Privacy Act of 1974; System of Records, 64293-64296 [2021-25046]

Agencies

• DEPARTMENT OF VETERANS AFFAIRS

[Federal Register Volume 86, Number 219 (Wednesday, November 17, 2021)]
[Notices]
[Pages 64293-64296]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-25046]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Department of Veterans Affairs (VA), VACO FOIA Service.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, all agencies are 
required to publish in the Federal Register a notice of the existence 
and character of their systems of records. Notice is hereby given that 
the Department of Veterans Affairs (VA) is amending the system of 
records entitled ``Freedom of Information Act (FOIA) Records--VA'' 
(119VA005R1C).

DATES: Comments on this modified system of records must be received no 
later than 30 days after date of publication in the Federal Register. 
If no public comment is received during the period allowed for comment 
or unless otherwise published in the Federal Register by VA, the 
modified system of records will become effective a minimum of 30 days 
after date of publication in the Federal Register. If VA receives 
public comments, VA shall review the comments to determine whether any 
changes to the notice are necessary.

ADDRESSES: Comments may be submitted through www.regulations.gov or 
mailed to VA Privacy Service, 810 Vermont Avenue NW, (005R1A), 
Washington, DC 20420. Comments should indicate that they are submitted 
in response to ``Freedom of Information Act (FOIA) Records--VA'' 
(119VA005R1C). Comments received will be available at regulations.gov 
for public viewing, inspection, or copies.

FOR FURTHER INFORMATION CONTACT: James Killens III, Acting Director, VA 
FOIA Service (005R1C), Department of Veterans Affairs, 810 Vermont 
Avenue NW, Washington, DC 20420, (202) 632-7233.

SUPPLEMENTARY INFORMATION: The Freedom of Information Act (FOIA) was 
enacted on July 4, 1966 and is a statutory law requiring Federal 
agencies to provide to the fullest extent possible release of agency 
information to the public, except to the extent that such

[[Page 64294]]

records (or portions of them) are protected from public disclosure by 
one of nine exemptions or by one of three special law enforcement 
record exclusions. The law provides individuals with a statutory right 
of access to certain federal agency records. FOIAXpress (FX) is the 
official VA mandatory FOIA tracking system. The FX System automates the 
FOIA business process for all FOIA requests received at the various VA 
departmental FOIA offices. FX is designed specifically to automate FOIA 
and Privacy Act (PA) request case processing, including request 
tracking and management, document management, electronic redaction, fee 
management and invoicing, and annual reporting. FX provides compliance 
with FOIA/PA regulations with a powerful application that will provide 
VA with a tool that will transform FOIA/PA processing from a 
cumbersome, manual process to an automated, electronic one. The FX 
system processes FOIA request data received by FOIA users. FOIA data 
consists of requests for information received from the public which 
includes personal identification information and financial information 
related to the processing of FOIA request.
    As required by the Privacy Act of 1974, notice is hereby given that 
the Department of Veterans Affairs (VA) is adding a function to an 
existing system of records entitled ``Freedom of Information Act (FOIA) 
Records--VA'' (119VA005R1C). The amended system of records has added 
the Public Access Link (PAL). PAL is a public facing web page with a 
separate URL. PAL allows the requester to electronically submit their 
FOIA requests via a public facing website which links directly into the 
FX system. PAL will streamline the VA's FOIA intake process as it 
permits the requester to input their contact information, select 
requesters' category for fee purposes, select the appropriate VA 
office, receive a FX tracking number (case number), and generate a FOIA 
acknowledgement letter as mandated by law.

Signing Authority

    The Senior Agency Official for Privacy, or designee, approved this 
document and authorized the undersigned to sign and submit the document 
to the Office of the Federal Register for publication electronically as 
an official document of the Department of Veterans Affairs. Neil C. 
Evans, M.D., Chief Officer, Connected Care, Performing the Delegable 
Duties of the Assistant Secretary for Information and Technology and 
Chief Information Officer, approved this document on October 6, 2021 
for publication.

    Dated: November 12, 2021.
Amy L. Rose,
Program Analyst, VA Privacy Service, Office of Information Security, 
Office of Information and Technology, Department of Veterans Affairs.

SYSTEM NAME AND NUMBER:
    Freedom of Information Act (FOIA) Records--VA (119VA005R1C).

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Records are maintained at the VA Central Office FOIA Offices, 810 
Vermont Avenue NW, Washington, DC 20420; AINS, Inc., 1355 Piccard 
Drive, Rockville, MD 20850, and all VA field facilities. A list of the 
field facilities may be found at the following internet address: 
https://www.va.gov/directory/guide/home.asp.

SYSTEM MANAGER(S):
    James Killens III, Acting Director, VA FOIA Service (005R1C), 
Department of Veterans Affairs, 810 Vermont Avenue NW, Washington, DC 
20420, (202) 632-7233.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Includes the following with any revisions and amendments: The 
Privacy Act of 1974 (5 U.S.C. 552a); the Freedom of Information Act, as 
amended (5 U.S.C. 552); 5 U.S.C. 301; and 38 U.S.C. 501; FOIA 
Improvement Act of 2016, Public Law 114-185.

PURPOSE(S) OF THE SYSTEM:
    The system is maintained for the purpose of processing an 
individual's record request made under the provisions of the Freedom of 
Information and Privacy Acts. These records are also used by VA to 
prepare reports required by the Freedom of Information and Privacy Acts 
to the Office of Management and Budget and the Department of Justice. 
The proposed system of records will assist the Department of Veterans 
Affairs in carrying out its responsibilities under the Freedom of 
Information and Privacy Acts. The records maintained in the proposed 
system can originate in both paper and electronic format.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system contains FOIA records and related correspondence on 
individuals who have filed with VA:
    a. Requests for information under the provisions of the Freedom of 
Information Act (5 U.S.C. 552), including requests for review of 
initial denials of such requests.
    b. Requests under the provisions of the Privacy Act (5 U.S.C. 552a) 
for records about themselves where the FOIA is also relied upon to 
process the request and which then meet the Department of Justice's 
(DOJ) standard for required reporting in the Annual FOIA Report to the 
Attorney General of the United States.
    c. All persons who have requested records from VA under the 
provisions of the Freedom of Information Act (FOIA); all persons whose 
requests for records have been referred to VA by other Federal 
agencies; and all persons who have submitted appeals to the Secretary 
of VA under the provisions of the FOIA.
    d. All persons about whom information has been requested under the 
provisions of the FOIA.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Agency records include all documents or records created or obtained 
by an agency of the government that are in an agency's possession and 
control at the time a FOIA request is received. Four factors determine 
an agency's control: The intent of the creator of the document to 
retain control over the record; the ability of the agency to use and 
dispose of the record as it sees fit; the extent to which agency 
personnel have read or relied upon the document; and the degree to 
which the document was integrated into the agency's record systems or 
files.
    Information maintained by an entity pursuant to a Government 
contract for a VA component for the purposes of records management is 
considered in the VA component's possession. Records created by an 
agency employee during employment, including emails, may be either 
agency records or personal files.
    This system contains correspondence and other documents related to 
requests made by individuals to VA for:
    a. Information under the provisions of the Freedom of Information 
Act (5 U.S.C. 552), including requests for review of initial denials of 
such requests.
    b. Information under provisions of the Privacy Act (5 U.S.C. 552a) 
and requests for review of initial denials of such requests made under 
VA's Privacy Act regulations regarding requests for records about 
themselves where the FOIA is also relied upon to process the request 
and which then meet the Department of Justice's (DOJ) standard for 
required reporting in the Annual FOIA Report to the Attorney General of 
the United States.

[[Page 64295]]

    c. Name, home address, telephone number, email address, FOIA case 
numbers assigned to individual cases and appeals, FOIA requests and 
appeals, responses to requests (including unredacted and redacted 
responsive records), determinations of appeals, correspondence with 
requesters and with other persons who have contacted VA in connection 
with requests or appeals other than requesters or other memoranda, and 
correspondence in connection with requests or appeals.

RECORD SOURCE CATEGORIES:
    Information in this system of records is obtained from the 
following: Requests and administrative appeals submitted by individuals 
and organizations pursuant to the FOIA and Privacy Acts; VA personnel 
assigned to handle such requests and appeals; Agency records searched 
and identified as responsive to such requests and appeals; and requests 
referred by Agencies or other entities concerning VA records.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    1. Congress
    VA may disclose information to a Member of Congress or staff acting 
upon the Member's behalf when the Member or staff requests the 
information on behalf of, and at the request of, the individual who is 
the subject of the record.
    2. Data Breach Response and Remediation, for VA
    VA may disclose information to appropriate agencies, entities, and 
persons when (1) VA suspects or has confirmed that there has been a 
breach of the system of records; (2) VA has determined that, as a 
result of the suspected or confirmed breach, there is a risk of harm to 
individuals, VA (including its information systems, programs, and 
operations), the Federal Government, or national security; and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with VA's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    3. Data Breach Response and Remediation, for Another Federal Agency
    VA may disclose information to another Federal agency or Federal 
entity when VA determines that information from this system of records 
is reasonably necessary to assist the recipient agency or entity in (1) 
responding to a suspected or confirmed breach or (2) preventing, 
minimizing, or remedying the risk of harm to individuals, the recipient 
agency or entity (including its information systems, programs, and 
operations), the Federal Government, or national security, resulting 
from a suspected or confirmed breach.
    4. Law Enforcement
    VA may disclose information that, either alone or in conjunction 
with other information, indicates a violation or potential violation of 
law, whether civil, criminal, or regulatory in nature, to a Federal, 
state, local, territorial, tribal, or foreign law enforcement authority 
or other appropriate entity charged with the responsibility of 
investigating or prosecuting such violation or charged with enforcing 
or implementing such law. The disclosure of the names and addresses of 
veterans and their dependents from VA records under this routine use 
must also comply with the provisions of 38 U.S.C. 5701.
    5. DOJ for Litigation or Administrative Proceeding
    VA may disclose information to the Department of Justice (DOJ), or 
in a proceeding before a court, adjudicative body, or other 
administrative body before which VA is authorized to appear, when:
    (a) VA or any component thereof;
    (b) Any VA employee in his or her official capacity;
    (c) Any VA employee in his or her official capacity where DOJ has 
agreed to represent the employee; or
    (d) The United States, where VA determines that litigation is 
likely to affect the agency or any of its components, is a party to 
such proceedings or has an interest in such proceedings, and VA 
determines that use of such records is relevant and necessary to the 
proceedings.
    6. Contractors
    VA may disclose information to contractors, grantees, experts, 
consultants, students, and others performing or working on a contract, 
service, grant, cooperative agreement, or other assignment for VA, when 
reasonably necessary to accomplish an agency function related to the 
records.
    7. OPM
    VA may disclose information to the Office of Personnel Management 
(OPM) in connection with the application or effect of civil service 
laws, rules, regulations, or OPM guidelines in particular situations.
    8. EEOC
    VA may disclose information to the Equal Employment Opportunity 
Commission (EEOC) in connection with investigations of alleged or 
possible discriminatory practices, examination of Federal affirmative 
employment programs, or other functions of the Commission as authorized 
by law.
    9. FLRA
    VA may disclose information to the Federal Labor Relations 
Authority (FLRA) in connection with: The investigation and resolution 
of allegations of unfair labor practices; the resolution of exceptions 
to arbitration awards when a question of material fact is raised; 
matters before the Federal Service Impasses Panel; and the 
investigation of representation petitions and the conduct or 
supervision of representation elections.
    10. MSPB
    VA may disclose information to the Merit Systems Protection Board 
(MSPB) and the Office of the Special Counsel in connection with 
appeals, special studies of the civil service and other merit systems, 
review of rules and regulations, investigation of alleged or possible 
prohibited personnel practices, and such other functions promulgated in 
5 U.S.C. 1205 and 1206, or as authorized by law.
    11. NARA
    VA may disclose information to NARA in records management 
inspections conducted under 44 U.S.C. 2904 and 2906, or other functions 
authorized by laws and policies governing NARA operations and VA 
records management responsibilities.
    12. OMB
    VA may disclose information from this system of records to the 
Office of Management and Budget (OMB) for the performance of its 
statutory responsibilities for evaluating Federal programs.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Electronic data are maintained on Direct Access Storage Devices at 
AINS Inc., 1355 Piccard Drive, Rockville, Maryland. AINS Inc. stores 
registry tapes for disaster back up at the storage location. Registry 
tapes for disaster back up are also maintained at an off-site location. 
VA Central Office and VA field facilities also maintain electronic 
data.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are indexed by FOIA case number, and/or name of requester.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records will be maintained and disposed of in accordance with 
records disposition authority approved by the Archivist of the United 
States. Agencies must dispose of records on managing information access 
and protection activities after three years but may retain such records 
longer if needed for

[[Page 64296]]

business use; records documenting policies and procedures involving 
agency-wide responsibilities for FOIA, PA, and classified documents 
must be scheduled for disposal on an agency-specific schedule. Agencies 
must dispose of general request files involving requests for 
information with no need for administrative action, policy decision, or 
special complications or research when ninety days old but may retain 
such files longer if required for business use. Agencies must dispose 
of case files created in response to requests for information under 
FOIA or PA either six years after the final agency determination or 
three years after final adjudication by the courts, whichever is later, 
but retain them longer if required for business use. These retention 
and disposal statements are pursuant to the National Archives and 
Records Administration (NARA) General Record Schedules: 4.2 Information 
Access and Protection Records, Items 001, 010, and 020.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    This list of safeguards furnished in this System of Records is not 
an exclusive list of measures that has been, or will be, taken to 
protect individually-identifiable information.
    All records are maintained in compliance with applicable VA 
security policy directives that specify the standards that will be 
applied to protect sensitive personal information, including protection 
from unauthorized access through appropriate administrative, physical, 
and technical safeguards. These safeguards include restricting access 
to authorized personnel who have a need-to-know, using locks, and 
password protection identification features.
    Authorized personnel are required to take annual VA mandatory data 
privacy and security training. Access to data storage areas is 
restricted to authorized VA employees or contract staff who have been 
cleared to work by the VA Office of Security and Law Enforcement. File 
areas are locked after normal duty hours. VA facilities are protected 
from outside access by the Federal Protective Service and/or other 
security personnel. Security complies with applicable Federal 
Information Processing Standards (FIPS) issued by the National 
Institute of Standards and Technology (NIST). Contractors and their 
subcontractors who access the data are required to maintain the same 
level of security as VA staff. Access to electronic files is controlled 
by using an individually unique password entered in combination with an 
individually unique user identification code.

RECORD ACCESS PROCEDURES:
    Individuals wishing to request access to their records maintained 
under his or her name may write or visit the nearest VA facility or 
write to their regional VA Public Liaison/FOIA officer listed at 
https://www.va.gov/FOIA/docs/Updated_Documents/POC/VACOCentralOffice.pdf.

CONTESTING RECORD PROCEDURES:
    (See ``Record Access Procedures above.'')

NOTIFICATION PROCEDURES:
    An individual who wishes to determine whether a record is being 
maintained in this system under his or her name or other personnel 
identifier, or wants to determine the contents of such record, should 
submit a written request or apply in person to the last VA facility 
where the request or appeal was submitted or to the Director, FOIA 
Service (005R1C), 810 Vermont Avenue NW, Washington, DC 20420.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    During the course of a FOIA action, exempt materials from other 
systems of records may in turn become part of the case records in this 
system. To the extent that copies of exempt records from those `other' 
systems of records are entered into this FOIA case record, VA hereby 
claims the same exemptions for the records from those `other' systems 
that are entered into this system, as claimed for the original primary 
systems of records of which they are a part.

HISTORY:
    Citation(s) to the last full Federal Register notice is 80 FR 68618 
published on 11/05/2015.

[FR Doc. 2021-25046 Filed 11-16-21; 8:45 am]
BILLING CODE 8320-01-P