Privacy Act of 1974; System of Records, 36035-36039 [2013-14191]

Agencies

• DEPARTMENT OF VETERANS AFFAIRS

[Federal Register Volume 78, Number 115 (Friday, June 14, 2013)]
[Notices]
[Pages 36035-36039]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2013-14191]


-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Department of Veterans Affairs.

ACTION: Notice of Amendment to System of Records.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974, 5 U.S.C. 552a(e), 
notice is hereby given that the Department of Veterans Affairs (VA) is 
amending the system of records currently titled ``All Employee Survey--
VA'' (160VA10A2) as set forth in the Federal Register (75 FR 3787). VA 
is amending the system by revising the System Location, Categories of 
Records in the System, Purpose, Routine Uses of Records Maintained in 
the System, Storage, Retrievability, Safeguard, and System Manager and 
Address.

DATES: Comments on the amendment of this system of records must be 
received no later than July 15, 2013. If no public comment is received, 
the amended system will become effective July 15, 2013.

ADDRESSES: Written comments may be submitted through 
www.Regulations.gov; by mail or hand-delivery to Director, Regulations 
Management (02REG), Department of Veterans Affairs, 810 Vermont Avenue 
NW., Room 1068, Washington, DC 20420; or by fax to (202) 273-9026. 
Comments received will be available for public inspection in the Office 
of Regulation Policy and Management, Room 1063B, between the hours of 
8:00 a.m. and 4:30 p.m., Monday through Friday (except holidays). 
Please call (202) 461-4902 (this is not a toll-free number) for an 
appointment. In addition, during the comment period, comments may be 
viewed online through the Federal Docket Management System at 
www.Regulations.gov.

FOR FURTHER INFORMATION CONTACT: Department of Veterans Affairs, 
Director of Veterans Health Administration's (VHA) National Center for 
Organization Development (NCOD), 11500 Northlake Drive, Suite 260, 
Cincinnati, OH 45249; telephone (513) 247-4680.

SUPPLEMENTARY INFORMATION: 

I. Description of Proposed Systems of Records

    The All Employee Survey--VA is a data repository that stores all 
data gathered from the administration of the All Employee Survey taken 
by VA employees.

[[Page 36036]]

II. Proposed Routine Use Disclosures of Data in the System

    We are proposing to establish the following Routine Use disclosures 
of information maintained in the system:
    To the extent that records contained in the system include 
information protected by 38 U.S.C. 7332, such as, medical treatment 
information related to drug abuse, alcoholism or alcohol abuse, sickle 
cell anemia or infection with the human immunodeficiency virus, that 
information cannot be disclosed under a routine use unless there is 
also specific statutory authority permitting disclosure.
    1. The record of an individual who is covered by a system of 
records may be disclosed to a Member of Congress, or a staff person 
acting for the Member, when the Member or staff person requests the 
record on behalf of and at the written request of the individual.
    VA must be able to provide information about individuals to 
adequately respond to inquiries from Members of Congress at the request 
of constituents who have sought their assistance.
    2. Disclosure may be made to the National Archives and Records 
Administration and the General Services Administration in records 
management inspections conducted under authority of Title 44, Chapter 
29, of the United States Code. National Archives and Records 
Administration and General Services Administration are responsible for 
management of old records no longer actively used, but which may be 
appropriate for preservation, and for the physical maintenance of the 
Federal Government's records.
    VA must be able to provide the records to National Archives and 
Records Administration and General Services Administration in order to 
determine the proper disposition of such records.
    3. VA may disclose information from this system of records to the 
Department of Justice, either on VA's initiative or in response to 
Department of Justice's request for the information, after either VA or 
Department of Justice determines that such information is relevant to 
Department of Justice's representation of the United States or any of 
its components in legal proceedings before a court or adjudicative 
body, provided that, in each case, the agency also determines prior to 
disclosure that release of the records to the Department of Justice is 
a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records. VA, on its own 
initiative, may disclose records in this system of records in legal 
proceedings before a court or administrative body after determining 
that the disclosure of the records to the court or administrative body 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records.
    VA must be able to provide information to Department of Justice in 
litigation where the United States or any of its components is involved 
or has an interest. A determination would be made in each instance that 
under the circumstances involved, the purpose is compatible with the 
purpose for which Veterans Affairs collected the information. This 
routine use is distinct from the authority to disclose records in 
response to a court order under subsection (b)(11) of the Privacy Act, 
5 U.S.C. 552(b)(11), or any other provision of subsection (b), in 
accordance with the court's analysis in Doe v. DiGenova, 779 F.2d 74, 
78-84 (D.C. Cir. 1985) and Doe v. Stephens, 851 F.2d 1457, 1465-67 
(D.C. Cir. 1988).
    4. Disclosure of relevant information may be made to individuals, 
organizations, private or public agencies, or other entities with whom 
VA has a contract or agreement or where there is a subcontract to 
perform such services as VA may deem practicable for the purposes of 
laws administered by VA, in order for the contractor or subcontractor 
to perform the services of the contract or agreement. This routine use, 
which also applies to agreements that do not qualify as contracts 
defined by Federal procurement laws and regulations, is consistent with 
Office of Management and Budget guidance in Office of Management and 
Budget Circular A-130, App. I, paragraph 5a(1)(b) that agencies 
promulgate routine uses to address disclosure of Privacy Act-protected 
information to contractors in order to perform the services contracts 
for the agency.
    5. VA may disclose on its own initiative any information in the 
system, except the names and home addresses of veterans and their 
dependents, that is relevant to a suspected or reasonably imminent 
violation of the law whether civil, criminal, or regulatory in nature 
and whether arising by general or program statute or by regulation, 
rule, or order issued pursuant thereto, to a Federal, state, local, 
tribal, or foreign agency charged with the responsibility of 
investigating or prosecuting such violation, or charged with enforcing 
or implementing the statute, regulation, rule, or order. VA may also 
disclose on its own initiative the names and addresses of veterans and 
their dependents to a Federal agency charged with the responsibility of 
investigating or prosecuting civil, criminal, or regulatory violations 
of law, or charged with enforcing or implementing the statute, 
regulation, or order issued pursuant thereto.
    VA must be able to provide on its own initiative information that 
pertains to a violation of laws to law enforcement authorities in order 
for them to investigate and enforce those laws. Under 38 U.S.C. 5701(a) 
and (f), VA may only disclose the names and addresses of veterans and 
their dependents to Federal entities with law enforcement 
responsibilities. This is distinct from the authority to disclose 
records in response to a qualifying request from a law enforcement 
entity, as authorized by Privacy Act subsection 5 U.S.C. 552a(b)(7).
    6. Disclosure to other Federal agencies may be made to assist such 
agencies in preventing and detecting possible fraud or abuse by 
individuals in their operations and programs.
    This routine use permits disclosures by the Department to report a 
suspected incident of identity theft and provide information and/or 
documentation related to or in support of the reported incident.
    7. VA may, on its own initiative, disclose any information or 
records to appropriate agencies, entities, and persons when (1) VA 
suspects or has confirmed that the integrity or confidentiality of 
information in the system of records has been compromised; (2) the 
Department has determined that as a result of the suspected or 
confirmed compromise, there is a risk of embarrassment or harm to the 
reputations of the record subjects, harm to economic or property 
interests, identity theft or fraud, or harm to the security, 
confidentiality, or integrity of this system or other systems or 
programs (whether maintained by the Department or another agency or 
entity) that rely upon the potentially compromised information; and (3) 
the disclosure is to agencies, entities, or persons whom VA determines 
are reasonably necessary to assist or carry out the Department's 
efforts to respond to the suspected or confirmed compromise and 
prevent, minimize, or remedy such harm. This routine use permits 
disclosures by the Department to respond to a suspected or confirmed 
data breach, including the conduct of any risk analysis or provision of 
credit protection services as provided in 38 U.S.C. 5724, as the terms 
are defined in 38 U.S.C. 5727.

[[Page 36037]]

III. Compatibility of the Proposed Routine Uses

    The Privacy Act permits Veterans Affairs to disclose information 
about individuals without their consent for a routine use when the 
information will be used for a purpose that is compatible with the 
purpose for which we collected the information. In all of the routine 
use disclosures described above, the recipient of the information will 
use the information in connection with a matter relating to one of VA's 
programs, will use the information to provide a benefit to VA, or 
disclosure is required by law.
    The notice of intent to publish and an advance copy of the system 
notice have been sent to the appropriate Congressional committees and 
to the Director of the Office of Management and Budget as required by 5 
U.S.C. 552a(r) (Privacy Act) and guidelines issued by Office of 
Management and Budget (65 FR 77677), December 12, 2000.

    Approved: May 23, 2013.
Jose D. Riojas,
 Interim Chief of Staff, Department of Veterans Affairs.
SOR 160VA10A2

SYSTEM NAME:
    ``All Employee Survey-VA'' 160VA10A2.

SYSTEM LOCATION:
    Records are maintained at the National Center for Organization 
Development (NCOD), 11500 Northlake Drive, Suite 260, Cincinnati, OH 
45249. A copy of the system data is saved on CD and stored at a secure 
locked safe at the same location.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The records include information concerning all VA employees.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records include two formats.
    1. Numerically expressed satisfaction ratings and agreement ratings 
of questions that ask about specific aspects of workplace environment.
    2. Starting from year 2012, records include open-ended text 
comments provided in response to questions about workplace environment. 
Instructions to open-ended comments, ask respondents not to use any 
names or other individually identifiable information about self or 
others.
    The numeric and text records may include information related to:
    1. All Employee Survey responses by workgroup.
     7-digit workgroup organization code.
     Workgroup code identifies a valid VA organizational work 
unit.
     These identification codes will identify work units rather 
than specific individuals. VA will provide a table of approximately 
15,000 to 40,000 valid workgroup organization codes prior to survey 
administration.
    2. All Employee Survey responses by demographics.
     Gender.
     Age in groups of decades.
     Race.
     National origin.
     Incumbency in VA.
     Level of supervisory responsibility.
     Main type of occupational setting.
     Main type of service provided.
     Prior participation in VA trainings.
     Prior service in the U.S. Armed Forces.
    3. All Employee Survey responses by national function file.
     Category of workgroup--provides a functional description 
of the workgroup, by connecting it to a list of services and locations 
within the working structure of VA organizations. Local survey 
coordinators (not survey respondents) describe workgroups on this 
category at the time the work units are assigned unique 7-digit codes. 
There are close to 100 categories.
    4. All Employee Survey responses by occupational group.
     This is a 3-digit code provided to each individual 
respondent who then can use it to categorize their occupation through 
self-report.
     There are over 100 codes; they are not job occupation 
series codes. It is a code developed for the All Employee Survey.
    5. All Employee Survey responses by question and modality.
     The response is provided by the interactive Web-based 
survey, telephone, or paper submission and response type captured.
    6. All Employee Survey responses by organization and sub 
organization title, type, and function.
     The workgroup identifies organization, sub organization if 
applicable, organization type, and function for which the response is 
provided.
    7. All Employee Survey responses by response rate.
     Responses are stored at the individual level, response 
rates are reported at the work unit lowest level, and then 
hierarchically rolled upward in summary totals to the next level within 
the organization. The hierarchy is based on the organization structure 
(facility and parents) and the 7-digit workgroup organization code.
    Reporting of response data follows the rule of 10 respondents for 
any survey scores reported for any specific (identified) organizational 
units or demographic groups. For applied managerial analyses and action 
planning, any response data for identified organizational units or 
demographic groups for any survey values that are based on having less 
than 10 respondents in a group will never be released from the data 
repository. For scientific statistical analyses and use in 
publications, data from identified organizational units or demographic 
groups with less than 10 respondents are released only upon approval of 
the Organization Assessment Subcommittee (OASC) Chair(s), based on 
recommendation of a professional committee of organizational research 
experts. Such use of such data is explicitly limited to a specific 
requestor, project, and purpose (as detailed in 2, section: Purposes), 
with a strong data security plan ascertained. Any results of scientific 
use of the All Employee Survey data will be reported at aggregate level 
only, with no individual or organizational identities attached.
    8. All Employee Survey responses by date and time survey taken.
     Date and time response submitted.
    9. All Employee Survey responses by content areas.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Title 38, United States Code, section 501a.

PURPOSE(S):
    The records and information may be used for applied managerial as 
well as scientific statistical analysis of employee satisfaction on 
quality and quantity of work, personal safety, promotion and training 
opportunity, fair and equitable treatment, and work/family balance.
    For applied managerial use, All Employee Survey records and 
information pertaining to data validation, evaluation of personnel/
organizational management and staffing satisfaction and culture, 
including workforce effectiveness are shared with facilities and with 
local, regional and national VA leaders. Action plans, development of 
goals and follow-up performance measures are developed as a result.
    For scientific statistical use, All Employee Survey records and 
information may be used in research and management studies that support 
optimal functioning of VA organizations and programs. Such use must 
balance technical requirements of research designs which ensure 
scientifically plausible answers, with the need to

[[Page 36038]]

protect confidentiality of VA survey respondents and of small 
respondent groups. Each proposal involving use of All Employee Survey 
data for studies is therefore evaluated by a professional committee: 
the Data Use Agreement committee of the OASC of the VHA National 
Leadership Council. The evaluation serves to ascertain scientific 
merits, benefit for the VA, existence of a strong data protection plan, 
and based on these considerations to determine the appropriate level of 
aggregation of the records released for the specific described purpose.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    To the extent that records contained in the system include 
information protected by 45 CFR parts 160 and 164, such as, 
individually identifiable health information, and 38 U.S.C. 7332, such 
as, medical treatment information related to drug abuse, alcoholism or 
alcohol abuse, sickle cell anemia or infection with the human 
immunodeficiency virus, that information cannot be disclosed under a 
routine use unless there is also specific statutory authority in 38 
U.S.C. 7332 and regulatory authority in 45 CFR parts 160 and 164 
permitting disclosure.
    1. The record of an individual who is covered by a system of 
records may be disclosed to a Member of Congress, or a staff person 
acting for the Member, when the Member or staff person requests the 
record on behalf of and at the written request of the individual.
    2. Disclosure may be made to the National Archives and Records 
Administration and the General Services Administration in records 
management inspections conducted under authority of Title 44, Chapter 
29, of the United States Code.
    3. Veterans Affairs may disclose information from this system of 
records to the Department of Justice, either on Veterans Affairs' 
initiative or in response to Department of Justice's request for the 
information, after either VA or Department of Justice determines that 
such information is relevant to Department of Justice's representation 
of the United States or any of its components in legal proceedings 
before a court or adjudicative body, provided that, in each case, the 
agency also determines prior to disclosure that release of the records 
to the Department of Justice is a use of the information contained in 
the records that is compatible with the purpose for which VA collected 
the records. VA, on its own initiative, may disclose records in this 
system of records in legal proceedings before a court or administrative 
body after determining that the disclosure of the records to the court 
or administrative body is a use of the information contained in the 
records that is compatible with the purpose for which VA collected the 
records.
    4. Disclosure of relevant information may be made to individuals, 
organizations, private or public agencies, or other entities with whom 
VA has a contract or agreement or where there is a subcontract to 
perform such services as VA may deem practicable for the purposes of 
laws administered by VA, in order for the contractor or subcontractor 
to perform the services of the contract or agreement.
    5. VA may disclose on its own initiative any information in the 
system, except the names and home addresses of veterans and their 
dependents, that is relevant to a suspected or reasonably imminent 
violation of the law whether civil, criminal, or regulatory in nature 
and whether arising by general or program statute or by regulation, 
rule, or order issued pursuant thereto, to a Federal, state, local, 
tribal, or foreign agency charged with the responsibility of 
investigating or prosecuting such violation, or charged with enforcing 
or implementing the statute, regulation, rule, or order. VA may also 
disclose on its own initiative the names and addresses of veterans and 
their dependents to a Federal agency charged with the responsibility of 
investigating or prosecuting civil, criminal, or regulatory violations 
of law, or charged with enforcing or implementing the statute, 
regulation, or order issued pursuant thereto.
    6. Disclosure to other Federal agencies may be made to assist such 
agencies in preventing and detecting possible fraud or abuse by 
individuals in their operations and programs.
    7. VA may, on its own initiative, disclose any information or 
records to appropriate agencies, entities, and persons when (1) VA 
suspects or has confirmed that the integrity or confidentiality of 
information in the system of records has been compromised; (2) the 
Department has determined that as a result of the suspected or 
confirmed compromise, there is a risk of embarrassment or harm to the 
reputations of the record subjects, harm to economic or property 
interests, identity theft or fraud, or harm to the security, 
confidentiality, or integrity of this system or other systems or 
programs (whether maintained by the Department or another agency or 
entity) that rely upon the potentially compromised information; and (3) 
the disclosure is to agencies, entities, or persons whom VA determines 
are reasonably necessary to assist or carry out the Department's 
efforts to respond to the suspected or confirmed compromise and 
prevent, minimize, or remedy such harm. This routine use permits 
disclosures by the Department to respond to a suspected or confirmed 
data breach, including the conduct of any risk analysis or provision of 
credit protection services as provided in 38 U.S.C. 5724, as the terms 
are defined in 38 U.S.C. 5727.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are maintained on the server with a backup copy on compact 
disk in the VHA National Center for Organization Development (NCOD) 
Program Office, 11500 Northlake Drive, Suite 260, Cincinnati, OH 45249.

RETRIEVABILITY:
    Records may be retrieved by organization name or other assigned 
identifiers of the respondent groups on whom they are maintained. None 
of the All Employee Survey records can be confidently ascribed to 
specific individual respondents.

SAFEGUARDS:
    1. Access to VA working and storage areas is restricted to VA 
employees on a ``need-to-know'' basis; strict control measures are 
enforced to ensure that disclosure to these individuals is also based 
on this same principle. Generally, VA file areas are locked after 
normal duty hours and the facilities are protected from outside access 
by the Federal Protective Service or other security personnel.
    2. Access to computer rooms at health care facilities is generally 
limited by appropriate locking devices and restricted to authorized VA 
employees and vendor personnel. Automatic Data Processing peripheral 
devices are placed in secure areas. Access to information stored on 
automated storage media at other VA locations is controlled by 
individually unique passwords/codes employees are limited to only that 
information in the file which is needed in the performance of their 
official duties.
    3. Access to the VHA NCOD Server is restricted to Center employees, 
Federal Protective Service, and other security personnel. Access to 
computer rooms is restricted to authorized operational personnel 
through electronic scanning and locking devices. All other persons 
gaining access to computer rooms are escorted after identity 
verification and

[[Page 36039]]

log entry to track person, date, time in, and time out of the room. 
Information stored in the computer may be accessed by authorized VA 
employees at remote locations including VA health care facilities, 
Information Systems Centers, VA Central Office, and Veterans Integrated 
Service Networks. Access is controlled by individually unique 
passwords/codes which must be changed periodically by the employee. The 
compact disk is stored in the NCOD Office in Cincinnati, Ohio, and is 
accessible by restricted, authorized personnel through electronic 
scanning and locking devices.

RETENTION AND DISPOSAL:
    Paper records are scanned and digitized for viewing electronically 
and are destroyed after they have been scanned onto disks, and the 
electronic copy determined to be an accurate and complete copy of the 
paper record scanned.

SYSTEM MANAGER(S) AND ADDRESS:
    Official responsible for policies and procedures; VHA National 
Center for Organization Development (NCOD). Officials maintaining the 
system; Sue Dyrenforth of NCOD, 11500 Northlake Drive, Suite 260, 
Cincinnati, OH 45249.

NOTIFICATION PROCEDURE:
    Individuals who wish to determine whether this system of records 
contains information about them should contact the Veterans Affairs 
facility location at which they are or were employed or made or have 
contact. Inquiries should include the person's full name, social 
security number, dates of employment, date(s) of contact, and return 
address.

RECORD ACCESS PROCEDURE:
    Individuals seeking information regarding access to and contesting 
of records in this system may write, call or visit the VA facility 
location where they are or were employed or made contact.

CONTESTING RECORD PROCEDURES:
    (See Record Access Procedures above.)

RECORD SOURCE CATEGORIES:
    Information in this system of records is provided by VA employees 
associated to VA medical centers and corporate offices.

[FR Doc. 2013-14191 Filed 6-13-13; 8:45 am]
BILLING CODE 8320-01-P