Privacy Act of 1974; System of Records, 60267-60269 [2023-18874]

Agencies

• DEPARTMENT OF VETERANS AFFAIRS

[Federal Register Volume 88, Number 168 (Thursday, August 31, 2023)]
[Notices]
[Pages 60267-60269]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-18874]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Department of Veterans Affairs (VA), Office of Small & 
Disadvantaged Business Utilization (OSDBU).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974, notice is hereby given 
that the VA is modifying the system of records entitled, ``Veterans 
Enterprise Management System (VEMS)-VA'' (181VAOSDBU). This system 
provides VA personnel with access to resources that allow them to 
perform market research on Veteran Owned Small Businesses (VOSB) and 
Service-Disabled Veteran Owned Small Businesses (SDVOSB). The system 
also provides a platform for registration and announcement of VA OSDBU 
supported events, as well as provides OSDBU with the data and reports 
needed to manage their responsibilities under the Veterans 
Entrepreneurship and Small Business Development Act of 1999.

DATES: Comments on this modified system of records must be received no 
later than 30 days after date of publication in the Federal Register. 
If no public comment is received during the period allowed for comment 
or unless otherwise published in the Federal Register by VA, the 
modified system of records will become effective a minimum of 30 days 
after date of publication in the Federal Register. If VA receives 
public comments, VA shall review the comments to determine whether any 
changes to the notice are necessary.

ADDRESSES: Comments may be submitted through www.Regulations.gov or 
mailed to VA Privacy Service, 810 Vermont Avenue NW, (005X6F), 
Washington, DC 20420. Comments should indicate that they are submitted 
in response to Veterans Enterprise Management System VA VetBiz Portal-
VA (181VAOSDBU). Comments received will be available at regulations.gov 
for public viewing, inspection or copies.

FOR FURTHER INFORMATION CONTACT: For general questions about the system 
contact Carol Cleveland at Office of Small & Disadvantaged Business 
Utilization at 810 I Street NW, Washington, DC 20420, 
[email protected] and (202) 461-4600 (Note: this is not a toll-free 
number).

SUPPLEMENTARY INFORMATION: The purpose of this modified system of 
records is to notify that VA will no longer gather information to 
substantiate that small businesses owned and controlled by Veterans are 
qualified for contracts under the Vets First Program. The Small 
Business Administration has taken over these functions as directed in 
the William H. (Mac) Thornberry National Defense Authorization Act for 
Fiscal Year 2021. The social security number and date of birth fields 
will be stripped from the system contact records. Personal and 
professional papers gathered to support the Verification Program will 
be disposed of in accordance with applicable records control schedule.
    The Report of Intent to Amend a System of Records Notice and an 
advance copy of the system notice have been sent to the appropriate 
Congressional committees and to the Director of the Office of 
Management and Budget (OMB) as required by the Privacy Act and 
guidelines issued by OMB, December 12, 2000.

Signing Authority

    The Senior Agency Official for Privacy, or designee, approved this 
document and authorized the undersigned to sign and submit the document 
to the Office of the Federal Register for publication electronically as 
an official document of the Department of Veterans Affairs. Kurt D. 
DelBene, Assistant Secretary for Information and Technology and Chief 
Information Officer, approved this document on July 27, 2023 for 
publication.

    Dated: August 28, 2023.
Amy L. Rose,
Government Information Specialist, VA Privacy Service, Office of 
Compliance, Risk and Remediation, Office of Information and Technology, 
Department of Veterans Affairs.

SYSTEM NAME AND NUMBER:
    Veterans Enterprise Management System (VEMS) VA VetBiz Portal-VA 
(181VAOSDBU).

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The system is hosted on the VA Enterprise Cloud (EC), Microsoft 
Azure Government (MAG). The VA EC MAG is

[[Page 60268]]

in Azure Government Region 1, Region 2, or Region 3.

SYSTEM MANAGER:
    Carol Cleveland, Information Technology Systems Integration Program 
Manager, VA Office of Small & Disadvantaged Business Utilization 
(OSDBU), 810 Vermont Avenue NW, Room 1064, Washington, DC 20420. 
[email protected], [email protected] and (202) 461-4600.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    38 U.S.C. 8127 and Public Law 106-50.

PURPOSE(S) OF THE SYSTEM:
    1. Provide VA personnel with access to resources that allow them to 
perform market research upon Veteran Owned Small Businesses (VOSB) and 
Service-Disabled Veteran Owned Small Businesses (SDVOSB).
    2. Provide a platform for registration and announcement of all VA 
OSDBU supported events.
    3. Provides the OSDBU with the data and reports needed to manage 
their responsibilities under the Veterans Entrepreneurship and Small 
Business Development Act of 1999.
    4. Provide information to VA personnel to use in counseling and 
assisting small business owners and Veteran entrepreneurs in starting a 
small business or expanding an existing small business.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The system of records will cover small business owners, Veteran 
entrepreneurs, large business partners, other small business support 
partners and VA program and acquisition officials.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records will contain data on VetBiz Portal users. The records 
may include name, personal mailing address, personal email address, tax 
identification number, contract acquisition data revenue, environment 
identifier, agency contract, figures, position title, VISN, office, 
provider ID., Fedmine module, user ID (Guid), company certification, 
company org, GSA contract, SAM UEI, is verified, primary email, company 
type, bonding level, CVE verification date, year established, employees 
number, employees number vet, is veteran, is minority owned, is service 
disabled, is WOSB, certified cor, contract acquisition data revenue, 
sec ID (Guid), title of an event, date of an event, location, company 
name.

RECORD SOURCE CATEGORIES:
    The information in this system of records is obtained from the 
following sources:
    a. Information voluntarily submitted by the user;
    b. Information gathered from official VA data sources such as 
Identity Access Management; and
    c. Public information extracted from other business databases, 
Small Business Administration VetCert database and www.Fedmine.us, a 
GovSpend Company.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    1. Congress
    To a Member of Congress or staff acting upon the Member's behalf 
when the Member or staff requests the information on behalf of, and at 
the request of, the individual who is the subject of the record.
    2. Data Breach Response and Remediation, for VA
    To appropriate agencies, entities, and persons when (1) VA suspects 
or has confirmed that there has been a breach of the system of records; 
(2) VA has determined that as a result of the suspected or confirmed 
breach there is a risk of harm to individuals, VA (including its 
information systems, programs, and operations), and the Federal 
Government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with VA's efforts to respond to the suspected or confirmed 
breach or to prevent, minimize or remedy such harm.
    3. Law Enforcement
    To a Federal, state, local, territorial, tribal, or foreign law 
enforcement authority or other appropriate entity charged with the 
responsibility of investigating or prosecuting such violation or 
charged with enforcing or implementing such law, provided that the 
disclosure is limited to information that, either alone or in 
conjunction with other information, indicates a violation or potential 
violation of law, whether civil, criminal, or regulatory in nature. The 
disclosure of the names and addresses of veterans and their dependents 
from VA records under this routine use must also comply with the 
provisions of 38 U.S.C. 5701. Data Breach Response and Remediation, for 
Another Federal Agency.
    To another Federal agency or Federal entity, when VA determines 
that the information is reasonably necessary to assist the recipient 
agency or entity in (1) responding to a suspected or confirmed breach 
or (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    4. DoJ for Litigation or Administrative Proceeding
    To the Department of Justice (DoJ), or in a proceeding before a 
court, adjudicative body, or other administrative body before which VA 
is authorized to appear, when:
    (a) VA or any component thereof;
    (b) Any VA employee in his or her official capacity;
    (c) Any VA employee in his or her individual capacity where DoJ has 
agreed to represent the employee; or
    (d) The United States, where VA determines that litigation is 
likely to affect the agency or any of its components, is a party to 
such proceedings or has an interest in such proceedings, and VA 
determines that use of such records is relevant and necessary to the 
proceedings.
    5. Contractors
    To contractors, grantees, experts, consultants, students, and 
others performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for VA, when reasonably necessary to 
accomplish an agency function related to the records.
    6. OPM
    To the Office of Personnel Management (OPM) in connection with the 
application or effect of civil service laws, rules, regulations, or OPM 
guidelines in particular situations.
    7. Federal Agencies, for Research
    To a Federal agency for the purpose of conducting research and data 
analysis to perform a statutory purpose of that Federal agency upon the 
prior written request of that agency.
    8. Federal Agencies, for Computer Matches
    To other federal agencies for the purpose of conducting computer 
matches to obtain information to determine or verify eligibility of 
Veterans receiving VA benefits or medical care under Title 38, U.S.C.
    9. Federal Agencies, Courts, Litigants, for Litigation or 
Administrative Proceedings
    To another federal agency, court, or party in litigation before a 
court or in an administrative proceeding conducted by a Federal agency, 
when the government is a party to the judicial or administrative 
proceeding.
    10. Governmental Agencies, for VA Hiring, Security Clearance, 
Contract, License, Grant

[[Page 60269]]

    To a Federal, state, local, or other governmental agency 
maintaining civil or criminal violation records, or other pertinent 
information, such as employment history, background investigations, or 
personal or educational background, to obtain information relevant to 
VA's hiring, transfer, or retention of an employee, issuance of a 
security clearance, letting of a contract, or issuance of a license, 
grant, or other benefit. The disclosure of the names and addresses of 
Veterans and their dependents from VA records under this routine use 
must also comply with the provisions of 38 U.S.C. 5701.
    11. State or Local Agencies, for Employment
    To a state, local, or other governmental agency, upon its official 
request, as relevant and necessary to that agency's decision on the 
hiring, transfer, or retention of an employee, the issuance of a 
security clearance, the letting of a contract, or the issuance of a 
license, grant, or other benefit by that agency. The disclosure of the 
names and addresses of Veterans and their dependents from VA records 
under this routine use must also comply with the provisions of 38 
U.S.C. 5701.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records in this system will be stored in a computerized database. 
The system will operate on servers, located on the VA EC MAG, Region 1 
and Region 2, or Region 3. Data backups will reside on appropriate 
media, according to normal system backup plans for VA Enterprise 
Operations.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records in this system may be retrieved by:
    1. Organization Name.
    2. Contact Name.
    3. Email Address.
    4. Web Address.
    5. Area Code and Phone Number.
    6. Zip Code.
    7. County Code (NaCO).
    8. State(s).
    9. Service Area Limits (if any).
    10. Year Established.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained and disposed of in accordance with the 
schedule approved by the Archivist of the United States, DAA-0015-2018-
0003, 7 years from the date the records were last modified or updated.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    VA staff and contractors will have access to the system via VA 
Intranet and local connections, for operations, management and 
maintenance purposes and tasks. Access to the Intranet portion of the 
system is done through VA PIV authentication and role-based access 
control at officially approved access points. Small business owners and 
Veteran entrepreneurs will establish and maintain user ID's and 
passwords for accessing the VetBiz Portal using VA's DS Logon, ID.me or 
Login.gov through Access VA. Policy regarding issuance of user-ids and 
passwords is formulated in VA by the Office of Information and 
Technology, Washington, DC. The system is configured so that access to 
the public data elements in the database does not lead to access to the 
non-public data elements.

RECORD ACCESS PROCEDURES:
    Individuals seeking information on the existence and content of 
records in this system pertaining to them should contact the system 
manager in writing as indicated above. A request for access to records 
must contain the requester's full name, address, telephone number, be 
signed by the requester, and describe the records sought in sufficient 
detail to enable VA personnel to locate them with a reasonable amount 
of effort.

CONTESTING RECORD PROCEDURES:
    Individuals seeking to contest or amend records in this system 
pertaining to them should contact the system manager in writing as 
indicated above. A request to contest or amend records must state 
clearly and concisely what record is being contested, the reasons for 
contesting it, and the proposed amendment to the record.

NOTIFICATION PROCEDURES:
    Generalized notice is provided by the publication of this notice. 
For specific notice, see Record Access Procedure, above. E

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    87 FR 1007 (January 7, 2022).

[FR Doc. 2023-18874 Filed 8-30-23; 8:45 am]
BILLING CODE P