8025-01
SMALL BUSINESS ADMINISTRATION
Privacy Act System of Records
AGENCY: Small Business Administration.
ACTION: Notice of new Privacy Act system of records and request for comment.
SUMMARY: The Small Business Administration (SBA) is amending its Privacy Act Systems of Records to add a new System of Records to maintain the information collected from applicants and participants in the Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) Programs.
DATES: Written comments on the system of records must be received on before [INSERT DATE 30 DAYS AFTER DATE OF PUBLICATION IN THE FEDERAL REGISTER.] The notice will be effective without further publication at the end of the comment period, unless comments are received which require further amendments.
ADDRESSES: Written comments on this system of records should be directed to Edsel M. Brown, Assistant Administrator, Office of Technology, U. S. Small Business Administration, 409 3rd Street, SW., Washington, DC 20416.
FOR FURTHER INFORMATION CONTACT: Edsel M. Brown, Assistant Director, Office of Technology, at (202) 205 7343.
SUPPLEMENTARY INFORMATION: The Privacy Act (5 U.S.C. 552a) requires federal agencies to publish a notice of systems of records in the Federal Registerwhenever they establish a new system of records or make a significant change to an established system of records. Each notice must identify and describe the system of records the Agency maintains, the reasons why the agency collects the personally identifying information, the routine uses for which the agency will disclose such information outside the agency, and how individuals may exercise their rights under the Privacy Act to determine if, among other things, the system contains information about them. The information about each individual is called a “record,” and the system, whether manual or computer-based, is called a “system of records. The Privacy Act applies to any record about an individual that is maintained in a system of records from which individually identifying information is retrieved by a unique identifier associated with each individual, such as a name or Social Security number.
Small Business Administration New Privacy Act System of Records; Narrative Statement Privacy Act System of Records SBA 37; TechNet.
A. Narrative Statement
1. The Small Business Administration (SBA) is adding a new system of records to the Agency's Privacy Act Systems of Records. This new system of records, entitled TechNet, consists of records of SBIR and STTR offerors and participants and includes information about each business concern, such as: (1) contact person (name, title, phone, email); (2) key individual (name, position/title, email, phone, percentage of effort the key individual will spend on the project); (3) the principal investigator (name, title, phone, email, whether they are socially and economically disadvantaged; and (4) the name of any person convicted of a fraud-related crime or found civilly liable for a fraud-related violation involving the SBIR/STTR programs. If the offeror or participant is a sole proprietorship, SBA will be collecting the name and contact information as well as the employer identification number along with DUNS number of the business for that owner. The system is maintained by SBA's Office of Technology in electronic format. However, SBA obtains some of this information from the SBIR and STTR participating agencies, which collect the information and maintain it in paper and electronic formats.
2. Refer to the following citations: General Act of 1978, as amended); 15 U.S.C. Chapters 14A and 14B, and 44 U.S.C. 3101.
3. The effect on the individual will be minimal. In general, the information contained in the TechNet System of Records will be viewed only by Agency personnel, contractors, experts, consultants or volunteers in the line of their official duties. These individuals must comply with the requirements of the Privacy Act of 1974, as amended, pursuant to 5 U.S.C. 552a(m). Any potential disclosures outside of the Agency will be in compliance with the routine uses of the System and will only be to individuals with a need to know. However, SBA will disclose certain information about awardees, including the principal investigator’s contact information.
4. Access and use of the records will be limited to specified individuals with official need to know. All computers containing these records are protected by password and user identification codes. In addition, records in this system of records are exempt from the application of all provisions of section 552a except sections (b), (c)(1) and (2), (e)(4)(A) through (F), (e)(6), (7), (9), (10), (11), and (i).
5. TechNet is an internal and external facing collection of information, which has been approved by OMB under Control Number 3245-0356 until November 30, 2015.
Small Business Administration New Privacy Act System of Records:
SYSTEM NAME:
The name of the system is TechNet; the system number is SBA 37.
SYSTEM LOCATION:
U.S. Small Business Administration, 409 Third Street, SW, Washington, DC 20416.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM INCLUDES:
The categories of individuals covered by this system of records include the following: sole proprietors who submit offers to or receive awards under the SBIR and STTR programs; principal investigators and key individuals working for SBIR and STTR offerors and awardees.
CATEGORIES OF RECORDS IN THE SYSTEM:
SBA will collect the name of each sole proprietorship and the social security number for the individual owner, since that is the sole proprietor’s EIN and DUNS number. In addition, SBA will collect the contact information for the sole proprietor, key individual and principal investigator.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
15 U.S.C. 636(b)(6); 15 U.S.C. 638.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES, THESE RECORDS MAY BE USED, DISCLOSED OR REFERRED:
a. To the court or administrative tribunal and other parties in litigation, when a suit or administrative action has been initiated.
b. To a Congressional office from an individual's record, when that office is inquiring on the individual's behalf; the Member's access rights are no greater than the individual's.
c. To SBA employees, volunteers, contractors, interns, grantees, and experts who have been engaged by SBA to assist in the performance of a service related to this system of records and who need access to the records in order to perform this activity. Recipients of these records shall be required to comply with the requirements of the Privacy Act of 1974, as amended, 5 U.S.C. Sec. 552a.
d. To the Department of Justice (DOJ) when any of the following is a party to litigation or has an interest in such litigation, and the use of such records by DOJ is deemed by SBA to be relevant and necessary to the litigation, provided, however, that in each case, SBA determines the disclosure of the records to DOJ is a use of the
information contained in the records that is compatible with the purpose for which the records were collected: SBA, or any component thereof; any SBA employee in their official capacity; any SBA employee in their individual capacity where DOJ has agreed to represent the employee; or The United States Government, where SBA determines that litigation is likely to affect SBA or any of its components.
e. In a proceeding before a court, or adjudicative body, or a dispute resolution body before which SBA is authorized to appear or before which any of the following is a party to litigation or has an interest in litigation, provided, however, that SBA determines that the use of such records is relevant and necessary to the litigation, and that, in each case, SBA determines that disclosure of the records to a court or other adjudicative body is a use of the information contained in the records that is a compatible purpose for which the records were collected: SBA, or any SBA component; any SBA employee in their official capacity; any SBA employee in their individual capacity where DOJ has agreed to represent the employee; or The United States Government, where SBA determines that litigation is likely to affect SBA or any of its components.
f. To appropriate agencies, entities, and persons when: SBA suspects or has confirmed that the security or confidentiality of information in the system records has been compromised; SBA has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identify theft or fraud, or harm to the security of integrity of this system or other systems or programs (whether maintained by the Agency or entity) that rely upon the compromised information; and the disclosure made to such agencies, entities and persons is reasonably necessary to assist in connection with SBA's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.
g. To Congress, the Government Accountability Office, agencies participating in the SBIR and the STTR programs (Department of Agriculture, Department of Commerce (National Institute of Standards and Technology and National Oceanic and Atmospheric Administration), Department of Defense, Department of Education, Department of Energy, Department of Health and Human Services, Department of Homeland Security, Department of Transportation, Environmental Protection Agency, National Aeronautics and Space Administration, and the National Science Foundation), Office of Management and Budget, Office of Science and Technology Policy, Office of Federal Procurement Policy, and other authorized persons who are subject to a use and nondisclosure agreement with the Federal Government covering the use of the database for the purposes of program evaluation and auditing.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING AND DISPOSING OF RECORDS:
STORAGE:
Paper and electronic files.
RETRIEVAL:
The user assigned to represent the company provides all information via a self-registered account. That user may receive copies of all documents submitted via a public website; with the use of their username/password.
SAFEGUARDS:
The access to the system is restricted to registered users only. The users are SBIR or STTR applicants and past-awardees of the SBIR or STTR programs from any of the 11 agencies, or registered Government Agency users. The access to information for the logged-in users is based on the role assigned to them during the registration process. These roles prohibit users from accessing information that they are not privy to. The categories of users who have access to the record are the System Administrators at SBA.
RETENTION AND DISPOSAL:
System records are retained and disposed of according to SBA’s records maintenance and disposition schedules and the requirements of the National Archives and Records Administration General Records Schedule.
SYSTEM MANAGER(S) AND ADDRESS:
The individual at SBA responsible for this system’s policies and practices is the Associate Administrator for Investment, Office of Investment and Innovation, 409 Third Street, SW, Washington DC 20416.
NOTIFICATION PROCEDURE:
Individuals may make record inquiries in person or in writing to the Systems Manager or SBA’s Privacy Act Officer.
ACCESS PROCEDURES:
Individuals who must create an account will furnish their Company’s name, the authorized user’s name, the company’s EIN and DUNS numbers and email address of the principal of the firm. These details are to be submitted through a web-based registration form available on sbir.gov public-facing site.
CONTESTING PROCEDURES:
Individuals seeking to contest or amend information maintained in this system of records should notify the SBA Privacy Act Officer, Lisa J. Babcock, 409 Third Street, SW, Washington DC 20416 or or System Manager listed above and state reason(s) for contesting any information in the record and provide proposed amendment(s).
SOURCE CATEGORIES:
The sources of the records in the system include the following: the SBIR/STTR offerors and awardees and the SBIR/STTR participating agencies. In addition, SBIR.gov system interfaces with CCR (Central Contractor Registry) database to complete the authentication process for new small business users’ registration.
Dated: December ---, 2012
Sean J. Greene,
Associate Administrator for Investments and Special Advisor for Innovation
