USAID-30 - Google Apps Business Edition


System name:

Google Apps Business Edition - (77 FR 44888).

Security classification:

Sensitive But Unclassified.

System location(s):

United States Agency for International Development, 2733 Crystal Drive, 11th Floor, Arlington, VA 22202.

Categories of individuals covered by the system:

This system contains records of current employees, contractors, consultants, and partners.

Categories of records covered by the system:

This system contains USAID organizational information. At a solution wide level the system will collect and display First and Last Name, Work Phone Number, and Work Address. This information is automatically collected from USAID's Active Directory of user objects. Users additionally have an option to create and maintain personal address books, accessible to only them or to users they grant access to. In these personal address books the user may manually enter First and Last Name, Home Address, Home Phone, and Date of Birth.

Authority for maintenance of the system:

Privacy Act of 1974 (Pub. L. 93-579), sec. 552a (c), (e), (f), and (p).


Records in this system will be used:

(1) The solution wide information is available to all USAID users provisioned in the Google Apps system for e-mail, calendaring, and collaboration tools.

(2) The personal address book information is available to the user that created the personal address book or to users that are granted access.

Disclosure to consumer reporting agencies:

These records are not disclosed to consumer reporting agencies.

Routine Use of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses:

USAID may disclose relevant system records in accordance with any current and future blanket routine uses established for its record systems. These may be for internal communications or with external partners.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:


Electronic records are maintained in user-authenticated, password-protected systems. All records are accessed only by authorized personnel who have a need to access the records in the performance of their official duties.


Contact Sharing creates a searchable directory of the user names and e-mail addresses in your domain, and shares this directory with everyone in your organization. By default, the directory includes each user's primary e-mail address and any e-mail aliases or nicknames. As a Google Apps account administrator, you can control which of these e-mail addresses appear in the directory by adjusting the Contact Sharing settings. You can also hide users from the shared contact list.

E-mail addresses that users saved as Personal Contacts are not included in the directory and are not affected by changes made to the Contact Sharing setting. Suspended and deleted users also do not appear in the directory.

All users in your domain can find contacts listed in the directory through Contacts search, Contacts details view, and any autocomplete function in each Google App enabled for your domain.

Contact Sharing is automatically enabled in your Google Apps account, but can be disabled (and re-enabled) at any time.


Additional administrative safeguards are provided through the use of internal standard operating procedures.

Retention and disposal:

Records are retained using the appropriate, approved National Archives Records Administration—Schedules for the type of record being maintained.

System manager(s) and address:

Sukhvinder Singh, United States Agency for International Development, 2733 Crystal Drive, 11th Floor, Arlington, VA. 22202.

Notification procedures:

Individuals requesting notification of the existence of records on them must send the request in writing to the Chief Privacy Officer, USAID, 2733 Crystal Drive, 11th Floor, Arlington, VA 22202. The request must include the requestor's full name, his/her current address and a return address for transmitting the information. The request shall be signed by either notarized signature or by signature under penalty of perjury and reasonably specify the record contents being sought.

Record access procedures:

Individuals wishing to request access to a record must submit the request in writing according to the “Notification Procedures” above. An individual wishing to request access to records in person must provide identity documents, such as government-issued photo identification, sufficient to satisfy the custodian of the records that the requester is entitled to access.

Contesting record procedures:

An individual requesting amendment of a record maintained on himself or herself must identify the information to be changed and the corrective action sought.

Requests must follow the “Notification Procedures” above.

Record source categories:

The records contained in this system will be provided by and updated by the individual who is the subject of the record.

Exemptions claimed for the system: