Privacy Act of 1974; System of Records, 41190-41192 [E9-19489]
Download as PDF
<![CDATA[
mstockstill on DSKH9S0YB1PROD with NOTICES
41190
Federal Register / Vol. 74, No. 156 / Friday, August 14, 2009 / Notices
agencies to take this opportunity to
comment on a continuing information
collection, as required by the Paperwork
Reduction Act of 1995. An agency may
not conduct or sponsor, and a
respondent is not required to respond
to, an information collection unless it
displays a currently valid OMB control
number. The OCC is soliciting comment
concerning its information collection
titled, ‘‘Bank Activities and
Operations.’’ The OCC also gives notice
that it has sent the information
collection to the Office of Management
and Budget (OMB).
DATES: You should submit written
comments by September 14, 2009.
ADDRESSES: Communications Division,
Office of the Comptroller of the
Currency, Mailstop 2–3, Attention:
1557–0204, 250 E Street, SW.,
Washington, DC 20219. In addition,
comments may be sent by fax to (202)
874–5274, or by electronic mail to
regs.comments@occ.treas.gov. You may
personally inspect and photocopy
comments at the OCC, 250 E Street,
SW., Washington, DC. For security
reasons, the OCC requires that visitors
make an appointment to inspect
comments. You may do so by calling
(202) 874–4700. Upon arrival, visitors
will be required to present valid
government-issued photo identification
and to submit to security screening in
order to inspect and photocopy
comments.
Additionally, you should send a copy
of your comments to OCC Desk Officer,
1557–0204, by mail to U.S. Office of
Management and Budget, 725 17th
Street, NW., #10235, Washington, DC
20503, or by fax to (202) 395–6974.
FOR FURTHER INFORMATION CONTACT: You
can request additional information or a
copy of the collection from Mary H.
Gottlieb, OCC Clearance Officer, (202)
874–5090, Legislative and Regulatory
Activities Division, Office of the
Comptroller of the Currency, 250 E
Street, SW., Washington, DC 20219.
SUPPLEMENTARY INFORMATION: The OCC
is proposing to extend OMB approval,
without change, of the following
information collection:
Title: Bank Activities and
Operations—12 CFR 7.
OMB Control No.: 1557–0204.
Description: This submission covers
an existing regulation and involves no
change to the regulation or to the
information collection requirements.
The OCC requests only that OMB extend
its approval of the information
collection.
The information collection
requirements ensure that national banks
conduct their operations in a safe and
VerDate Nov<24>2008
16:27 Aug 13, 2009
Jkt 217001
sound manner and in accordance with
applicable Federal banking statutes and
regulations. The information is
necessary for regulatory and
examination purposes.
The information collection
requirements in part 7 are as follows:
• 12 CFR 7.1000(d)(1) (National bank
ownership of property—Lease financing
of public facilities): National bank lease
agreements must provide that the lessee
will become the owner of the building
or facility upon the expiration of the
lease.
• 12 CFR 7.1014 (Sale of money
orders at non-banking outlets): A
national bank may designate bonded
agents to sell the bank’s money orders
at non-banking outlets. The
responsibility of both the bank and its
agent should be defined in a written
agreement setting forth the duties of
both parties and providing for
remuneration of the agent.
• 12 CFR 7.2000(b) (Corporate
governance procedures—Other sources
of guidance): A national bank shall
designate in its bylaws the body of law
selected for its corporate governance
procedures.
• 12 CFR 7.2004 (Honorary directors
or advisory boards): Any listing of a
national bank’s honorary or advisory
directors must distinguish between
them and the bank’s board of directors
or indicate their advisory status.
• 12 CFR 7.2014(b) (Indemnification
of institution-affiliated parties—
Administrative proceeding or civil
actions not initiated by a Federal
banking agency): A national bank shall
designate in its bylaws the body of law
selected for making indemnification
payments.
• 12 CFR 7.2024(a) (Staggered terms
for national bank directors): Any
national bank may adopt bylaws that
provide for staggering the terms of its
directors. National banks shall provide
the OCC with copies of any bylaws so
amended.
• 12 CFR 7.2024(c) (Size of bank
board): A national bank seeking to
increase the number of its directors
must notify the OCC any time the
proposed size would exceed 25
directors.
Type of Review: Extension of a
currently approved collection.
Affected Public: Businesses or other
for-profit.
Estimated Number of Respondents:
1,300.
Estimated Total Annual Responses:
1,300.
Estimated Total Annual Burden: 418
hours.
Frequency of Response: On occasion.
PO 00000
Frm 00083
Fmt 4703
Sfmt 4703
The OCC issued a 60-day notice for
comment on May 8, 2009. 74 FR 21739.
No comments were received. Comments
continue to be invited on:
(a) Whether the collection of
information is necessary for the proper
performance of the functions of the
agency, including whether the
information has practical utility;
(b) The accuracy of the agency’s
estimate of the burden of the collection
of information;
(c) Ways to enhance the quality,
utility, and clarity of the information to
be collected;
(d) Ways to minimize the burden of
the collection on respondents, including
through the use of automated collection
techniques or other forms of information
technology; and
(e) Estimates of capital or startup costs
and costs of operation, maintenance,
and purchase of services to provide
information.
Dated: August 10, 2009.
Michele Meyer,
Assistant Director, Legislative and Regulatory
Activities Division.
[FR Doc. E9–19477 Filed 8–13–09; 8:45 am]
BILLING CODE 4810–33–P
DEPARTMENT OF VETERANS
AFFAIRS
Privacy Act of 1974; System of
Records
AGENCY:
Department of Veterans Affairs
(VA).
ACTION: Notice of Amendment of
Systems of Records Notice ‘‘Customer
User Provisioning System (CUPS)–VA’’
(87VA005OP).
SUMMARY: As required by the Privacy
Act of 1974 (5 U.S.C. 552a(e)(4)), notice
is hereby given that the Department of
Veterans Affairs (VA), is amending the
system of records entitled ‘‘Customer
User Provisioning System (CUPS)–VA’’
(87VA005OP) as set forth in 69 FR
18436. VA is amending the system of
records by revising the system name,
category of records, and the routine uses
in the system. VA is re-publishing the
system notice in its entirety.
DATES: Comments on this amended
system of records must be received no
later than September 14, 2009. If no
public comment is received during the
period allowed for comment or unless
otherwise published in the Federal
Register by VA, the amended system
will become effective September 14,
2009.
ADDRESSES: Written comments may be
submitted through https://
E:\FR\FM\14AUN1.SGM
14AUN1
mstockstill on DSKH9S0YB1PROD with NOTICES
Federal Register / Vol. 74, No. 156 / Friday, August 14, 2009 / Notices
www.Regulations.gov; by mail or handdelivery to the Director, Regulations
Management (02REG), Department of
Veterans Affairs, 810 Vermont Ave.,
NW., Room 1068, Washington, DC
20420; or by fax to (202) 273–9026.
Copies of comments received will be
available for public inspection in the
Office of Regulation Policy and
Management, Room 1063B, between the
hours of 8 a.m. and 4:30 p.m. Monday
through Friday (except holidays). Please
call (202) 461–4902 (this is not a toll
free number) for an appointment. In
addition, during the comment period,
comments may be viewed online
through the Federal Docket Management
System (FDMS).
FOR FURTHER INFORMATION CONTACT:
Alvin J. Donnell, Chief, Systems
Security Division, Corporate Data Center
Operations (CDCO), Department of
Veterans Affairs, 1615 Woodward
Street, Austin, Texas 78772, telephone
(512) 326–6006.
SUPPLEMENTARY INFORMATION:
Background: CDCO is the largest data
center in the Department of Veterans
Affairs. In order to record and track
system access to the computers operated
and maintained by this organization,
CDCO must maintain a current list of all
VA employees, employees of other
government agencies, and authorized
contractor personnel who require access
to this computer resources, in
accordance with Federal computer
security requirements.
In this system of record, the name is
amended to reflect the name of the new
system. The new system name is
Customer User Provisioning System
(CUPS). CUPS replaces the Automated
Customer Registration System (ACRS)
effective January 5, 2009.
The Category of Records in the
System is amended to reflect the records
in this system, in both paper and
electronic form, will not include the
social security numbers of personnel
who have requested and gained access
to the automated resources at CDCO. In
addition to deleting the Social Security
number, the individual’s log-on ID for
their local area network will be
included in the record, which is used as
the unique identifier in lieu of the
Social Security number. The records
will include the name, business address
and telephone number, job title and
information relating to data file and
computer system access permissions
granted to that individual.
Routine Uses numbers 8–14 have
been added per the requirement of the
Department and for further clarification
of disclosures that VA may make to
VerDate Nov<24>2008
16:27 Aug 13, 2009
Jkt 217001
individuals, agencies and third party
entities.
The Report of Intent to Amend a
System of Records notice and an
advance copy of the system notice have
been sent to the appropriate
Congressional committees and to the
Director of Office of Management and
Budget (OMB) as required by 5 U.S.C.
552a(r) (Privacy Act) and guidelines
issued by OMB (65 FR 77677),
December 12, 2000.
Dated: July 28, 2009.
Approved:
John R. Gingrich,
Chief of Staff, Department of Veterans Affairs.
SYSTEM NUMBER:
87VA005OP
SYSTEM NAME:
Customer User Provisioning System—
VA.
SYSTEM LOCATION:
The automated records are
maintained by the Corporate Data
Center Operations, 1615 Woodward
Street, Austin, TX 78772. The paper
records will be maintained at each VA
field station that has a responsibility for
CUPS input.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
All Department of Veterans Affairs
employees, employees of other
government agencies, and authorized
contractor personnel who have
requested and have been granted access
to the automated resources of the VA
Corporate Data Center Operations
(CDCO).
CATEGORIES OF RECORDS IN THE SYSTEM:
The records in this system, in both
paper and electronic form, will include
the names and network user-ID of all
personnel who have requested and been
granted access to the automated
resources at the CDCO. The records will
also include business address and
telephone number, job title, and
information relating to data file and
computer system access permissions
granted to that individual.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Title 38, United States Code, Section
501.
PURPOSE(S):
The purpose of this system of records
is to allow the CDCO in Austin, Texas,
to maintain a current list of all VA
employees, employees of other
government agencies, and authorized
contractor personnel who require access
to the computer resources of the CDCO,
PO 00000
Frm 00084
Fmt 4703
Sfmt 4703
41191
in accordance with Federal computer
security requirements.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
THE PURPOSES OF SUCH USES:
1. At the initiative of VA, pertinent
information may be disclosed to
appropriate Federal, State or local
agencies responsible for investigating,
prosecuting, enforcing or implementing
statutes, rules, regulations or orders,
where VA becomes aware of an
indication of a violation or potential
violation of civil or criminal law or
regulation.
2. Disclosure of specific information
may be made to a Federal agency, in
response to its request, to the extent that
the information requested is relevant
and necessary to the requesting agency’s
decision in connection with hiring or
retaining an employee, issuing a
security clearance, conducting a
security or suitability investigation on
an individual, classifying jobs, awarding
a contract or issuing a license, grant or
other benefit.
3. Disclosure of information may be
made to officials of the Merit Systems
Protection Board, including the Office of
the Special Counsel, the Federal Labor
Relations Authority and its General
Counsel or the Equal Employment
Opportunity Commission, when
requested in performance of their
authorized duties, and the request is not
in connection with a law enforcement
investigation.
4. The record of an individual who is
covered by this system or records may
be disclosed to a member of Congress,
or staff person acting for the member
when the member or staff person
requests the record on behalf of and at
the written request of that individual.
5. Disclosure may be made to the
National Archives and Records
Administration and General Services
Administration for record management
inspections conducted under Authority
of Title 44 U.S.C.
6. VA may disclose information from
this system of records to the Department
of Justice (DoJ), either on VA’s initiative
or in response to DoJ’s request for the
information, after either VA or DoJ
determines that such information is
relevant to DoJ’s representation of the
United States or any of its components
in legal proceedings before a court or
adjudicative body, provided that, in
each case, the agency also determines
prior to disclosure that release of the
records to the DoJ is a use of the
information contained in the records
that is compatible with the purpose for
which VA collected the records. VA, on
its own initiative, may disclose records
E:\FR\FM\14AUN1.SGM
14AUN1
mstockstill on DSKH9S0YB1PROD with NOTICES
41192
Federal Register / Vol. 74, No. 156 / Friday, August 14, 2009 / Notices
in this system of records in legal
proceedings before a court or
administrative body after determining
that the disclosure of records to the
court or administrative body is a use of
the information contained in the records
that is compatible with the purpose for
which VA collected the records.
7. Disclosure of relevant information
may be made to individuals,
organizations, private or public
agencies, or other entities with whom
VA has a contract or agreement or where
there is a subcontract to perform such
services as VA may deem practicable for
the purposes of laws administered by
VA, in order for the contractor or
subcontractor to perform the services of
the contract or agreement.
8. VA may disclose on its own
initiative any information in this
system, except the names and home
addresses of veterans and their
dependents, that is relevant to a
suspected violation or reasonably
imminent violation of law, whether
civil, criminal or regulatory in nature
and whether arising by general or
program statute or by regulation, rule or
order issued pursuant thereto, to a
Federal, State, local, tribal, or foreign
agency charged with the responsibility
of investigating or prosecuting such
violation, or charged with enforcing or
implementing the statute, rule,
regulation or order. VA may also
disclose on its own initiative the names
and addresses of veterans with the
responsibility of investigating or
prosecuting civil, criminal, or regulatory
violations if law, or charged with
enforcing or implementing the statute
regulation, or order issued pursuant
thereto.
9. Disclosure to other Federal agencies
may be made to assist such agencies in
preventing and detecting possible fraud
or abuse by individuals in their
operations and programs.
10. VA may, on its own initiative,
disclose any information or records to
appropriate agencies, entities, and
persons when (1) VA suspects or has
confirmed that the integrity or
confidentiality of information in the
system of records has been
compromised; (2) VA has determined
that as a result of the suspected or
confirmed compromise, there is a risk of
embarrassment or harm to the
reputations of the record subjects, harm
to the economic or property interests,
identity theft or fraud, or harm to
security, confidentially, or integrity of
this system or other systems or
VerDate Nov<24>2008
16:27 Aug 13, 2009
Jkt 217001
programs (whether maintained by VA or
another agency or entity) that rely upon
the potentially compromised
information; and (3) the disclosure is to
agencies, entities, or persons whom VA
determines are reasonably necessary to
assist or carry out the VA’s efforts to
respond to the suspected or confirmed
compromise and prevent, minimize, or
remedy such harm. This routine use
permits disclosures by VA to respond to
a suspected or confirmed data breach,
including the conduct of any risk
analysis or provision of credit
protection services as provided in 38
U.S.C. 5724, as the terms are defined in
38 U.S.C. 5727.
POLICIES AND PRACTICES FOR STORING,
RETRIEVING, ACCESSING, RETAINING, AND
DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Each field station responsible for
inputting records into the system will
retain the original signed paper copies
of requests for system access in locked
containers. Data files supporting the
automated system are stored in a secure
area located at the CDCO. Data files are
stored on magnetic disk and, for
archival purposes, on magnetic tape.
RETRIEVABILITY:
Paper records are maintained in
alphabetical order by last name of the
requester. Automated records are
retrieved by individual name or by a
specific automated resource.
SAFEGUARDS:
Paper records in progress are
maintained in a manned room during
working hours. Paper records
maintained for archival purposes are
stored in locked containers until
needed. During non-working hours, the
paper records are kept in a locked
container in a secured area. Access to
the records is on a need-to-know basis
only. Access to the automated system is
via computer terminal; standard
security procedures, including a unique
customer identification code and
password combination, are used to limit
access to authorized personnel only.
Specifically, in order to obtain access to
the automated records contained in this
system of records, an individual must:
1. Have access to the automated
resources of the CDCO. An individual
may not self-register for this access.
Formal documentation of the request for
access, signed by the employee’s
supervisor, is required before an
individual may obtain such access.
Authorized customers are issued a
PO 00000
Frm 00085
Fmt 4703
Sfmt 4703
customer identification code and onetime password.
2. Be an authorized official of the
CUPS system. Only two individuals per
field station may be designated CUPS
officials with access to add, modify or
delete records from the system. These
individuals require a specific functional
task code in their customer profile; this
functional task can only be assigned by
the CDCO. A limited number of
supervisory or managerial employees
throughout VA will have read-only
access for the purpose of monitoring
CUPS activities.
RETENTION AND DISPOSAL:
Records will be maintained and
disposed of in accordance with the
records disposal authority approved by
the Archivist of the United States, the
National Archives and Records
Administration, and published in
Agency Records Control Schedules.
Paper records will be destroyed by
shredding or other appropriate means
for destroying sensitive information.
Automated storage records are retained
and destroyed in accordance with a
disposition authorization approved by
the Archivist of the United States.
SYSTEMS AND MANAGER(S) AND ADDRESS:
Officials responsible for policies and
procedures; Executive Director,
Corporate Data Center Operations, 1615
Woodward Street, Austin, Texas 78772.
The telephone number is (512) 326–
6000.
NOTIFICATION PROCEDURE:
Individuals who wish to determine
whether this system of records contains
information about them should contact
the Executive Director, Corporate Data
Center Operations, 1615 Woodward
Street, Austin, Texas 78772.
RECORD ACCESS PROCEDURE:
An individual who seeks access or
wishes to contest records maintained
under his or her name or other personal
identifier may write, call or visit the
system manager.
CONTESTING RECORD PROCEDURES:
(See Record Access Procedures
above.)
RECORD SOURCE CATEGORIES:
Individuals who have applied for and
been granted access permission to the
resources of the CDCO.
[FR Doc. E9–19489 Filed 8–13–09; 8:45 am]
BILLING CODE 8320–01–P
E:\FR\FM\14AUN1.SGM
14AUN1
]]>Agencies
[Federal Register Volume 74, Number 156 (Friday, August 14, 2009)]
[Notices]
[Pages 41190-41192]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E9-19489]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF VETERANS AFFAIRS
Privacy Act of 1974; System of Records
AGENCY: Department of Veterans Affairs (VA).
ACTION: Notice of Amendment of Systems of Records Notice ``Customer
User Provisioning System (CUPS)-VA'' (87VA005OP).
-----------------------------------------------------------------------
SUMMARY: As required by the Privacy Act of 1974 (5 U.S.C. 552a(e)(4)),
notice is hereby given that the Department of Veterans Affairs (VA), is
amending the system of records entitled ``Customer User Provisioning
System (CUPS)-VA'' (87VA005OP) as set forth in 69 FR 18436. VA is
amending the system of records by revising the system name, category of
records, and the routine uses in the system. VA is re-publishing the
system notice in its entirety.
DATES: Comments on this amended system of records must be received no
later than September 14, 2009. If no public comment is received during
the period allowed for comment or unless otherwise published in the
Federal Register by VA, the amended system will become effective
September 14, 2009.
ADDRESSES: Written comments may be submitted through https://
[[Page 41191]]
www.Regulations.gov; by mail or hand-delivery to the Director,
Regulations Management (02REG), Department of Veterans Affairs, 810
Vermont Ave., NW., Room 1068, Washington, DC 20420; or by fax to (202)
273-9026. Copies of comments received will be available for public
inspection in the Office of Regulation Policy and Management, Room
1063B, between the hours of 8 a.m. and 4:30 p.m. Monday through Friday
(except holidays). Please call (202) 461-4902 (this is not a toll free
number) for an appointment. In addition, during the comment period,
comments may be viewed online through the Federal Docket Management
System (FDMS).
FOR FURTHER INFORMATION CONTACT: Alvin J. Donnell, Chief, Systems
Security Division, Corporate Data Center Operations (CDCO), Department
of Veterans Affairs, 1615 Woodward Street, Austin, Texas 78772,
telephone (512) 326-6006.
SUPPLEMENTARY INFORMATION:
Background: CDCO is the largest data center in the Department of
Veterans Affairs. In order to record and track system access to the
computers operated and maintained by this organization, CDCO must
maintain a current list of all VA employees, employees of other
government agencies, and authorized contractor personnel who require
access to this computer resources, in accordance with Federal computer
security requirements.
In this system of record, the name is amended to reflect the name
of the new system. The new system name is Customer User Provisioning
System (CUPS). CUPS replaces the Automated Customer Registration System
(ACRS) effective January 5, 2009.
The Category of Records in the System is amended to reflect the
records in this system, in both paper and electronic form, will not
include the social security numbers of personnel who have requested and
gained access to the automated resources at CDCO. In addition to
deleting the Social Security number, the individual's log-on ID for
their local area network will be included in the record, which is used
as the unique identifier in lieu of the Social Security number. The
records will include the name, business address and telephone number,
job title and information relating to data file and computer system
access permissions granted to that individual.
Routine Uses numbers 8-14 have been added per the requirement of
the Department and for further clarification of disclosures that VA may
make to individuals, agencies and third party entities.
The Report of Intent to Amend a System of Records notice and an
advance copy of the system notice have been sent to the appropriate
Congressional committees and to the Director of Office of Management
and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy Act) and
guidelines issued by OMB (65 FR 77677), December 12, 2000.
Dated: July 28, 2009.
Approved:
John R. Gingrich,
Chief of Staff, Department of Veterans Affairs.
SYSTEM NUMBER:
87VA005OP
SYSTEM NAME:
Customer User Provisioning System--VA.
SYSTEM LOCATION:
The automated records are maintained by the Corporate Data Center
Operations, 1615 Woodward Street, Austin, TX 78772. The paper records
will be maintained at each VA field station that has a responsibility
for CUPS input.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
All Department of Veterans Affairs employees, employees of other
government agencies, and authorized contractor personnel who have
requested and have been granted access to the automated resources of
the VA Corporate Data Center Operations (CDCO).
CATEGORIES OF RECORDS IN THE SYSTEM:
The records in this system, in both paper and electronic form, will
include the names and network user-ID of all personnel who have
requested and been granted access to the automated resources at the
CDCO. The records will also include business address and telephone
number, job title, and information relating to data file and computer
system access permissions granted to that individual.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Title 38, United States Code, Section 501.
PURPOSE(S):
The purpose of this system of records is to allow the CDCO in
Austin, Texas, to maintain a current list of all VA employees,
employees of other government agencies, and authorized contractor
personnel who require access to the computer resources of the CDCO, in
accordance with Federal computer security requirements.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
1. At the initiative of VA, pertinent information may be disclosed
to appropriate Federal, State or local agencies responsible for
investigating, prosecuting, enforcing or implementing statutes, rules,
regulations or orders, where VA becomes aware of an indication of a
violation or potential violation of civil or criminal law or
regulation.
2. Disclosure of specific information may be made to a Federal
agency, in response to its request, to the extent that the information
requested is relevant and necessary to the requesting agency's decision
in connection with hiring or retaining an employee, issuing a security
clearance, conducting a security or suitability investigation on an
individual, classifying jobs, awarding a contract or issuing a license,
grant or other benefit.
3. Disclosure of information may be made to officials of the Merit
Systems Protection Board, including the Office of the Special Counsel,
the Federal Labor Relations Authority and its General Counsel or the
Equal Employment Opportunity Commission, when requested in performance
of their authorized duties, and the request is not in connection with a
law enforcement investigation.
4. The record of an individual who is covered by this system or
records may be disclosed to a member of Congress, or staff person
acting for the member when the member or staff person requests the
record on behalf of and at the written request of that individual.
5. Disclosure may be made to the National Archives and Records
Administration and General Services Administration for record
management inspections conducted under Authority of Title 44 U.S.C.
6. VA may disclose information from this system of records to the
Department of Justice (DoJ), either on VA's initiative or in response
to DoJ's request for the information, after either VA or DoJ determines
that such information is relevant to DoJ's representation of the United
States or any of its components in legal proceedings before a court or
adjudicative body, provided that, in each case, the agency also
determines prior to disclosure that release of the records to the DoJ
is a use of the information contained in the records that is compatible
with the purpose for which VA collected the records. VA, on its own
initiative, may disclose records
[[Page 41192]]
in this system of records in legal proceedings before a court or
administrative body after determining that the disclosure of records to
the court or administrative body is a use of the information contained
in the records that is compatible with the purpose for which VA
collected the records.
7. Disclosure of relevant information may be made to individuals,
organizations, private or public agencies, or other entities with whom
VA has a contract or agreement or where there is a subcontract to
perform such services as VA may deem practicable for the purposes of
laws administered by VA, in order for the contractor or subcontractor
to perform the services of the contract or agreement.
8. VA may disclose on its own initiative any information in this
system, except the names and home addresses of veterans and their
dependents, that is relevant to a suspected violation or reasonably
imminent violation of law, whether civil, criminal or regulatory in
nature and whether arising by general or program statute or by
regulation, rule or order issued pursuant thereto, to a Federal, State,
local, tribal, or foreign agency charged with the responsibility of
investigating or prosecuting such violation, or charged with enforcing
or implementing the statute, rule, regulation or order. VA may also
disclose on its own initiative the names and addresses of veterans with
the responsibility of investigating or prosecuting civil, criminal, or
regulatory violations if law, or charged with enforcing or implementing
the statute regulation, or order issued pursuant thereto.
9. Disclosure to other Federal agencies may be made to assist such
agencies in preventing and detecting possible fraud or abuse by
individuals in their operations and programs.
10. VA may, on its own initiative, disclose any information or
records to appropriate agencies, entities, and persons when (1) VA
suspects or has confirmed that the integrity or confidentiality of
information in the system of records has been compromised; (2) VA has
determined that as a result of the suspected or confirmed compromise,
there is a risk of embarrassment or harm to the reputations of the
record subjects, harm to the economic or property interests, identity
theft or fraud, or harm to security, confidentially, or integrity of
this system or other systems or programs (whether maintained by VA or
another agency or entity) that rely upon the potentially compromised
information; and (3) the disclosure is to agencies, entities, or
persons whom VA determines are reasonably necessary to assist or carry
out the VA's efforts to respond to the suspected or confirmed
compromise and prevent, minimize, or remedy such harm. This routine use
permits disclosures by VA to respond to a suspected or confirmed data
breach, including the conduct of any risk analysis or provision of
credit protection services as provided in 38 U.S.C. 5724, as the terms
are defined in 38 U.S.C. 5727.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Each field station responsible for inputting records into the
system will retain the original signed paper copies of requests for
system access in locked containers. Data files supporting the automated
system are stored in a secure area located at the CDCO. Data files are
stored on magnetic disk and, for archival purposes, on magnetic tape.
RETRIEVABILITY:
Paper records are maintained in alphabetical order by last name of
the requester. Automated records are retrieved by individual name or by
a specific automated resource.
SAFEGUARDS:
Paper records in progress are maintained in a manned room during
working hours. Paper records maintained for archival purposes are
stored in locked containers until needed. During non-working hours, the
paper records are kept in a locked container in a secured area. Access
to the records is on a need-to-know basis only. Access to the automated
system is via computer terminal; standard security procedures,
including a unique customer identification code and password
combination, are used to limit access to authorized personnel only.
Specifically, in order to obtain access to the automated records
contained in this system of records, an individual must: 1. Have access
to the automated resources of the CDCO. An individual may not self-
register for this access. Formal documentation of the request for
access, signed by the employee's supervisor, is required before an
individual may obtain such access. Authorized customers are issued a
customer identification code and one-time password.
2. Be an authorized official of the CUPS system. Only two
individuals per field station may be designated CUPS officials with
access to add, modify or delete records from the system. These
individuals require a specific functional task code in their customer
profile; this functional task can only be assigned by the CDCO. A
limited number of supervisory or managerial employees throughout VA
will have read-only access for the purpose of monitoring CUPS
activities.
RETENTION AND DISPOSAL:
Records will be maintained and disposed of in accordance with the
records disposal authority approved by the Archivist of the United
States, the National Archives and Records Administration, and published
in Agency Records Control Schedules. Paper records will be destroyed by
shredding or other appropriate means for destroying sensitive
information. Automated storage records are retained and destroyed in
accordance with a disposition authorization approved by the Archivist
of the United States.
SYSTEMS AND MANAGER(S) AND ADDRESS:
Officials responsible for policies and procedures; Executive
Director, Corporate Data Center Operations, 1615 Woodward Street,
Austin, Texas 78772. The telephone number is (512) 326-6000.
NOTIFICATION PROCEDURE:
Individuals who wish to determine whether this system of records
contains information about them should contact the Executive Director,
Corporate Data Center Operations, 1615 Woodward Street, Austin, Texas
78772.
RECORD ACCESS PROCEDURE:
An individual who seeks access or wishes to contest records
maintained under his or her name or other personal identifier may
write, call or visit the system manager.
CONTESTING RECORD PROCEDURES:
(See Record Access Procedures above.)
RECORD SOURCE CATEGORIES:
Individuals who have applied for and been granted access permission
to the resources of the CDCO.
[FR Doc. E9-19489 Filed 8-13-09; 8:45 am]
BILLING CODE 8320-01-P
