Privacy Act of 1974; System of Records, 16145-16150 [2019-07649]

Download as PDF Federal Register / Vol. 84, No. 74 / Wednesday, April 17, 2019 / Notices of the electronic file cannot be searched or retrieved from the EMS or MCI databases as part of a general search. SAFEGUARDS: Information in the system is protected from unauthorized access through administrative, physical, and technical safeguards. Access to the hard copy and computerized information is restricted to authorized OIG personnel on a needto-know basis. Hard copy records are maintained in offices that are restricted during work hours or are locked after duty hours. The headquarters building is protected by security guards and access is restricted during non-duty hours. Access to the computerized information is limited to VA OIG employees by means of passwords and authorized user identification codes. Computer system documentation is maintained in a secure environment in the Office of Inspector General, VA Central Office. RETENTION AND DISPOSAL: Records will be maintained and disposed of in accordance with a records disposition authority approved by the Archivist of the United States. SYSTEM MANAGER(S) AND ADDRESS: Assistant Inspector General for Management and Administration (53), Department of Veterans Affairs, Office of Inspector General, 810 Vermont Avenue NW, Washington, DC 20420. NOTIFICATION PROCEDURE: An individual who wishes to determine whether a record is being maintained by the Assistant Inspector General for Investigations, under his or her name in this system or wishes to determine the contents of such records should submit a written request to the Assistant Inspector General for Management and Administration (53). However, a majority of records in this system are exempt from the notification requirements under 5 U.S.C. 552a (j) and (k). To the extent that records in this system of records are not subject to exemption, they are subject to notification. A determination as to whether an exemption applies shall be made at the time a request for notification is received. amozie on DSK9F9SC42PROD with NOTICES RECORD ACCESS PROCEDURES: An individual who seeks access to or wishes to contest records maintained under his or her name in this system must submit a written request to the Chief, Information Release Office (50CI). However, a majority of records in this system are exempt from the records access and contesting requirements under 5 U.S.C. 552a (j) and (k). To the VerDate Sep<11>2014 18:23 Apr 16, 2019 Jkt 247001 extent that records in this system of records are not subject to exemption, they are subject to access and contest. A determination as to whether an exemption applies shall be made at the time a request for access or contest is received. CONTESTING RECORD PROCEDURES: (See records access procedures above.) RECORD SOURCE CATEGORIES: Information is obtained from VA employees, third parties (e.g., a veteran, VA beneficiary, VA contractor, or private party), the Government Accountability Office, Department of Veterans Affairs records, congressional, federal, state, and local offices or agencies. SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT: Under 5 U.S.C. 552a(j)(2), the head of any agency may exempt any system of records within the agency from certain provisions of the Privacy Act, if the agency or component that maintains the system performs as its principal function any activities pertaining to the enforcement of criminal laws. The Inspector General Act of 1978, Public Law 95–452 (IG Act), as amended, mandates that the Inspector General recommend policies for and to conduct, supervise, and coordinate activities in the Department of Veterans Affairs and between VA and other Federal, State and local governmental agencies with respect to: (1) The prevention and detection of fraud in programs and operations administered or financed by VA and (2) the identification and prosecution of participants in such fraud. Under the IG Act, whenever the Inspector General has reasonable grounds to believe there has been a violation of Federal criminal law, the Inspector General must report the matter expeditiously to the Attorney General. This system of records has been created in major part to support the criminal law-related activities assigned by the Inspector General to the Assistant Inspector General for Investigations. These activities constitute a principal function of the Inspector General’s Hotline/Complaint Center staff. In addition to principal functions pertaining to the enforcement of criminal laws, the Inspector General may receive and investigate complaints and allegations from various sources concerning the possible existence of activities constituting non-criminal violations of law, rules or regulations; mismanagement; gross waste of funds; abuses of authority or substantial and PO 00000 Frm 00152 Fmt 4703 Sfmt 4703 16145 specific danger to the public health and safety. This system of records also exists to support inquiries by the Assistant Inspectors General for Auditing, for Management and Administration, for Administrative Investigations, and for Healthcare Inspections into noncriminal matters. Based upon the foregoing, the Secretary of Veterans Affairs has exempted this system of records, to the extent that it encompasses information pertaining to criminal law-related activities, from the following provisions of the Privacy Act of 1974, as permitted by 5 U.S.C. 552a(j)(2): 5 U.S.C. 552a(c) (3) and (4); 5 U.S.C. 552a(d); 5 U.S.C. 552a(e) (1), (2) and (3); 5 U.S.C. 552a(e)(4) (G), and (H) and (I); 5 U.S.C. 552a(e) (5) and (8); 5 U.S.C. 552a(f); 5 U.S.C. 552a(g). The Secretary of Veterans Affairs has also exempted this system of records to the extent that it does not encompass information pertaining to criminal law related activities under 5 U.S.C. 552a(j)(2) from the following provisions of the Privacy Act of 1974, as permitted by 5 U.S.C. 552a(k)(2): 5 U.S.C. 552a(c)(3); 5 U.S.C. 552a(d); 5 U.S.C. 552a(e)(1); 5 U.S.C. 552a(e)(4) (G), (H) and (I); 5 U.S.C. 552a(f). REASONS FOR EXEMPTIONS: The exemption of information and material in this system of records is necessary in order to accomplish the law enforcement functions of the Office of Inspector General, e.g., to prevent subjects of investigations from frustrating the investigatory process by discovering the scope and progress of an investigation, to prevent the disclosure of investigative techniques, to fulfill commitments made to protect the confidentiality of sources, to maintain access to sources of information and to avoid endangering these sources and law enforcement personnel. HISTORY: [See the last full Federal Register notice, 73 FR 46708, Aug. 11, 2008]. [FR Doc. 2019–07647 Filed 4–16–19; 8:45 am] BILLING CODE 8320–01–P DEPARTMENT OF VETERANS AFFAIRS Privacy Act of 1974; System of Records Office of Inspector General, Department of Veterans Affairs (VA). ACTION: Notice of modified system of records. AGENCY: As required by the Privacy Act of 1974, notice is hereby given that the Department of Veterans Affairs (VA) SUMMARY: E:\FR\FM\17APN1.SGM 17APN1 amozie on DSK9F9SC42PROD with NOTICES 16146 Federal Register / Vol. 84, No. 74 / Wednesday, April 17, 2019 / Notices is amending the system of records known as ‘‘Inspector General Hotline (Complaint Center) Records’’ (66VA53) by amending the Routine Uses, the Categories of Individuals Covered by the System, and the Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records within the System. VA is republishing the system notice in its entirety. DATES: Comments on this modified system of records must be received no later than 30 days after date of publication in the Federal Register. If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by VA, the modified system of records will become effective a minimum of 30 days after date of publication in the Federal Register. If VA receives public comments, VA shall review the comments to determine whether any changes to the notice are necessary. ADDRESSES: Written comments may be submitted through www.Regulations.gov. by mail or handdelivery to Director, Regulation Policy and Management (00REG), Department of Veterans Affairs, 810 Vermont Ave. NW, Room 1064, Washington, DC 20420; or by fax to (202) 273–9026 (not a toll-free number). Comments should indicate that they are submitted in response to Inspector General Hotline (Complaint Center) Records (66VA53). Copies of comments received will be available for public inspection in the Office of Regulation Policy and Management, Room 1063B, between the hours of 8:00 a.m. and 4:30 p.m., Monday through Friday (except holidays). Please call (202) 461–4902 for an appointment. (This is not a toll-free number.) In addition, comments may be viewed online at www.Regulations.gov. FOR FURTHER INFORMATION CONTACT: Christopher Connor, Chief, Information Release Office (50CI), Office of Inspector General, Department of Veterans Affairs, 810 Vermont Avenue NW, Washington, DC 20420, 202–461–4269; or fax comments to (202) 495–5859. Amy L. Rose, VA Privacy Service, Office of Information Security (OIS), Office of Information and Technology (OIT), Department of Veterans Affairs, 810 Vermont Avenue NW, Washington, DC 20420, (202) 632–7497. SUPPLEMENTARY INFORMATION: This publication is in accordance with the Privacy Act requirement that agencies publish their amended system of records in the Federal Register when there is revision, change, or addition. The VA Office of Inspector General (OIG) has reviewed its system of records VerDate Sep<11>2014 18:23 Apr 16, 2019 Jkt 247001 notices and has determined its record system, ‘‘Inspector General Hotline (Complaint Center) Records’’ (66VA53), should be amended to reflect evolving technology and procedures, to conform to current practice, and to reflect current authorities. The Categories of Individuals Covered by the System is amended to clarify the term ‘‘subject’’ includes subjects identified subsequent to a complaint and VA employees suspected of misconduct. The storage practices section will now reflect that data is stored in VA OIG’s new Enterprise Management System (EMS) database in addition to the legacy Master Case Index (MCI) database. The Senior Agency Official for Privacy, or designee, approved this document and authorized the undersigned to sign and submit the document to the Office of the Federal Register for publication electronically as an official document of the Department of Veterans Affairs. André Horton, Deputy Chief Information Security Officer, Department of Veterans Affairs approved this document on January 8, 2019 for publication. Dated: April 12, 2019. Amy L. Rose, Program Analyst, VA Privacy Service, Department of Veterans Affairs. 66VA53 SYSTEM NAME: Inspector General Hotline (Complaint Center) Records (66VA53). SECURITY CLASSIFICATION: None. SYSTEM LOCATION: Department of Veterans Affairs (VA), Office of Inspector General (OIG), Office of Assistant Inspector General for Management and Administration (53), 810 Vermont Avenue NW, Washington, DC 20420. Assistant Inspector General for Management and Administration (53), Department of Veterans Affairs, Office of Inspector General, 810 Vermont Avenue NW, Washington, DC 20420, (202) 461–4760, VAOIG.ChiefInformationOfficer@va.gov. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Inspector General Act of 1978, Public Law (Pub. L.) 95–452, 5 U.S.C. App., as amended through Public Law 115–254 (IG Act). PURPOSE(S) OF THE SYSTEM: The purpose of this system of records is to store records and information related to official complaints made to Frm 00153 Fmt 4703 CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: The following categories of individuals will be covered by the system: Individuals who are subjects of complaints, complainants, and witnesses. Subjects, complainants, and witnesses may be VA employees or third parties (e.g., a veteran, VA beneficiary, contractor, or private citizen). Subjects are those alleged to have engaged in wrongdoing or impropriety, criminal, civil, or administrative, either in performance of their official VA duties or related to the programs and operations of VA. Subjects include those identified during the investigation of a complaint. The allegations are made to the OIG Hotline by complainants or developed by the OIG based on complaints. Complainants are individuals who have reported the possible existence of an activity constituting a violation of law, rule or regulation, or mismanagement, gross waste of funds, abuse of authority or a substantial and specific danger to the public health and safety. Complaints may also be made anonymously. CATEGORIES OF RECORDS IN THE SYSTEM: SYSTEM MANAGER(S): PO 00000 the VA OIG. The Hotline Division is the OIG’s complaint center and serves as the recipient of all types of complaints about impropriety and wrongdoing related to VA programs and operations. The specific information about each complaint, including name of complainant, name of subject, and allegations of improper conduct, is recorded and then forwarded to the appropriate VA OIG division or external entity for investigation, review, or resolution. The information is also used to provide prompt, responsive, and accurate information regarding the status of Hotline complaints and to provide a record of complaint disposition and statistical information about complaints. Sfmt 4703 Records (or information contained in records) in this system may include: (1) The name, home and work address, email address, and home, work and cellular phone numbers of the complainant and witnesses; (2) the name, title, date of birth, Social Security Number and home and work address of the subject of the complaint; and (3) the location and nature of the alleged wrongdoing. The records maintained in this system may also include: (1) Documentation and other evidence from the complainant; (2) correspondence between the VA OIG Office of Management and Administration (53) and other components of the Office of Inspector General, agency departments, E:\FR\FM\17APN1.SGM 17APN1 Federal Register / Vol. 84, No. 74 / Wednesday, April 17, 2019 / Notices and the complainant; and (3) reports based on the investigation of the allegations. RECORD SOURCE CATEGORIES: Information is obtained from VA employees, third parties (e.g., a veteran, VA beneficiary, VA contractor, or private party), the Government Accountability Office, VA records, congressional, federal, state, and local offices or agencies. amozie on DSK9F9SC42PROD with NOTICES ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: 1. Congress: VA may disclose information from the record of an individual in response to an inquiry from the congressional office made at the request of that individual. VA must be able to provide information about individuals to adequately respond to inquiries from Members of Congress at the request of constituents who have sought their assistance. 2. Data breach response and remedial efforts: VA may, on its own initiative, disclose information from this system to appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that the integrity or confidentiality of information in the system of records has been compromised; (2) the Department has determined that as a result of the suspected or confirmed compromise there is a risk of embarrassment or harm to the reputations of the record subjects, harm to economic or property interests, identity theft or fraud, or harm to the security, confidentiality, or integrity of this system or other systems or programs (whether maintained by the Department or another agency or entity) that rely upon the potentially compromised information; and (3) the disclosure is to agencies, entities, or persons whom VA determines are reasonably necessary to assist or carry out the Department’s efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. This routine use permits disclosures by the Department to respond to a suspected or confirmed data breach, including the conduct of any risk analysis or provision of credit protection services as provided in 38 U.S.C. 5724. a. Effective Response. A federal agency’s ability to respond quickly and effectively in the event of a breach of federal data is critical to its efforts to prevent or minimize any consequent harm. An effective response necessitates disclosure of information regarding the VerDate Sep<11>2014 18:23 Apr 16, 2019 Jkt 247001 breach to those individuals affected by it, as well as to persons and entities in a position to cooperate, either by assisting in notification to affected individuals or playing a role in preventing or minimizing harms from the breach. b. Disclosure of Information. Often, the information to be disclosed to such persons and entities is maintained by federal agencies and is subject to the Privacy Act (5 U.S.C. 552a). The Privacy Act prohibits the disclosure of any record in a system of records by any means of communication to any person or agency absent the written consent of the subject individual, unless the disclosure falls within one of twelve statutory exceptions. In order to ensure an agency is in the best position to respond in a timely and effective manner, in accordance with 5 U.S.C. 552a(b)(3) of the Privacy Act, agencies should publish a routine use for appropriate systems specifically applying to the disclosure of information in connection with response and remedial efforts in the event of a data breach. c. Data breach response and remedial efforts with another Federal agency VA may, on its own initiative, disclose information from this system to another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. 3. Law Enforcement: VA may, on its own initiative, disclose information in this system, except the names and home addresses of veterans and their dependents, which is relevant to a suspected or reasonably imminent violation of law, whether civil, criminal or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, to a Federal, state, local, tribal, or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule or order. On its own initiative, VA may also disclose the names and addresses of veterans and their dependents to a Federal agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or PO 00000 Frm 00154 Fmt 4703 Sfmt 4703 16147 implementing the statute, regulation, rule or order issued pursuant thereto. VA must be able to provide on its own initiative information that pertains to a violation of laws to law enforcement authorities in order for them to investigate and enforce those laws. Under 38 U.S.C. 5701(a) and (f), VA may disclose the names and addresses of veterans and their dependents to Federal entities with law enforcement responsibilities. This is distinct from the authority to disclose records in response to a qualifying request from a law enforcement entity, as authorized by Privacy Act subsection 5 U.S.C. 552a(b)(7). 4. Litigation: VA may disclose information from this system of records to the Department of Justice (DoJ), either on VA’s initiative or in response to DoJ’s request for the information, after either VA or DoJ determines that such information is relevant to DoJ’s representation of the United States or any of its components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that release of the records to the DoJ is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA, on its own initiative, may disclose records in this system of records in legal proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. To determine whether to disclose records under this routine use, VA will comply with the guidance promulgated by the Office of Management and Budget in a May 24, 1985, memorandum entitled ‘‘Privacy Act Guidance— Update,’’ currently posted at http:// www.whitehouse.gov/omb/inforeg/ guidance1985.pdf. VA must be able to provide information to DoJ in litigation where the United States or any of its components is involved or has an interest. A determination would be made in each instance that under the circumstances involved, the purpose is compatible with the purpose for which VA collected the information. This routine use is distinct from the authority to disclose records in response to a court order under subsection (b)(11) of the Privacy Act, 5 U.S.C. 552(b)(11), or any other provision of subsection (b), in accordance with the court’s analysis in Doe v. DiGenova, 779 F.2d 74, 78–85 E:\FR\FM\17APN1.SGM 17APN1 amozie on DSK9F9SC42PROD with NOTICES 16148 Federal Register / Vol. 84, No. 74 / Wednesday, April 17, 2019 / Notices (D.C. Cir. 1985) and Doe v. Stephens, 851 F.2d 1457, 1465–67 (D.C. Cir. 1988). 5. Contractors: VA may disclose information from this system of records to individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to perform such services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor, subcontractor, public or private agency, or other entity or individual with whom VA has a contract or agreement to perform services under the contract or agreement. This routine use includes disclosures by an individual or entity performing services for VA to any secondary entity or individual to perform an activity that is necessary for individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to provide the service to VA. This routine use, which also applies to agreements that do not qualify as contracts defined by Federal procurement laws and regulations, is consistent with OMB guidance in OMB Circular A–130, App. I, paragraph 5a(1)(b) that agencies promulgate routine uses to address disclosure of Privacy Act-protected information to contractors in order to perform the services contracts for the agency. 6. Equal Employment Opportunity Commission (EEOC): VA may disclose information from this system to the EEOC when requested in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or other functions of the Commission as authorized by law or regulation. VA must be able to provide information to EEOC to assist it in fulfilling its duties to protect employees’ rights, as required by statute and regulation. 7. Federal Labor Relations Authority (FLRA): VA may disclose information from this system to the FLRA, including its General Counsel, information related to the establishment of jurisdiction, investigation, and resolution of allegations of unfair labor practices, or in connection with the resolution of exceptions to arbitration awards when a question of material fact is raised; for it to address matters properly before the Federal Services Impasses Panel, investigate representation petitions, and conduct or supervise representation elections. VA must be able to provide information to FLRA to comply with the VerDate Sep<11>2014 18:23 Apr 16, 2019 Jkt 247001 statutory mandate under which it operates. 8. Merit Systems Protection Board (MSPB): VA may disclose information from this system to the MSPB, or the Office of the Special Counsel, when requested in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by law. VA must be able to provide information to MSPB to assist it in fulfilling its duties as required by statute and regulation. 9. National Archives and Records Administration (NARA) and General Services Administration (GSA): VA may disclose information from this system to NARA and GSA in records management inspections conducted under title 44, U.S.C. NARA is responsible for archiving old records which are no longer actively used but may be appropriate for preservation, and for the physical maintenance of the Federal government’s records. VA must be able to provide the records to NARA in order to determine the proper disposition of such records. 10. Any information in this system, except the name and address of a veteran, may be disclosed to a Federal, state, or local agency maintaining civil or criminal violation records or other pertinent information such as prior employment history, prior Federal employment background investigations, and/or personal or educational background in order for VA to obtain information relevant to the hiring, transfer, or retention of an employee, the letting of a contract, the granting of a security clearance, or the issuance of a grant or other benefit. The name and address of a veteran may be disclosed to a Federal agency under this routine use if this information has been requested by the Federal agency in order to respond to the VA inquiry. 11. To assist attorneys in representing their clients, any information in this system may be disclosed to attorneys representing subjects of investigations, including veterans, Federal government employees, retirees, volunteers, contractors, subcontractors, or private citizens, except where VA has decided release is inappropriate under Title 5, United States Code, Section 552a(j) and (k). 12. Any information in this system of records may be disclosed, in the course of presenting evidence in or to a court, magistrate, administrative tribunal, or PO 00000 Frm 00155 Fmt 4703 Sfmt 4703 grand jury, including disclosures to opposing counsel in the course of such proceedings or in settlement negotiations. 13. Any information in this system may be disclosed to any source or person, either private or governmental, to the extent necessary to secure from such source or person information relevant to, and sought in furtherance of, a legitimate investigation, review, or inspection. 14. Any information in this system, except the name and address of a veteran, may be disclosed to Federal, state, or local professional, regulatory, or disciplinary organizations or associations, including but not limited to bar associations, state licensing boards, and similar professional entities, for use in disciplinary proceedings and inquiries preparatory thereto, where VA determines that there is good cause to question the legality or ethical propriety of the conduct of a person employed by VA or a person representing a person in a matter before VA. The name and address of a veteran may be disclosed to a Federal agency under this routine use if this information has been requested by the Federal agency in order to respond to the VA inquiry. POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM: Records and information are stored electronically in the VA OIG’s new Enterprise Management System (EMS) or legacy Master Case Index (MCI) databases and servers at the OIG’s headquarters office at 801 I Street NW, Washington, DC 20420, in the office of the OIG’s Information Technology Division. Backup records are stored on magnetic disc, tape and CD–ROM and may also be retained in hard copy format in secure file folders. The VA OIG Hotline Division is responsible for electronically inputting records and information received from complainants, referrals and correspondence related to the initiation of a Hotline case, and final reports. Information inputted electronically includes all correspondence to and from the complainant, correspondence (including email messages) to and among VA OIG organizational elements about the complaint, and correspondence to and from any VA component to which the Hotline case was referred. Complaints and information about OIG employees, including all investigative reports and work papers, are maintained in electronic files with restricted access limited to those with a need to know the official duties in the VA OIG Office of E:\FR\FM\17APN1.SGM 17APN1 Federal Register / Vol. 84, No. 74 / Wednesday, April 17, 2019 / Notices Investigations, VA OIG Human Resources Management Division, VA OIG attorneys, and VA OIG management officials responsible for supervising the VA OIG employee who is the subject of the internal investigation. Hard copies of records and information are discussed in the storage section below. STORAGE: Hard copies of documents and information are maintained by the OIG organization that conducts the review, inspection, or investigation. For example, the Administrative Investigations Division, at VA OIG headquarters, maintains hard copies of an investigative file which contains the case referral from Hotline, the final report, all documentation supporting the final report, draft reports, correspondence, and all information collected as part of the investigation. Similarly, the VA OIG Office of Healthcare Inspections (OHI) maintains hard copies of its Hotline investigations (final reports and supporting documentation) related to individuals at VA OIG headquarters. Other records and information (i.e., work papers) about investigations related to individuals compiled by OHI are maintained in the OHI field office that conducted the investigation. Any internal VA OIG investigations conducted prior to the implementation of electronic files are maintained in hard copy only and are secured in the Office of Investigations, Analysis and Oversight Division (51X). Access to those files is highly restricted. RETRIEVABILITY: OIG Hotline cases are assigned a case number in the EMS or MCI database. Records are retrieved by the case numbers. In addition, electronic records may be retrieved by the names of the complainants and names of the subjects of the complaints, retrieved by such persons’ title, or by their Social Security number, if entered. It is important to note that scanned documents, reports and other uploaded information that are made part of the file are not searched or retrieved from the databases as part of a general search. Hard copy paper files are retrieved by the case number only. amozie on DSK9F9SC42PROD with NOTICES SAFEGUARDS: Information in the system is protected from unauthorized access through administrative, physical, and technical safeguards. Access to the hard copy and computerized information is restricted to authorized OIG personnel on a needto-know basis. Hard copy records are maintained in offices that are restricted during work hours, or are locked after duty hours. The headquarters building VerDate Sep<11>2014 18:23 Apr 16, 2019 Jkt 247001 is protected by security guards and access is restricted during non-duty hours. Access to the computerized information is limited to VA OIG employees by means of passwords and authorized user identification codes. Computer system documentation is maintained in a secure environment in the Office of Inspector General, VA Central Office. RETENTION AND DISPOSAL: Records will be maintained and disposed of in accordance with a records disposition authority approved by the Archivist of the United States. SYSTEM MANAGER(S) AND ADDRESS: Assistant Inspector General for Management and Administration (53), Department of Veterans Affairs, Office of Inspector General, 810 Vermont Avenue NW, Washington, DC 20420. NOTIFICATION PROCEDURE: An individual who wishes to determine whether a record is being maintained by the VA OIG Hotline, under his or her name in this system or wishes to determine the contents of such records should submit a written request to the Assistant Inspector General for Management and Administration (53). However, a majority of records in this system are exempt from the notification requirements under 5 U.S.C. 552a (j) and (k). To the extent that records in this system of records are not subject to exemption, they are subject to notification. A determination as to whether an exemption applies shall be made at the time a request for notification is received. RECORD ACCESS PROCEDURES: An individual who seeks access to or wishes to contest records maintained under his or her name in this system must submit a written request to the Chief, Information Release Office (50CI). However, a majority of records in this system are exempt from the records access and contesting requirements under 5 U.S.C. 552a (j) and (k). To the extent that records in this system of records are not subject to exemption, they are subject to access and contest. A determination as to whether an exemption applies shall be made at the time a request for access or contest is received. CONTESTING RECORD PROCEDURES: (See records access procedures above.) PO 00000 Frm 00156 Fmt 4703 Sfmt 4703 16149 SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT: Under 5 U.S.C. 552a(j)(2), the head of any agency may exempt any system of records within the agency from certain provisions of the Privacy Act, if the agency or component that maintains the system performs as its principal function any activities pertaining to the enforcement of criminal laws. The Inspector General Act of 1978, Public Law 95–452 (IG Act), mandates that the Inspector General recommend policies for and to conduct, supervise, and coordinate activities in the Department of Veterans Affairs and between VA and other Federal, State and local governmental agencies with respect to: (1) The prevention and detection of fraud in programs and operations administered or financed by VA and (2) the identification and prosecution of participants in such fraud. Under the IG Act, whenever the Inspector General has reasonable grounds to believe there has been a violation of Federal criminal law, the Inspector General must report the matter expeditiously to the Attorney General. This system of records has been created in major part to support the criminal law-related activities assigned by the Inspector General to the Assistant Inspector General for Investigations. These activities constitute a principal function of the Inspector General’s Hotline/Complaint Center staff. In addition to principal functions pertaining to the enforcement of criminal laws, the Inspector General may receive and investigate complaints and allegations from various sources concerning the possible existence of activities constituting noncriminal violations of law, rules or regulations; mismanagement; gross waste of funds; abuses of authority or substantial and specific danger to the public health and safety. This system of records also exists to support inquiries by the Assistant Inspectors General for Auditing, for Management and Administration, for Administrative Investigations, and for Healthcare Inspections into these noncriminal violations. Based upon the foregoing, the Secretary of Veterans Affairs has exempted this system of records, to the extent that it encompasses information pertaining to criminal law-related activities, from the following provisions of the Privacy Act of 1974, as permitted by 5 U.S.C. 552a(j)(2): 5 U.S.C. 552a(c) (3) and (4); 5 U.S.C. 552a(d); 5 U.S.C. 552a(e) (1), (2) and (3); 5 U.S.C. 552a(e)(4) (G), and (H) and (I); 5 U.S.C. 552a(e) (5) and (8); 5 U.S.C. 552a(f); 5 U.S.C. 552a(g). The Secretary of Veterans Affairs has also exempted this system of records to the extent that it does not encompass E:\FR\FM\17APN1.SGM 17APN1 16150 Federal Register / Vol. 84, No. 74 / Wednesday, April 17, 2019 / Notices amozie on DSK9F9SC42PROD with NOTICES information pertaining to criminal law related activities under 5 U.S.C. 552a(j)(2) from the following provisions of the Privacy Act of 1974, as permitted by 5 U.S.C. 552a(k)(2): 5 U.S.C. 552a(c)(3); 5 U.S.C. 552a(d); 5 U.S.C. 552a(e)(1); 5 U.S.C. 552a(e)(4) (G), (H) and (I); 5 U.S.C. 552a(f). VerDate Sep<11>2014 18:23 Apr 16, 2019 Jkt 247001 REASONS FOR EXEMPTIONS: The exemption of information and material in this system of records is necessary in order to accomplish the law enforcement functions of the Office of Inspector General, e.g., to prevent subjects of investigations from frustrating the investigatory process by discovering the scope and progress of an investigation, to prevent the disclosure of investigative techniques, to fulfill PO 00000 Frm 00157 Fmt 4703 Sfmt 9990 commitments made to protect the confidentiality of sources, to maintain access to sources of information and to avoid endangering these sources and law enforcement personnel. HISTORY: [See the last full Federal Register notice, 73 FR 46708, Aug. 11, 2008]. [FR Doc. 2019–07649 Filed 4–16–19; 8:45 am] BILLING CODE 8320–01–P E:\FR\FM\17APN1.SGM 17APN1

Agencies

[Federal Register Volume 84, Number 74 (Wednesday, April 17, 2019)]
[Notices]
[Pages 16145-16150]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-07649]


-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Office of Inspector General, Department of Veterans Affairs 
(VA).

ACTION: Notice of modified system of records.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974, notice is hereby given 
that the Department of Veterans Affairs (VA)

[[Page 16146]]

is amending the system of records known as ``Inspector General Hotline 
(Complaint Center) Records'' (66VA53) by amending the Routine Uses, the 
Categories of Individuals Covered by the System, and the Policies and 
Practices for Storing, Retrieving, Accessing, Retaining, and Disposing 
of Records within the System. VA is republishing the system notice in 
its entirety.

DATES: Comments on this modified system of records must be received no 
later than 30 days after date of publication in the Federal Register. 
If no public comment is received during the period allowed for comment 
or unless otherwise published in the Federal Register by VA, the 
modified system of records will become effective a minimum of 30 days 
after date of publication in the Federal Register. If VA receives 
public comments, VA shall review the comments to determine whether any 
changes to the notice are necessary.

ADDRESSES: Written comments may be submitted through 
www.Regulations.gov. by mail or hand-delivery to Director, Regulation 
Policy and Management (00REG), Department of Veterans Affairs, 810 
Vermont Ave. NW, Room 1064, Washington, DC 20420; or by fax to (202) 
273-9026 (not a toll-free number). Comments should indicate that they 
are submitted in response to Inspector General Hotline (Complaint 
Center) Records (66VA53). Copies of comments received will be available 
for public inspection in the Office of Regulation Policy and 
Management, Room 1063B, between the hours of 8:00 a.m. and 4:30 p.m., 
Monday through Friday (except holidays). Please call (202) 461-4902 for 
an appointment. (This is not a toll-free number.) In addition, comments 
may be viewed online at www.Regulations.gov.

FOR FURTHER INFORMATION CONTACT: Christopher Connor, Chief, Information 
Release Office (50CI), Office of Inspector General, Department of 
Veterans Affairs, 810 Vermont Avenue NW, Washington, DC 20420, 202-461-
4269; or fax comments to (202) 495-5859. Amy L. Rose, VA Privacy 
Service, Office of Information Security (OIS), Office of Information 
and Technology (OIT), Department of Veterans Affairs, 810 Vermont 
Avenue NW, Washington, DC 20420, (202) 632-7497.

SUPPLEMENTARY INFORMATION: This publication is in accordance with the 
Privacy Act requirement that agencies publish their amended system of 
records in the Federal Register when there is revision, change, or 
addition. The VA Office of Inspector General (OIG) has reviewed its 
system of records notices and has determined its record system, 
``Inspector General Hotline (Complaint Center) Records'' (66VA53), 
should be amended to reflect evolving technology and procedures, to 
conform to current practice, and to reflect current authorities. The 
Categories of Individuals Covered by the System is amended to clarify 
the term ``subject'' includes subjects identified subsequent to a 
complaint and VA employees suspected of misconduct. The storage 
practices section will now reflect that data is stored in VA OIG's new 
Enterprise Management System (EMS) database in addition to the legacy 
Master Case Index (MCI) database.
    The Senior Agency Official for Privacy, or designee, approved this 
document and authorized the undersigned to sign and submit the document 
to the Office of the Federal Register for publication electronically as 
an official document of the Department of Veterans Affairs. 
Andr[eacute] Horton, Deputy Chief Information Security Officer, 
Department of Veterans Affairs approved this document on January 8, 
2019 for publication.

    Dated: April 12, 2019.
Amy L. Rose,
Program Analyst, VA Privacy Service, Department of Veterans Affairs.
66VA53

SYSTEM NAME:
    Inspector General Hotline (Complaint Center) Records (66VA53).

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Department of Veterans Affairs (VA), Office of Inspector General 
(OIG), Office of Assistant Inspector General for Management and 
Administration (53), 810 Vermont Avenue NW, Washington, DC 20420.

SYSTEM MANAGER(S):
    Assistant Inspector General for Management and Administration (53), 
Department of Veterans Affairs, Office of Inspector General, 810 
Vermont Avenue NW, Washington, DC 20420, (202) 461-4760, 
[email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Inspector General Act of 1978, Public Law (Pub. L.) 95-452, 5 
U.S.C. App., as amended through Public Law 115-254 (IG Act).

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system of records is to store records and 
information related to official complaints made to the VA OIG. The 
Hotline Division is the OIG's complaint center and serves as the 
recipient of all types of complaints about impropriety and wrongdoing 
related to VA programs and operations. The specific information about 
each complaint, including name of complainant, name of subject, and 
allegations of improper conduct, is recorded and then forwarded to the 
appropriate VA OIG division or external entity for investigation, 
review, or resolution. The information is also used to provide prompt, 
responsive, and accurate information regarding the status of Hotline 
complaints and to provide a record of complaint disposition and 
statistical information about complaints.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The following categories of individuals will be covered by the 
system: Individuals who are subjects of complaints, complainants, and 
witnesses. Subjects, complainants, and witnesses may be VA employees or 
third parties (e.g., a veteran, VA beneficiary, contractor, or private 
citizen). Subjects are those alleged to have engaged in wrongdoing or 
impropriety, criminal, civil, or administrative, either in performance 
of their official VA duties or related to the programs and operations 
of VA. Subjects include those identified during the investigation of a 
complaint. The allegations are made to the OIG Hotline by complainants 
or developed by the OIG based on complaints. Complainants are 
individuals who have reported the possible existence of an activity 
constituting a violation of law, rule or regulation, or mismanagement, 
gross waste of funds, abuse of authority or a substantial and specific 
danger to the public health and safety. Complaints may also be made 
anonymously.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records (or information contained in records) in this system may 
include: (1) The name, home and work address, email address, and home, 
work and cellular phone numbers of the complainant and witnesses; (2) 
the name, title, date of birth, Social Security Number and home and 
work address of the subject of the complaint; and (3) the location and 
nature of the alleged wrongdoing. The records maintained in this system 
may also include: (1) Documentation and other evidence from the 
complainant; (2) correspondence between the VA OIG Office of Management 
and Administration (53) and other components of the Office of Inspector 
General, agency departments,

[[Page 16147]]

and the complainant; and (3) reports based on the investigation of the 
allegations.

RECORD SOURCE CATEGORIES:
    Information is obtained from VA employees, third parties (e.g., a 
veteran, VA beneficiary, VA contractor, or private party), the 
Government Accountability Office, VA records, congressional, federal, 
state, and local offices or agencies.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Congress: VA may disclose information from the record of an 
individual in response to an inquiry from the congressional office made 
at the request of that individual.
    VA must be able to provide information about individuals to 
adequately respond to inquiries from Members of Congress at the request 
of constituents who have sought their assistance.
    2. Data breach response and remedial efforts: VA may, on its own 
initiative, disclose information from this system to appropriate 
agencies, entities, and persons when (1) VA suspects or has confirmed 
that the integrity or confidentiality of information in the system of 
records has been compromised; (2) the Department has determined that as 
a result of the suspected or confirmed compromise there is a risk of 
embarrassment or harm to the reputations of the record subjects, harm 
to economic or property interests, identity theft or fraud, or harm to 
the security, confidentiality, or integrity of this system or other 
systems or programs (whether maintained by the Department or another 
agency or entity) that rely upon the potentially compromised 
information; and (3) the disclosure is to agencies, entities, or 
persons whom VA determines are reasonably necessary to assist or carry 
out the Department's efforts to respond to the suspected or confirmed 
compromise and prevent, minimize, or remedy such harm.
    This routine use permits disclosures by the Department to respond 
to a suspected or confirmed data breach, including the conduct of any 
risk analysis or provision of credit protection services as provided in 
38 U.S.C. 5724.
    a. Effective Response. A federal agency's ability to respond 
quickly and effectively in the event of a breach of federal data is 
critical to its efforts to prevent or minimize any consequent harm. An 
effective response necessitates disclosure of information regarding the 
breach to those individuals affected by it, as well as to persons and 
entities in a position to cooperate, either by assisting in 
notification to affected individuals or playing a role in preventing or 
minimizing harms from the breach.
    b. Disclosure of Information. Often, the information to be 
disclosed to such persons and entities is maintained by federal 
agencies and is subject to the Privacy Act (5 U.S.C. 552a). The Privacy 
Act prohibits the disclosure of any record in a system of records by 
any means of communication to any person or agency absent the written 
consent of the subject individual, unless the disclosure falls within 
one of twelve statutory exceptions. In order to ensure an agency is in 
the best position to respond in a timely and effective manner, in 
accordance with 5 U.S.C. 552a(b)(3) of the Privacy Act, agencies should 
publish a routine use for appropriate systems specifically applying to 
the disclosure of information in connection with response and remedial 
efforts in the event of a data breach.
    c. Data breach response and remedial efforts with another Federal 
agency VA may, on its own initiative, disclose information from this 
system to another Federal agency or Federal entity, when VA determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach.
    3. Law Enforcement: VA may, on its own initiative, disclose 
information in this system, except the names and home addresses of 
veterans and their dependents, which is relevant to a suspected or 
reasonably imminent violation of law, whether civil, criminal or 
regulatory in nature and whether arising by general or program statute 
or by regulation, rule or order issued pursuant thereto, to a Federal, 
state, local, tribal, or foreign agency charged with the responsibility 
of investigating or prosecuting such violation, or charged with 
enforcing or implementing the statute, regulation, rule or order. On 
its own initiative, VA may also disclose the names and addresses of 
veterans and their dependents to a Federal agency charged with the 
responsibility of investigating or prosecuting civil, criminal or 
regulatory violations of law, or charged with enforcing or implementing 
the statute, regulation, rule or order issued pursuant thereto.
    VA must be able to provide on its own initiative information that 
pertains to a violation of laws to law enforcement authorities in order 
for them to investigate and enforce those laws. Under 38 U.S.C. 5701(a) 
and (f), VA may disclose the names and addresses of veterans and their 
dependents to Federal entities with law enforcement responsibilities. 
This is distinct from the authority to disclose records in response to 
a qualifying request from a law enforcement entity, as authorized by 
Privacy Act subsection 5 U.S.C. 552a(b)(7).
    4. Litigation: VA may disclose information from this system of 
records to the Department of Justice (DoJ), either on VA's initiative 
or in response to DoJ's request for the information, after either VA or 
DoJ determines that such information is relevant to DoJ's 
representation of the United States or any of its components in legal 
proceedings before a court or adjudicative body, provided that, in each 
case, the agency also determines prior to disclosure that release of 
the records to the DoJ is a use of the information contained in the 
records that is compatible with the purpose for which VA collected the 
records. VA, on its own initiative, may disclose records in this system 
of records in legal proceedings before a court or administrative body 
after determining that the disclosure of the records to the court or 
administrative body is a use of the information contained in the 
records that is compatible with the purpose for which VA collected the 
records.
    To determine whether to disclose records under this routine use, VA 
will comply with the guidance promulgated by the Office of Management 
and Budget in a May 24, 1985, memorandum entitled ``Privacy Act 
Guidance--Update,'' currently posted at http://www.whitehouse.gov/omb/inforeg/guidance1985.pdf.
    VA must be able to provide information to DoJ in litigation where 
the United States or any of its components is involved or has an 
interest. A determination would be made in each instance that under the 
circumstances involved, the purpose is compatible with the purpose for 
which VA collected the information. This routine use is distinct from 
the authority to disclose records in response to a court order under 
subsection (b)(11) of the Privacy Act, 5 U.S.C. 552(b)(11), or any 
other provision of subsection (b), in accordance with the court's 
analysis in Doe v. DiGenova, 779 F.2d 74, 78-85

[[Page 16148]]

(D.C. Cir. 1985) and Doe v. Stephens, 851 F.2d 1457, 1465-67 (D.C. Cir. 
1988).
    5. Contractors: VA may disclose information from this system of 
records to individuals, organizations, private or public agencies, or 
other entities or individuals with whom VA has a contract or agreement 
to perform such services as VA may deem practicable for the purposes of 
laws administered by VA, in order for the contractor, subcontractor, 
public or private agency, or other entity or individual with whom VA 
has a contract or agreement to perform services under the contract or 
agreement.
    This routine use includes disclosures by an individual or entity 
performing services for VA to any secondary entity or individual to 
perform an activity that is necessary for individuals, organizations, 
private or public agencies, or other entities or individuals with whom 
VA has a contract or agreement to provide the service to VA.
    This routine use, which also applies to agreements that do not 
qualify as contracts defined by Federal procurement laws and 
regulations, is consistent with OMB guidance in OMB Circular A-130, 
App. I, paragraph 5a(1)(b) that agencies promulgate routine uses to 
address disclosure of Privacy Act-protected information to contractors 
in order to perform the services contracts for the agency.
    6. Equal Employment Opportunity Commission (EEOC): VA may disclose 
information from this system to the EEOC when requested in connection 
with investigations of alleged or possible discriminatory practices, 
examination of Federal affirmative employment programs, or other 
functions of the Commission as authorized by law or regulation.
    VA must be able to provide information to EEOC to assist it in 
fulfilling its duties to protect employees' rights, as required by 
statute and regulation.
    7. Federal Labor Relations Authority (FLRA): VA may disclose 
information from this system to the FLRA, including its General 
Counsel, information related to the establishment of jurisdiction, 
investigation, and resolution of allegations of unfair labor practices, 
or in connection with the resolution of exceptions to arbitration 
awards when a question of material fact is raised; for it to address 
matters properly before the Federal Services Impasses Panel, 
investigate representation petitions, and conduct or supervise 
representation elections.
    VA must be able to provide information to FLRA to comply with the 
statutory mandate under which it operates.
    8. Merit Systems Protection Board (MSPB): VA may disclose 
information from this system to the MSPB, or the Office of the Special 
Counsel, when requested in connection with appeals, special studies of 
the civil service and other merit systems, review of rules and 
regulations, investigation of alleged or possible prohibited personnel 
practices, and such other functions promulgated in 5 U.S.C. 1205 and 
1206, or as authorized by law.
    VA must be able to provide information to MSPB to assist it in 
fulfilling its duties as required by statute and regulation.
    9. National Archives and Records Administration (NARA) and General 
Services Administration (GSA): VA may disclose information from this 
system to NARA and GSA in records management inspections conducted 
under title 44, U.S.C.
    NARA is responsible for archiving old records which are no longer 
actively used but may be appropriate for preservation, and for the 
physical maintenance of the Federal government's records. VA must be 
able to provide the records to NARA in order to determine the proper 
disposition of such records.
    10. Any information in this system, except the name and address of 
a veteran, may be disclosed to a Federal, state, or local agency 
maintaining civil or criminal violation records or other pertinent 
information such as prior employment history, prior Federal employment 
background investigations, and/or personal or educational background in 
order for VA to obtain information relevant to the hiring, transfer, or 
retention of an employee, the letting of a contract, the granting of a 
security clearance, or the issuance of a grant or other benefit. The 
name and address of a veteran may be disclosed to a Federal agency 
under this routine use if this information has been requested by the 
Federal agency in order to respond to the VA inquiry.
    11. To assist attorneys in representing their clients, any 
information in this system may be disclosed to attorneys representing 
subjects of investigations, including veterans, Federal government 
employees, retirees, volunteers, contractors, subcontractors, or 
private citizens, except where VA has decided release is inappropriate 
under Title 5, United States Code, Section 552a(j) and (k).
    12. Any information in this system of records may be disclosed, in 
the course of presenting evidence in or to a court, magistrate, 
administrative tribunal, or grand jury, including disclosures to 
opposing counsel in the course of such proceedings or in settlement 
negotiations.
    13. Any information in this system may be disclosed to any source 
or person, either private or governmental, to the extent necessary to 
secure from such source or person information relevant to, and sought 
in furtherance of, a legitimate investigation, review, or inspection.
    14. Any information in this system, except the name and address of 
a veteran, may be disclosed to Federal, state, or local professional, 
regulatory, or disciplinary organizations or associations, including 
but not limited to bar associations, state licensing boards, and 
similar professional entities, for use in disciplinary proceedings and 
inquiries preparatory thereto, where VA determines that there is good 
cause to question the legality or ethical propriety of the conduct of a 
person employed by VA or a person representing a person in a matter 
before VA. The name and address of a veteran may be disclosed to a 
Federal agency under this routine use if this information has been 
requested by the Federal agency in order to respond to the VA inquiry.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
    Records and information are stored electronically in the VA OIG's 
new Enterprise Management System (EMS) or legacy Master Case Index 
(MCI) databases and servers at the OIG's headquarters office at 801 I 
Street NW, Washington, DC 20420, in the office of the OIG's Information 
Technology Division. Backup records are stored on magnetic disc, tape 
and CD-ROM and may also be retained in hard copy format in secure file 
folders. The VA OIG Hotline Division is responsible for electronically 
inputting records and information received from complainants, referrals 
and correspondence related to the initiation of a Hotline case, and 
final reports. Information inputted electronically includes all 
correspondence to and from the complainant, correspondence (including 
email messages) to and among VA OIG organizational elements about the 
complaint, and correspondence to and from any VA component to which the 
Hotline case was referred. Complaints and information about OIG 
employees, including all investigative reports and work papers, are 
maintained in electronic files with restricted access limited to those 
with a need to know the official duties in the VA OIG Office of

[[Page 16149]]

Investigations, VA OIG Human Resources Management Division, VA OIG 
attorneys, and VA OIG management officials responsible for supervising 
the VA OIG employee who is the subject of the internal investigation. 
Hard copies of records and information are discussed in the storage 
section below.

STORAGE:
    Hard copies of documents and information are maintained by the OIG 
organization that conducts the review, inspection, or investigation. 
For example, the Administrative Investigations Division, at VA OIG 
headquarters, maintains hard copies of an investigative file which 
contains the case referral from Hotline, the final report, all 
documentation supporting the final report, draft reports, 
correspondence, and all information collected as part of the 
investigation. Similarly, the VA OIG Office of Healthcare Inspections 
(OHI) maintains hard copies of its Hotline investigations (final 
reports and supporting documentation) related to individuals at VA OIG 
headquarters. Other records and information (i.e., work papers) about 
investigations related to individuals compiled by OHI are maintained in 
the OHI field office that conducted the investigation. Any internal VA 
OIG investigations conducted prior to the implementation of electronic 
files are maintained in hard copy only and are secured in the Office of 
Investigations, Analysis and Oversight Division (51X). Access to those 
files is highly restricted.

RETRIEVABILITY:
    OIG Hotline cases are assigned a case number in the EMS or MCI 
database. Records are retrieved by the case numbers. In addition, 
electronic records may be retrieved by the names of the complainants 
and names of the subjects of the complaints, retrieved by such persons' 
title, or by their Social Security number, if entered. It is important 
to note that scanned documents, reports and other uploaded information 
that are made part of the file are not searched or retrieved from the 
databases as part of a general search. Hard copy paper files are 
retrieved by the case number only.

SAFEGUARDS:
    Information in the system is protected from unauthorized access 
through administrative, physical, and technical safeguards. Access to 
the hard copy and computerized information is restricted to authorized 
OIG personnel on a need-to-know basis. Hard copy records are maintained 
in offices that are restricted during work hours, or are locked after 
duty hours. The headquarters building is protected by security guards 
and access is restricted during non-duty hours. Access to the 
computerized information is limited to VA OIG employees by means of 
passwords and authorized user identification codes. Computer system 
documentation is maintained in a secure environment in the Office of 
Inspector General, VA Central Office.

RETENTION AND DISPOSAL:
    Records will be maintained and disposed of in accordance with a 
records disposition authority approved by the Archivist of the United 
States.

SYSTEM MANAGER(S) AND ADDRESS:
    Assistant Inspector General for Management and Administration (53), 
Department of Veterans Affairs, Office of Inspector General, 810 
Vermont Avenue NW, Washington, DC 20420.

NOTIFICATION PROCEDURE:
    An individual who wishes to determine whether a record is being 
maintained by the VA OIG Hotline, under his or her name in this system 
or wishes to determine the contents of such records should submit a 
written request to the Assistant Inspector General for Management and 
Administration (53). However, a majority of records in this system are 
exempt from the notification requirements under 5 U.S.C. 552a (j) and 
(k). To the extent that records in this system of records are not 
subject to exemption, they are subject to notification. A determination 
as to whether an exemption applies shall be made at the time a request 
for notification is received.

RECORD ACCESS PROCEDURES:
    An individual who seeks access to or wishes to contest records 
maintained under his or her name in this system must submit a written 
request to the Chief, Information Release Office (50CI). However, a 
majority of records in this system are exempt from the records access 
and contesting requirements under 5 U.S.C. 552a (j) and (k). To the 
extent that records in this system of records are not subject to 
exemption, they are subject to access and contest. A determination as 
to whether an exemption applies shall be made at the time a request for 
access or contest is received.

CONTESTING RECORD PROCEDURES:
    (See records access procedures above.)

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    Under 5 U.S.C. 552a(j)(2), the head of any agency may exempt any 
system of records within the agency from certain provisions of the 
Privacy Act, if the agency or component that maintains the system 
performs as its principal function any activities pertaining to the 
enforcement of criminal laws. The Inspector General Act of 1978, Public 
Law 95-452 (IG Act), mandates that the Inspector General recommend 
policies for and to conduct, supervise, and coordinate activities in 
the Department of Veterans Affairs and between VA and other Federal, 
State and local governmental agencies with respect to: (1) The 
prevention and detection of fraud in programs and operations 
administered or financed by VA and (2) the identification and 
prosecution of participants in such fraud. Under the IG Act, whenever 
the Inspector General has reasonable grounds to believe there has been 
a violation of Federal criminal law, the Inspector General must report 
the matter expeditiously to the Attorney General. This system of 
records has been created in major part to support the criminal law-
related activities assigned by the Inspector General to the Assistant 
Inspector General for Investigations. These activities constitute a 
principal function of the Inspector General's Hotline/Complaint Center 
staff. In addition to principal functions pertaining to the enforcement 
of criminal laws, the Inspector General may receive and investigate 
complaints and allegations from various sources concerning the possible 
existence of activities constituting noncriminal violations of law, 
rules or regulations; mismanagement; gross waste of funds; abuses of 
authority or substantial and specific danger to the public health and 
safety. This system of records also exists to support inquiries by the 
Assistant Inspectors General for Auditing, for Management and 
Administration, for Administrative Investigations, and for Healthcare 
Inspections into these non-criminal violations. Based upon the 
foregoing, the Secretary of Veterans Affairs has exempted this system 
of records, to the extent that it encompasses information pertaining to 
criminal law-related activities, from the following provisions of the 
Privacy Act of 1974, as permitted by 5 U.S.C. 552a(j)(2): 5 U.S.C. 
552a(c) (3) and (4); 5 U.S.C. 552a(d); 5 U.S.C. 552a(e) (1), (2) and 
(3); 5 U.S.C. 552a(e)(4) (G), and (H) and (I); 5 U.S.C. 552a(e) (5) and 
(8); 5 U.S.C. 552a(f); 5 U.S.C. 552a(g).
    The Secretary of Veterans Affairs has also exempted this system of 
records to the extent that it does not encompass

[[Page 16150]]

information pertaining to criminal law related activities under 5 
U.S.C. 552a(j)(2) from the following provisions of the Privacy Act of 
1974, as permitted by 5 U.S.C. 552a(k)(2): 5 U.S.C. 552a(c)(3); 5 
U.S.C. 552a(d); 5 U.S.C. 552a(e)(1); 5 U.S.C. 552a(e)(4) (G), (H) and 
(I); 5 U.S.C. 552a(f).

REASONS FOR EXEMPTIONS:
    The exemption of information and material in this system of records 
is necessary in order to accomplish the law enforcement functions of 
the Office of Inspector General, e.g., to prevent subjects of 
investigations from frustrating the investigatory process by 
discovering the scope and progress of an investigation, to prevent the 
disclosure of investigative techniques, to fulfill commitments made to 
protect the confidentiality of sources, to maintain access to sources 
of information and to avoid endangering these sources and law 
enforcement personnel.

HISTORY:
    [See the last full Federal Register notice, 73 FR 46708, Aug. 11, 
2008].
[FR Doc. 2019-07649 Filed 4-16-19; 8:45 am]
 BILLING CODE 8320-01-P