Privacy Act of 1974; System of Records, 3787-3790 [2010-1180]

Agencies

• DEPARTMENT OF VETERANS AFFAIRS

[Federal Register Volume 75, Number 14 (Friday, January 22, 2010)]
[Notices]
[Pages 3787-3790]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2010-1180]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Department of Veterans Affairs (VA).

ACTION: Notice of establishment of new System of Records.

-----------------------------------------------------------------------

SUMMARY: The Privacy Act of 1974 (5 U.S.C. 552(e) (4)) requires that 
all agencies publish in the Federal Register a notice of the existence 
and character of their systems of records. Notice is hereby given that 
the Department of Veterans Affairs (VA) is establishing a new system of 
records entitled ``All Employee Survey'' (160VA10A2).

DATES: Comments on this new system of records must be received no later 
than February 22, 2010. If no public comment is received, the new 
system will become effective February 22, 2010.

ADDRESSES: Written comments may be submitted through https://www.Regulations.gov; by mail or hand-delivery to Director, Regulations 
Management (02REG), Department of Veterans Affairs, 810 Vermont Avenue, 
NW., Room 1068, Washington, DC 20420; or by fax to (202) 273-9026. 
Comments received will be available for public inspection in the Office 
of Regulation Policy and Management, Room 1063B, between the hours of 8 
a.m. and 4:30 p.m., Monday through Friday (except holidays). Please 
call (202) 461-4902 (this is not a toll-free number) for an 
appointment. In addition, during the comment period, comments may be 
viewed online through the Federal Docket Management System (FDMS) at 
https://www.Regulations.gov.

FOR FURTHER INFORMATION CONTACT: Diana Rogers, Department of Veterans 
Affairs, VHA HPDM Program Office, 55 N. Robinson Ave., Oklahoma City, 
OK 73102; telephone (405) 552-4336.

SUPPLEMENTARY INFORMATION: 

I. Description of Proposed Systems of Records

    The All Employee Survey (AES) is a data repository that stores all 
data gathered from the administration of the AES taken by VA employees.

II. Proposed Routine Use Disclosures of Data in the System

    We are proposing to establish the following Routine Use disclosures 
of information maintained in the system:
    To the extent that records contained in the system include 
information protected by 38 U.S.C. 7332, i.e., medical treatment 
information related to drug abuse, alcoholism or alcohol abuse, sickle 
cell anemia or infection with the human immunodeficiency virus, that 
information cannot de disclosed under a routine use unless there is 
also specific statutory authority permitting disclosure.
    1. The record of an individual who is covered by a system of 
records may be disclosed to a Member of Congress, or a staff person 
acting for the Member, when the Member or staff person requests the 
record on behalf of and at the written request of the individual.
    VA must be able to provide information about individuals to 
adequately respond to inquiries from Members of Congress at the request 
of constituents who have sought their assistance.
    2. Disclosure may be made to the National Archives and Records 
Administration and the General Services Administration (GSA) in records 
management inspections conducted under authority of Title 44, Chapter 
29, of the United States Code (U.S.C.).
    NARA and GSA are responsible for management of old records no 
longer actively used, but which may be appropriate for preservation, 
and for the physical maintenance of the Federal government's records. 
VA must be able to provide the records to NARA and GSA in order to 
determine the proper disposition of such records.
    3. VA may disclose information from this system of records to the 
Department of Justice (DoJ), either on VA's initiative or in response 
to DoJ's request for the information, after either VA or DoJ determines 
that such information is

[[Page 3788]]

relevant to DoJ's representation of the United States or any of its 
components in legal proceedings before a court or adjudicative body, 
provided that, in each case, the agency also determines prior to 
disclosure that release of the records to DoJ is a use of the 
information contained in the records that is compatible with the 
purpose for which VA collected the records. VA, on its own initiative, 
may disclose records in this system of records in legal proceedings 
before a court or administrative body after determining that the 
disclosure of the records to the court or administrative body is a use 
of the information contained in the records that is compatible with the 
purpose for which VA collected the records.
    VA must be able to provide information to DoJ in litigation where 
the United States or any of its components is involved or has an 
interest. A determination would be made in each instance that under the 
circumstances involved, the purpose is compatible with the purpose for 
which VA collected the information. This routine use is distinct from 
the authority to disclose records in response to a court order under 
subsection (b)(11) of the Privacy Act, 5 U.S.C. 552(b)(11), or any 
other provision of subsection (b), in accordance with the court's 
analysis in Doe v. DiGenova, 779 F.2d 74, 78-84 (D.C. Cir. 1985) and 
Doe v. Stephens, 851 F.2d 1457, 1465-67 (D.C. Cir. 1988).
    4. Disclosure of relevant information may be made to individuals, 
organizations, private or public agencies, or other entities with whom 
VA has a contract or agreement, or where there is a subcontract to 
perform such services as VA may deem practicable for the purposes of 
laws administered by VA, in order for the contractor or subcontractor 
to perform the services of the contract or agreement.
    This routine use, which also applies to agreements that do not 
qualify as contracts defined by Federal procurement laws and 
regulations, is consistent with Office of Management and Budget (OMB) 
guidance in OMB Circular A-130, App. I, paragraph 5a(1)(b) that 
agencies promulgate routine uses to address disclosure of Privacy Act-
protected information to contractors in order to perform the services 
contracts for the agency.
    5. VA may disclose on its own initiative any information in the 
system, except the names and home addresses of veterans and their 
dependents, that is relevant to a suspected or reasonably imminent 
violation of the law, whether civil, criminal, or regulatory in nature 
and whether arising by general or program statute or by regulation, 
rule, or order issued pursuant thereto, to a Federal, State, local, 
tribal, or foreign agency charged with the responsibility of 
investigating or prosecuting such violation, or charged with enforcing 
or implementing the statute, regulation, rule, or order. VA may also 
disclose on its own initiative the names and addresses of veterans and 
their dependents to a Federal agency charged with the responsibility of 
investigating or prosecuting civil, criminal, or regulatory violations 
of law, or charged with enforcing or implementing the statute, 
regulation, or order issued pursuant thereto.
    VA must be able to provide on its own initiative information that 
pertains to a violation of laws to law enforcement authorities in order 
for them to investigate and enforce those laws. Under 38 U.S.C. 5701(a) 
and (f), VA may only disclose the names and addresses of veterans and 
their dependents to Federal entities with law enforcement 
responsibilities. This is distinct from the authority to disclose 
records in response to a qualifying request from a law enforcement 
entity, as authorized by Privacy Act subsection 5 U.S.C. 552a(b)(7).
    6. Disclosure to other Federal agencies may be made to assist such 
agencies in preventing and detecting possible fraud or abuse by 
individuals in their operations and programs.
    This routine use permits disclosures by the Department to report a 
suspected incident of identity theft and provide information or 
documentation related to or in support of the reported incident.
    7. VA may, on its own initiative, disclose any information or 
records to appropriate agencies, entities, and persons when (1) VA 
suspects or has confirmed that the integrity or confidentiality of 
information in the system of records has been compromised; (2) the 
Department has determined that as a result of the suspected or 
confirmed compromise, there is a risk of embarrassment or harm to the 
reputations of the record subjects, harm to economic or property 
interests, identity theft or fraud, or harm to the security, 
confidentiality, or integrity of this system or other systems or 
programs (whether maintained by the Department or another agency or 
entity) that rely upon the potentially compromised information; and (3) 
the disclosure is to agencies, entities, or persons whom VA determines 
are reasonably necessary to assist or carry out the Department's 
efforts to respond to the suspected or confirmed compromise and 
prevent, minimize, or remedy such harm. This routine use permits 
disclosures by the Department to respond to a suspected or confirmed 
data breach, including the conduct of any risk analysis or provision of 
credit protection services as provided in 38 U.S.C. 5724, as the terms 
are defined in 38 U.S.C. 5727.

III. Compatibility of the Proposed Routine Uses

    The Privacy Act permits VA to disclose information about 
individuals without their consent for a routine use when the 
information will be used for a purpose that is compatible with the 
purpose for which we collected the information. In all of the routine 
use disclosures described above, the recipient of the information will 
use the information in connection with a matter relating to one of VA's 
programs, will use the information to provide a benefit to VA, or 
disclosure is required by law.
    The notice of intent to publish and an advance copy of the system 
notice have been sent to the appropriate Congressional committees and 
to the Director of the Office of Management and Budget (OMB) as 
required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB 
(65 FR 77677), December 12, 2000.

    Approved: December 30, 2009.
John R. Gingrich,
Chief of Staff, Department of Veterans Affairs.
SOR 160VA10A2

SYSTEM NAME:
    All Employee Survey-VA.

SYSTEM LOCATION:
    Records are maintained at the North Little Rock Campus, 2200 Fort 
Roots Drive, Little Rock Arkansas, 72114. A copy of the system data is 
saved on CD and stored at the VHA HPDM Program Office, 55 N. Robinson 
Avenue, Suite 1061, Oklahoma City, OK 73102.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The records include information concerning all VHA employees.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records may include information related to:
    1. All Employee Survey responses by work group.
     7 digit work group organization code.
     Work group code identifies a valid Veterans Affairs 
organizational work unit.
     These identification codes will identify work units rather 
than specific individuals. VA will provide a table of approximately 
15,000 to 40,000 valid

[[Page 3789]]

work group organization codes prior to survey administration.
    2. All Employee Survey responses by demographics.
     Gender.
     Age in groups of decades.
     Race.
     National origin.
     Incumbency in VA.
     Level of supervisory responsibility.
    3. All Employee Survey responses by national function file.
     Category of workgroup--the VistA clinical function file 
with increased granularity of administrative functions.
     There are 100 entries to categorize workgroups.
    4. All Employee Survey responses by occupational group.
     This is a three digit code to categorize occupations. It 
is provided to each individual respondent.
     There are just under 100 codes; they are not job 
occupation series codes. It is a code developed for the All Employee 
Survey.
    5. All Employee Survey responses by question and modality.
     The response is provided by the interactive Web-based 
survey, telephone or paper submission and response type captured.
    6. All Employee Survey responses by organization and sub 
organization title, type and function.
     The workgroup identifies organization, sub organization if 
applicable, organization type and function for which the response is 
provided.
    7. All Employee Survey responses by response rate.
     Responses are stored at the individual level, response 
rates are reported at the work unit lowest level, then hierarchically 
rolled upward in summary totals to the next level within the 
organization. The hierarchy is based on the organization structure 
(facility and parents) and the 7 digit work group organization code.
     Reporting of response data follows the rule of 10 for any 
response. Any response data for any values that are less than 10 will 
never be released from the data repository.
    8. All Employee Survey responses by date and time survey taken.
     Date and time response submitted.
    9. All Employee Survey responses by factors.
     Job satisfaction index.
     Organization assessment inventory.
     Organization culture assessment.
     And demographic data.

Authority for maintenance of the system:
    Title 38, United States Code, section 501a.

PURPOSE(S):
    The records and information may be used for analysis of employee 
satisfaction on quality and quantity of work, personal safety, 
promotion and training opportunity, fair and equitable treatment, work/
family balance. Data validation, evaluation of personnel/organizational 
management and staffing satisfaction and culture, including workforce 
effectiveness are shared to facilities. Action plans, development of 
goals and follow-up performance measures are developed as a result.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    To the extent that records contained in the system include 
information protected by 45 CFR parts 160 and 164, i.e., individually 
identifiable health information, and 38 U.S.C. 7332, i.e., medical 
treatment information related to drug abuse, alcoholism or alcohol 
abuse, sickle cell anemia or infection with the human immunodeficiency 
virus, that information cannot be disclosed under a routine use unless 
there is also specific statutory authority in 38 U.S.C. 7332 and 
regulatory authority in 45 CFR parts 160 and 164 permitting disclosure.
    1. The record of an individual who is covered by a system of 
records may be disclosed to a Member of Congress, or a staff person 
acting for the Member, when the Member or staff person requests the 
record on behalf of and at the written request of the individual.
    2. Disclosure may be made to the National Archives and Records 
Administration (NARA) and the General Services Administration (GSA) in 
records management inspections conducted under authority of Title 44, 
Chapter 29, of the United States Code (U.S.C.).
    3. VA may disclose information from this system of records to the 
Department of Justice (DoJ), either on VA's initiative or in response 
to DoJ's request for the information, after either VA or DoJ determines 
that such information is relevant to DoJ's representation of the United 
States or any of its components in legal proceedings before a court or 
adjudicative body, provided that, in each case, the agency also 
determines prior to disclosure that release of the records to the DoJ 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records. VA, on its own 
initiative, may disclose records in this system of records in legal 
proceedings before a court or administrative body after determining 
that the disclosure of the records to the court or administrative body 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records.
    4. Disclosure of relevant information may be made to individuals, 
organizations, private or public agencies, or other entities with whom 
VA has a contract or agreement or where there is a subcontract to 
perform such services as VA may deem practicable for the purposes of 
laws administered by VA, in order for the contractor or subcontractor 
to perform the services of the contract or agreement.
    5. VA may disclose on its own initiative any information in the 
system, except the names and home addresses of veterans and their 
dependents, that is relevant to a suspected or reasonably imminent 
violation of the law whether civil, criminal, or regulatory in nature 
and whether arising by general or program statute or by regulation, 
rule, or order issued pursuant thereto, to a Federal, State, local, 
tribal, or foreign agency charged with the responsibility of 
investigating or prosecuting such violation, or charged with enforcing 
or implementing the statute, regulation, rule, or order. VA may also 
disclose on its own initiative the names and addresses of veterans and 
their dependents to a Federal agency charged with the responsibility of 
investigating or prosecuting civil, criminal, or regulatory violations 
of law, or charged with enforcing or implementing the statute, 
regulation, or order issued pursuant thereto.
    6. Disclosure to other Federal agencies may be made to assist such 
agencies in preventing and detecting possible fraud or abuse by 
individuals in their operations and programs.
    7. VA may, on its own initiative, disclose any information or 
records to appropriate agencies, entities, and persons when (1) VA 
suspects or has confirmed that the integrity or confidentiality of 
information in the system of records has been compromised; (2) the 
Department has determined that as a result of the suspected or 
confirmed compromise, there is a risk of embarrassment or harm to the 
reputations of the record subjects, harm to economic or property 
interests, identity theft or fraud, or harm to the security, 
confidentiality, or integrity of this system or other systems or 
programs (whether maintained by the Department or another agency or 
entity) that rely upon the potentially compromised information; and (3) 
the disclosure is to agencies, entities, or persons whom VA determines 
are reasonably necessary to assist or carry out the Department's 
efforts to respond to the suspected or confirmed

[[Page 3790]]

compromise and prevent, minimize, or remedy such harm. This routine use 
permits disclosures by the Department to respond to a suspected or 
confirmed data breach, including the conduct of any risk analysis or 
provision of credit protection services as provided in 38 U.S.C. 5724, 
as the terms are defined in 38 U.S.C. 5727.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    Records are maintained on HPDM1 Server in Little Rock, Arkansas and 
on compact disk in the High Performance Development Model server room 
safe in Oklahoma City, Oklahoma.

Retrievability:
    Records may be retrieved by organization, name, or other assigned 
identifiers of the individuals on whom they are maintained.

SAFEGUARDS:
    1. Access to VA working and storage areas is restricted to VA 
employees on a ``need-to-know'' basis; strict control measures are 
enforced to ensure that disclosure to these individuals is also based 
on this same principle. Generally, VA file areas are locked after 
normal duty hours and the facilities are protected from outside access 
by the Federal Protective Service or other security personnel.
    2. Access to computer rooms at health care facilities is generally 
limited by appropriate locking devices and restricted to authorized VA 
employees and vendor personnel. Automatic Data Processing peripheral 
devices are placed in secure areas. Access to information stored on 
automated storage media at other VA locations is controlled by 
individually unique passwords/codes employees are limited to only that 
information in the file which is needed in the performance of their 
official duties.
    3. Access to the Little Rock Campus Servers is restricted to Center 
employees, Federal Protective Service and other security personnel. 
Access to computer rooms is restricted to authorized operational 
personnel through electronic scanning and locking devices. All other 
persons gaining access to computer rooms are escorted after identity 
verification and log entry to track person, date, time in, and time out 
of the room. Information stored in the computer may be accessed by 
authorized VA employees at remote locations including VA health care 
facilities, Information Systems Centers, VA Central Office, and Veteran 
Integrated Service Networks. Access is controlled by individually 
unique passwords/codes which must be changed periodically by the 
employee. The CD is stored in the VHA HPDM Corporate Office server room 
in Oklahoma City, Oklahoma and is accessible by restricted, authorized 
personnel through electronic scanning and locking devices. The CD is 
stored in a safe in the server room accessible by the Security Officer 
and Infrastructure Chief.

RETENTION AND DISPOSAL:
    Paper records are scanned and digitized for viewing electronically 
and are destroyed after they have been scanned onto disks, and the 
electronic copy determined to be an accurate and complete copy of the 
paper record scanned.

SYSTEM MANAGER(S) AND ADDRESS:
    Official responsible for policies and procedures; Office of 
Workforce Management & Consulting Office (10A2), Department of Veterans 
Affairs, 810 Vermont Avenue, NW., Washington, DC 20420. Officials 
maintaining the system; Diana Rogers of the HPDM National Program 
Office located at 55 North Robinson Avenue, Suite 1033, Oklahoma City, 
OK 73102.

NOTIFICATION PROCEDURE:
    Individuals who wish to determine whether this system of records 
contains information about them should contact the VA facility location 
at which they are or were employed or made contact. Inquiries should 
include the person's full name, social security number, dates of 
employment, date(s) of contact, and return address.

RECORD ACCESS PROCEDURE:
    Individuals seeking information regarding access to and contesting 
of records in this system may write, call or visit the VA facility 
location where they are or were employed or made contact.

Contesting record procedures:
    (See Record Access Procedures above.)

RECORD SOURCE CATEGORIES:
    Information in this system of records is provided by VA employees.

[FR Doc. 2010-1180 Filed 1-21-10; 8:45 am]
BILLING CODE 8320-01-P