[Federal Register Volume 74, Number 60 (Tuesday, March 31, 2009)]
[Notices]
[Pages 14618-14620]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E9-7161]


-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Department of Veterans Affairs.

ACTION: Notice to amend an existing system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, as amended, 5 U.S.C. 552a(e)(4), the Department of Veterans 
Affairs (VA) is amending the system of records entitled ``Purchase 
Credit Card Program-VA'' (131VA047) as described in the Federal 
Register at 70 FR 7320 (February 11, 2005). VA is amending the system 
of records by updating our routine uses relating to records maintained 
in the system. VA is republishing the system of records notice in its 
entirety.

DATES: Written comments mailed to the Department must be postmarked no 
later than April 30, 2009, and written comments hand-delivered or 
submitted electronically to the Department must be received no later 
than 5 p.m. Eastern Time on April 30, 2009. If no public comment is 
received during the 30-day public comment period, or unless otherwise 
published in the Federal Register by VA, the new system of records 
statement is effective on April 30, 2009.

ADDRESSES: Written comments may be submitted through http://www.Regulations.gov; by mail or hand-delivery to: Director, Regulations 
Management (02REG), Department of Veterans Affairs, 810 Vermont Avenue, 
NW., Room 1068, Washington, DC 20420; fax to (202) 273-9026. Copies of 
comments received will be available for public inspection in the Office 
of Regulation Policy and Management, Room 1063B, between the hours of 8 
a.m. and 4:30 p.m., Monday through Friday (except holidays). Please 
call (202) 461-4902 for an appointment (this is not a toll-free 
number). In addition, during the comment period, comments may be viewed 
Online through the Federal Docket Management System (FDMS) at http://www.Regulations.gov.

FOR FURTHER INFORMATION CONTACT: Peter Mulhern, Office of Financial 
Policy (047G), Department of Veterans Affairs, 810 Vermont Avenue, NW., 
Washington, DC 20420, Telephone: (202) 461-6487 (this is not a toll-
free number).

SUPPLEMENTARY INFORMATION: Pursuant to the Privacy Act of 1974 (5 
U.S.C. 552a) and the Office of Management and Budget (OMB) Circular No. 
A-130, VA has conducted a review of its Privacy Act systems of records 
notices and has determined that it needs to amend and establish the 
following routine use disclosures for the information maintained in the 
system of records entitled ``Purchase Credit Card Program-VA'' 
(131VA047):
    Routine use three (3) is amended to add language to clarify when VA 
will disclose information to a court, adjudicative or administrative 
bodies, or the parties involved. A determination would be made in each 
instance that, under the circumstances involved, the purpose served by 
the use of the information in the particular litigation or process is 
compatible with a purpose for which VA collects the information.
    Routine use five (5) is amended to add language to clarify when VA 
will disclose the names and addresses of veterans and their dependents 
in order to comply with the requirements of agencies, such as Federal, 
State, local, tribal and foreign agencies, charged with enforcing the 
law and investigations of violations or possible violations of law.
    Routine use seven (7) is deleted. A further reading of this routine 
use indicates that it may be more restrictive than the disclosure 
provided to consumer reporting agencies, as set forth in 38 U.S.C. 
552a(b)(12). In addition, any delinquent debts that remain outstanding 
are referred for collection action to the Department of the Treasury or 
the Department of Justice. Disclosure of information for such referrals 
is already covered by routine uses three (3) and nine (9). The 
remainder of the routine uses will be renumbered accordingly.
    A new routine use ten (10) is added. VA may, on its own initiative, 
disclose any information or records to appropriate agencies, entities, 
and persons to respond to a suspected or confirmed data breach, 
including the conduct of any risk analysis or provision of credit 
protection services.
    Finally, VA is adding new routines uses eleven (11), twelve (12), 
and thirteen (13). These three new routine uses are added to enable 
disclosure of information to the Merit Systems Protection Board (MSPB), 
the Federal Labor Relations Authority (FLRA), and the Equal Employment 
Opportunity Commission (EEOC) in order for each to address matters 
within their jurisdiction.
    The Privacy Act of 1974 permits VA to disclose information about 
individuals without their consent for a routine use when the 
information will be used for a purpose that is compatible with the 
purpose for which VA collected the information. In all of the routine 
use disclosures described above, the recipient of the information will 
use the information either in connection with a matter related to one 
of VA's programs, or will use the information to provide a benefit to 
VA, or will disclose as required by law.
    The notice of intent to publish and an advance copy of the system 
notice have been sent to the appropriate Congressional committees and 
to the Director of the Office of Management and Budget (OMB) as 
required by 5 U.S.C. 552a(r) (Privacy Act of 1974) and guidelines 
issued by OMB on December 12, 2000 (65FR77677).

    Approved: March 3, 2009.
John R. Gingrich,
Chief of Staff, Department of Veterans Affairs.
131VA047

System Name:
    Purchase Credit Card Program-VA

System Location:
    This system of records is located in the finance/fiscal office of 
the local installations of the Department, the Financial Services 
Center, Austin, TX, and VA Central Office, Washington, DC. Records 
necessary for a contractor to perform under a contract are located at 
the contractor's facility.

Categories Of Individuals Covered By The System:
    Individuals covered by the system are current VA employees who have 
their own Government assigned charge card, or who have had a charge 
card.

Categories Of Records In The System:
    Records include name, work and home addresses, social security 
number,

[[Page 14619]]

date of birth, employment information, work and home telephone numbers, 
information needed for identification verification, charge card 
applications, charge card statements, terms and conditions for use of 
the charge card, and monthly report from contractor(s) showing charges 
to individual account numbers, balances, and other types of account 
analysis.

Authority For Maintenance Of The System:
    Federal Acquisition Regulation (FAR), Part 13, 48 CFR part 13, and 
Public Law 93-579, section 7(b).

Purpose(s):
    To establish and maintain a system for operating, controlling, and 
managing the purchase credit card program involving commercial 
purchases by authorized VA employees.

Routine Uses Of Records Maintained In The System, Including Categories 
Of Users And The Purposes Of Such Uses:
    System information may be accessed and used by authorized VA 
employees or contractors to conduct duties associated with the 
management and operation of the purchase credit card program.
    Information from this system also may be disclosed as a routine use 
for the following purposes:
    (1) The record of an individual who is covered by this system may 
be disclosed to a member of Congress, or a staff person acting for the 
member, when the member or staff person requests the record on behalf 
of and at the written request of the individual.
    (2) Disclosure may be made to the National Archives and Records 
Administration (NARA) in records management inspections conducted under 
authority of Title 44 U.S.C.
    (3) VA may disclose information from this system of records to the 
Department of Justice (DoJ), either on VA's initiative or in response 
to DoJ's request for the information, after either VA or DoJ determines 
that such information is relevant to DoJ's representation of the United 
States or any of its components in legal proceedings before a court or 
adjudicative body, provided that, in each case, the agency also 
determines prior to disclosure that release of the records to DoJ is a 
use of the information contained in the records that is compatible with 
the purpose for which VA collected the records. VA, on its own 
initiative, may disclose records in this system of records in legal 
proceedings before a court or administrative body after determining 
that the disclosure of the records to the court or administrative body 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records.
    (4) Disclosure of relevant information may be made to individuals, 
organizations, private or public agencies, or other entities with whom 
VA has a contract or agreement or where there is a subcontract to 
perform such services as VA may deem practicable for the purposes of 
laws administered by VA, in order for the contractor or subcontractor 
to perform the services of the contract or agreement.
    (5) VA may disclose on its own initiative any information in this 
system, except the names and addresses of veterans and their 
dependents, that is relevant to a suspected or reasonably imminent 
violation of law, whether civil, criminal, or regulatory in nature and 
whether arising by general or program statute or by regulation, rule, 
or order issued pursuant thereto, to a Federal, State, local, tribal, 
or foreign agency charged with the responsibility of investigating or 
prosecuting such violation, or charged with enforcing or implementing 
the statute, regulation, rule, or order. VA may also disclose on its 
own initiative the names and addresses of veterans and their dependants 
to a Federal agency charged with the responsibility of investigating or 
prosecuting civil, criminal, or regulatory violations of law, or 
charged with enforcing or implementing the statute, regulation, or 
order issued pursuant thereto.
    (6) Disclosure to other Federal agencies may be made to assist such 
agencies in preventing and detecting possible fraud or abuse by 
individuals in their operations and programs.
    (7) Any information in this system of records concerning a 
delinquent debt may be disclosed to the Secretary of the Treasury, or 
to any designated Government disbursing official, for the purpose of 
conducting administrative offset of any eligible Federal payments, 
under the authority set forth in 31 U.S.C. 3716. Tax refund and Federal 
salary payments may be included in those Federal payments eligible for 
administrative offset.
    (8) Any information in this system of records concerning a 
delinquent debt may be disclosed to the Secretary of the Treasury for 
appropriate collection or termination action, including the transfer of 
the indebtedness for collection or termination, in accordance with 31 
U.S.C. 3711(g)(4), to a debt collection center designated by the 
Secretary of the Treasury, to a private collection agency, or to the 
Department of Justice. The Secretary of the Treasury, through the 
Department of the Treasury, a designated debt collection center, a 
private collection agency, or the Department of Justice, may take 
appropriate action on a debt in accordance with the existing laws under 
which the debt arose.
    (9) Records from this system of records may be disclosed to 
officials of labor organizations recognized under 5 U.S.C. chapter 71, 
when relevant and necessary to their duties of exclusive representation 
concerning personnel policies, practices, and matters affecting working 
conditions.
    (10) VA may, on its own initiative, disclose any information or 
records to appropriate agencies, entities, and persons when (a) VA 
suspects or has confirmed that the integrity or confidentiality of 
information in the system of records has been compromised; (b) VA has 
determined that as a result of the suspected or confirmed compromise 
there is a risk of embarrassment or harm to the reputation of the 
record subjects, harm to economic or property interests, identity theft 
or fraud, or harm to the security, confidentiality, or integrity of 
this system or other systems or programs (whether maintained by VA or 
another agency or entity) that rely upon the potentially compromised 
information; and (c) the disclosure to such agencies, entities, or 
persons whom VA determines to be reasonably necessary to assist or 
carry out VA's efforts to respond to the suspected or confirmed 
compromise and prevent, minimize, or remedy such harm. This routine use 
permits disclosures by VA to respond to a suspected or confirmed data 
breach, including the conduct of any risk analysis or provision of 
credit protection services as provided in 38 U.S.C. 5724, as the terms 
are defined in 38 U.S.C. 5727.
    (11) VA may disclose information from this system to the Merit 
Systems Protection Board (MSPB), or the Office of the Special Counsel, 
when requested in connection with appeals, special studies of the civil 
service and other merit systems, review of rules and regulations, 
investigation of alleged or possible prohibited personnel practices, 
and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as 
authorized by law.
    (12) VA may disclose information from this system to the Federal 
Labor Relations Authority (FLRA), including its General Counsel, 
related to the establishment of jurisdiction, investigation, and 
resolution of allegations of unfair labor practices, or in connection 
with the resolution of exceptions to arbitration awards when a question 
of material fact is raised.

[[Page 14620]]

Information may also be disclosed to the FLRA in order for it to 
address matters properly before the Federal Services Impasses Panel, to 
investigate representation petitions, and to conduct or supervise 
representation elections.
    (13) VA may disclose information from this system to the Equal 
Employment Opportunity Commission (EEOC) when requested in connection 
with investigations of alleged or possible discriminatory practices, 
examination of Federal affirmative employment programs, or other 
functions of the Commission as authorized by law or regulation.

Disclosure to Consumer Reporting Agencies:
    Pursuant to 5 U.S.C. 552a(b)(12), VA may disclose records from this 
system to consumer reporting agencies as defined in the Fair Credit 
Reporting Act 15 U.S.C. 1681a(f) or the Federal Claims Collection Act 
of 1966 31 U.S.C. 3701(a)(3). The disclosure is limited to information 
necessary to establish the identity of the individual, including name, 
address, and taxpayer identification number (Social Security number), 
the amount, status and history of the claim; and the agency or program 
under which the claim arose for the sole purpose of allowing the 
consumer reporting agency to prepare a commercial credit report. Title 
31 U.S.C. 3711(e) governs the release of names and addresses of any 
person to consumer reporting agencies under certain circumstances.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, 
and Disposing of Records in the System:
Storage:
    Paper documents and electronic storage media.

Retrievability:
    These records may be retrieved using various combinations of name 
or identification number (credit card number) of the individual on whom 
the records are maintained.

Safeguards:
    This list of safeguards furnished in this System of Record is not 
an exclusive list of measures that has been, or will be, taken to 
protect individually-identifiable information.
    The Financial Services Center will maintain the data in compliance 
with applicable VA security policy directives that specify the 
standards that will be applied to protect sensitive personal 
information. Security complies with applicable Federal Information 
Processing Standards (FIPS) issued by the National Institute of 
Standards and Technology (NIST).
    Access to these records is restricted to authorized VA employees, 
contractors, or subcontractors who have been cleared to work by the VA 
Office of Security and Law Enforcement, on a ``need to know'' basis. 
They are required to take annual VA data privacy and security training.
    Offices where these records are maintained are locked after working 
hours and are protected from outside access by the Federal Protective 
Service, other security officers, and alarm systems. Access to 
computerized records is restricted to authorized VA employees, 
contractors, or subcontractors by means of unique user identification 
and passwords.

Retention and Disposal:
    In accordance with General Records Schedule 6, Item 1a(2), retain 
in inactive storage 1 year after the close of the fiscal year, then 
transfer to a Federal Archives and Records Center. Destroy 6 years and 
3 months after period covered by account.

System Manager(S) and Address:
    Deputy Assistant Secretary for Finance (047), VA Central Office, 
Washington, DC 20420.

Notification Procedures:
    Individuals seeking information concerning the existence of a 
record pertaining to them must submit a written request to the VA 
station where the records are maintained. Such request must contain a 
reasonable description of the records requested. In addition, 
identification of the individual requesting the information will be 
required in the written request and will consist of the requester's 
name, signature, and address, at a minimum.

Record Access Procedures:
    See ``Notification Procedure'' above.

Contesting Record Procedures:
    See ``Notification Procedure'' above.

Record Source Categories:
    Information received from individuals and the private credit card 
contractor.

 [FR Doc. E9-7161 Filed 3-30-09; 8:45 am]
BILLING CODE 8320-01-P