89 FR 237 pgs. 99335-99338 - Privacy Act of 1974; System of Records
Type: NOTICEVolume: 89Number: 237Pages: 99335 - 99338
Pages: 99335, 99336, 99337, 99338FR document: [FR Doc. 2024-28959 Filed 12-9-24; 8:45 am]
Agency: Veterans Affairs Department
Official PDF Version: PDF Version
[top]
DEPARTMENT OF VETERANS AFFAIRS
Privacy Act of 1974; System of Records
AGENCY:
Department of Veterans Affairs (VA) Veterans Benefits Administration.
ACTION:
Notice of a modified system of records.
SUMMARY:
Pursuant to the Privacy Act of 1974, notice is hereby given that the Department of Veterans Affairs (VA) is modifying the system of records titled, "Veterans Affairs/Department of Defense Identity Repository (VADIR)-VA" (138VA005Q). This system of records is an electronic repository of military personnel's military history, payroll information and their dependents' data provided to VA by the Department of Defense's Defense Manpower Data Center (DMDC). The VADIR database repository is used in conjunction with other applications across VA business lines to provide an electronic consolidated view of comprehensive eligibility and benefits utilization data from across VA and Department of Defense (DoD). VA applications use the VADIR database to retrieve profile data, military history, and information on benefits, and dependents.
DATES:
Comments on this modified system of records must be received no later than January 9, 2025. If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by VA, the modified system of records will become effective a minimum of 30 days after date of publication in the Federal Register . If VA receives public comments, VA shall review the comments to determine whether any changes to the notice are necessary.
ADDRESSES:
Comments may be submitted through www.Regulations.gov or mailed to VA Privacy Service, 810 Vermont Avenue NW, (005X6F), Washington, DC 20420. Comments should indicate that they are submitted in response to "Veterans Affairs/Department of Defense Identity Repository (VADIR)-VA" (138VA005Q). Comments received will be available at regulations.gov for public viewing, inspection, or copies.
FOR FURTHER INFORMATION CONTACT:
Trisha Dang, Veterans Experience Office, (VEO), Department of Veterans Affairs, 810 Vermont Ave. NW, Building 810, Washington, DC 20420; telephone (202) 461-9898; email trisha.dang@va.gov .
SUPPLEMENTARY INFORMATION:
VA has updated the System Manager to reflect "Alexander Torres, Project Manager, Department of Veterans Affairs, OIT/Product Engineering/Data&Analytics, 810 Vermont Ave. NW, Building 810, Washington, DC 20420, email: vavadirsupportteam@va.gov, telephone number (470) 364-4797."
[top] VA has also updated the Categories of Records to reflect: "The record, or information contained in the record, may include identifying information ( e.g., name, contact information, Social Security number), association to dependents, cross reference to other names used, military service participation and status information (branch of service, rank, enter on duty date, release from active duty date, military occupations, type of duty, character of service, awards), reason and nature of active duty separation (completion of commitment, etc.), combat pay, combat awards, theater location, combat deployments (period of
Signing Authority
The Senior Agency Official for Privacy, or designee, approved this document and authorized the undersigned to sign and submit the document to the Office of the Federal Register for publication electronically as an official document of the Department of Veterans Affairs. Kurt D. DelBene, Assistant Secretary for Information and Technology and Chief Information Officer, approved this document on October 31, 2024 for publication.
Dated: December 5, 2024.
Amy L. Rose,
Government Information Specialist, VA Privacy Service, Office of Compliance, Risk and Remediation, Office of Information and Technology, Department of Veterans Affairs.
SYSTEM NAME AND NUMBER:
Veterans Affairs/Department of Defense Identity Repository (VADIR)-VA (138VA005Q).
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
VADIR is hosted at an OI&T approved VA sponsored data warehouse location via secured cloud storage on a Federal Risk and Authorization Management Program (FedRAMP) certified VA Enterprise Cloud (VAEC).
SYSTEM MANAGER(S):
Alexander Torres, Project Manager, Department of Veterans Affairs, OIT/Product Engineering/Data&Analytics, 810 Vermont Ave. NW, Building 810, Washington, DC 20420, email: vavadirsupportteam@va.gov, telephone number (470) 364-4797.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
38 U.S.C. 5106.
PURPOSE(S) OF THE SYSTEM:
The purpose of VADIR is to receive electronically military personnel and payroll information from the Department of Defense (DoD) in a centralized VA system and then distribute the data to other VA systems and lines of business who require the information for health and benefits eligibility determinations. This information is provided to VADIR by the Defense Manpower Data Center (DMDC). VADIR will also provide veterans information concerning education benefits usage and death, as well as personal and demographic information.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The category of the individuals covered by the VADIR database encompasses veterans, service members, and their dependents. This would include current service members, separated service members, and their dependents; as well as veterans whose VA military service benefits have been sought by others ( e.g., burial benefits).
CATEGORIES OF RECORDS IN THE SYSTEM:
Records include identifying information ( e.g., name, contact information, Social Security number), association to dependents, cross reference to other names used, military service participation and status information (branch of service, rank, enter on duty date, release from active duty date, military occupations, type of duty, character of service, awards), reason and nature of active duty separation (completion of commitment, etc.), combat pay, combat awards, theater location, combat deployments (period of deployment, location/country), Guard/Reserve activations (period of activation, type of activation), education benefit participation, Transfer of Eligibility (TOE) of educational benefits to dependents, group life insurance participation, survivor pay, disability pay, separation pay, military retirement pay, and medals and awards.
RECORD SOURCE CATEGORIES:
Information in this system of records is provided by components of the Department of Defense.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
1. Congress
To a Member of Congress or staff acting upon the Member's behalf when the Member or staff requests the information on behalf of, and at the request of, the individual who is the subject of the record.
2. Data Breach Response and Remediation, for VA
To appropriate agencies, entities, and persons when (a) VA suspects or has confirmed that there has been a breach of the system of records, (b) VA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, VA (including its information systems, programs, and operations), the Federal Government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with VA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
3. Data Breach Response and Remediation, for Another Federal Agency
To another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
4. Law Enforcement
To a Federal, State, local, territorial, Tribal, or foreign law enforcement authority or other appropriate entity charged with the responsibility of investigating or prosecuting a violation or potential violation of law, whether civil, criminal, or regulatory in nature, or charged with enforcing or implementing such law, provided that the disclosure is limited to information that, either alone or in conjunction with other information, indicates such a violation or potential violation. The disclosure of the names and addresses of veterans and their dependents from VA records under this routine use must also comply with the provisions of 38 U.S.C. 5701.
5. DoJ, Litigation, Administrative Proceeding
To the Department of Justice (DoJ), or in a proceeding before a court, adjudicative body, or other administrative body before which VA is authorized to appear, when:
(a) VA or any component thereof;
(b) Any VA employee in his or her official capacity;
(c) Any VA employee in his or her individual capacity where DoJ has agreed to represent the employee; or
[top] (d) The United States, where VA determines that litigation is likely to affect the agency or any of its components is a party to such proceedings or has an interest in such proceedings, and VA determines that use of such records is relevant and necessary to the proceedings.
6. Contractors
To contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for VA, when reasonably necessary to accomplish an agency function related to the records.
7. NARA
To the National Archives and Records Administration (NARA) in records management inspections conducted under 44 U.S.C. 2904 and 2906, or other functions authorized by laws and policies governing NARA operations and VA records management responsibilities.
8. Department of Defense
To DoD systems or offices for use in connection with matters relating to one of DoD's programs to enable delivery of healthcare or other DoD benefits to eligible beneficiaries.
9. Department of Defense Manpower Data Center (DMDC)
To the Department of Defense Manpower Data Center (DMDC) to reconcile the amount and/or waiver of service, department and retired pay, provided that information disclosed is the name, address, VA file number, service information, date of birth, incarceration status, and social security number of veterans and their surviving spouses
10. Department of Defense Enrollment Eligibility Reporting System (DEERS)
To DoD, to identify retired veterans and dependent members of their families who have entitlement to DoD benefits but who are not identified in the Department of Defense Enrollment Eligibility Reporting System (DEERS) program and to assist in determining eligibility for Civilian Health and Medical Program of the Uniformed Services (CHAMPUS) benefits, provided that information disclosed is the name, address, VA file number, date of birth, date of death, social security number, and service information. This purpose is consistent with 38 U.S.C. 5701.
11. Federal Agencies, for Research
To a Federal agency for the purpose of conducting research and data analysis to perform a statutory purpose of that Federal agency upon the prior written request of that agency.
12. Nonprofits, for RONA
To a nonprofit organization if the release is directly connected with the conduct of programs and the utilization of benefits under title 38, provided that the disclosure is limited the names and addresses of present or former members of the armed services or their beneficiaries, the records will not be used for any purpose other than that stated in the request, and the organization is aware of the penalty provision of 38 U.S.C. 5701(f).
13. Federal Agencies, for Computer Matches
To other Federal agencies in accordance with a computer matching program to determine or verify eligibility of veterans receiving VA benefits or medical care under title 38.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are transmitted between DMDC and VA over a dedicated telecommunications circuit using approved encryption technologies. Records (or information contained in records) are maintained in electronic format in the VADIR Oracle database. These records cannot be directly accessed by any VA employee or other users. Information from VADIR is disseminated in three ways: (1) Approved VA systems electronically request and receive data from VADIR, (2) data is replicated via secure link between VADIR and DMDC, and (3) periodic electronic data extracts of subsets of information contained in VADIR are provided to approved VA offices/systems. Backups of VADIR data are created regularly and stored in a secure undisclosed off-site facility.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrieved using various unique identifiers belonging to the individual to whom the information pertains to include such identifiers as name, claim file number, social security number and date of birth.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records in this system are retained indefinitely until a records retention schedule is approved by the Archivist of the United States. The records control for the VDR system hardware and user logs is GRS 4.2: Information Access and Protection Records Item 130 located www.archives.gov/records-mgmt/grs.html.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Physical Security: The primary VADIR system is located in an undisclosed location for security purposes. Access to data processing centers is generally restricted to VA employees, VADIR custodial personnel, Federal Protective Service, and other security personnel. Access to computer rooms is restricted AWS staff.
System Security: Access to the VA network is protected by the usage of two factor authentication. Once on the VA network, two factor authentication is required to gain access to the VADIR server and/or database. Access to the server and/or database is granted to only a limited number of system administrators and database administrators approved by the System Manager. In addition, VADIR has undergone assessment and authorization based on a risk assessment that followed National Institute of Standards and Technology Vulnerability and Threat Guidelines. The system is considered stable and operational and a final Authority to Operate (ATO) has been granted and is updated annually. The system was found to be operationally secure, with very few exceptions or recommendations for change.
RECORD ACCESS PROCEDURES:
Individuals seeking information on the existence and content of records in this system pertaining to them should contact the VA Privacy Service, 810 Vermont Avenue NW, (005X6F), Washington, DC 20420, in writing as indicated above. The VA Privacy Officer will route the request to the System Manager. A request for access to records must contain the requester's full name, address, telephone number, be signed by the requester, include copy of government issued ID for verification, and describe the records sought in sufficient detail to enable VA personnel to locate them.
CONTESTING RECORD PROCEDURES:
[top] Individuals seeking to contest or amend records in this system pertaining to them should contact the system manager in writing as indicated above. A request to contest or amend records must state clearly and concisely what record is being contested, the reasons for contesting it, and the proposed amendment to the record. Additionally, to the extent that information contested is identified as data provided by DMDC, which is part of the Defense Logistics Agency (DLA), the DLA rules for accessing records, for contesting contents, and appealing initial agency determinations are contained in 32 CFR part 323, or may be obtained from the Privacy Act Officer, Headquarters, Defense Logistics Agency, ATTN: DES-B, 8725 John J. Kingman Road, Stop 6220, Fort Belvoir, VA 22060-6221.
NOTIFICATION PROCEDURES:
Generalized notice is provided by the publication of this notice. For specific notice, see Record Access Procedure, above.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
74 FR 37093 (July 27, 2009); 87 FR 79066 (December 23, 2022).
[FR Doc. 2024-28959 Filed 12-9-24; 8:45 am]
BILLING CODE 8320-01-P