Privacy Act of 1974; System of Records, 16138-16141 [2019-07648]

Download as PDF 16138 Federal Register / Vol. 84, No. 74 / Wednesday, April 17, 2019 / Notices Issued in Washington, DC, on April 12, 2019. Lirio Liu, Designated Federal Officer, Aviation Rulemaking Advisory Committee. [FR Doc. 2019–07688 Filed 4–16–19; 8:45 am] BILLING CODE 4910–13–P DEPARTMENT OF TRANSPORTATION Federal Highway Administration [Docket No. FHWA–2019–0014] Agency Information Collection Activities: Request for Comments for a new Information Collection Request Federal Highway Administration (FHWA), DOT. ACTION: Notice and request for comments. AGENCY: In compliance with the Paperwork Reduction Act (PRA) of 1995, this notice announces that FHWA will submit the collection of information described below to the Office of Management and Budget (OMB) for review and comment. The Federal Register Notice with a 60-day comment period soliciting comments on the following collection of information was published on February 7, 2019. The PRA submission describes the nature of the information collection and its expected cost and burden. DATES: Please submit comments by May 17, 2019. ADDRESSES: You may submit comments identified by DOT Docket ID Number FHWA 2019–0014, by any of the following methods: Website: For access to the docket to read background documents or comments received go to the Federal eRulemaking Portal: Go to http:// www.regulations.gov. Follow the online instructions for submitting comments. Fax: 1–202–493–2251. Mail: Docket Management Facility, U.S. Department of Transportation, West Building Ground Floor, Room W12–140, 1200 New Jersey Avenue SE, Washington, DC 20590–0001. Hand Delivery or Courier: U.S. Department of Transportation, West Building Ground Floor, Room W12–140, 1200 New Jersey Avenue SE, Washington, DC 20590, between 9 a.m. and 5 p.m. ET, Monday through Friday, except Federal holidays. FOR FURTHER INFORMATION CONTACT: R. Kevin. O’Grady 202–366–2030 or Arnold Feldman, 202–366–2028, Office of Real Estate Services, Federal Highway Administration, Department of Transportation, 1200 New Jersey amozie on DSK9F9SC42PROD with NOTICES SUMMARY: VerDate Sep<11>2014 18:23 Apr 16, 2019 Jkt 247001 Avenue SE, Washington, DC 20590. Office hours are from 7 a.m. to 3 p.m. ET, Monday through Friday, except Federal holidays. SUPPLEMENTARY INFORMATION: Title: An Analysis of the Use of Waiver Valuations by Federal, State and Local Public Agencies (LPAs): Identifying and Measuring Outcomes That Could Further Streamline Project Delivery. Background: Waiver valuation is a key component of the ‘‘Right-of-Way Flexibilities’’ that were an FHWA Every Day Counts (EDC) initiative. This research will provide a detailed analysis of the current state of the waiver valuation program nationwide. It will identify issues, practices, or misinformation/misunderstanding that limit the implementation of the waiver valuation program and reduce its ability to streamline processes. The research will document the steps that are taken to improve implementation of waivers and enhance savings of administrative costs. The research also will identify additional opportunities for improving the existing processes/practices for waiver valuations that can provide significant savings in time and money and provide greater flexibility to acquiring agencies in delivery of their overall right-of-way acquisition program. Respondents: Each of the 52 state DOT’s (for the 50 states, the District of Columbia, and Puerto Rico) will be asked to respond to a written questionnaire. A subset of the state DOT’s will be asked to participate in follow-up interviews. Frequency: One-time survey. Estimated Average Burden per Response: Approximately 2 hours per survey response and 1 hour per interview. Estimated Total Annual Burden Hours: Approximately 120 hours. Public Comments Invited: You are asked to comment on any aspect of this information collection, including: (1) Whether the proposed collection is necessary for the FHWA’s performance; (2) the accuracy of the estimated burdens; (3) ways for the FHWA to enhance the quality, usefulness, and clarity of the collected information; and (4) ways that the burden could be minimized, including the use of electronic technology, without reducing the quality of the collected information. The agency will summarize and/or include your comments in the request for OMB’s clearance of this information collection. Authority: The Paperwork Reduction Act of 1995; 44 U.S.C. Chapter 35, as amended; and 49 CFR 1.48. PO 00000 Frm 00145 Fmt 4703 Sfmt 4703 Issued on: April 11, 2019. Michael Howell, Information Collection Officer. [FR Doc. 2019–07662 Filed 4–16–19; 8:45 am] BILLING CODE 4910–22–P DEPARTMENT OF VETERANS AFFAIRS Privacy Act of 1974; System of Records Office of Inspector General, Department of Veterans Affairs (VA). ACTION: Notice of modified system of records. AGENCY: As required by the Privacy Act of 1974, notice is hereby given that the Department of Veterans Affairs (VA) is amending the system of records known as ‘‘The Office of Inspector General Management Information System (MIS)—VA’’ (71VA53), by amending the Routine Uses and Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records within the System. DATES: Comments on this modified system of records must be received no later than 30 days after date of publication in the Federal Register. If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by VA, the modified system of records will become effective a minimum of 30 days after date of publication in the Federal Register. If VA receives public comments, VA shall review the comments to determine whether any changes to the notice are necessary. SUMMARY: Written comments may be submitted through www.Regulations.gov; by mail or handdelivery to Director, Regulation Policy and Management (00REG), Department of Veterans Affairs, 810 Vermont Ave. NW, Room 1064, Washington, DC 20420; or by fax to (202) 273–9026 (not a toll-free number). Comments should indicate that they are submitted in response to ‘‘The Office of Inspector General Management Information System (MIS)—VA’’ (71VA53). Copies of comments received will be available for public inspection in the Office of Regulation Policy and Management, Room 1063B, between the hours of 8:00 a.m. and 4:30 p.m., Monday through Friday (except holidays). Please call (202) 461–4902 for an appointment. (This is not a toll-free number.) In addition, comments may be viewed online at www.Regulations.gov. ADDRESSES: E:\FR\FM\17APN1.SGM 17APN1 Federal Register / Vol. 84, No. 74 / Wednesday, April 17, 2019 / Notices FOR FURTHER INFORMATION CONTACT: Christopher Connor, Chief, Information Release Office (50CI), Office of Inspector General, Department of Veterans Affairs, 810 Vermont Avenue NW, Washington, DC 20420, 202–461–4269; or fax comments to (202) 495–5859. Amy L. Rose, VA Privacy Service, Office of Information Security (OIS), Office of Information and Technology (OIT), Department of Veterans Affairs, 810 Vermont Avenue NW, Washington, DC 20420, (202) 632–7497. SUPPLEMENTARY INFORMATION: This publication is in accordance with the Privacy Act requirement that agencies publish their amended system of records in the Federal Register when there is revision, change, or addition. The VA Office of Inspector General (OIG) has reviewed its system of records notices and has determined its record system, ‘‘The Office of Inspector General Management Information System (MIS)—VA’’ (71VA53), should be amended to reflect evolving technology and procedures, to conform to current practice, and to reflect current authorities. The storage practices section will now reflect that data is stored in VA OIG’s new Enterprise Management System (EMS) database in addition to the legacy Master Case Index (MCI) database. The Routine Uses are amended to conform to changes recommended by OMB. The Senior Agency Official for Privacy, or designee, approved this document and authorized the undersigned to sign and submit the document to the Office of the Federal Register for publication electronically as an official document of the Department of Veterans Affairs. André Horton, Deputy Chief Information Security Officer, Department of Veterans Affairs approved this document on January 8, 2019 for publication. Dated: April 12, 2019. Amy L. Rose, Program Analyst, VA Privacy Service, Department of Veterans Affairs. 71VA53 SYSTEM NAME: The Office of Inspector General Management Information System (MIS)—VA (71VA53). amozie on DSK9F9SC42PROD with NOTICES SECURITY CLASSIFICATION: None. SYSTEM LOCATION: Department of Veterans Affairs (VA), Office of Inspector General (OIG), Office of Assistant Inspector General for Management and Administration (53), VerDate Sep<11>2014 18:23 Apr 16, 2019 Jkt 247001 810 Vermont Avenue NW, Washington, DC 20420. SYSTEM MANAGER: Assistant Inspector General for Management and Administration (53), Department of Veterans Affairs, Office of Inspector General, 810 Vermont Avenue NW, Washington, DC 20420, (202) 461–4760, VAOIG.ChiefInformationOfficer@va.gov. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Inspector General Act of 1978, Public Law (Pub L.) 95–452, 5 U.S.C. App., as amended through Public Law 115–254 (IG Act). PURPOSE(S) OF THE SYSTEM: The purpose of this system of records is to compile records and information about individual OIG employees for various management and human resources objectives. Case tracking data is used to measure employee productivity. Employee contact information is maintained to allow employees to be contacted in emergency situations and includes third-party information provided by the employee as an alternate emergency contact. Training records are used to make certain the employees complete required training assignments and to maintain a record of each employee’s training activities for career development and continuing professional education requirements. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: The following category of individuals will be covered by the system: All personnel assigned to VA Office of Inspector General (OIG) and any thirdparty identified by those employees as an emergency contact. CATEGORIES OF RECORDS IN THE SYSTEM: The Management Information System contains the following categories of records: Time and Attendance, Phone Directory, Awards, Training, Travel, and Personnel (which may include personnel suitability records and preemployment inquiry records). Records (or information contained in records) may include: (1) Individual’s and designated third-party’s emergency contact name, address and telephone contact information; (2) social security number; (3) date of birth; (4) service computation date; (5) career status; (6) assigned station; (7) job series; (8) education; (9) grade; (10) type of case; (11) work assignments; (12) travel; (13) experience; (14) training; and (15) audit, hotline, health care inspections and investigation case tracking data (e.g., case number, budgeted and actual staff PO 00000 Frm 00146 Fmt 4703 Sfmt 4703 16139 days, target and completion dates, findings and results). Personnel suitability records may contain investigative information about an individual’s character, conduct and behavior in the community where he or she lives or lived; arrests and convictions for violations of law; reports of interviews with the subject and with present and former supervisors; coworkers, associates, neighbors, educators, etc., reports about the qualifications of an individual for a specific position and correspondence relating to adjudication matters; reports of inquiries with law enforcement agencies, employers, educational institutions attended, and credit reporting agencies; reports of action after Office of Personnel Management (OPM) or Federal Bureau of Investigation (FBI) full field investigations: And other information developed from the above. Pre-Employment Inquiry Records: These records may contain information relating to an applicant’s qualifications for employment in terms of character, reputation, and fitness; including letters of reference, responses to preemployment inquiries, qualifications and character information; reports of inquiries with law enforcement agencies, employers, educational institutions attended, and credit reporting agencies; and other information which may relate to the specific selection factors associated with the position sought. RECORD SOURCE CATEGORIES: Individual employees, supervisors, official personnel folder, other personnel documents, individual applications, and forms. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: 1. Congress: VA may disclose information from the record of an individual in response to an inquiry from the congressional office made at the request of that individual. VA must be able to provide information about individuals to adequately respond to inquiries from Members of Congress at the request of constituents who have sought their assistance. 2. Data breach response and remedial efforts: VA may, on its own initiative, disclose information from this system to appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that the integrity or confidentiality of information in the system of records has been compromised; (2) the Department has E:\FR\FM\17APN1.SGM 17APN1 amozie on DSK9F9SC42PROD with NOTICES 16140 Federal Register / Vol. 84, No. 74 / Wednesday, April 17, 2019 / Notices determined that as a result of the suspected or confirmed compromise there is a risk of embarrassment or harm to the reputations of the record subjects, harm to economic or property interests, identity theft or fraud, or harm to the security, confidentiality, or integrity of this system or other systems or programs (whether maintained by the Department or another agency or entity) that rely upon the potentially compromised information; and (3) the disclosure is to agencies, entities, or persons whom VA determines are reasonably necessary to assist or carry out the Department’s efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. This routine use permits disclosures by the Department to respond to a suspected or confirmed data breach, including the conduct of any risk analysis or provision of credit protection services as provided in 38 U.S.C. 5724. a. Effective Response. A federal agency’s ability to respond quickly and effectively in the event of a breach of federal data is critical to its efforts to prevent or minimize any consequent harm. An effective response necessitates disclosure of information regarding the breach to those individuals affected by it, as well as to persons and entities in a position to cooperate, either by assisting in notification to affected individuals or playing a role in preventing or minimizing harms from the breach. b. Disclosure of Information. Often, the information to be disclosed to such persons and entities is maintained by federal agencies and is subject to the Privacy Act (5 U.S.C. 552a). The Privacy Act prohibits the disclosure of any record in a system of records by any means of communication to any person or agency absent the written consent of the subject individual, unless the disclosure falls within one of twelve statutory exceptions. In order to ensure an agency is in the best position to respond in a timely and effective manner, in accordance with 5 U.S.C. 552a(b)(3) of the Privacy Act, agencies should publish a routine use for appropriate systems specifically applying to the disclosure of information in connection with response and remedial efforts in the event of a data breach. c. Data breach response and remedial efforts with another Federal agency: VA may disclose information from this system to another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist VerDate Sep<11>2014 18:23 Apr 16, 2019 Jkt 247001 the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. 3. Law Enforcement: VA may, on its own initiative, disclose information in this system, except the names and home addresses of veterans and their dependents, which is relevant to a suspected or reasonably imminent violation of law, whether civil, criminal or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, to a federal, state, local, tribal, or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule or order. On its own initiative, VA may also disclose the names and addresses of veterans and their dependents to a federal agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto. VA must be able to provide on its own initiative information that pertains to a violation of laws to law enforcement authorities in order for them to investigate and enforce those laws. Under 38 U.S.C. 5701(a) and (f), VA may disclose the names and addresses of veterans and their dependents to federal entities with law enforcement responsibilities. This is distinct from the authority to disclose records in response to a qualifying request from a law enforcement entity, as authorized by Privacy Act subsection 5 U.S.C. 552a(b)(7). 4. Litigation: VA may disclose information from this system of records to the Department of Justice (DoJ), either on VA’s initiative or in response to DoJ’s request for the information, after either VA or DoJ determines that such information is relevant to DoJ’s representation of the United States or any of its components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that release of the records to the DoJ is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA, on its own initiative, may disclose records in this system of records in legal PO 00000 Frm 00147 Fmt 4703 Sfmt 4703 proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. To determine whether to disclose records under this routine use, VA will comply with the guidance promulgated by the Office of Management and Budget in a May 24, 1985, memorandum entitled ‘‘Privacy Act Guidance— Update,’’ currently posted at http:// www.whitehouse.gov/omb/inforeg/ guidance1985.pdf. VA must be able to provide information to DoJ in litigation where the United States or any of its components is involved or has an interest. A determination would be made in each instance that under the circumstances involved, the purpose is compatible with the purpose for which VA collected the information. This routine use is distinct from the authority to disclose records in response to a court order under subsection (b)(11) of the Privacy Act, 5 U.S.C. 552(b)(11), or any other provision of subsection (b), in accordance with the court’s analysis in Doe v. DiGenova, 779 F.2d 74, 78–85 (DC Cir. 1985) and Doe v. Stephens, 851 F.2d 1457, 1465–67 (DC Cir. 1988). 5. Contractors: VA may disclose information from this system of records to individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to perform such services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor, subcontractor, public or private agency, or other entity or individual with whom VA has a contract or agreement to perform services under the contract or agreement. This routine use includes disclosures by an individual or entity performing services for VA to any secondary entity or individual to perform an activity that is necessary for individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to provide the service to VA. This routine use, which also applies to agreements that do not qualify as contracts defined by federal procurement laws and regulations, is consistent with OMB guidance in OMB Circular A–130, App. I, paragraph 5a(1)(b) that agencies promulgate routine uses to address disclosure of Privacy Act-protected information to contractors in order to perform the services contracts for the agency. E:\FR\FM\17APN1.SGM 17APN1 amozie on DSK9F9SC42PROD with NOTICES Federal Register / Vol. 84, No. 74 / Wednesday, April 17, 2019 / Notices 6. Equal Employment Opportunity Commission (EEOC): VA may disclose information from this system to the EEOC when requested in connection with investigations of alleged or possible discriminatory practices, examination of federal affirmative employment programs, or other functions of the Commission as authorized by law or regulation. VA must be able to provide information to EEOC to assist it in fulfilling its duties to protect employees’ rights, as required by statute and regulation. 7. Federal Labor Relations Authority (FLRA): VA may disclose information from this system to the FLRA, including its General Counsel, information related to the establishment of jurisdiction, investigation, and resolution of allegations of unfair labor practices, or in connection with the resolution of exceptions to arbitration awards when a question of material fact is raised; for it to address matters properly before the Federal Services Impasses Panel, investigate representation petitions, and conduct or supervise representation elections. VA must be able to provide information to FLRA to comply with the statutory mandate under which it operates. 8. Merit Systems Protection Board (MSPB): VA may disclose information from this system to the MSPB, or the Office of the Special Counsel, when requested in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by law. VA must be able to provide information to MSPB to assist it in fulfilling its duties as required by statute and regulation. 9. National Archives and Records Administration (NARA) and General Services Administration (GSA): VA may disclose information from this system to NARA and GSA in records management inspections conducted under title 44, U.S.C. NARA is responsible for archiving old records which are no longer actively used but may be appropriate for preservation, and for the physical maintenance of the federal government’s records. VA must be able to provide the records to NARA in order to determine the proper disposition of such records. VerDate Sep<11>2014 18:23 Apr 16, 2019 Jkt 247001 POLICIES AND PRACTICES FOR STORAGE OF RECORDS: Records and information are stored electronically in the VA OIG’s new Enterprise Management System (EMS) and legacy Master Case Index (MCI) databases and servers at the OIG’s office at 801 I Street NW, Washington, DC, in the office of the Information Technology Division. Backup records are stored on magnetic disc, tape, and CD–ROM and may also be retained in hard copy format in secure file folders. Information can be retrieved based on computer searches of various data elements, including, but not limited to, MCI or EMS case numbers, transaction numbers, key words, and names of individual OIG employees. Electronic data is maintained indefinitely as described above. Policy for the disposal of records as well as a retention schedule is being developed by the OIG’s Office of Management and Administration, Information on awards and travel is maintained so that OIG managers have readily available relevant information about their employees in these areas. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: Records are retrieved by Social Security Number, case number, work assignment, or name. ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: Information in the system is protected from unauthorized access through administrative, physical, and technical safeguards. Categories of records are restricted to those with an official need to know the information. Only VA OIG supervisors, for example, can access the Awards data, and only for employees within their supervisory chain. Access to data is also limited by means of features such as ‘‘read-only access,’’ i.e., where the person with access can read but not enter or change the information in the system. Safeguards also include password protection features and cipher locks securing the physical area. Some information in the system is restricted to employees of the Human Resources Management Division. RECORD ACCESS PROCEDURES: An individual who seeks access to or wishes to contest records maintained under his or her name in this system must submit a written request to the Chief, Information Release Office (50CI). However, a majority of records in this system are exempt from the records access and contesting requirements under 5 U.S.C. 552a (j) and (k). To the extent that records in this system of PO 00000 Frm 00148 Fmt 4703 Sfmt 4703 16141 records are not subject to exemption, they are subject to access and contest. A determination as to whether an exemption applies shall be made at the time a request for access or contest is received. CONTESTING RECORD PROCEDURES: (See records access procedures above.) NOTIFICATION PROCEDURES: An individual who wishes to determine whether a record is being maintained under his or her name in this system must furnish a written request to the Chief, Information Release Office (50CI), Department of Veteran Affairs, Office of Inspector General, 810 Vermont Avenue NW, Washington, DC 20420. HISTORY: [See the last full Federal Register notice, 73 FR 56633, Sep. 29, 2008]. [FR Doc. 2019–07648 Filed 4–16–19; 8:45 am] BILLING CODE P DEPARTMENT OF VETERANS AFFAIRS Privacy Act of 1974; System of Records Office of Inspector General (OIG), Department of Veterans Affairs (VA). ACTION: Notice of modified system of records. AGENCY: As required by the Privacy Act of 1974, notice is hereby given that the Department of Veterans Affairs (VA) is amending the system of records known as ‘‘Criminal Investigations’’ (11VA51) by amending the Routine Uses and the Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records within the System. VA is republishing the system notice in its entirety. DATES: Comments on this modified system of records must be received no later than 30 days after date of publication in the Federal Register. If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by VA, the modified system of records will become effective a minimum of 30 days after date of publication in the Federal Register. If VA receives public comments, VA shall review the comments to determine whether any changes to the notice are necessary. SUMMARY: Written comments may be submitted through ADDRESSES: E:\FR\FM\17APN1.SGM 17APN1

Agencies

[Federal Register Volume 84, Number 74 (Wednesday, April 17, 2019)]
[Notices]
[Pages 16138-16141]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-07648]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Office of Inspector General, Department of Veterans Affairs 
(VA).

ACTION: Notice of modified system of records.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974, notice is hereby given 
that the Department of Veterans Affairs (VA) is amending the system of 
records known as ``The Office of Inspector General Management 
Information System (MIS)--VA'' (71VA53), by amending the Routine Uses 
and Policies and Practices for Storing, Retrieving, Accessing, 
Retaining, and Disposing of Records within the System.

DATES: Comments on this modified system of records must be received no 
later than 30 days after date of publication in the Federal Register. 
If no public comment is received during the period allowed for comment 
or unless otherwise published in the Federal Register by VA, the 
modified system of records will become effective a minimum of 30 days 
after date of publication in the Federal Register. If VA receives 
public comments, VA shall review the comments to determine whether any 
changes to the notice are necessary.

ADDRESSES: Written comments may be submitted through 
www.Regulations.gov; by mail or hand-delivery to Director, Regulation 
Policy and Management (00REG), Department of Veterans Affairs, 810 
Vermont Ave. NW, Room 1064, Washington, DC 20420; or by fax to (202) 
273-9026 (not a toll-free number). Comments should indicate that they 
are submitted in response to ``The Office of Inspector General 
Management Information System (MIS)--VA'' (71VA53). Copies of comments 
received will be available for public inspection in the Office of 
Regulation Policy and Management, Room 1063B, between the hours of 8:00 
a.m. and 4:30 p.m., Monday through Friday (except holidays). Please 
call (202) 461-4902 for an appointment. (This is not a toll-free 
number.) In addition, comments may be viewed online at 
www.Regulations.gov.

[[Page 16139]]


FOR FURTHER INFORMATION CONTACT: Christopher Connor, Chief, Information 
Release Office (50CI), Office of Inspector General, Department of 
Veterans Affairs, 810 Vermont Avenue NW, Washington, DC 20420, 202-461-
4269; or fax comments to (202) 495-5859. Amy L. Rose, VA Privacy 
Service, Office of Information Security (OIS), Office of Information 
and Technology (OIT), Department of Veterans Affairs, 810 Vermont 
Avenue NW, Washington, DC 20420, (202) 632-7497.

SUPPLEMENTARY INFORMATION: This publication is in accordance with the 
Privacy Act requirement that agencies publish their amended system of 
records in the Federal Register when there is revision, change, or 
addition. The VA Office of Inspector General (OIG) has reviewed its 
system of records notices and has determined its record system, ``The 
Office of Inspector General Management Information System (MIS)--VA'' 
(71VA53), should be amended to reflect evolving technology and 
procedures, to conform to current practice, and to reflect current 
authorities. The storage practices section will now reflect that data 
is stored in VA OIG's new Enterprise Management System (EMS) database 
in addition to the legacy Master Case Index (MCI) database. The Routine 
Uses are amended to conform to changes recommended by OMB.
    The Senior Agency Official for Privacy, or designee, approved this 
document and authorized the undersigned to sign and submit the document 
to the Office of the Federal Register for publication electronically as 
an official document of the Department of Veterans Affairs. 
Andr[eacute] Horton, Deputy Chief Information Security Officer, 
Department of Veterans Affairs approved this document on January 8, 
2019 for publication.

    Dated: April 12, 2019.
Amy L. Rose,
Program Analyst, VA Privacy Service, Department of Veterans Affairs.
71VA53

SYSTEM NAME:
    The Office of Inspector General Management Information System 
(MIS)--VA (71VA53).

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Department of Veterans Affairs (VA), Office of Inspector General 
(OIG), Office of Assistant Inspector General for Management and 
Administration (53), 810 Vermont Avenue NW, Washington, DC 20420.

SYSTEM MANAGER:
    Assistant Inspector General for Management and Administration (53), 
Department of Veterans Affairs, Office of Inspector General, 810 
Vermont Avenue NW, Washington, DC 20420, (202) 461-4760, 
[email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Inspector General Act of 1978, Public Law (Pub L.) 95-452, 5 U.S.C. 
App., as amended through Public Law 115-254 (IG Act).

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system of records is to compile records and 
information about individual OIG employees for various management and 
human resources objectives. Case tracking data is used to measure 
employee productivity. Employee contact information is maintained to 
allow employees to be contacted in emergency situations and includes 
third-party information provided by the employee as an alternate 
emergency contact. Training records are used to make certain the 
employees complete required training assignments and to maintain a 
record of each employee's training activities for career development 
and continuing professional education requirements.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The following category of individuals will be covered by the 
system: All personnel assigned to VA Office of Inspector General (OIG) 
and any third-party identified by those employees as an emergency 
contact.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The Management Information System contains the following categories 
of records: Time and Attendance, Phone Directory, Awards, Training, 
Travel, and Personnel (which may include personnel suitability records 
and preemployment inquiry records). Records (or information contained 
in records) may include: (1) Individual's and designated third-party's 
emergency contact name, address and telephone contact information; (2) 
social security number; (3) date of birth; (4) service computation 
date; (5) career status; (6) assigned station; (7) job series; (8) 
education; (9) grade; (10) type of case; (11) work assignments; (12) 
travel; (13) experience; (14) training; and (15) audit, hotline, health 
care inspections and investigation case tracking data (e.g., case 
number, budgeted and actual staff days, target and completion dates, 
findings and results). Personnel suitability records may contain 
investigative information about an individual's character, conduct and 
behavior in the community where he or she lives or lived; arrests and 
convictions for violations of law; reports of interviews with the 
subject and with present and former supervisors; coworkers, associates, 
neighbors, educators, etc., reports about the qualifications of an 
individual for a specific position and correspondence relating to 
adjudication matters; reports of inquiries with law enforcement 
agencies, employers, educational institutions attended, and credit 
reporting agencies; reports of action after Office of Personnel 
Management (OPM) or Federal Bureau of Investigation (FBI) full field 
investigations: And other information developed from the above.
    Pre-Employment Inquiry Records:
    These records may contain information relating to an applicant's 
qualifications for employment in terms of character, reputation, and 
fitness; including letters of reference, responses to preemployment 
inquiries, qualifications and character information; reports of 
inquiries with law enforcement agencies, employers, educational 
institutions attended, and credit reporting agencies; and other 
information which may relate to the specific selection factors 
associated with the position sought.

RECORD SOURCE CATEGORIES:
    Individual employees, supervisors, official personnel folder, other 
personnel documents, individual applications, and forms.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Congress: VA may disclose information from the record of an 
individual in response to an inquiry from the congressional office made 
at the request of that individual.
    VA must be able to provide information about individuals to 
adequately respond to inquiries from Members of Congress at the request 
of constituents who have sought their assistance.
    2. Data breach response and remedial efforts: VA may, on its own 
initiative, disclose information from this system to appropriate 
agencies, entities, and persons when (1) VA suspects or has confirmed 
that the integrity or confidentiality of information in the system of 
records has been compromised; (2) the Department has

[[Page 16140]]

determined that as a result of the suspected or confirmed compromise 
there is a risk of embarrassment or harm to the reputations of the 
record subjects, harm to economic or property interests, identity theft 
or fraud, or harm to the security, confidentiality, or integrity of 
this system or other systems or programs (whether maintained by the 
Department or another agency or entity) that rely upon the potentially 
compromised information; and (3) the disclosure is to agencies, 
entities, or persons whom VA determines are reasonably necessary to 
assist or carry out the Department's efforts to respond to the 
suspected or confirmed compromise and prevent, minimize, or remedy such 
harm.
    This routine use permits disclosures by the Department to respond 
to a suspected or confirmed data breach, including the conduct of any 
risk analysis or provision of credit protection services as provided in 
38 U.S.C. 5724.
    a. Effective Response. A federal agency's ability to respond 
quickly and effectively in the event of a breach of federal data is 
critical to its efforts to prevent or minimize any consequent harm. An 
effective response necessitates disclosure of information regarding the 
breach to those individuals affected by it, as well as to persons and 
entities in a position to cooperate, either by assisting in 
notification to affected individuals or playing a role in preventing or 
minimizing harms from the breach.
    b. Disclosure of Information. Often, the information to be 
disclosed to such persons and entities is maintained by federal 
agencies and is subject to the Privacy Act (5 U.S.C. 552a). The Privacy 
Act prohibits the disclosure of any record in a system of records by 
any means of communication to any person or agency absent the written 
consent of the subject individual, unless the disclosure falls within 
one of twelve statutory exceptions. In order to ensure an agency is in 
the best position to respond in a timely and effective manner, in 
accordance with 5 U.S.C. 552a(b)(3) of the Privacy Act, agencies should 
publish a routine use for appropriate systems specifically applying to 
the disclosure of information in connection with response and remedial 
efforts in the event of a data breach.
    c. Data breach response and remedial efforts with another Federal 
agency: VA may disclose information from this system to another Federal 
agency or Federal entity, when VA determines that information from this 
system of records is reasonably necessary to assist the recipient 
agency or entity in (1) responding to a suspected or confirmed breach 
or (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    3. Law Enforcement: VA may, on its own initiative, disclose 
information in this system, except the names and home addresses of 
veterans and their dependents, which is relevant to a suspected or 
reasonably imminent violation of law, whether civil, criminal or 
regulatory in nature and whether arising by general or program statute 
or by regulation, rule or order issued pursuant thereto, to a federal, 
state, local, tribal, or foreign agency charged with the responsibility 
of investigating or prosecuting such violation, or charged with 
enforcing or implementing the statute, regulation, rule or order. On 
its own initiative, VA may also disclose the names and addresses of 
veterans and their dependents to a federal agency charged with the 
responsibility of investigating or prosecuting civil, criminal or 
regulatory violations of law, or charged with enforcing or implementing 
the statute, regulation, rule or order issued pursuant thereto.
    VA must be able to provide on its own initiative information that 
pertains to a violation of laws to law enforcement authorities in order 
for them to investigate and enforce those laws. Under 38 U.S.C. 5701(a) 
and (f), VA may disclose the names and addresses of veterans and their 
dependents to federal entities with law enforcement responsibilities. 
This is distinct from the authority to disclose records in response to 
a qualifying request from a law enforcement entity, as authorized by 
Privacy Act subsection 5 U.S.C. 552a(b)(7).
    4. Litigation: VA may disclose information from this system of 
records to the Department of Justice (DoJ), either on VA's initiative 
or in response to DoJ's request for the information, after either VA or 
DoJ determines that such information is relevant to DoJ's 
representation of the United States or any of its components in legal 
proceedings before a court or adjudicative body, provided that, in each 
case, the agency also determines prior to disclosure that release of 
the records to the DoJ is a use of the information contained in the 
records that is compatible with the purpose for which VA collected the 
records. VA, on its own initiative, may disclose records in this system 
of records in legal proceedings before a court or administrative body 
after determining that the disclosure of the records to the court or 
administrative body is a use of the information contained in the 
records that is compatible with the purpose for which VA collected the 
records.
    To determine whether to disclose records under this routine use, VA 
will comply with the guidance promulgated by the Office of Management 
and Budget in a May 24, 1985, memorandum entitled ``Privacy Act 
Guidance--Update,'' currently posted at http://www.whitehouse.gov/omb/inforeg/guidance1985.pdf.
    VA must be able to provide information to DoJ in litigation where 
the United States or any of its components is involved or has an 
interest. A determination would be made in each instance that under the 
circumstances involved, the purpose is compatible with the purpose for 
which VA collected the information. This routine use is distinct from 
the authority to disclose records in response to a court order under 
subsection (b)(11) of the Privacy Act, 5 U.S.C. 552(b)(11), or any 
other provision of subsection (b), in accordance with the court's 
analysis in Doe v. DiGenova, 779 F.2d 74, 78-85 (DC Cir. 1985) and Doe 
v. Stephens, 851 F.2d 1457, 1465-67 (DC Cir. 1988).
    5. Contractors: VA may disclose information from this system of 
records to individuals, organizations, private or public agencies, or 
other entities or individuals with whom VA has a contract or agreement 
to perform such services as VA may deem practicable for the purposes of 
laws administered by VA, in order for the contractor, subcontractor, 
public or private agency, or other entity or individual with whom VA 
has a contract or agreement to perform services under the contract or 
agreement.
    This routine use includes disclosures by an individual or entity 
performing services for VA to any secondary entity or individual to 
perform an activity that is necessary for individuals, organizations, 
private or public agencies, or other entities or individuals with whom 
VA has a contract or agreement to provide the service to VA.
    This routine use, which also applies to agreements that do not 
qualify as contracts defined by federal procurement laws and 
regulations, is consistent with OMB guidance in OMB Circular A-130, 
App. I, paragraph 5a(1)(b) that agencies promulgate routine uses to 
address disclosure of Privacy Act-protected information to contractors 
in order to perform the services contracts for the agency.

[[Page 16141]]

    6. Equal Employment Opportunity Commission (EEOC): VA may disclose 
information from this system to the EEOC when requested in connection 
with investigations of alleged or possible discriminatory practices, 
examination of federal affirmative employment programs, or other 
functions of the Commission as authorized by law or regulation.
    VA must be able to provide information to EEOC to assist it in 
fulfilling its duties to protect employees' rights, as required by 
statute and regulation.
    7. Federal Labor Relations Authority (FLRA): VA may disclose 
information from this system to the FLRA, including its General 
Counsel, information related to the establishment of jurisdiction, 
investigation, and resolution of allegations of unfair labor practices, 
or in connection with the resolution of exceptions to arbitration 
awards when a question of material fact is raised; for it to address 
matters properly before the Federal Services Impasses Panel, 
investigate representation petitions, and conduct or supervise 
representation elections.
    VA must be able to provide information to FLRA to comply with the 
statutory mandate under which it operates.
    8. Merit Systems Protection Board (MSPB): VA may disclose 
information from this system to the MSPB, or the Office of the Special 
Counsel, when requested in connection with appeals, special studies of 
the civil service and other merit systems, review of rules and 
regulations, investigation of alleged or possible prohibited personnel 
practices, and such other functions promulgated in 5 U.S.C. 1205 and 
1206, or as authorized by law.
    VA must be able to provide information to MSPB to assist it in 
fulfilling its duties as required by statute and regulation.
    9. National Archives and Records Administration (NARA) and General 
Services Administration (GSA): VA may disclose information from this 
system to NARA and GSA in records management inspections conducted 
under title 44, U.S.C.
    NARA is responsible for archiving old records which are no longer 
actively used but may be appropriate for preservation, and for the 
physical maintenance of the federal government's records. VA must be 
able to provide the records to NARA in order to determine the proper 
disposition of such records.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records and information are stored electronically in the VA OIG's 
new Enterprise Management System (EMS) and legacy Master Case Index 
(MCI) databases and servers at the OIG's office at 801 I Street NW, 
Washington, DC, in the office of the Information Technology Division. 
Backup records are stored on magnetic disc, tape, and CD-ROM and may 
also be retained in hard copy format in secure file folders. 
Information can be retrieved based on computer searches of various data 
elements, including, but not limited to, MCI or EMS case numbers, 
transaction numbers, key words, and names of individual OIG employees. 
Electronic data is maintained indefinitely as described above. Policy 
for the disposal of records as well as a retention schedule is being 
developed by the OIG's Office of Management and Administration, 
Information on awards and travel is maintained so that OIG managers 
have readily available relevant information about their employees in 
these areas.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by Social Security Number, case number, work 
assignment, or name.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Information in the system is protected from unauthorized access 
through administrative, physical, and technical safeguards. Categories 
of records are restricted to those with an official need to know the 
information. Only VA OIG supervisors, for example, can access the 
Awards data, and only for employees within their supervisory chain. 
Access to data is also limited by means of features such as ``read-only 
access,'' i.e., where the person with access can read but not enter or 
change the information in the system. Safeguards also include password 
protection features and cipher locks securing the physical area. Some 
information in the system is restricted to employees of the Human 
Resources Management Division.

RECORD ACCESS PROCEDURES:
    An individual who seeks access to or wishes to contest records 
maintained under his or her name in this system must submit a written 
request to the Chief, Information Release Office (50CI). However, a 
majority of records in this system are exempt from the records access 
and contesting requirements under 5 U.S.C. 552a (j) and (k). To the 
extent that records in this system of records are not subject to 
exemption, they are subject to access and contest. A determination as 
to whether an exemption applies shall be made at the time a request for 
access or contest is received.

CONTESTING RECORD PROCEDURES:
    (See records access procedures above.)

NOTIFICATION PROCEDURES:
    An individual who wishes to determine whether a record is being 
maintained under his or her name in this system must furnish a written 
request to the Chief, Information Release Office (50CI), Department of 
Veteran Affairs, Office of Inspector General, 810 Vermont Avenue NW, 
Washington, DC 20420.

HISTORY:
    [See the last full Federal Register notice, 73 FR 56633, Sep. 29, 
2008].

[FR Doc. 2019-07648 Filed 4-16-19; 8:45 am]
 BILLING CODE P