Privacy Act of 1974, System of Records

AGENCY:

United States Agency for International Development.

ACTION:

Altered system of records.

SUMMARY:

The United States Agency for International Development (USAID) is issuing public notice of its intent to alter a system of records maintained in accordance with the Privacy Act of 1974 (5 U.S.C. 552a), as amended, entitled “USAID-33, Phoenix Financial Management System”. This action is necessary to meet the requirements of the Privacy Act to publish in the Federal Register notice of the existence and character of record systems maintained by the agency (5 U.S.C. 522a(e)(4)). System addresses have been expanded.

DATES:

Public comments must be received on or before January 25, 2013. Unless comments are received that would require a revision; this update to the system of records will become effective on January 25, 2013.

ADDRESSES:

You may submit comments:

Paper Comments

• Fax: (703) 666-5670.
• Mail: Chief Privacy Officer, United States Agency for International Development, 2733 Crystal Drive, 11th Floor, Arlington, VA 22202.

Electronic Comments

• Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions on the Web site for submitting comments.
• Email: privacy@usaid.gov.

FOR FURTHER INFORMATION CONTACT:

For general questions, please contact, USAID Privacy Office, United States Agency for International Development, 2733 Crystal Drive, 11th Floor, Arlington, VA 22202. Email: privacy@usaid.gov.

SUPPLEMENTARY INFORMATION:

The Phoenix Financial Management System was established as an Agency-wide system of record since it is required to collect, maintain or store personal data requiring protection under the Privacy Act. It is USAID's core financial management system and accounting system of record. Phoenix enables USAID to effectively and efficiently analyze, allocate and report on U.S. foreign assistance funds. Phoenix includes modules such as General Ledger, Accounts Payable, Accounts Receivables, and Budget Execution, which are required to perform necessary accounting operations. Phoenix falls under strict regulatory audit requirements from the Office of Management and Budget, as well as the General Accountability Office.

USAID-33

SYSTEM NAME:

Phoenix Financial Management System.

SECURITY CLASSIFICATION:

Sensitive But Unclassified.

SYSTEM LOCATIONS:

(1) Beltsville Information Management Center (BIMC), 8101 O'Dell Rd., Beltsville, MD 20705—DRP Servers.

(2) Global Financial Service Center (GFSC—DoS), 1969 Dyess Ave., Building A, Computer Room 2A228, Charleston, SC 29405—Production Servers.

(3) Terremark, 50 Northeast 9th Street, Miami, FL 33132—Terremark Data Center Reporting, Development and Test Servers.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

This system contains records of current employees, contractors, personal service contractors (PSCs), consultants, partners, and those receiving foreign assistance funds.

CATEGORIES OF RECORDS COVERED BY THE SYSTEM:

This system contains USAID organizational information. Phoenix imports the following data elements from NFC Payroll files for Personnel Services Contractors (PSC) and direct hires: Name, social security number, details of payroll transactions and work phone numbers. Phoenix imports the following data elements from the E2 Travel system for each traveler: Name, date of travel (month/year) and destination.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Privacy Act of 1974 (Pub. L. 93-579), sec. 552a(c), (e), (f), and (p).

PURPOSE(S):

Records in this system will be used:

(1) The payroll information is used to associate PSC payroll-related payments with their contracts and track direct hire payroll payments in the system in order to produce 1099 files. If this information is not imported form NFC to Phoenix, then USAID cannot comply with IRS regulations to maintain and produce 1099s.

(2) The travel information is used to associate E2 travel records with Phoenix accounting information regarding travel authorization and funding.

ROUTINE USE OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

USAID may disclose relevant system records in accordance with any current and future blanket routine uses established for its record systems. These may be for internal communications or with external partners.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:

These records are not disclosed to consumer reporting agencies.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:

STORAGE:

Electronic records are maintained in user-authenticated, password-protected systems.

RETRIEVABILITY:

All records are accessed only by authorized personnel who have a need to access the records in the performance of their official duties. Information is retrieved by name or by a system specific ID (Vendor ID, Traveller ID, etc.). SSN is not employed as a key, but only present for tax reporting purposes.

SAFEGUARDS:

Administrative, managerial and technical controls are in place. Phoenix has a current Security Assessment and Authorization (A&A) in place. Phoenix is secured through access control provided to only those individuals with a need to know within the Agency. Further, access to the PII is limited to the staff within the CMP and CAR divisions. Phoenix is maintained by the U.S. government, not contractors.

RETENTION AND DISPOSAL:

Records are retained in accordance with approved National Archives and Records Administration Schedules.

SYSTEM MANAGER(S) AND ADDRESS:

David Ostermeyer, United States Agency for International Development, U.S. Department of State Annex 44, 455, 301 4th Street SW., Washington, DC 20547.

NOTIFICATION PROCEDURES:

Individuals requesting notification of the existence of records on them must send the request in writing to the Chief Privacy Officer, USAID, 2733 Crystal Drive, 11th Floor, Arlington, VA 22202. The request must include the requestor's full name, his/her current address and a return address for transmitting the information. The request shall be signed by either notarized signature or by signature under penalty of perjury and reasonably specify the record contents being sought.

RECORD ACCESS PROCEDURES:

Individuals wishing to request access to a record must submit the request in writing according to the “Notification Procedures” above. An individual wishing to request access to records in person must provide identity documents, such as government-issued photo identification, sufficient to satisfy the custodian of the records that the requester is entitled to access.

CONTESTING RECORD PROCEDURES:

An individual requesting amendment of a record maintained on himself or herself must identify the information to be changed and the corrective action sought. Requests must follow the “Notification Procedures” above.

RECORD SOURCE CATEGORIES:

The records contained in this system will be provided by and updated by the individual who is the subject of the record.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

None.