Skip to Content

We invite you to try out our new beta eCFR site at We’ve made big changes to make the eCFR easier to use. Be sure to leave feedback using the 'Feedback' button on the bottom right of each page!


Privacy Act of 1974, System of Records

Document Details

Information about this document as published in the Federal Register.

Document Statistics
Document page views are updated periodically throughout the day and are cumulative counts for this document. Counts are subject to sampling, reprocessing and revision (up or down) throughout the day.
Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.


Notice of new system of records.


The United States Agency for International Development (USAID) is issuing public notice of its intent to establish a new system of records maintained in accordance with the Privacy Act of 1974 (5 U.S.C. 552a), as amended, entitled “USAID-31, HSPD-12 PIV Lifecycle Management.”

This action is necessary to meet the requirements of the Privacy Act to publish in the Federal Register notice of the existence and character of record systems maintained by the agency (5 U.S.C. 522a(e)(4)).


Public comments must be received on or before March 14, 2012. Unless comments are received that would require a revision; this update to the system of records will become effective on March 14, 2012.


You may submit comments:

Paper Comments

  • Fax: (703) 666-1466.
  • Mail: Chief Privacy Officer, United States Agency for International Development, 2733 Crystal Drive, 11th Floor, Arlington, VA. 22202.

Electronic Comments


For general questions, please contact, USAID Privacy Office, United States Agency for International Development, 2733 Crystal Drive, 10th Floor, Arlington, VA 22202. Email:


Personal Identity Verification (PIV) Lifecycle Management system allows for the control and flexibility of PIV card enrollment, issuance, and management under the direction of USAID Management for domestic and international operations. The direct management of the PIV deployment enables USAID to update the card and features at its own pace, implement the use of PIV credential data, such as a digital signature and encryption certificates for documents and email and to add biometric authentication capabilities as it becomes available.

Dated: December 21, 2011.

Jeffery Anouilh,

Deputy Chief Information Security Office and Privacy Officer.


System name:

HSPD-12 PIV Lifecycle Management.

Security classification:

Sensitive But Unclassified.

System location(s):

United States Agency for International Development, 2733 Crystal Drive, 11th Floor, Arlington, VA 22202.

Categories of individuals covered by the system:

This system contains records of current employees, contractors, consultants, and partners.

Categories of records covered by the system:

This system contains USAID organizational information. The covered record, which has already been collected by the Department of State for issuance of the current USAID PIV badge, are as follows: name; employee digital photo; two digital fingerprints; organizational affiliation; Agency; 3-4 Public Key Infrastructure (PKI) certificates; and expiration date. In order to access the data on the chip, the cardholder must create a Personal Identification Number (PIN).

Authority for maintenance of the system:

Privacy Act of 1974 (Pub. L. 93-579), sec. 552a(c), (e), (f), and (p).


Records in this system will be used:

(1) To update current USAID Direct Hire employees' card data in order to comply with OMB M-11-11 for physical and logical access to USAID networks and facilities.

(2) To issue PIV compliant cards to eligible contractors.

Disclosure to consumer reporting agencies:

These records are not disclosed to consumer reporting agencies.

Routine Use of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses:

USAID may disclose relevant system records in accordance with any current and future blanket routine uses established for its record systems. These may be for internal communications or with external partners.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:


Data records are located at the hosting environment, and maintained in user-authenticated, password-protected systems. All records are accessed only by authorized personnel who have a need to access the records in the performance of their official duties.


Records are retrievable by name, PIN number or any other identifier listed in the categories of records cited above.


Additional administrative safeguards are provided through the use of internal standard operating procedures in accordance with the FIPS-201, and NIST 800-53 standards.

Retention and disposal:

Records are retained using the appropriate, approved National Archives Records Administration—Schedules for the type of record being maintained.

System manager(s) and address:

Jeffrey Anouilh, United States Agency for International Development, 2733 Crystal Drive, 11th Floor, Arlington, VA 22202.

Notification procedures:

Individuals requesting notification of the existence of records on them must send the request in writing to the Chief Privacy Officer, USAID, 2733 Crystal Drive, 11th Floor, Arlington, VA 22202. The request must include the requestor's full name, his/her current address and a return address for transmitting the information. The request shall be signed by either notarized signature or by signature under penalty of perjury and reasonably specify the record contents being sought.

Record access procedures:

Individuals wishing to request access to a record must submit the request in writing according to the “Notification Procedures” above. An individual wishing to request access to records in person must provide identity documents, such as government-issued photo identification, sufficient to satisfy the custodian of the records that the requester is entitled to access.

Contesting record procedures:

An individual requesting amendment of a record maintained on himself or herself must identify the information to be changed and the corrective action sought. Requests must follow the “Notification Procedures” above.

Record source categories:

The records contained in this system will be provided by and updated by the individual who is the subject of the record.

Exemptions claimed for the system:


[FR Doc. 2012-4192 Filed 2-23-12; 8:45 am]