46770
Federal Register / Vol. 84, No. 172 / Thursday, September 5, 2019 / Notices
SYSTEM LOCATION
:
SBA Headquarters, 409 3rd Street SW,
Washington, DC, 20416.
SYSTEM MANAGER
(
S
):
Marja Maddrie, Business Operations
Officer, Office of Investment and
Innovation, U.S. Small Business
Administration, 409 3rd Street SW,
Suite 6300, Washington, DC, 20416.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM
:
The Small Business Investment Act of
1958, as amended, 15 U.S.C. 661, et seq.
PURPOSES OF THE SYSTEM
:
The SBICIS serves a centralized and
automated framework for the
organization, retrieval, and analysis of
SBIC information which supports the
SBA’s oversight and risk management
roles for the SBIC program.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM
:
The system covers individuals related
to current and former (i) prospective
SBIC license applicants, (ii) SBIC
applicants, and (iii) SBICs. (Solely for
the purposes of this SORN, the term
‘‘SBIC’’ refers to each of (i), (ii) and (iii)
in the preceding sentence.) This
includes managers, executives,
members, and employees associated or
affiliated with an SBIC, and personal
and professional references for certain
of the foregoing. It also includes SBIC
investors, SBIC portfolio companies,
certain SBIC portfolio company
employees, SBIC service providers, and
certain other individuals associated,
affiliated or involved with an SBIC.
CATEGORIES OF RECORDS IN THE SYSTEM
:
Personal and commercial information
(e.g., name, address, credit history,
background information, business
information, financial information,
investor commitments, identifying
number or other personal identifiers,
regulatory compliance information) on
individuals and portfolio companies
named in SBIC files.
RECORD SOURCE CATEGORIES
:
Information contained within this
system is obtained from SBICs, SBIC
authorized representatives, SBIC
investors, SBIC portfolio companies,
SBA employees, and commercial
industry and government sources.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM
,
INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES
:
In addition to those disclosures
generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a
portion of the information contained in
this system may be disclosed to
authorized entities, as is determined to
be relevant and necessary, outside SBA
as a routine use pursuant to 5 U.S.C.
552a(b)(3) as follows:
A. To the Department of Justice (DOJ),
including offices of the U.S Attorneys,
or other Federal agency conducting
litigation or in proceedings before any
court, adjudicative, or administrative
body, when it is deemed by the SBA to
be relevant or necessary to the litigation
or the SBA has an interest in such
litigation when any of the following are
a party to the litigation or have an
interest in the litigation: (1) Any
employee or former employee of the
SBA in his or her official capacity; (2)
Any employee or former employee of
the SBA in his or her individual
capacity when DOJ or SBA has agreed
to represent the employee or a party to
the litigation or have an interest in the
litigation; or (3) The United States or
any agency thereof.
B. To a Congressional office from the
record of an individual in response to
an inquiry from that Congressional
office made at the request of the
individual. The member’s access rights
are no greater than those of the
individual.
C. To the National Archives and
Records Administration (NARA) or
General Services Administration (GSA)
pursuant to records management
inspections being conducted under the
authority of 44 U.S.C. 2904 and 2906.
D. To an agency or organization,
including the SBA’s Office of Inspector
General, for the purpose of performing
audit or oversight operations as
authorized by law, but only such
information as is necessary and relevant
to such audit or oversight function.
E. To appropriate agencies, entities,
and persons when: (1) The SBA
suspects or has confirmed that the
security or confidentiality of
information processed and maintained
by the SBA has been compromised, (2)
the SBA has determined that as a result
of the suspected or confirmed
compromise, there is a risk of identity
theft or fraud, harm to economic or
property interests, harm to an
individual, or harm to the security or
integrity of this system or other systems
or programs (whether maintained by
SBA or any other agency or entity) that
rely upon the compromised
information; and (3) the disclosure
made to such agencies, entities, and
persons is reasonably necessary to assist
in connection with the SBA’s efforts to
respond to the suspected or confirmed
compromise and prevent, minimize, or
remedy such harm.
F. To another Federal agency or
Federal entity, when the SBA
determines that information from this
system of records is reasonably
necessary to assist the recipient agency
or entity in: (1) Responding to a
suspected or confirmed breach or (2)
preventing, minimizing, or remedying
the risk of harm to individuals, the
recipient agency or entity (including its
information systems, programs, and
operations), the Federal Government, or
national security, resulting from a
suspected or confirmed breach.
G. To another agency or agent of a
Government jurisdiction within or
under the control of the U.S., lawfully
engaged in national security or
homeland defense when disclosure is
undertaken for intelligence,
counterintelligence activities (as defined
by 50 U.S.C. 3003(3)), counterterrorism,
homeland security, or related law
enforcement purposes, as authorized by
U.S. law or Executive Order.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS
:
Information stored by SBICIS is stored
electronically and is protected through
the implementation of access controls,
user permissions, event logging, and
monitoring. External media are further
protected using encryption.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS
:
SBICIS records are retrieved by SBIC
or Portfolio Company Name, affiliation
with a particular SBIC personal
identifier, SBA identifier, employee
identification number, or any other data
field that would enable SBA to perform
its official duties.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS
:
Records are maintained in accordance
with SBA Standard Operating Procedure
(SOP) 00 41 2, schedules 65:02 through
65:06. Records maintained as part of the
General Records Schedules (GRS) are
disposed of in accordance with
applicable SBA policies.
ADMINISTRATIVE
,
TECHNICAL
,
AND PHYSICAL
SAFEGUARDS
:
Access and use are limited to persons
with official need to know. Users are
evaluated on a recurring basis to ensure
need-to-know still exists. Safeguards are
implemented in accordance with the
Federal Information Security
Modernization Act of 2014 (FISMA) and
are evaluated on a recurring basis to
ensure desired operation.
RECORD ACCESS PROCEDURES
:
Individuals wishing to request access
to records about them should submit a
Privacy Act request to the SBA Chief,
Freedom of Information and Privacy Act
VerDate Sep<11>2014 16:53 Sep 04, 2019 Jkt 247001 PO 00000 Frm 00065 Fmt 4703 Sfmt 4703 E:\FR\FM\05SEN1.SGM 05SEN1
khammond on DSKBBV9HB2PROD with NOTICES