Privacy Act of 1974; System of Records

AGENCY:

Agency for International Development (USAID).

ACTION:

Notice of a Modified System of Records.

SUMMARY:

The United States Agency for International Development proposes to significantly modify the “United States Agency for International Development, Partner-Vetting Enhancement Project, USAID-27, Partner-Vetting System, System of Records.” The purpose of the system is to support the vetting of directors, officers, and other employees of non-governmental organizations that apply to USAID for contracts, grants, cooperative agreements, or other funding. The Agency specifically uses the information collected from the individuals to conduct screening and to mitigate the risk that USAID's funds and USAID-funded activities purposefully or inadvertently provide support to entities or individuals deemed a risk to national security.

DATES:

Submit comments on or before 12 February 2021. This modified system of records will be effective 12 February 2021 upon publication. The Routine Uses are effective at the close of the comment period.

ADDRESSES:

You may submit comments:

Electronic

• Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions on the website for submitting comments.
• Email: Privacy@usaid.gov.

Paper

• Fax: 202-916-4946.
• Mail: Chief Privacy Officer, United States Agency for International Development, 1300 Pennsylvania Avenue NW, Washington, DC 20523.

FOR FURTHER INFORMATION CONTACT:

Ms. Celida A. Malone, USAID Privacy Program at United States Agency for International Development, Bureau for Management, Office of the Chief Information Officer, Information Assurance Division: ATTN: USAID Privacy Program, 1300 Pennsylvania Avenue NW, Washington, DC 20523, or by phone number at 202-916-4605.

SUPPLEMENTARY INFORMATION:

For purposes of national-security and counterterrorism vetting, USAID staff use the Partner-Vetting System (PVS) to receive, store, and process organizational information and Personally Identifiable Information (PII) by using USAID Form 500-13, the Partner-Information Form (PIF). See https://www.usaid.gov/forms/aid-500-13. The Office of Management and Budget has approved the use of the PIF under the Paperwork Reduction Act. The PII gathered on the PIF, and in PVS, as stated in the current SORN, includes full name (including any aliases or variations of spelling); date and place of birth; government-issued identification information (including, but not limited to, Social Security Number, passport number, or other numbers originated by a government that specifically identify an individual); current mailing address; telephone numbers; email addresses; citizenship; gender; and occupation or other employment data.

USAID is modifying the SORN to delete “Individuals who are officers or other officials of non-profit, non-governmental organizations who apply for registration with USAID as Private and Voluntary Organizations (PVOs)” from the “Categories of Individuals Covered by the System,” as a result of the Agency's decision to change the registration processes for PVOs. PVOs only must register for the Limited Excess Property Program and the Ocean Freight Reimbursement Program, and to self-certify as part of the application process. USAID also are clarifying under “Categories of Records in the System” that the government-issued identification information listed in its existing SORN includes photographic biometric data. We further are adding more detail to the SORN's Routine-Uses Statement, including that we share information with other Federal Departments and Agencies for vetting purposes, and clarifying that the PVS does not contain any classified information.

SYSTEM NAME AND NUMBER:

Partner-Vetting System, USAID-27.

SECURITY CLASSIFICATION:

Sensitive but Unclassified.

SYSTEM LOCATION:

Amazon Web Services, US-EAST-1, 7600 Doane Drive, Manassas VA 20109.

SYSTEM MANAGER:

Chief, Counterterrorism Vetting, Office of Security, United States Agency for International Development, Ronald Reagan Building, 1300 Pennsylvania Avenue NW, Washington, DC 20523.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

The Foreign Assistance Act of 1961 (FAA), as amended, permits the Administrator of USAID to consider a range of foreign-policy and national-security interests in determining how to provide foreign assistance. Sections 7034 and 7039 of the Department of State, Foreign Operations, and Related Programs Appropriations Act for Fiscal Year 2020 (FY 2020) contain provisions and requirements for the oversight of USAID's programs. Executive Order (E.O.) 9397 created and governs the use of Social Security Numbers.

PURPOSE OF THE SYSTEM:

PVS supports the vetting of directors, officers, and other employees of non-governmental organizations that apply to USAID for contracts, grants, cooperative agreements or other funding. The Agency specifically uses the information collected from the individuals to conduct screening, and to mitigate the risk that USAID's funds and USAID-funded activities purposefully or inadvertently provide support to entities or individuals deemed a risk to national security.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals who are directors, officers, or are otherwise employed by either for-profit or non-profit non-governmental organizations that apply for and receive contracts, grants, cooperative agreements, or other types of instruments from USAID; individuals who apply for and receive Personal Services Contracts or other contracts, grants, or cooperative agreements; individuals or organizations that attempt to obtain other assistance or benefits from USAID (excluding for PVOs).

CATEGORIES OF RECORDS IN THE SYSTEM:

Full name, Social Security Number, date of birth, place of birth, passport number or permanent resident card number, tax identification number, home address, home telephone number, personal cell phone number, personal email address, work telephone number, work email address, citizenship, sex or gender, photographic biometric information, employment or salary record.

RECORD SOURCE CATEGORIES:

USAID may obtain information in this system from a non-governmental organization (USAID contractor or recipient official who is responsible for completing the application package required to obtain funds or assistance from USAID as an award or as a sub-award. In the case of applications by an individual in his/her own capacity, the Agency will collect the information directly from the individual applicant. USAID also may obtain information in this system from public sources, Federal Departments and Agencies that conduct national-security screening, law-enforcement and intelligence-agency record systems, and other Federal Government databases.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under the Privacy Act (Section 552a (b) of Title 5 of the U.S.C.), the Agency could disclose all or a portion of the records or information contained in this system outside of USAID as a routine use, as follows:

(1) To another Federal Department or Agency, to a court, magistrate, or other administrative body, or to a party in litigation before a court or in an administrative proceeding being conducted by a Federal Department or Agency, when the Government is a party to the judicial or administrative proceedings or has a significant interest in the proceeding where the Department or Agency determines the information to be necessary and relevant.

(2) To any component of the U.S. Department of Justice, or in a proceeding before a court, adjudicative body, or other administrative body before which the Department or Agency is authorized to appear, when; (a) the Department or Agency or any component thereof; or (b) any employee of the Department or Agency in her or his official capacity; or (c) any employee of the Department or Agency in his or her individual capacity where the U.S. Department of Justice or the Department or Agency has agreed to represent the employee; or (d) the United States, when the Department or Agency determines that litigation is likely to affect it or any of its components, is a party to litigation or has an interest in such litigation, and the Department or Agency deems the use of such records by the U.S. Department of Justice or the Department or Agency is relevant and necessary to the litigation provided, however, that in each case the Department or Agency has determined that the disclosure is compatible with the purpose for which the records were collected.

(3) To the U.S. Department of Justice for the purpose of obtaining legal counsel, including whether USAID should disclose the records or information in this system of records outside the Agency.

(4) To a Federal Government Department or Agency that assists USAID for the purpose of vetting, and for the purposes of ensuring accuracy of existing records and updating government records when a match between an applicant and another database is identified.

(5) To disclose information to contractors (Personal Service Contractors or institutional support contractors) in furtherance of the contractor's performance on behalf of USAID under a contract, including contracts that support the partner-vetting program.

(6) To the National Archives and Records Administration (NARA), for the purposes of records-management inspections conducted under the authority of Sections 2904 and 2906 of Title 44 of the U.S.C. and in its role as Archivist.

(7) To appropriate Federal Departments and Agencies, entities, and persons when: (a) USAID suspects or has confirmed that there has been a breach of the system of records; (b) USAID has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, USAID (including its information systems, programs, and operations), the Federal Government, or national security; and (c) the disclosure made to such Departments and Agencies, entities, and persons is reasonably necessary to assist in connection with USAID's efforts to respond to the suspected or confirmed breach, or to prevent, minimize, or remedy such harm.

(8) To the Office of Management and Budget (OMB), in connection with review of private relief legislation, as set forth in OMB Circular A-19, at any stage of the legislative coordination and clearance process, as set forth in that Circular.

(9) To another Federal Department or Agency or Federal entity, when USAID determines information from this system of records is reasonably necessary to assist the recipient Department or Agency or entity in: (a) Responding to a suspected or confirmed breach; or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs and operations), the Federal Government, or national security, that might result from a suspected or confirmed Breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

USAID stores records in this system in electronic format. USAID's staff collect paper records that contain information for counterterrorism vetting when USAID's partners need to submit required information other than electronically. USAID's policy is that, following the entry of information contained in such paper copies into PVS, our staff must dispose of the paper copies properly, in accordance with the Agency's procedures for handling information.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

USAID's staff retrieves records in PVS by individual name, date of birth, place of birth, passport numbers, or other identifying data specified under “Categories of Records” in the system, as well as Mission/Program/Department, old awardee identification number (ID), awardee ID, alias, city, vetting status, vetting priority, vetting date, date of final determination, or date USAID created the record.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

PVS follows NARA Records Schedule Number DAA-0286-2017-0001. USAID maintains vetting records for nine years after making an eligible or ineligible decision, regardless of award status.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

For electronic records: USAID maintains PVS records in a secure cloud database managed by Amazon Web Services on behalf of the Agency. The database is subject to non-disclosure agreement rules of engagement administered by AID Form 545-5. USAID restricts access to vetting requests and results stored in the PVS database to users who are U.S. Government personnel and authorized contractors who need to know this information to perform their duties, who can include the USAID workforce hired and/or appointed by our Missions, Bureaus, and Independent Offices involved in conducting or supporting vetting. The PVS database is housed on, and accessed from, an unclassified computer network. USAID stores vetting results, the analysis of their content, and classified comments separately, outside of PVS, on appropriately classified networks. Computer networks and the PVS database require a user authentication and Agency approval. The Agency maintains and periodically reviews an audit trail to monitor access to the system. Authorized U.S. Government personnel receive instructions in the proper use and protection of PII.

For paper records: USAID keeps paper vetting records in an approved security container at our Washington headquarters, and at the relevant locations that conduct vetting-related activities. Access to these records is limited to those authorized U.S. Government personnel and authorized contractors who have a need for the records in the performance of their official duties. USAID does not keep classified records within PVS.

RECORD ACCESS PROCEDURES:

Under the Privacy Act, individuals may request access to records about themselves. These individuals must be limited to citizens of the United States or aliens lawfully admitted for permanent residence. If a Federal Department or Agency or a person who is not the individual who is the subject of the records, requests access to records about an individual, the written consent of the individual who is the subject of the records is required.

Requesters may submit requests to USAID for records under the Privacy Act in the following ways: (1) By mail to the Freedom of Information Act (FOIA) Office in the Information and Records Division of the Office of Management Services within USAID's Bureau for Management, 1300 Pennsylvania Avenue NW, Room 2.07C, Ronald Reagan Building, Washington, DC 20523-2701; (2) via facsimile to 202-216-3070; (3) via email to foia@usaid.gov; (4) on the USAID website, at www.usaid.gov/foia-requests;; or, (5) in person during regular business hours at USAID, 1300 Pennsylvania Avenue NW, Room 2.07C, Ronald Reagan Building, Washington, DC 20523-2701, or at USAID's overseas Missions.

Requesters who use methods 1 through 4 above may provide a written statement, or may complete and submit USAID Form 507-2, Freedom of Information/Privacy Act Record Request Form, which is available in the following ways: (a) On the USAID website, at www.usaid.gov/foia-requests;; (b) by email request to foia@usaid.gov; or, (c) by writing to USAID's FOIA Office in the Information and Records Division of the Office of Management Services within USAID's Bureau for Management, 1300 Pennsylvania Avenue NW, Room 2.07C, Ronald Reagan Building, Washington, DC 20523-2701. Requesters must provide information that is necessary to identify the records, including the following: The requester's full name; present mailing address; home telephone; work telephone; name of subject, if other than the requester; the requester's relationship to subject; a description of the type of information or specific records; and the purpose of requesting the information. Requesters should provide the system of record (in this case, PVS) identification name and number, if known; and, to facilitate the assembly of records retrieved by Social Security Numbers, the Social Security Number of the individual to whom the record or records pertain.

In addition, requesters who use methods 1 through 4 above must include proof of their identity by providing copies of two (2) source documents notarized by a valid, unexpired notary public. Acceptable proof-of-identity source documents include an unexpired United States passport; Social Security Card (both sides); unexpired U.S. Government employee identity card; unexpired driver's license or identification card issued by a state or United States possession, provided that it contains a photograph; a certificate of United States citizenship; a certificate of naturalization; a card that shows permanent residence in the United States; a United States alien registration receipt card with photograph; a United States military identification card or draft record; or a United States military dependent's identification card.

A requester who use methods 1 through 4 above also must provide a signed and notarized statement that he or she is the person named in the request; that he or she understands that any falsification of this statement is punishable under the provision of Section 1001 of Title 18 of the U.S.C. by a fine, or by imprisonment of not more than five years or, if the offense involves international or domestic terrorism (as defined in Section 2331 of the statute), imprisonment of not more than eight years, or both; and that requesting or obtaining records under false pretenses is punishable under the provisions of Section 552a(i)(3) of Title 5 of the U.S.C. as a misdemeanor, and by a fine of not more than $5,000.

Requesters who use method 5 above must provide such personal identification as is reasonable under the circumstances to verify their identity, including the following: An unexpired United States passport; Social Security Card; unexpired U.S. Government employee identity card; un-expired driver's license or identification card issued by a state or United States possession, provided that it contains a photograph; a certificate of United States citizenship; a certificate of naturalization; a card that shows permanent residence in the United States; a United States alien registration receipt card with photograph; a United States military identification card or draft record; or a United States military dependent's identification card.

CONTESTING RECORD PROCEDURES:

See Record Access Procedure.

NOTIFICATION PROCEDURES:

See Record Access Procedure.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

Portions of USAID's PVS are exempt from one or more provisions of the Privacy Act (74 FR 9).

Exempt information in this system includes, but is not limited to, the following:

• Results generated from the screening of individuals covered by this notice;
• Intelligence and law-enforcement information related to national security; and
• National-security vetting and counterterrorism screening information, provided to USAID by other Departments and Agencies.

Section 215.13 of Part 215 of Title 22 of the Code of Federal Regulations, General Exemptions:

(c) The systems of records USAID is exempt under Section (j)(2) of the Act, the provisions of the Act from which the Agency is exempting them, and the justification for the exemptions, appear below:

(2) Partner-Vetting System (PVS). This system is exempt from Subsections (c)(3) and (4); (d); (e)(1), (2), and (3); (e)(4)(G), (H), and (I); (e)(5) and (8); (f), (g), and (h) of Section 552a of Title 5 of the U.S.C. These exemptions are necessary to insure the proper functioning of the law-enforcement activity, to protect confidential sources of information, to fulfill promises of confidentiality, to maintain the integrity of law-enforcement procedures, to avoid premature disclosure of the knowledge of criminal activity and the evidentiary basis of possible enforcement actions, to prevent interference with law-enforcement proceedings, to avoid the disclosure of investigative techniques, to avoid endangering law-enforcement personnel, to maintain the ability to obtain candid and necessary information, to fulfill commitments made to sources to protect the confidentiality of information, to avoid endangering these sources, and to facilitate the proper selection or continuance of the best applicants or persons for a given position or contract. Although the primary functions of USAID are not of a law-enforcement nature, the mandate to ensure USAID's funding does not purposefully or inadvertently support entities or individuals deemed to be a risk to national security necessarily requires coordination with law-enforcement and intelligence agencies as well as use of their information. The use of the information by these other Departments or Agencies necessitates the conveyance of these other systems exemptions to protect the information as stated. [57 FR 38277, Aug. 24, 1992, as amended at 74 FR 16, Jan. 2, 2009]

Section 215.14 of Part 215 of Title 22 of the Code of Federal Regulation, Specific Exemptions:

(c) The systems of records to be exempted under Section (k) of the Act, the provisions of the Act from which the Agency is exempting them, and the justification for the exemptions, appear below:

(6) Partner Vetting System (PVS). This system is exempt under Subsections (k)(1), (k)(2), and (k)(5) of Section 552a of Title 5 of the U.S.C., and from the provisions of Subsections (c)(3); (d); (e)(1); (e)(4)(G), (H), (I); and (f).5 of Section 552a of U.S.C. 552a. USAID claims these exemptions to protect the materials required by Executive Order to be kept secret in the interest of national defense or foreign policy, to prevent subjects of investigation from frustrating the investigatory process, to ensure the proper functioning and integrity of law-enforcement activities, to prevent the disclosure of investigative techniques, to maintain the ability to obtain candid and necessary information, to fulfill commitments made to sources to protect the confidentiality of information, to avoid endangering these sources, and to facilitate the proper selection or continuance of the best applicants or persons for a given position or contract. [57 FR 38277, Aug. 24, 1992, as amended at 74 FR 17, Jan. 2, 2009]

HISTORY:

USAID established the PVS as a new system of records on August 27, 2007 (72FR 39042).

USAID modified the PVS system of records on January 10, 2013 (77 FR 72319).