Privacy

The U.S. International Development Finance Corporation (DFC) privacy program’s mission is to establish a strong culture of privacy awareness and protection that ensures transparency and accountability for agency activities involving the use of personally identifiable information (PII). The proper handling of PII is critical to building the trust of DFC’s stakeholders—including employees, contractors, other federal agencies, and members of the public. The privacy program works toward achieving its goals by promoting the consistent application of privacy laws, policies, and standards. This includes the Privacy Act of 1974, Section 208 of the E-Government Act of 2002, the Federal Information Security Modernization Act of 2014, Office of Management and Budget guidance, and standards issued by the National Institute of Standards and Technology.

On this webpage, you will find links to DFC privacy policies and resources.

Privacy Impact Assessments

The following are privacy compliance documents for DFC systems that are considered privacy-sensitive. A privacy-sensitive system is an information system that collects, maintains, or disseminates information in identifiable form from or about members of the public, or that contains sensitive PII from or about members of the public or internal DFC employees/contractors.

DFCNet

DFC's Office of Information Technology (OIT) allows DFC to further its mission by providing the information technology (IT) systems, network connectivity, operating systems, and other IT resources needed for DFC to conduct agency business electronically. This set of interconnected systems, called “DFCNet,” serves as the agency’s General Support System (GSS) and is comprised of numerous third-party IT solutions. DFCNet connects the entire agency internally and provides the network backbone needed to support distributed access to DFC IT systems. It does not, in and of itself, control what PII is processed by end users (i.e., DFC employees and contractors) who use DFCNet IT solutions (i.e., “components”).

• Associated SORN(s): None
• PIA: DFCNet

Credit Management System (CMS)

DFC's CMS houses the loan-by-loan data inputs from the former U.S. Agency for International Development (USAID) Development Credit Authority guarantee portfolios and allows for reporting and invoicing output. It is owned by the Office of Development Credit and externally hosted on Amazon Web Services (AWS) US East/West. CMS has limited the amount of personal data that is maintained within CMS to the smallest amount possible and has a role-based user platform. Any personal information is restricted to access by administrator roles and isolated into specific, detailed screens. There are three types of data collected in the system: that of users, that of guaranteed lending institutions, and that of individual loans to qualifying borrowers.

• Associated SORN(s): None
• PIA: Credit Management System (CMS)

Insight

DFC's Office of Information Technology (OIT) uses Insight (Salesforce.com) as the agency’s back-office software that collects data from external customers completing and submitting web-based business application forms. Insight facilitates project lifecycle management from project intake to project closeout for all DFC products across various DFC departments. The information in the system will be used to administer the projects as necessary, including internally tracking and managing client contact information and the status (but not the detailed results) of Know Your Customer (KYC) due diligence performed on businesses and individuals associated with each project. Data from this system may also be used for evaluating the effectiveness of DFC’s products and programs and improving upon them.

• Associated SORN(s): DFC-02, Salesforce Customer Relationship Management System (“Insight”) (85 FR 43210)
• PIA: Insight

Microsoft 365

DFC's Office of Information Technology (OIT) has an enterprise agreement with Microsoft to use their Microsoft 365 suite of productivity software. The purpose of Microsoft 365 is to provide the agency with essential office tools and computing functionalities, including word processing, email, spreadsheets, presentations, file sharing, office calendars, event scheduling, audio/visual communications, online chatting, and other business and collaborative capabilities. Microsoft 365 is a subscription-based Software as a Service platform that is authorized to operate as a federal Cloud Service Offering by the Federal Risk and Authorization Management Program (FedRAMP).

• Associated SORN(s): None
• PIA: Microsoft 365

Oracle E-Business Suite (EBS)

The primary purpose of EBS is to function as the financial system of record for DFC. It is the primary application used by the Office of Finance & Portfolio Management (OFPM) Financial Management (FM) unit to record all financial transactions related to DFC’s administrative and working capital budgets. DFC’s FM unit is responsible for managing the agency’s portfolio in a prudent manner that is in keeping with best practices in the areas of accounting, budgeting, and management reporting. The FM unit also provides all other DFC departments with timely and accurate reporting on the size, health, and makeup of DFC’s portfolio, geographic and sector concentrations, commitment and disbursement activity, credit funding usage, the status of departmental budget allocations, and corporate budget formulation and execution. Additionally, the FM unit provides information to other departments on subjects ranging from travel regulations to billing and payment procedures to interest rates.

• Associated SORN(s): DFC-01, Oracle E-Business Suite (85 FR 43210)
• PIA: Oracle E-Business Suite (EBS)

Development Outcomes Survey

DFC uses the Development Outcomes Survey (DOS) (DFC-008) to determine the development impact of a project supported by DFC. It is managed by the Office of Development Policy’s (ODP) Impact Management, Monitoring, and Learning Division. The DFC-008 is the principal document used by the agency to review and monitor development impact performance of projects supported by DFC. All active eligible projects submit the DFC-008 on an annual basis throughout their project lifecycle. The same initial questions are asked of all clients, with form conditionals guiding respondents to variations, which are determined by project financing type and sector, resulting in a streamlined form of questioning. The DFC-008 is completed with the use of a web-based application. This provides a secure and efficient means for clients to transmit the required information to the agency. The form is shifting from being administered on the DFC Forms Portal and transferred to the agency’s “Insight” Salesforce platform, to being administered directly on Insight.

• Associated SORN(s): None
• PIA: Development Outcomes Survey

eCase

DFC's Office of Inspector General (OIG) uses an audit documentation management software, eCase, to document audit work as part of its overall mission to prevent, detect, and deter fraud, waste, and abuse in DFC’s programs and operations around the world. eCase is a product of the Washington, D.C.-based company OPEXUS. The DFC OIG instance of eCase is used primarily as a repository of audit documentation gathered and documented during an audit. It provides a dynamic case management framework with the capability to power a wide range of workflow-driven processes and core case management functions, including the tracking and reporting of audits. The documentation retained will vary based on the objectives of the audit. eCase is a subscription-based software as a service solution that is authorized to operate as a federal Cloud Service Offering by the Federal Risk and Authorization Management Program (FedRAMP).

• Associated SORN(s): None
• PIA: eCase

ScanWriter by Personable

DFC's Office of Inspector General (OIG) is seeking to procure software to assist the OIG’s investigators and analysts in analyzing financial records in support of investigations. Such software is widely used by federal law enforcement agencies, including OIGs. After conducting extensive research and consulting with other federal users of such software, DFC has determined that the best software application for its needs is ScanWriter by Personable. ScanWriter automates the process of taking transaction information from bank records and other financial records and putting them in one or more spreadsheets for analysis. The records are typically obtained through a subpoena issued under the OIG’s authority under the Inspector General Act of 1978, as amended (IG Act), or through a federal grand jury subpoena issued by the U.S. Department of Justice. The records can be for a business or an individual. The OIG envisions having the software reside in such a way that only select members of the OIG can access the software and the data contained in it. The software will need to be able to access the Internet to get updates and other information from the vendor, but otherwise can and should be isolated from other DFC systems. After the financial analysis is complete, the information will be purged from the system.

• Associated SORN(s): None
• PIA: ScanWriter by Personable

System of Records Notices

Government-Wide

System ID	Government-Wide System of Records	Link to Notice
EEOC/GOVT-1	Equal Employment Opportunity in the Federal Government Compliant and Appeal Records	81 FR 81116
GSA/GOVT-3	Travel Charge Card Program	78 FR 20108
GSA/GOVT-4	Contracted Travel Services Program (E-TRAVEL)	68 FR 39092
GSA/GOVT-7	HSPD-12 USAccess	80 FR 64416
GSA/GOVT-9	System for Award Management (SAM)	78 FR 11648
GSA/GOVT-10	Federal Acquisition Regulation (FAR) Data Collection System	82 FR 12352
MSPB/GOVT-1	Appeals and Case Records	67 FR 70254
OPM/GOVT-1	General Personnel Records	80 FR 74815
OPM/GOVT-2	Employee Performance File System Records	80 FR 74815
OPM/GOVT-3	Records of Adverse Actions, Performance Based Reduction in Grade and Removal Actions, and Termination of Probationers	80 FR 74815
OPM/GOVT-5	Recruiting, Examining and Placement Records	79 FR 16834
OPM/GOVT-6	Personnel Research and Test Validation Records	79 FR 35354
OPM/GOVT-7	Applicant Race, Sex, National Origin, and Disability Status Records	80 FR 74815
OPM/GOVT-9	File on Position Classification Appeals, Job Grading Appeals, and Retained Grade or Pay Appeals, and Fair Labor Standard Act (FLSA) Claims and Complaints, Federal Civilian Employee Compensation and Leave Claims, and Settlement of Accounts for Deceased Civilian Officers and Employees	78 FR 60331
OGE/GOVT-1	Executive Branch Personnel Public Financial Disclosure Reports and Other Name-Retrieved Ethics Program Records	78 FR 73863
OGE/GOVT-2	Executive Branch Confidential Financial Disclosure Reports	68 FR 3097
OSC/GOVT-1	OSC Compliant, Litigation, Political Activity, and Disclosure Files	82 FR 45076

DFC-Wide

System ID	DFC System Name	Link to Notice
DFC-01	Oracle E-Business Suite (EBS)	85 FR 43210
DFC-02	Salesforce Customer Relationship Management System (“Insight”)	85 FR 43210
DFC-03	Federal Personnel Payroll System (FPPS) and Datamart	85 FR 43210
DFC-04	Staff Central	85 FR 43210
DFC-05	FedTalent	85 FR 43210
DFC-06	Board of Directors	85 FR 43210
DFC-07	FOIA Requests and Appeals	85 FR 43210
DFC-08	Executive Photographs	85 FR 43210
DFC-09	Reasonable Accommodations Records	86 FR 63000

Website Privacy Policy

Thank you for visiting DFC's website. The privacy policy outlined below applies to the data we collect from you over the internet. DFC collects personal information from visitors to our website for various reasons which may include the processing of applications, the maintenance of mailing lists, etc. Our policies regarding the collection and use of personal information are as follows:

Disclaimer

The appearance of hyperlinks or the mention of or links to any commercial, shareware, or freeware products on this page or elsewhere on this site does not constitute or imply endorsement by DFC or the United States Government of any linked site or of any product, information, or service. These links (or information concerning such links) are offered solely as a convenience to the user. Neither DFC nor the United States Government offers any guarantee or warranty concerning any product, information, or service described or available at such links.

Outside parties may link to or copy material from DFC’s website, provided such party requests and obtains DFC’s consent prior to initiating the link or copying. DFC reserves the right to decline such requests. Please be advised that DFC’s consent does not constitute an endorsement of the requesting party or confirmation of the accuracy of other information on the requesting party’s website.

Personally Provided Information

• You do not have to provide DFC with personal information to visit our website.
• We will not collect personal information from you when you visit our website unless you choose to provide that information to us. Your submitting it constitutes your consent for DFC to collect it.
• Personal information you provide to us is used solely for the purpose for which it was collected, and is not sold or disseminated to third parties, unless required by law (e.g., for law enforcement purposes). We will notify you, at the point of collection, how information that personally identifies you will be used.
• You may have access to any of the information we collect about you at this website. We will correct any errors you may find. You may email DFC to request information or records concerning you from the Corporation. Please remember that electronic mail is not necessarily secure against interception. Therefore, we suggest that you do not send personally identifying information (e.g., your mailing address) to us via email.

Information Automatically Collected and Stored

When you visit our website to read or download information, certain information about you will be collected. We automatically collect and store the following information about your visit:

• The IP address from which you accessed our website;
• The IP address of the referring website if you access our site directly from another site;
• The type of browser and operating system used to access the site;
• The date and time of your visit;
• The pages you visited;
• The amount of data (bytes) transferred to you; and
• The amount of time it took to transfer the data to you.

We use this information to perform statistical analyses of the use of the website and to enhance its utility to our visitors. For example, we use it to assess what information is of most and least interest, to determine technical design specifications, and to identify system performance problems. Unless specifically stated otherwise, no additional information will be collected about you.

Cookies

A cookie is a small piece of text that is sent to your computer along with a web page when you visit a website. Your computer will give the information in the cookie only to the computer that sent it, and no other website can request it. There are three types of cookies: persistent, third party, and session.

DFC does not use persistent or third-party cookies, but sometimes uses session cookies.

DFC uses session (or “temporary”) cookies to facilitate the completion of web forms during the collection of information that you submit. These cookies keep you from losing information you have entered on a web form if, during your visit, you leave our website and return. These cookies are stored in memory and are only available during an active browser session. Session cookies do not collect personal information about you, and this information is erased as soon as you close your web browser or turn off your computer. No personally identifiable information about you is maintained as a result of a temporary or session cookie.

You can configure your web browser to accept or decline cookies, or to alert you when cookies are in use. You do not have to accept cookies from us, but if you choose not to, some of the functionality of our site may not be available to you.

Security/Protecting Personally Identifiable Information

DFC is required to protect the information we collect and maintain about you. We will not use the internet to do business with you unless we can do so in a secure manner. We will take reasonable precautions to maintain the security, confidentiality, and integrity of the information we collect at this website.

DFC takes technical measures to ensure that personal information submitted via its website is kept secure and confidential.

DFC also takes administrative measures to ensure that personal information submitted via its website is kept secure and confidential by restricting staff access to personal information to only those who have a need to know. DFC sometimes uses contractors to perform various website and database functions. When we do, we make sure that the contract with the contractor ensures the security, confidentiality, and integrity of any personal information the contractor may have access to in the course of contract performance.

Data Retention and Access

All data collected via DFC’s website, including emails that meet the definition of records under a) the Federal Records Act (44 U.S.C. 3101 et seq.) and b) the regulations and records schedules of the National Archives and Records Administration, are maintained and destroyed according to the provisions of the Act.

In some cases, these data may be covered by the Privacy Act and subject to the Freedom of Information Act. A discussion of your rights under both of these laws can be found in A Citizen’s Guide on Using the Freedom of Information Act and the Privacy Act of 1974 to Request Government Records.

You may have access to any of the information DFC collects about you on this website. To make corrections to any personal information, you may click here for information on how to submit a request for correction.

Monitoring and Intrusion Detection

The DFC website is hosted on a U.S. Government computer system and is intended for official business use only. You may not make unauthorized modifications to this system or the information it contains or use this system for any activities which are in violation of law. Misuse of this system is strictly prohibited and may be subject to criminal prosecution under the Computer Fraud and Abuse Act of 1986 and Title 18 USC Sections 1001 and 1030.

For security purposes, DFC monitors access and use of this system to identify unauthorized activity. Anyone using this system expressly consents to such monitoring and is advised that if such monitoring reveals evidence of possible abuse or criminal activity, such evidence may be provided to appropriate law enforcement officials. In the event of authorized law enforcement investigations, and pursuant to any required legal process, information from these sources may be used to help identify an individual. We make no attempts to identify individual users unless we suspect illegal behavior.

Interaction With Children

This website may offer educational content to children. No personally identifiable information is collected from them unless voluntarily submitted as a request for information or services. The information collected is used to respond to user inquiries or to provide services requested by our users.

External Links Policy

DFC’s website has hyperlinks to other government, quasi-government, international, and private organizations. These websites are not under the control of DFC and may not follow the same privacy, security, or accessibility policies. When you leave DFC’s website via a link to another website, you will be notified that you are subject to the policies of the new website. All external websites to which DFC is linked open in a new window.

Hyperlinks on this website to any commercial, shareware, or freeware products or services do not constitute or imply endorsement by DFC or the United States Government of any linked website or of any product, information, or service. These links, or information concerning such links, are offered solely as a convenience to the user. Neither DFC nor the United States Government offers any guarantee or warranty concerning any product, information, or service described or available.

Third-Party Website Measurement and Customization Technologies

This website uses Google Analytics Premium to measure the number of visitors to its different sections, to find out what information is most viewed, and to help us make our website more useful to our visitors.

Google Analytics places a persistent cookie on your computer to provide this information. This cookie does not store any personally identifiable information. (This is classified as a tier 2 tracking technology according to OMB Memorandum M-10-22.)

To opt-out of this cookie being placed on your computer, visit:

• Web Measurement and Customization Opt-out at USA.gov
• Opt out of Google Analytics Cookies

Third-party websites may use web measurement and customization technologies (such as cookies) in conjunction with the provision of this content or functionality. You should consult the privacy policies of these third parties for further information. We do not knowingly use third-party tools that place a multi-session cookie prior to the user interacting with the tool, for example, by playing an embedded video.

Users opting out of this web measurement technology will have the same access to content as users who do not.

Some pages on our site may include web content or functionality from third parties, such as embedded videos hosted by non-DFC services. For example, as of November 1, 2016, content or functionality from the following third party may be present on some dfc.gov pages.

• YouTube.com (Privacy Policy)

Visiting Official DFC Pages on Third-Party Websites

DFC maintains official pages or accounts on several third-party websites in order to better engage with the American public. Those websites are listed below. Your activity on those third-party sites is governed by the security and privacy policies of the third-party sites. Users of third-party sites are often sharing information with the general public, user community, and/or the third-party operating the third-party site. These actors may use this information in a variety of ways. Consequently, you should review the privacy policies of third-party sites before using them and ensure that you understand how your information may be used. You should also adjust privacy settings on your account on any third-party site to match your preferences.

Information that you voluntarily submit to or publish on a DFC page or a third-party site may be treated as public information. We may, for example, publish compilations of comments collected through these DFC pages or provide them to national leaders, members of the press, or other individuals outside of the federal government.

We exercise discretion to protect voluntarily submitted information if its disclosure would raise privacy concerns. Except as described above, we do not sell, rent, exchange, or otherwise disclose this information to persons or organizations outside DFC. In some cases, we may share information with other federal agencies in response to lawful law enforcement requests or to protect dfc.gov from security threats.

If you seek assistance on a matter within the jurisdiction of a federal agency, we may share your information with that agency for the limited purpose of addressing your request for assistance.

Below is the current list of official DFC pages on third-party websites:

Social Networks

Facebook

• DFC’s Facebook Page
• Facebook's Privacy Policy

X (formerly Twitter)

• @DFCgov (DFC's X page)
• X's Privacy Policy

Video and Multimedia

Instagram

• DFC's Instagram Page
• Instagram's Privacy Policy

LinkedIn

• DFC's LinkedIn Page
• LinkedIn's Privacy Policy

Medium

• DFC's Medium Page
• Medium's Privacy Policy

YouTube

• DFC's YouTube Channel
• YouTube's Privacy Policy

Privacy Program Plan

For DFC's Privacy Program Plan, please visit this link.

Breach Response Plan

For DFC's Breach Response Plan, please visit this link.

Submit a Privacy Act Request

Your Rights Under the Privacy Act

Personal information that you submit to DFC may be maintained in federal systems of records as defined under the Privacy Act of 1974. If information we collect from you is to be used in a Privacy Act system of records, then a Privacy Act Statement will be provided at the point of information collection. The Privacy Act Statement shall explain the authority for the collection; the principle purpose(s) for which the information is intended to be used; whom the information may be shared with outside of the agency without the written consent of the individual (known as a “routine use”); and the effects on the individual, if any, of not providing all or any part of the requested information. An appropriate citation (and, if practicable, a link) to the relevant System of Records Notice(s) will also be provided in the Privacy Act Statement.

DFC’s Privacy Act regulations can be found at 22 C.F.R. Part 707. Instructions on submitting a Privacy Act request are located at 22 C.F.R. § 707.21.

Contact Us

Senior Agency Official for Privacy (SAOP): Tina Donbeck

Chief Privacy Officer (CPO): James Piyavansuthi

You may contact DFC's SAOP or CPO for further privacy-related information, questions, or to formally file a privacy-related complaint.

Mailing Address:
DFC Privacy Program
U.S. International Development Finance Corporation
1100 New York Avenue, NW
Washington, DC 20527

Email Address: privacy@dfc.gov.