Privacy Act of 1974; System of Records, 11297-11303 [2018-05087]

Agencies

• DEPARTMENT OF VETERANS AFFAIRS

[Federal Register Volume 83, Number 50 (Wednesday, March 14, 2018)]
[Notices]
[Pages 11297-11303]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-05087]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Department of Veterans Affairs (VA).

ACTION: Notice of modified of System of Records.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974, notice is hereby given 
that the Department of Veterans Affairs (VA) is amending the system of 
records entitled, ``Veterans Health Administration Leadership and 
Workforce Development-VA'' (161VA10A2) as set forth in a notice, 
published in the Federal Register on February 22, 2010. VA is amending 
the system of records by revising the System Name, System Manger, 
Purpose of the System, Categories of Records in the System, Record 
Source Categories, Routine Uses of Records Maintained in the System, 
Policies and Practices for Storage of Records, Policies and Practices 
for Retrievability of Records, Policies and Practices for Retention and 
Disposal, Safeguards, and Record Access Procedure. VA is republishing 
the system notice in its entirety.

DATES: Comments on this amended system of records must be received no 
later than April 13, 2018. If no public comment is received during the 
period allowed for comment or unless otherwise published in the Federal 
Register by VA, the amended system will become effective April 13, 
2018.

ADDRESSES: Written comments may be submitted through 
www.Regulations.gov; by mail or hand-delivery to Director, Regulation 
Policy and Management (00REG), Department of Veterans Affairs, 810 
Vermont Avenue NW, Room 1064, Washington, DC 20420; or by fax to (202) 
273-9026 (not a toll-free number). Comments should indicate that they 
are submitted in response to ``Veterans Health Administration 
Leadership and Workforce Development-VA''. Copies of comments received 
will be available for public inspection in the Office of Regulation 
Policy and Management, Room 1063B, between the hours of 8:00 a.m. and 
4:30 p.m., Monday through Friday (except holidays). Please call (202) 
461-4902 for an appointment. (This is not a toll-free number.) In 
addition, comments may be viewed online at www.Regulations.gov.

FOR FURTHER INFORMATION CONTACT: Chris Jaqua, Veterans Health 
Administration Human Capital Systems and Services (HCSS) Program 
Office, Department of Veterans Affairs, 55 North Robinson Avenue, 
Oklahoma City, OK 73102; telephone (405) 552-4345.

SUPPLEMENTARY INFORMATION: The System Name is being changed from 
``Veterans Health Administration Leadership and Workforce Development-
VA'' to ``Veterans Health Administration Human Capital Management''.
    The System Manager has been amended to replace ``Diana Rogers, 
Department of Veterans Affairs, Veterans Health Administration High 
Performance Development Model (HPDM) Program Office, 55 North Robinson 
Avenue, Oklahoma City, Oklahoma 73102; telephone (405) 552-4336'' with 
Officials maintaining the system:
    Manager of the Human Capital Systems and Services (HCSS), 55 North 
Robinson Avenue, Suite 1010, Oklahoma City, OK 73102.
    Director of Events Division, Employee Education System, #1 
Jefferson Barracks Drive, Building 56, St. Louis, MO 63125.
    Deputy Director of Events Division, Employee Education System, #1 
Jefferson Barracks Drive, Building 56, St. Louis, MO 63125.
    Associate Director of Web Architecture, Employee Education System, 
2200 Fort Roots Drive, Building 11, North Little Rock, AR 72114.
    The Purpose of the System is being amended to include leadership 
and organization development and Records will support pairing of 
learning and professional growth services by internal coaches and 
consultants to VA employees and leaders.
    The Categories of Records in the System is being amended to 
include: The Talent Assessment Data 1.  Work Setting status 
 Service Type  Clinical position type  Coaching 
preference  Performance standards  Resume; 4. Veterans 
Benefits Administration; 9. Coach- Coach status  Education 
 Biographical information  Availability  Years; 
10. Identification of boss; 11. Program Management  Inquiry 
Status  Inquiry date  Enrollment status  
Enrollment date  Pairing status  Open/closed status 
 Referral source  Close reason  Survey status 
 Service start and end dates  Target group  
Group location  Organizational chart  Service requested 
 Organizational opportunities/challenges  Complaints 
 Barriers to work  Signed agreement; 12. Service 
contact information  Contact dates  Contact time 
 Contact type  Contact notes; 13. Development 
Assessments Assessment type  Results and summaries; 14. 
Employee Requesting Information  Leadership interests and 
experiences  Number of direct reports  Current role 
descriptors  Self-described characteristics  Readiness 
for change  Current and future role preferences  
Aspirations; 15. Credentialing Audio Recordings and Transcripts 
 Audio file.
    The Record Source Categories is being amended to replace 89VA16 
with 89VA10NB. Veterans Benefits Administration (VBA) is being 
included.
    The Routine Uses of Records Maintained in the System has been 
amended by adding language to Routine Use #7 which states, ``a. 
Effective Response. A federal agency's ability to respond quickly and 
effectively in the event of a breach of federal data is critical to its 
efforts to prevent or minimize any consequent harm. An effective 
response necessitates disclosure of information regarding the breach to 
those individuals affected by it, as well as to persons and entities in 
a position to cooperate, either by assisting in notification to 
affected individuals or playing a role in preventing or minimizing 
harms from the breach. b. Disclosure of Information. Often, the 
information to be disclosed to such persons and entities is maintained 
by federal agencies and is subject to the Privacy Act (5 U.S.C. 552a). 
The Privacy Act prohibits the disclosure of any record in a system of 
records by any means of communication to any person or agency absent 
the written consent of the subject individual, unless the disclosure 
falls within one of twelve statutory exceptions. In order to ensure an 
agency is in the best position to respond in a timely and effective 
manner, in accordance with 5 U.S.C. 552a(b)(3) of the Privacy Act, 
agencies should publish a routine use for appropriate systems 
specifically applying to the disclosure of information in connection 
with response and remedial efforts in the event of a data breach.''
    Routine Uses of Records Maintained in the System has been amended 
by adding Routine Use #8 which states ``VA may disclosure any audio 
files and accompanying transcripts to coaching credentialing entities 
for the sole purpose of evaluation of a coach who is applying for an 
advanced coaching credential.''
    The following Routine Uses are being added:

[[Page 11298]]

    Routine use #9, ``VA may, on its own initiative, disclose 
information from this system to another Federal agency or Federal 
entity, when VA determines that information from this system of records 
is reasonably necessary to assist the recipient agency or entity in (1) 
responding to a suspected or confirmed breach or (2) preventing, 
minimizing, or remedying the risk of harm to individuals, the recipient 
agency or entity (including its information systems, programs, and 
operations), the Federal Government, or national security, resulting 
from a suspected or confirmed breach.'' VA needs this routine use for 
the data breach response and remedial efforts with another Federal 
agency.
    Routine use #10, ``VA may disclose information from this system to 
the Equal Employment Opportunity Commission (EEOC) when requested in 
connection with investigations of alleged or possible discriminatory 
practices, examination of Federal affirmative employment programs, or 
other functions of the Commission as authorized by law or regulation.'' 
VA must be able to provide information to EEOC to assist it in 
fulfilling its duties to protect employees' rights, as required by 
statute and regulation.
    Routine use #11, ``VA may disclose information from this system to 
the Federal Labor Relations Authority (FLRA), including its General 
Counsel, information related to the establishment of jurisdiction, 
investigation, and resolution of allegations of unfair labor practices, 
or in connection with the resolution of exceptions to arbitration 
awards when a question of material fact is raised; for it to address 
matters properly before the Federal Services Impasses Panel, 
investigate representation petitions, and conduct or supervise 
representation elections.'' VA must be able to provide information to 
FLRA to comply with the statutory mandate under which it operates.
    Routine use #12, ``VA may disclose information from this system to 
the Merit Systems Protection Board (MSPB), or the Office of the Special 
Counsel, when requested in connection with appeals, special studies of 
the civil service and other merit systems, review of rules and 
regulations, investigation of alleged or possible prohibited personnel 
practices, and such other functions promulgated in 5 U.S.C. 1205 and 
1206, or as authorized by law.'' VA must be able to provide information 
to MSPB to assist it in fulfilling its duties as required by statute 
and regulation.
    The Policies and Practices for Storage of Records is being amended 
to include the VACIN Server in Cincinnati, Ohio.
    Policies and Practices for Retrievability of Records has been 
amended to include organization number and position number or other 
assigned identifiers of the organizations, positions or individuals on 
whom records are maintained.
    Policies and Practices for Retention and Disposal is being amended 
to replace paper records and information maintained and disposed of in 
accordance with records disposition authority approved by the Archivist 
of the United States with the records are disposed of in accordance 
with General records 4.3, item 031.
    The Physical, Procedural, and Administrative Safeguards is being 
amended to remove:
    1. Access to Veterans Affairs working and storage areas is 
restricted to Veterans Affairs employees on a ``need-to-know'' basis; 
strict control measures are enforced to ensure that disclosure to these 
individuals is also based on this same principle. Generally, Veterans 
Affairs file areas are locked after normal duty hours and the 
facilities are protected from outside access by the Federal Protective 
Service or other security personnel.
    2. Access to computer rooms at health care facilities is generally 
limited by appropriate locking devices and restricted to authorized 
Veterans Affairs employees and vendor personnel. Automatic Data 
Processing peripheral devices are placed in secure areas.
    Access to information stored on automated storage media at other 
Veterans Affairs locations is controlled by individually unique 
passwords/codes. Employees are limited to only that information in the 
file which is needed in the performance of their official duties.
    3. Access to the Little Rock Campus Servers is restricted to Center 
employees, Federal Protective Service and other security personnel. 
Access to computer rooms is restricted to authorized operational 
personnel through electronic scanning and locking devices. All other 
persons gaining access to computer rooms are escorted after identity 
verification and log entry to track person, date, time in, and time out 
of the room. Information stored in the computer may be accessed by 
authorized Veterans Affairs employees at remote locations including 
Veterans Affairs health care facilities, Information Systems Centers, 
Veterans Affairs Central Office, and Veteran Integrated Service 
Networks. Access is controlled by secure individually unique system 
authentication.
    The Physical, Procedural, and Administrative Safeguards section 
will be replaced with the following language:
    1. Access to and use of national administrative databases, 
warehouses, and data marts are limited to those persons whose official 
duties require such access, and VA has established security procedures 
to ensure that access is appropriately limited. Information security 
officers and system data stewards review and authorize data access 
requests. VA regulates data access with security software that 
authenticates users and requires individually-unique codes and 
passwords. VA requires information security training for all staff and 
instructs staff on the responsibility each person has for safeguarding 
data confidentiality.
    2. Physical access to computer rooms housing national 
administrative databases, warehouses, and data marts is restricted to 
authorized staff and protected by a variety of security devices. 
Unauthorized employees, contractors, and other staff are not allowed in 
computer rooms.
    3. Data transmissions between operational systems and national 
administrative databases, warehouses, and data marts maintained by this 
system of record are protected by state-of-the-art telecommunication 
software and hardware. This may include firewalls, intrusion detection 
devices, encryption, and other security measures necessary to safeguard 
data as it travels across the Wide Area Network.
    The Record Access Procedure is amended to include the Program 
Office in which requests for services were made.
    The Report of Intent to Amend a System of Records Notice and an 
advance copy of the system notice have been sent to the appropriate 
Congressional committees and to the Director of Office of Management 
and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy Act) and 
guidelines issued by OMB (65 FR 77677), December 12, 2000.

Signing Authority

    The Senior Agency Official for Privacy, or designee, approved this 
document and authorized the undersigned to sign and submit the document 
to the Office of the Federal Register for publication electronically as 
an official document of the Department of Veterans Affairs. John 
Oswalt, Executive Director for Privacy, Department of Veterans Affairs 
approved this document on February 2, 2018 for publication.


[[Page 11299]]


    Dated: March 8, 2018.
Kathleen M. Manwell,
Program Analyst, VA Privacy Service, Office of Privacy Information and 
Identity Protection, Office of Quality, Privacy and Risk, Office of 
Information and Technology, Department of Veterans Affairs.
SYSTEM NAME
    Veterans Health Administration Human Capital Management-VA 
(61VA10A2)

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Records are maintained at the North Little Rock Campus, 2200 Fort 
Roots Drive, Little Rock, Arkansas 72114.

SYSTEM MANAGER(S):
    Officials maintaining the system:
    Manager of the Human Capital Systems and Services (HCSS), 55 North 
Robinson Avenue, Suite 1010, Oklahoma City, OK 73102.
    Director of Events Division, Employee Education System, #1 
Jefferson Barracks Drive, Building 56, St. Louis, MO 63125.
    Deputy Director of Events Division, Employee Education System, #1 
Jefferson Barracks Drive, Building 56, St. Louis, MO 63125.
    Associate Director of Web Architecture, Employee Education System, 
2200 Fort Roots Drive, Building 11, North Little Rock, AR 72114.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Title 38, United States Code (U.S.C.), Section 501a.

PURPOSE(S) OF THE SYSTEM:
    The records and information may be used for the management of 
Veterans Health Administration (VHA) executive and senior executive 
employees and employees in national programs for performance appraisal 
and bonus award entries, bonus and appraisal documentation storage, 
rank award and type given, supervisory training status, leadership and 
organization development, and employee position management. Records 
will support pairing of learning and professional growth services by 
internal coaches and consultants to VA employees and leaders. Reports 
for workforce succession planning and analysis, VHA supervisory 
training status and course grade, bonus award dollar amounts per 
executive and non-executive employee used by Performance Review Boards. 
Human resource position creation, and fill actions, employee action and 
assignment tracking data is collected for business processing and 
analysis.
    Workgroups are developed for survey use and data collection. Data 
that is entered and stored can be extracted from the database and used 
for other applications.

CATEGORIES OF INDIVIDUALS COVERED BY THIS SYSTEM:
    The records include information from and concerning Veterans 
Affairs Central Office, VHA, VHA Canteen, VHA Central Office, VBA, and 
National Cemetery Administration (NCA) personnel.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records may include information related to: People, work 
groups, workforce, funding, leadership classes, personal development 
plans, supervisory levels, mentor and coach roles and certifications, 
High Performance Development Model, senior executive information and 
recruitment, human resources automation, positions, organizations, the 
Talent Assessment Data and locations of VHA top management positions. 
Central Office and Veterans Integrated Service Network (VISN) managers 
and staff, facility directors, associate directors, chiefs of staff, 
and other senior clinical and administrative field managers' positions 
are included. The VHA Executive Management Program consists of the 
functions that fall under the purview of the VHA Executive Resources 
Board and the VHA Performance Review Board. Their functions include 
executive development, recruitment and placement; organizational 
analysis; succession planning; and performance assessment and 
recognition. The method used to collect this information is a 
proprietary system using relational technology. Information from this 
database is joined and expanded with information from the VHA executive 
program processes (i.e., organization, vacancies, recruitment efforts, 
performance, etc.). This combination of information is used in the 
administration of the Executive Resources Board and Performance Review 
Board functions. The sharing and development of information involving 
executives and organizations provides an effective means for 
accomplishing the Executive Resources Board and Performance Review 
Board objectives. The following modules are in VHA Leadership and 
Workforce Development: VHA Leadership and Workforce Development Home, 
Performance, Workgroups, VA National Database for Interns, Student 
Educational Experience Program, High Performance Development Model 
Funding, Executive Career Field Career Development Plan On-Line 
Application, Technical Career Field Preceptor On-Line Application, 
Career Development Plans, Workforce Planning, Class and Program 
Management (includes: Graduate Healthcare Administration Training 
Program, School at Work, Leadership Effectiveness Accountability 
Development, Technical Career Field, Executive Career Field Candidate 
Development Program, Senior Executive Service Candidate Development 
programs, Ethics, Professional Development Plans, Supervisory Training, 
Open Season (VHA Executive Recruitment), WebHR (Web-based Human 
Resource module), and Mentor Coach Certification). VHA Leadership and 
Workforce Development data contains:
    1. Employee data.

     Employee legal name
     Social Security number
     Veteran's preference
     Vietnam Era veteran
     Retirement plan
     Tenure
     Universal personal identification number
     Universal user name
     Sex
     Supervisory status
     Supervisory training status
     Work contact information
     Facility
     Network Identification
     Home contact information
     Home of record contact information
     Assigned facility/organization
     Pay plan
     Pay grade
     Step
     Retirement eligibility
     Union membership
     Leave balances
     Program
     Credentials
     Grievance
     Disciplinary actions
     Third-party and other employee actions
     Work Setting status
     Service Type
     Clinical position type
     Coaching preference
     Performance standards
     Resume

    2. Employee position data.

     VHA Leadership and Workforce Development position titles
     High Performance Development Management ratings
     Position requestor contact data
     Legal authority
     Competitive Level
     Fair Labor Standards Act category
     Drug testing position indicator
     Citizenship/Residency status
     English language proficiency

[[Page 11300]]

     Announcement status
     Vacancy status
     Date job opened
     Days to open
     Days to issue certificate
     Date job closed
     Job type/Occupation series/Grade
     Pay plan
     Work schedule
     Appropriation code
     Cost center
     Date candidates referred
     Date nomination received
     Date to Executive Resources Board
     Date credentials complete
     Date recruitment received
     Position start and end dates
     Appointment start and end dates
     Position location
     [cir] Location complexity rating
     Position reporting official
     Position status
     [cir] Supervisory
     [cir] Bargaining unit
     [cir] Senior executive pay band
     Level of supervisory responsibility
     Date of offer
     Position status change
     Reason for change
     Position authorization data
     Announcement tracking data (location and dates of actions)
     Area of consideration
     Number of applicants (internal, external, not qualified)
     Number interviewed
     Applicant outcome and notification
     Selecting official
     Re-announcement
      Position cancelations
      Date fingerprinted
      Background check data
      Physician Comp Panel and Standards
     Board data

    3. Bonus data.

     Executive/Senior Executive Service
     [cir] Pay band and band max pay
     [cir] Proposed pay adjustment
     [cir] Proposed rating
     [cir] Approved rating
     [cir] Approved bonus pay
     [cir] Actual pay
     [cir] Rank award
     Type
     Previous year nomination and award amount
     Current year nomination
     [cir] Bonus pool total
     [cir] Local bonus funding amount
     [cir] Form Uploads
     Appraisal
     High level reviews
     Comments
     Bonus justification
     Rank award nominations
     Non-Executive (each Fiscal Year)
     [cir] Rating
     [cir] Award amount
     [cir] Pay adjustment (Yes/No)

    4. Workgroups and Organizations.

     Just under 100 codes--not job occupation series codes--
code developed for the All Employee Survey
     [cir] Agency selection
     [cir] Veterans Affairs
     [cir] VHA
     [cir] VBA
     [cir] NCA
     Agency networks
     Agency organizations
     Formal and informal name
     Organization type
     Network
     Physical location
     Duty Code
     Complexity Level
     Station number
     Workgroup supervisory designations
     Workgroup coordinator assignment
     Workgroup coordinator contact info

    5. Development Plans.

     Uploaded text document
     [cir] Document filled from template
     [cir] Free text employee documentation

    6. Funding.

     Program funding
     Program funds available
     Reimbursement type
     Appropriation code
     Fiscal contact name and phone
     Amount per employee
     Fund control point
     Requested average salary
     Approved funds
     Withdrawn funds
     Date funding sent
     Approval funding comments
     Approved Full Time Equivalents dollars
     Cost center

    7. Career Programs.

     Program Eligibility criteria
     Program waiver
     Program employee applied
     Class title
     Program/Class year
     School name and state
     Major
     Anticipated graduation date
     Application status
     Employment history
     Education history
     Competency data (application questions and answers)
     Applicant endorsers
     Class administrator assignments
     Employee list per class
     Program completion status
     Requested number of student hires
     Requested funding for student salary
     Student work schedule
     Number Full Time Equivalents requested

    8. Workforce Planning--Annual Corporate Office and VISNs.

     Planning team members
     Strategic direction
     Historical analysis
     [cir] Employee reason to leave
     [cir] Equal employment opportunity category of employee
     Projected workforce-rational and issues
     Recruitment and Retention programs used
     Leadership programs/activities and participation
     Workplace morale assessment
     Work plan comments

    9. Mentor and Coach Information.

     Mentor status
     Coach status
     Core training
     [cir] Courses
     [cir] Date and location
     [cir] Training instructors
     [cir] Training history
     Certification level
     Education
     Biographical information
     Availability
     Practical experience years, hours and event

    10. Perseus Survey Software.

     Employee legal name
     Last 4 social security number
     VISNs
     Facility/Office
     Work Setting (Section/Division/Campus/Product Line/
Service/Department)
     Occupation
     Identification of supervisory chain of command
     Identification of boss
     Identification of peer and subordinate relationships
     Demographic information
     [cir] Gender
     [cir] Age
     [cir] Race/National Origin
     [cir] Tenure
     [cir] Grade Level
     Data Input in Response to survey questions (questionnaires 
which cover the following types of topics as an example)
     [cir] Assessment Inventories, such as 360 Assessments, WES/MBI 
Instruments
     [cir] Customer Satisfaction surveys/evaluations (High Performance 
Development Model, Health Care Retention and Recruitment Office, 
National Center for Organizational Development, Delegated Examining 
Units, Workforce Management and Consulting Office)
     [cir] Organizational assessment instruments such as Civility, 
Respect

[[Page 11301]]

and Engagement in the Workplace Evaluation, VA Nursing Outcomes 
Database Registered Nursing survey, Education Inventories, Center for 
Faith Based and Community Initiatives Communications survey, Aggressive 
Behavior Prevention Survey, Integrated Ethics Workbook, Methicillin 
Resistant Staphylococcus Aureus, Office of Personal Management All 
Employee Survey, Exit/Entrance Surveys, Organizational Climate 
Assessment Program surveys, surveys for specific facilities/offices
     [cir] Program Assessments/Proficiency surveys such as Technical 
Career Field Return on Investment survey, Supervisory Training Pre/Post 
Test surveys, Human Resource Proficiency Tracking survey
     [cir] Professional Assessment surveys such as Executive Career 
Field Candidate/Mentor questionnaires, Acting Director/Senior Executive 
Service applicant assessments

    11. Program Management.

     Inquiry Status
     Inquiry date
     Enrollment status
     Enrollment date
     Pairing status
     Open/closed status
     Referral source
     Close reason
     Survey status
     Service start and end dates
     Target group
     Group location
     Organizational chart
     Service requested
     Organizational opportunities/challenges
     Complaints
     Barriers to work
     Signed agreement

    12. Service Contact Information.

     Contact dates
     Contact time
     Contact type
     Contact notes

    13. Development Assessments.
     Assessment type
     Results and summaries

    14. Employee Requesting Information.

     Leadership interests and experiences
     Number of direct reports
     Current role descriptors
     Self-described characteristics
     Readiness for change
     Current and future role preferences
     Aspirations

    15. Credentialing Audio Recordings and Transcripts.

     Audio file

RECORD SOURCE CATEGORIES:
    Information in this system of records is provided by VA's employees 
associated to VA Medical Centers, VA Corporate Offices, VBA, NCA, VHA 
Corporate Offices, VHA Canteen, VISNs and facilities.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. The record of an individual who is covered by a system of 
records may be disclosed to a Member of Congress, or a staff person 
acting for the Member, when the Member or staff person requests the 
record on behalf of and at the written request of the individual.
    2. Disclosure may be made to the National Archives and Records 
Administration and the General Services Administration in records 
management inspections conducted under authority of Title 44, Chapter 
29, of the United States Code.
    3. VA may disclose information in this system of records to the 
Department of Justice (DOJ), either on VA's initiative or in response 
to DOJ's request for the information, after either VA or DOJ determines 
that such information is relevant to DOJ's representation of the United 
States or any of its components in legal proceedings before a court or 
adjudicative body, provided that, in each case, the agency also 
determines prior to disclosure that disclosure of the records to the 
DOJ is a use of the information contained in the records that is 
compatible with the purpose for which VA collected the records. VA, on 
its own initiative, may disclose records in this system of records in 
legal proceedings before a court or administrative body after 
determining that the disclosure of the records to the court or 
administrative body is a use of the information contained in the 
records that is compatible with the purpose for which VA collected the 
records.
    4. Disclosure may be made to individuals, organizations, private or 
public agencies, or other entities or individuals with whom VA has a 
contract or agreement to perform such services as VA may deem 
practicable for the purposes of laws administered by VA, in order for 
the contractor, subcontractor, public or private agency, or other 
entity or individual with whom VA has an agreement or contract to 
perform the services of the contract or agreement. This routine use 
includes disclosures by the individual or entity performing the service 
for VA to any secondary entity or individual to perform an activity 
that is necessary for individuals, organizations, private or public 
agencies, or other entities or individuals with whom VA has a contract 
or agreement to provide the service to VA.
    5. VA may disclose on its own initiative any information in this 
system, except the names and home addresses of Veterans and their 
dependents, that is relevant to a suspected or reasonably imminent 
violation of law, whether civil, criminal, or regulatory in nature and 
whether arising by general or program statute or by regulation, rule or 
order issued pursuant thereto, to a Federal, state, local, tribal, or 
foreign agency charged with the responsibility of investigating or 
prosecuting such violation, or charged with enforcing or implementing 
the statute, regulation, rule, or order. On its own initiative, VA may 
also disclose the names and addresses of Veterans and their dependents 
to a Federal agency charged with the responsibility of investigating or 
prosecuting civil, criminal, or regulatory violations of law, or 
charged with enforcing or implementing the statute, regulation, rule, 
or order issued pursuant thereto.
    6. Disclosure to other Federal agencies may be made to assist such 
agencies in preventing and detecting possible fraud or abuse by 
individuals in their operations and programs.
    7. VA may, on its own initiative disclose any information or 
records to appropriate agencies, entities, and persons when (1) VA 
suspects or has confirmed that the integrity or confidentiality of 
information in the system of records has been compromised; (2) VA has 
determined that as a result of the suspected or confirmed compromise 
there is a risk of embarrassment or harm to the reputations of the 
record subjects, harm to economic or property interests, identity theft 
or fraud, or harm to the security, confidentiality, or integrity of 
this system or other systems or programs (whether maintained by VA or 
another agency or entity) that rely upon the potentially compromised 
information; and (3) the disclosure is to agencies, entities, or 
persons whom VA determines are reasonably necessary to assist or carry 
out VA's efforts to respond to the suspected or confirmed compromise 
and prevent, minimize, or remedy such harm. This routine use permits 
disclosures by VA to respond to a suspected or confirmed data breach, 
including the conduct of any risk analysis or provision of credit 
protection services as provided in 38 U.S.C. 5724, as the terms are 
defined in 38 U.S.C. 5727.
    a. Effective Response. A Federal agency's ability to respond 
quickly and effectively in the event of a breach of Federal data is 
critical to its efforts to prevent or minimize any consequent harm. An 
effective response necessitates

[[Page 11302]]

disclosure of information regarding the breach to those individuals 
affected by it, as well as to persons and entities in a position to 
cooperate, either by assisting in notification to affected individuals 
or playing a role in preventing or minimizing harms from the breach.
    b. Disclosure of Information. Often, the information to be 
disclosed to such persons and entities is maintained by Federal 
agencies and is subject to the Privacy Act (5 U.S.C. 552a). The Privacy 
Act prohibits the disclosure of any record in a system of records by 
any means of communication to any person or agency absent the written 
consent of the subject individual, unless the disclosure falls within 
one of twelve statutory exceptions. In order to ensure an agency is in 
the best position to respond in a timely and effective manner, in 
accordance with 5 U.S.C. 552a(b)(3) of the Privacy Act, agencies should 
publish a routine use for appropriate systems specifically applying to 
the disclosure of information in connection with response and remedial 
efforts in the event of a data breach.
    8. VA may disclose any audio files and accompanying transcripts to 
coaching credentialing entities for the sole purpose of evaluation of a 
coach who is applying for an advanced coaching credential.
    9. VA may, on its own initiative, disclose information from this 
system to another Federal agency or Federal entity, when VA determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach.
    10. VA may disclose information from this system to the Equal 
Employment Opportunity Commission (EEOC) when requested in connection 
with investigations of alleged or possible discriminatory practices, 
examination of Federal affirmative employment programs, or other 
functions of the Commission as authorized by law or regulation.
    11. VA may disclose information from this system to the Federal 
Labor Relations Authority (FLRA), including its General Counsel, 
information related to the establishment of jurisdiction, 
investigation, and resolution of allegations of unfair labor practices, 
or in connection with the resolution of exceptions to arbitration 
awards when a question of material fact is raised; for it to address 
matters properly before the Federal Services Impasses Panel, 
investigate representation petitions, and conduct or supervise 
representation elections.
    12. VA may disclose information from this system to the Merit 
Systems Protection Board (MSPB), or the Office of the Special Counsel, 
when requested in connection with appeals, special studies of the civil 
service and other merit systems, review of rules and regulations, 
investigation of alleged or possible prohibited personnel practices, 
and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as 
authorized by law.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are maintained on the HPDM1 Server and VACIN Server and 
backup servers in Little Rock, Arkansas and Cincinnati, Ohio.

POLICIES AND PRACTICES FOR RETRIEVABILITY OF RECORDS:
    Records are retrieved by name, social security number, position 
number, organization number, position number, or other assigned 
identifiers of the organizations, positions or individuals on whom they 
are maintained.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    The records are disposed of in accordance with General records 4.3, 
item 031.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    1. Access to and use of national administrative databases, 
warehouses, and data marts are limited to those persons whose official 
duties require such access, and VA has established security procedures 
to ensure that access is appropriately limited. Information security 
officers and system data stewards review and authorize data access 
requests. VA regulates data access with security software that 
authenticates users and requires individually-unique codes and 
passwords. VA requires information security training for all staff and 
instructs staff on the responsibility each person has for safeguarding 
data confidentiality.
    2. Physical access to computer rooms housing national 
administrative databases, warehouses, and data marts is restricted to 
authorized staff and protected by a variety of security devices. 
Unauthorized employees, contractors, and other staff are not allowed in 
computer rooms.
    3. Data transmissions between operational systems and national 
administrative databases, warehouses, and data marts maintained by this 
system of record are protected by state-of-the-art telecommunication 
software and hardware. This may include firewalls, intrusion detection 
devices, encryption, and other security measures necessary to safeguard 
data as it travels across the Wide Area Network.

RECORD ACCESS PROCEDURE:
    Individuals seeking information regarding access to and contesting 
of records in this system may write, call or visit the VA facility 
location where they are or were employed or made contact or the Program 
Office in which requests for services were made.

CONTESTING RECORD PROCEDURES:
    (See Record Access procedures above.)

NOTIFICATION PROCEDURE:
    Individuals who wish to determine whether this system of records 
contains information about them should contact the VA facility location 
at which they are or were employed. Inquiries should include the 
person's full name, social security number, dates of employment, 
date(s) of contact, and return address.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    Under Title 5 U.S.C. Sec.  552a(k)(6), the head of any agency may 
exempt any system of records within the agency from certain provisions 
of the Privacy Act, if the system of records is testing or examination 
material used solely to determine individual qualifications for 
appointment or promotion in the Federal service the disclosure of which 
would compromise the objectivity or fairness of the testing or 
examination process. The Talent Assessment Data within the system of 
records is considered examination material used to determine if an 
employee has the qualifications, leadership skills and experience 
necessary to become a Medical Center Director.
    Based upon the foregoing, the Secretary of Veterans Affairs has 
exempted this system of records, to the extent that it encompasses 
information pertaining to criminal law enforcement related activities 
from the following provisions of the Privacy Act of 1974, as permitted 
by 5 U.S.C. Sec.  552a(k)(6):
    5 U.S.C. Sec.  552a(c)(3).
    5 U.S.C. Sec.  552a(d)(1) through (4).
    5 U.S.C. Sec.  552a(e)(1).
    5 U.S.C. Sec.  552a(e)(4)(G), (H) and (I).
    5 U.S.C. Sec.  552a(f).

[[Page 11303]]

    5 U.S.C. Sec.  552a(e)(4)(G), (H) and (I).
    5 U.S.C. Sec.  552a(f).

    Reasons for exemptions: The exemption of examination material in 
this system of records is necessary to ensure candid and complete 
assessment of individual qualifications for appointment or promotion in 
VHA. The disclosure of the Talent Assessment Data would compromise the 
objectivity of the examination for the individuals and the willingness 
to provide full, candid assessments by the reviewers.

HISTORY:
    Last full publication provided in 75 FR 34 dated February 22, 2010.

[FR Doc. 2018-05087 Filed 3-13-18; 8:45 am]
 BILLING CODE P