Small Business Investment Company Information System Modification

Issuing agencies

Abstract

The U.S. Small Business Administration (SBA) proposes to modify its system of records, titled Small Business Investment Company Information System (SBICIS) (SBA SBICS 40), to update its inventory of records systems subject to the Privacy Act of 1974, as amended. Publication of this notice complies with the Privacy Act and the Office of Management and Budget (OMB) Circular A-108 and Circular A-130. System of Records Notice (SORN) titled, Small Business Investment Company Information System (SBA SBICS 40), serves as a centralized and automated framework for the organization, retrieval, and analysis of information which supports the SBA's oversight and risk management roles for the SBIC program and SBA's technical assistance to and related support of any Capital Assistance Program (defined below).

Full Text

<html>
<head>
<title>Federal Register, Volume 90 Issue 162 (Monday, August 25, 2025)</title>
</head>
<body><pre>
[Federal Register Volume 90, Number 162 (Monday, August 25, 2025)]
[Notices]
[Pages 41467-41469]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2025-16172]


-----------------------------------------------------------------------

SMALL BUSINESS ADMINISTRATION


Small Business Investment Company Information System Modification

AGENCY: U.S. Small Business Administration.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: The U.S. Small Business Administration (SBA) proposes to 
modify its system of records, titled Small Business Investment Company 
Information System (SBICIS) (SBA

[[Page 41468]]

SBICS 40), to update its inventory of records systems subject to the 
Privacy Act of 1974, as amended. Publication of this notice complies 
with the Privacy Act and the Office of Management and Budget (OMB) 
Circular A-108 and Circular A-130. System of Records Notice (SORN) 
titled, Small Business Investment Company Information System (SBA SBICS 
40), serves as a centralized and automated framework for the 
organization, retrieval, and analysis of information which supports the 
SBA's oversight and risk management roles for the SBIC program and 
SBA's technical assistance to and related support of any Capital 
Assistance Program (defined below).

DATES: Submit comments on or before [30 days from date of publication 
in the Federal Register], 2025. This revised system will be effective 
upon publication. Routine uses will become effective on the date 
following the end of the comment period unless comments are received 
which result in a contrary determination.

ADDRESSES: You may submit comments on this notice, identified by Docket 
Number SBA-2025-0069 by any of the following methods:
    <bullet> Federal e-Rulemaking Portal:<a href="http://www.regulations.gov">http://www.regulations.gov</a>. 
Follow the instructions for submitting comments for Docket Number SBA-
2025-0069.
    <bullet> Mail/Hand Delivery/Courier: Submit written comments to: 
Thomas Morris, Acting Deputy Associate Administrator, OII, Office of 
Investment and Innovation, U.S. Small Business Administration, 409 3rd 
Street SW, Washington, DC 20416.

FOR FURTHER INFORMATION CONTACT: General questions, please contact 
Thomas Morris, Acting Deputy Associate Administrator, OII, Office of 
Investment and Innovation, U.S. Small Business Administration, 409 3rd 
Street SW, Washington, DC 20416 or via email, <a href="/cdn-cgi/l/email-protection#790d1116140a180a5714160b0b100a390a1b18571e160f"><span class="__cf_email__" data-cfemail="4f3b2720223c2e3c6122203d3d263c0f3c2d2e61282039">[email&#160;protected]</span></a>, 
telephone 202-205-7366 or Mike Post, Chief Information Security 
Officer, Office of the Chief Information Officer, U.S. Small Business 
Administration, 409 3rd Street SW, Suite 4000, Washington, DC 20416, 
email address: <a href="/cdn-cgi/l/email-protection#eb868288838a8e87c59b84989fab98898ac58c849d"><span class="__cf_email__" data-cfemail="a2cfcbc1cac3c7ce8cd2cdd1d6e2d1c0c38cc5cdd4">[email&#160;protected]</span></a>, telephone 202-205-3645. For 
Privacy related matters, please contact Mike Post, Acting Chief Privacy 
Officer, Office of the Chief Information Officer, or via email to 
<a href="/cdn-cgi/l/email-protection#0e5e7c67786f6d77616868676d6b7c4e7d6c6f20696178"><span class="__cf_email__" data-cfemail="81d1f3e8f7e0e2f8eee7e7e8e2e4f3c1f2e3e0afe6eef7">[email&#160;protected]</span></a>.

SUPPLEMENTARY INFORMATION: The Privacy Act of 1974 (5 U.S.C. 552a), as 
amended, embodies fair information practice principles in a statutory 
framework governing how federal agencies collect, maintain, use, and 
disseminate individuals' personal information. The Privacy Act applies 
to records about individuals that are maintained in a ``system of 
records.'' A system of records is any group of records under the 
control of a federal agency from which information is retrieved by the 
name of an individual or by a number, symbol or any other identifier 
assigned to the individual. The Privacy Act requires each federal 
agency to publish in the Federal Register a System of Records Notice 
(SORN) identifying and describing each system of records the agency 
maintains, the purpose for which the agency uses the Personally 
Identifiable Information (PII) in the system, the routine uses for 
which the agency discloses such information outside the agency, and how 
individuals can exercise their rights related to their PII information.
    The modified Privacy Act system of records titled Small Business 
Investment Company Information System (SBICIS) (SBA 40) will be used to 
provide notice to current and former (i) prospective Small Business 
Investment Company license applicants, (ii) SBIC applicants, (iii) 
SBICs (solely for the purpose of this SORN, the term ``SBIC'' refers to 
each of (i), (ii), (iii)), and to applicants, prospective applicants, 
and licensees under any Capital Assistance Program, as defined below. 
This includes managers, executives, members, and employees associated 
or affiliated with an SBIC or a Capital Assistance Program applicant/
licensee (``CAP Entity''), and personal and professional references for 
certain of the foregoing. It also includes investors, portfolio 
companies, certain portfolio company employees, service providers, and 
certain other individuals associated, affiliated or involved with an 
SBIC or a CAP Entity.
    Additionally, this modification to SBA SBICIS 40 includes changes 
to routine use (H) to reflect SBA's role relative to Capital Assistance 
Programs, as defined below.
    This system of records is comprised of electronic records managed 
by the Office of Investment and Innovation (OII). SBA SBICIS 40 will 
not have any undue impact on the privacy of individuals and its use is 
compatible with collection.

SYSTEM NAME AND NUMBER:
    Small Business Investment Company Information System (SBA SBICIS 
40).

SECURITY CLASSIFICATION:
    Controlled Unclassified Information.

SYSTEM LOCATION:
    SBA Headquarters, 409 3rd Street SW, Washington, DC 20416 and 
vendor cloud platform.

SYSTEM MANAGER(S):
    Thomas Morris, Acting Deputy Associate Administrator, OII, Office 
of Investment and Innovation, U.S. Small Business Administration, 409 
3rd Street SW, Washington, DC 20416 or via email <a href="/cdn-cgi/l/email-protection#7b0f1314161a08551614090912083b08191a551c140d"><span class="__cf_email__" data-cfemail="e4908c8b898597ca898b96968d97a4978685ca838b92">[email&#160;protected]</span></a>, 
telephone 202-205-7366.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The Small Business Investment Act of 1958, as amended, 15 U.S.C. 
661, et seq.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Personal and commercial information (including name, address, 
telephone number, credit history, background information, business 
information, employer identification number, SBIC or CAP Entity License 
number, financial information, investor commitments, identifying number 
or other personal identifiers, regulatory compliance information) on 
individuals and portfolio companies named in SBIC or CAP Entity files.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the information 
contained in this system may be disclosed to authorized entities, as is 
determined to be relevant and necessary, outside SBA as a routine use 
pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To the Department of Justice (DOJ), including offices of the 
U.S. Attorneys, or other Federal agency conducting litigation or in 
proceedings before any court, adjudicative, or administrative body, 
when it is deemed by the SBA to be relevant or necessary to the 
litigation or SBA has an interest in such litigation when any of the 
following are a party to the litigation or have an interest in the 
litigation: (1) Any employee or former employee of the SBA in his or 
her official capacity; (2) Any employee or former employee of the SBA 
in his or her individual capacity when DOJ or SBA has agreed to 
represent the employee or a party to the litigation or have an interest 
in the litigation; or (3) The United States or any agency thereof.
    B. To a Congressional office from the record of an individual in 
response to an inquiry from that Congressional office made at the 
request of the individual. The member's access rights are no greater 
than those of the individual.
    C. To the National Archives and Records Administration (NARA) or 
General Services Administration (GSA) pursuant to records management

[[Page 41469]]

inspections being conducted under the authority of 44 U.S.C. 2904 and 
2906.
    D. To an agency or organization, including the SBA's Office of 
Inspector General, for the purpose of performing audit or oversight 
operations as authorized by law, but only such information as is 
necessary and relevant to such audit or oversight function.
    E. To appropriate agencies, entities, and persons when: (1) The SBA 
suspects or has confirmed that the security or confidentiality of 
information processed and maintained by the SBA has been compromised, 
(2) the SBA has determined that as a result of the suspected or 
confirmed compromise, there is a risk of identity theft or fraud, harm 
to economic or property interests, harm to an individual, or harm to 
the security or integrity of this system or other systems or programs 
(whether maintained by SBA or any other agency or entity) that rely 
upon the compromised information; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with the SBA's efforts to respond to the suspected or 
confirmed compromise and prevent, minimize, or remedy such harm.
    F. To another Federal agency or Federal entity, when the SBA 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in: (1) Responding 
to a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    G. To another agency or agent of a government jurisdiction within 
or under the control of the U.S., lawfully engaged in national security 
or homeland defense when disclosure is undertaken for intelligence, 
counterintelligence activities (as defined by 50 U.S.C. 3003(3)), 
counterterrorism, homeland security, or related law enforcement 
purposes, as authorized by U.S. law or Executive Order.
    H. To other Federal agencies or Federal entities when mandated by 
executive orders or statute, or as documented by a Memorandum of 
Understanding or Memorandum of Agreement or Information Exchange 
Agreement or Data Sharing Agreement (each an ``Agreement'') and 
approved by the applicable Authorizing Officials in compliance with the 
Privacy Act of 1974, as amended, 5 U.S.C. 552a and SBA's policies, 
specifically including any Agreement under which SBA, through its 
Office of Investment and Innovation and supporting offices, provides 
technical assistance and support to a federal loan or guarantee program 
authorized by statutes and designed to provide investment capital 
assistance to eligible businesses (each such program for purposes of 
this SORN a ``Capital Assistance Program.'') These Agreements may be 
subject to review and approval by SBA's Office of General Counsel and 
SBA's Senior Agency Official for Privacy or designee.
    I. To other Federal agencies or Federal entities in aggregate and 
anonymized for the purpose of marketing, trends, statistical analysis, 
forecasting, reporting, and research where the information must 
preserve anonymity.
    J. To SBA contractors, grantees, interns, regulators, and experts 
who have been engaged by SBA to assist in the performance and 
performance improvement of a service related to this system of records 
and who need access to records to perform this activity which may also 
include for regulatory purposes. Recipients of these records shall be 
required to comply with the requirements of the Privacy Act of 1974, as 
amended, 5 U.S.C. 552a.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    SBICIS records are retrieved by SBIC name, CAP Entity name, or 
Portfolio Company Name, affiliation with a particular SBIC or CAP 
Entity personal identifier, SBA identifier, employer identification 
number, or any other data field that would enable SBA to perform its 
official duties.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained in accordance with SBA Standard Operating 
Procedure (SOP) 00 41 latest edition, applicable General Records 
Schedules (GRS) and are disposed of in accordance with applicable SBA 
policies.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Information stored by SBICIS is stored electronically and supported 
by the applicable Privacy Impact Assessment(s). Data is protected 
through the implementation of access controls--least permissions, role-
based user permissions, event logging, monitoring, security assessment 
and authorization reviews, encryption transmission and encrypted data 
at rest. Safeguards implemented comply to SBA policies, industry best 
practices, and Federal Government standards, memoranda, and circulars.

RECORD ACCESS PROCEDURES:
    Individuals wishing to request access to records about them should 
submit a Privacy Act request to the SBA Chief, Freedom of Information 
and Privacy Act Office, U.S. Small Business Administration, 409 Third 
St. SW, Eighth Floor, Washington, DC 20416 or <a href="/cdn-cgi/l/email-protection#92d4dddbd3d2e1f0f3bcf5fde4"><span class="__cf_email__" data-cfemail="4a0c05030b0a39282b642d253c">[email&#160;protected]</span></a>.
    Individuals must provide their full name, mailing address, personal 
email address, telephone number, and a detailed description of the 
records being requested. Individuals requesting access must also follow 
SBA's Privacy Act regulations regarding verification of identity and 
access to records (13 CFR part 102 subpart B).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    [FR Doc. 2019-19153, Vol. 84, No. 172; FR Doc. 2024-08000, Vol. 89, 
No. 74].

Joshua Carter,
Associate Administrator, U.S. Small Business Administration, Office of 
Investment and Innovation.
[FR Doc. 2025-16172 Filed 8-22-25; 8:45 am]
BILLING CODE 8026-09-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>