Privacy Act of 1974; System of Records, 22798-22801 [2020-08610]

Agencies

• DEPARTMENT OF VETERANS AFFAIRS

[Federal Register Volume 85, Number 79 (Thursday, April 23, 2020)]
[Notices]
[Pages 22798-22801]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-08610]


-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Office of Small & Disadvantaged Business Utilization (OSDBU), 
Department of Veterans Affairs (VA).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: The purpose of this new system of record is to gather and 
maintain information on small businesses owned and controlled by 
Veterans, including service-disabled Veterans, to enable them to 
effectively compete for Federal contracts, as well as working with the 
Small Business Administration in its provision of services to Veteran-
owned businesses under the Veterans Entrepreneurship and Small Business 
Development Act of 1999.

DATES: Comments on this new system of records must be received no later 
than 30 days after date of publication in the Federal Register. If no 
public comment is received during the period allowed for comment or 
unless otherwise published in the Federal Register by VA, the new 
system of records will become effective a minimum of 30 days after date 
of publication in the Federal Register. If VA receives public comments, 
VA shall review the comments to determine whether any changes to the 
notice are necessary.

ADDRESSES: Written comments may be submitted through 
www.Regulations.gov; by mail or hand-delivery to Director, Regulation 
Policy and Management (00REG), Department of Veterans Affairs, 810 
Vermont Ave. NW, Room 1064, Washington, DC 20420; or by fax to (202) 
273-9026 (not a toll-free number). Comments should indicate that they 
are submitted in response to 181VAOSDBU, Center for Verification and 
Evaluation (CVE) VA VetBiz Vendor Information Pages (VIP). Copies of 
comments received will be available for public inspection in the Office 
of Regulation Policy and Management, Room 1063B, between the hours of 
8:00 a.m. and 4:30 p.m., Monday through Friday (except holidays). 
Please call (202) 461-4902 for

[[Page 22799]]

an appointment. (This is not a toll-free number.) In addition, comments 
may be viewed online at Regulations.gov.

FOR FURTHER INFORMATION CONTACT: For general questions about the system 
contact Ray Dockery at the Office of Small & Disadvantaged Business 
Utilization at 1-866-584-2344 or [email protected].

SUPPLEMENTARY INFORMATION: The Office of Small and Disadvantaged 
Business Utilization (OSDBU), Center for Verification and Evaluation 
(CVE) operates and maintains the Department of Veterans Affairs (VA), 
CVE VetBiz Vendor Information Pages (VIP) solution using a combination 
of commercial off-the-shelf software (COTS) and cloud-based 
applications. These COTS and Cloud products leverage market-tested 
products that are currently listed as enterprise solutions in the VA 
environment and are in compliance with the VA's technology standards 
for enterprise-class software.
    The VetBiz VIP solution provides an internet-facing portal for 
submitting data and tracking the progress of the verification team as 
well as an integrated customer relationship management (CRM) system 
with strong document management, collaboration, notification, and 
reporting functionality in alignment with the security requirements 
dictated by the collection, capture, and distribution of sensitive 
material.
    This SORN has been revised based on the feedback from Office of 
Information and Regulatory Affairs (OIRA) within the Office of 
Management and Budget (OMB).
    Revisions made:
     Removed statement advising renaming of SORN, this is a new 
SORN and the name is not being changed in Supplementary Information 
Section.
     Removed the ``on its own initiative'' language in Routine 
Use 4, 5, and 13.
     Added ``Federal'' to list of agencies for hiring purposes 
in Routine Use 15.
     Removed Department of Health and Human Services (HHS) from 
Routine Use 17.
     Updated the SUPPLEMENTARY INFORMATION section with 
revisions made based on feedback from OIRA/OMB.

Signing Authority

    The Senior Agency Official for Privacy, or designee, approved this 
document and authorized the undersigned to sign and submit the document 
to the Office of the Federal Register for publication electronically as 
an official document of the Department of Veterans Affairs. James P. 
Gfrerer, Assistant Secretary for Information and Technology and Chief 
Information Officer, Department of Veterans Affairs, approved this 
document on November 25, 2019.

    Dated: April 20, 2020.
Amy L. Rose,
Program Analyst, VA Privacy Service, Department of Veterans Affairs.

SYSTEM NAME AND NUMBER:
    Center for Verification and Evaluation (CVE) VA VetBiz Vendor 
Information Pages (VIP) (181VAOSDBU)

SECURITY CLASSIFICATION:
    Information in this SORN is not classified information.

SYSTEM LOCATION:
    The system is hosted on the Veterans Affairs (VA) Enterprise Cloud 
(EC), Microsoft Azure Government (MAG). The VA EC MAG is located in 
Azure Government Region 1 (USGOV VIRGINIA) and 2 (USGOV IOWA) and is 
designed to allow U.S. government agencies, contractors and customers 
to move sensitive workloads into the cloud for addressing specific 
regulatory and compliance requirements.

SYSTEM MANAGER(S):
    Ray Dockery, Information Technology Systems Integration, Department 
of Veterans Affairs (VA), Office of Small & Disadvantaged Business 
Utilization (OSDBU), 810 Vermont Ave. NW, Room 1064, Washington, DC 
20420. 1-866-584-2344

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    38 U.S.C. 8127 and Public Law 106-50, as amended.

PURPOSE(S) OF THE SYSTEM:
    To gather and maintain information on small businesses owned and 
controlled by Veterans, including service-disabled Veterans, to enable 
them to effectively compete for Federal contracts, as well as working 
with the Small Business Administration in its provision of services to 
Veteran-owned businesses under the Veterans Entrepreneurship and Small 
Business Development Act of 1999, as amended, Public Law 106-50, 113 
Stat. 233.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Veterans who have applied to have their small businesses included 
in the VIP database, and, if deceased, their surviving spouses.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records will contain data on Veteran-owned companies who have 
contacted the Center for Veterans Enterprise or have been extracted 
from e-government databases to which the companies have voluntarily 
submitted the data as a part of the marketing efforts to the federal 
government. The records may include business addresses and other 
contact information, information concerning products/services offered, 
information pertaining to the business, including Federal contracts, 
certifications, and security clearances held.

RECORD SOURCE CATEGORIES:
    The information in this system of records is obtained from the 
following sources:
    a. Information voluntarily submitted by the business;
    b. Information gathered from VA contracting activities;
    c. Information extracted from other business databases.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    1. Congress: VA may disclose information from the record of an 
individual in response to an inquiry from the congressional office made 
at the request of that individual. VA must be able to provide 
information about individuals to adequately respond to inquiries from 
Members of Congress at the request of constituents who have sought 
their assistance.
    2. Data breach response and remedial efforts: VA may disclose 
information from this system to appropriate agencies, entities, and 
persons when (1) VA suspects or has confirmed that there has been a 
breach of the system of records; (2) VA has determined that as a result 
of the suspected or confirmed breach there is a risk of harm to 
individuals, VA (including its information systems, programs, and 
operations), and (3) the Federal Government, or national security; and 
the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with VA's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    3. Data breach response and remedial efforts with another Federal 
agency: VA may disclose information from this system to another Federal 
agency or Federal entity, when VA determines that information from this 
system of records is reasonably necessary to assist the recipient 
agency or entity in (1) responding to a suspected or confirmed breach 
or (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information

[[Page 22800]]

systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    4. Law Enforcement: VA may disclose information in this system, 
except the names and home addresses of Veterans and their dependents, 
which is relevant to a suspected or reasonably imminent violation of 
law, whether civil, criminal or regulatory in nature and whether 
arising by general or program statute or by regulation, rule or order 
issued pursuant thereto, to a Federal, state, local, tribal, or foreign 
agency charged with the responsibility of investigating or prosecuting 
such violation, or charged with enforcing or implementing the statute, 
regulation, rule or order. On its own initiative, VA may also disclose 
the names and addresses of Veterans and their dependents to a Federal 
agency charged with the responsibility of investigating or prosecuting 
civil, criminal or regulatory violations of law, or charged with 
enforcing or implementing the statute, regulation, rule or order issued 
pursuant thereto.
    5. Litigation: VA may disclose information from this system of 
records to the Department of Justice (DoJ) in response to DoJ's request 
for the information, after either VA or DoJ determines that such 
information is relevant to DoJ's representation of the United States or 
any of its components in legal proceedings before a court or 
adjudicative body, provided that, in each case, the agency also 
determines prior to disclosure that release of the records to the DoJ 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records. VA, on its own 
initiative, may disclose records in this system of records in legal 
proceedings before a court or administrative body after determining 
that the disclosure of the records to the court or administrative body 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records.
    6. Contractors: VA may disclose information from this system of 
records to individuals, organizations, private or public agencies, or 
other entities or individuals with whom VA has a contract or agreement 
to perform such services as VA may deem practicable for the purposes of 
laws administered by VA, in order for the contractor, subcontractor, 
public or private agency, or other entity or individual with whom VA 
has a contract or agreement to perform services under the contract or 
agreement.
    7. Equal Employment Opportunity Commission (EEOC): VA may disclose 
information from this system to the EEOC when requested in connection 
with investigations of alleged or possible discriminatory practices, 
examination of Federal affirmative employment programs, or other 
functions of the Commission as authorized by law or regulation.
    8. Federal Labor Relations Authority (FLRA): VA may disclose 
information from this system to the FLRA, including its General 
Counsel, information related to the establishment of jurisdiction, 
investigation, and resolution of allegations of unfair labor practices, 
or in connection with the resolution of exceptions to arbitration 
awards when a question of material fact is raised; for it to address 
matters properly before the Federal Service Impasses Panel, investigate 
representation petitions, and conduct or supervise representation 
elections.
    9. Merit Systems Protection Board (MSPB): VA may disclose 
information from this system to the MSPB, or the Office of the Special 
Counsel, when requested in connection with appeals, special studies of 
the civil service and other merit systems, review of rules and 
regulations, investigation of alleged or possible prohibited personnel 
practices, and such other functions promulgated in 5 U.S.C. 1205 and 
1206, or as authorized by law.
    10. National Archives and Records Administration (NARA) and General 
Services Administration (GSA): VA may disclose information from this 
system to NARA and GSA in records management inspections conducted 
under title 44, U.S.C.
    11. Federal Agencies, for Research: VA may disclose information 
from this system to a Federal agency to conduct research and data 
analysis to perform a statutory purpose of that Federal agency upon the 
prior written request of that agency, provided that there is legal 
authority under all applicable confidentiality statutes and regulations 
to provide the data and VA has determined prior to the disclosure that 
the VA data handling requirements are satisfied.
    12. Federal Agencies, for Computer Matches: VA may disclose 
identifying information, including social security number, concerning 
Veterans, spouses of Veterans, and the beneficiaries of Veterans to 
other federal agencies for the purpose of conducting computer matches 
to obtain information to determine or verify eligibility of Veterans 
receiving VA medical care under Title 38, U.S.C.
    13. Federal Agencies, for Litigation: VA may disclose information 
to another federal agency, court, or party in litigation before a court 
or other administrative proceeding conducted by an agency, if VA is a 
party to the proceeding and needs to disclose the information to 
protect its interests.
    14. Federal, State, Local Agencies, Organizations, for Claimants' 
Benefits: VA may disclose health care information as deemed necessary 
and proper to federal, state, and local government agencies and 
national health organizations in order to assist in the development of 
programs that will be beneficial to claimants, to protect their rights 
under law, and assure that they are receiving all benefits to which 
they are entitled.
    15. Federal, State, or Local Agency, for Hiring: Any information in 
this system may be disclosed to a Federal, State, or local agency, upon 
its official request, to the extent that it is relevant and necessary 
to that agency's decision on: The hiring, transfer or retention of an 
employee, the issuance of a security clearance, the letting of a 
contract, or the issuance or continuance of a license, grant or other 
benefit by the agency; provided, that if the information pertains to a 
Veteran, the name and address of the Veteran will not be disclosed 
unless the name and address is provided first by the requesting 
Federal, State, or local agency.
    16. OMB: VA may disclose information from this system of records to 
the Office of Management and Budget (OMB) for the performance of its 
statutory responsibilities for evaluating Federal programs.
    17. SSA, for SSN Validation: VA may disclose names and social 
security numbers of Veterans, spouses of Veterans, and the 
beneficiaries of Veterans, and other identifying information as is 
reasonably necessary may be disclosed to the Social Security 
Administration to conduct computer matches to obtain information to 
validate the social security numbers maintained in VA records.
    18. Treasury, IRS: VA may disclose the name of a Veteran or 
beneficiary, other information as is reasonably necessary to identify 
such individual, and any other information concerning the individual's 
indebtedness by virtue of a person's participation in a benefits 
program administered by VA, may be disclosed to the Department of the 
Treasury, Internal Revenue Service, for the collection of Title 38 
benefit overpayments, overdue indebtedness, and/or costs of services 
provided to an individual not entitled to such services, by the 
withholding of all or a portion of the person's Federal income tax 
refund.
    19. Outreach: VA may disclose information from this system of 
records,

[[Page 22801]]

upon request, to any state, tribe, country, or municipal agency for the 
purposes of outreach to a benefit under Title 38, Code of Federal 
Regulations.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    The VetBiz VIP will be stored in a computerized database. The 
system will operate on servers, located on the VA EC MAG, Region 1 
(Virginia) and 2 (Iowa). Data backups will reside on appropriate media, 
according to normal system backup plans for VA Enterprise Operations. 
The system will be managed by VA OSDBU, in VA Headquarters, Washington, 
DC.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Automated records may be retrieved by the names of the Veteran 
business owners and/or their social security numbers.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records will be maintained and disposed of, in accordance with the 
records disposal authority approved by the Archivist of the United 
States, the National Archives and Records Administration, and published 
in Agency Records Control Schedules.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Read access to the system is via internet access, while VA staff, 
and contractor personnel will have access to the system, via VA 
Intranet and local connections, for operations, management and 
maintenance purposes and tasks. Access to the Intranet portion of the 
system is via VA PIV authentication and role-based access control, at 
officially approved access points. Veteran-owned small businesses will 
establish and maintain user-ids and passwords for accessing their 
corporate information under system control using VA's DS Logon or ID.me 
through Access VA. Policy regarding issuance of user-ids and passwords 
is formulated in VA by the Office of Information and Technology, 
Washington, DC. Security for data in the VetBiz database complies with 
applicable statutes, regulations and government-wide and VA policies. 
The system is configured so that access to the public data elements in 
the database does not lead to access to the non-public data elements, 
such as Veteran social security number.

RECORD ACCESS PROCEDURES:
    Individuals seeking access to records about themselves, contained 
in this system of records, may access the records via the internet, or 
submit a written request to the system manager.

CONTESTING RECORD PROCEDURES:
    The agency procedures whereby an individual can be notified at his 
or her request how he or she can contest the content of any record 
pertaining to him or her in the system.

NOTIFICATION PROCEDURES:
    Individuals wishing to inquire, whether this system of records 
contains information about themselves, should contact the Deputy 
Director, IT Systems Integration (00SB), 810 Vermont Ave. NW, 
Washington, DC 20420.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    There are no exemptions for the system.

HISTORY:
    Not applicable, this is a new SORN.

[FR Doc. 2020-08610 Filed 4-22-20; 8:45 am]
BILLING CODE 8320-01-P