88 FR 203 pgs. 72820-72823 - Privacy Act of 1974; System of Records
Type: NOTICEVolume: 88Number: 203Pages: 72820 - 72823
Pages: 72820, 72821, 72822, 72823FR document: [FR Doc. 2023-23327 Filed 10-20-23; 8:45 am]
Agency: Veterans Affairs Department
Official PDF Version: PDF Version
[top]
DEPARTMENT OF VETERANS AFFAIRS
Privacy Act of 1974; System of Records
AGENCY:
Veterans Experience Office, Department of Veterans Affairs (VA).
ACTION:
Notice of a modified system of records.
SUMMARY:
Pursuant to the Privacy Act of 1974, notice is hereby given that the Department of Veterans Affairs (VA) is modifying the system of records titled "Veterans Affairs Profile-VA" (192VA30). VA Profile contains information about Veterans; their families, caregivers, and survivors; and other VA customers to facilitate the title 38 benefits and services provided by the different administrations and program offices.
DATES:
Comments on this modified system of records must be received no later than 30 days after date of publication in the Federal Register . If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by VA, the modified system of records will become effective a minimum of 30 days after the date of publication in the Federal Register . If VA receives public comments, VA shall review the comments to determine whether any changes to the notice are necessary.
ADDRESSES:
Comments may be submitted through www.Regulations.gov or mailed to VA Privacy Service, 810 Vermont Avenue NW, (005X6F), Washington, DC 20420. Comments should indicate that they are submitted in response to" Veterans Affairs Profile-VA" (192VA30). Comments received will be available at regulations.gov for public viewing, inspection or copies.
FOR FURTHER INFORMATION CONTACT:
[top] Trisha Dang, Veterans Experience Office (VEO), Department of Veterans Affairs, 810 Vermont Ave. NW, Building 810,
SUPPLEMENTARY INFORMATION:
VA is modifying the Veterans Affairs Profile system of records by making minor revisions to the Routine Uses of Records Maintained in the System; and updating the System Location; Purpose of the System; Categories of Individuals Covered by the System; Categories of Records in the System; Record Source Categories; Policies and Practices for Storage of Records; Administrative, Technical, and Physical Safeguards; Record Access Procedures; and Contesting Record Procedures.
The Report of Intent to Amend a System of Records Notice and an advance copy of the system notice have been sent to the appropriate Congressional committees and to the Director of the Office of Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.
Signing Authority
The Senior Agency Official for Privacy, or designee, approved this document and authorized the undersigned to sign and submit the document to the Office of the Federal Register for publication electronically as an official document of the Department of Veterans Affairs. Kurt D. DelBene, Assistant Secretary for Information and Technology and Chief Information Officer, approved this document on September 13, 2023 for publication.
Dated: October 18, 2023.
Amy L. Rose,
Government Information Specialist, VA Privacy Service, Office of Compliance, Risk and Remediation, Office of Information and Technology, Department of Veterans Affairs.
SYSTEM NAME AND NUMBER:
Veterans Affairs Profile (VA Profile) (192VA30).
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The VA Profile system is maintained in a system known as the VA Profile Data Repository (VA PROFILEDB) hosted at an OI&T approved VA sponsored data warehouse location via secured cloud storage on a Federal Risk and Authorization Management Program (FedRAMP) certified VA Enterprise Cloud (VAEC).
SYSTEM MANAGER(S):
Trisha Dang, Veterans Experience Office (VEO), Department of Veterans Affairs, 810 Vermont Ave. NW, Building 810, Washington, DC 20420; Telephone (202) 461-9898; email trisha.dang@va.gov.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
38 U.S.C. 501, 7304.
PURPOSE(S) OF THE SYSTEM:
The purpose of VA Profile is to serve as the authoritative data source for common customer profiles of Veterans; their families, caregivers, and survivors; and other VA customers. The profile data in this system of records is mastered and synchronized with information in other data sources, meet VA data quality standards, and is updated using a single touchpoint service. Through synchronization of information from various data sources, VA Profile provides VA administrations and program offices with a customer profile that is accurate, relevant, complete, and timely.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Records in the system contain information about Veterans; their families, caregivers, and survivors; and eligible beneficiaries who are receiving or have received title 38 benefits and services; and other individuals who may be entitled to title 38 benefits and services.
CATEGORIES OF RECORDS IN THE SYSTEM:
Records may include identifying data and contact information, such as names; mailing and residential addresses; daytime, evening, mobile, and fax phone numbers; and email addresses.
RECORD SOURCE CATEGORIES:
Records contain information provided by Veterans as well as their families, advocates, and dependents. Information is also obtained from other VA components and systems of records, including National Patient Database-VA (121VA10A7), VA/DoD Identity Repository (138VA005Q); Enrollment and Eligibility Records-VA (147VA10), Veterans Health Information Systems and Technology Architecture (VistA) Records-VA (79VA10),Compensation, Pension, Education, and Vocational Rehabilitation and Employment Records (58VA21/22/28), Administrative Data Repository-VA (150VA19), and supplemented with information purchased from data brokers.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
1. Congress: To a Member of Congress or staff acting upon the Member's behalf when the Member or staff requests the information on behalf of, and at the request of, the individual who is the subject of the record.
2. Data breach response and remediation, for VA: To appropriate agencies, entities, and persons when (a) VA suspects or has confirmed that there has been a breach of the system of records; (b) VA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, VA (including its information systems, programs, and operations), the Federal Government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with VA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
3. Data breach response and remediation, for another Federal agency: To another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
4. Law Enforcement: To a Federal, state, local, territorial, tribal, or foreign law enforcement authority or other appropriate entity charged with the responsibility of investigating or prosecuting a violation or potential violation of law, whether civil, criminal, or regulatory in nature, or charged with enforcing or implementing such law, provided that the disclosure is limited to information that, either alone or in conjunction with other information, indicates such a violation or potential violation. The disclosure of the names and addresses of veterans and their dependents from VA records under this routine use must also comply with the provisions of 38 U.S.C. 5701.
5. DoJ, Litigation, Administrative Proceeding: To the Department of Justice (DoJ), or in a proceeding before a court, adjudicative body, or other administrative body before which VA is authorized to appear, when:
(a) VA or any component thereof;
(b) Any VA employee in his or her official capacity;
(c) Any VA employee in his or her individual capacity where DoJ has agreed to represent the employee; or
[top] (d) The United States, where VA determines that litigation is likely to affect the agency or any of its
6. Contractors: To contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for VA, when reasonably necessary to accomplish an agency function related to the records.
7. OPM: To the Office of Personnel Management (OPM) in connection with the application or effect of civil service laws, rules, regulations, or OPM guidelines in particular situations.
8. EEOC: To the Equal Employment Opportunity Commission (EEOC) in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or other functions of the Commission as authorized by law.
9. FLRA: To the Federal Labor Relations Authority (FLRA) in connection with: the investigation and resolution of allegations of unfair labor practices, the resolution of exceptions to arbitration awards when a question of material fact is raised, matters before the Federal Service Impasses Panel; and the investigation of representation petitions and the conduct or supervision of representation elections.
10. MSPB: To the Merit Systems Protection Board (MSPB) in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by law.
11. NARA: To the National Archives and Records Administration (NARA) in records management inspections conducted under 44 U.S.C. 2904 and 2906, or other functions authorized by laws and policies governing NARA operations and VA records management responsibilities.
12. Federal Agencies, for Computer Matches: To other federal agencies for the purpose of conducting computer matches to obtain information to determine or verify eligibility of veterans receiving VA benefits or medical care under title 38.
13. Federal Agencies, for Research: To a Federal agency for the purpose of conducting research and data analysis to perform a statutory purpose of that Federal agency upon the prior written request of that agency.
14. Researchers, for Research: To epidemiological and other research facilities approved by the Under Secretary for Health for research purposes determined to be necessary and proper, provided that the names and addresses of veterans and their dependents will not be disclosed unless those names and addresses are first provided to VA by the facilities making the request.
15. Federal Agencies, Courts, Litigants, for Litigation or Administrative Proceedings: To another federal agency, court, or party in litigation before a court or in an administrative proceeding conducted by a federal agency, when the government is a party to the judicial or administrative proceeding.
16. Consumer Reporting Agencies: To a consumer reporting agency for the purpose of locating the individual, obtaining a consumer report to determine the ability of the individual to repay an indebtedness to the United States, or assisting in the collection of such indebtedness, provided that the provisions of 38 U.S.C. 5701(g)(2) and (4) have been met, and the disclosure is limited to information as is reasonably necessary to identify such individual or concerning that individual's indebtedness to the United States by virtue of the person's participation in a benefits program administered by the Department.
17. Law Enforcement, for Locating Fugitive: To any Federal, state, local, territorial, tribal, or foreign law enforcement agency to identify, locate, or report a known fugitive felon, in compliance with 38 U.S.C. 5313B(d).
18. OMB: To the Office of Management and Budget (OMB) for the performance of its statutory responsibilities for evaluating Federal programs.
19. Nonprofits, for Release of Names and Addresses (RONA): To a nonprofit organization if the release is directly connected with the conduct of programs and the utilization of benefits under Title 38, provided that the disclosure is limited to the names and addresses of present or former members of the armed services or their beneficiaries, that the records will not be used for any purpose other than that stated in the request, and the that organization is aware of the penalty provision of 38 U.S.C. 5701(f).
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records will be maintained at an OI&T approved VA sponsored data warehouse location via secured cloud storage on a Federal Risk and Authorization Management Program (FedRAMP) certified VA Government Cloud (GovCloud) site.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records may be retrieved by name or other identifiers, such as an internal entry number of a partner system that maintains information on the individuals.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records in this system are maintained and disposed of in accordance with the schedule approved by the Archivist of the United States, General Records Schedule 5.2, item 020, which provides for disposition of intermediary records, e.g., copies of electronic records from one system that are used as source records to another system.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Access to VA Profile is limited to those persons whose official duties require such access. VA has established security procedures to ensure that access is appropriately limited, including review by information security officers and system data stewards of data access requests; and privacy and information security training required annually of all users of VA information or information systems.
Access is regulated with security software that requires each user to be authenticated, and the system is hosted on a FedRAMP-certified, FISMA-high VA Government Cloud (GovCloud); and transmissions are protected by firewalls, intrusion detection devices, encryption, and other security measures.
Physical access to computer rooms housing national administrative databases, warehouses, and data marts is restricted to authorized staff and protected by a variety of security devices. Unauthorized employees, contractors, and other staff are not allowed in computer rooms. The Federal Protective Service or other security personnel provide physical security for the buildings housing computer rooms and data centers, and copies of back-up computer files are generally maintained at off-site locations.
RECORD ACCESS PROCEDURES:
[top] Individuals seeking access to records in this system pertaining to them must contact the system manager in writing as indicated above. The request for access must contain the requester's full name, address, telephone number, and signature, and describe the records sought in sufficient detail to enable VA to locate them with a reasonable amount of effort.
CONTESTING RECORD PROCEDURES:
Individuals seeking to contest or amend records in this system pertaining to them must contact the system manager in writing as indicated above. A request to contest or amend must state clearly and concisely what record is being contested, the basis for contesting it, and the proposed amendment to the record.
NOTIFICATION PROCEDURES:
Generalized notice is provided by the publication of this notice. For specific notice, see Record Access Procedure, above.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
87 FR 36207 (June 15, 2022).
[FR Doc. 2023-23327 Filed 10-20-23; 8:45 am]
BILLING CODE P