[Federal Register Volume 81, Number 14 (Friday, January 22, 2016)]
[Notices]
[Pages 3862-3864]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-01224]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Department of Veterans Affairs (VA).

ACTION: Notice of Amendment to Systems of Records.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974 (5 U.S.C. 552a(e)(4)), 
notice is hereby given that the Department of Veterans Affairs (VA) is 
amending the system of records entitled ``Customer User Provisioning 
System (CUPS)-VA'' (87VA005OP). VA is re-publishing the system notice 
in its entirety.

DATES: Comments on this new system of records must be received no later 
than February 22, 2016. If no public comment is received during the 
period allowed for comment or unless otherwise published in the Federal 
Register by VA, the new system will become effective February 22, 2016.

ADDRESSES: Written comments concerning the proposed amended system of 
records may be submitted by: mail or hand-delivery to Director, 
Regulations Management (02REG), Department of Veterans Affairs, 810 
Vermont Avenue NW., Room 1068, Washington, DC 20420; fax to (202) 273-
9026; or email to http://www.Regulations.gov. All comments received 
will be available for public inspection in the Office of Regulation 
Policy and Management, Room 1063B, between the hours of 8:00 a.m. and 
4:30 p.m., Monday through Friday (except holidays). Please call (202) 
461-4902 (this is not a toll-free number) for an appointment.

FOR FURTHER INFORMATION CONTACT: Andrea Birkland, Chief, Systems Access 
Management, Enterprise Operations, Department of Veterans Affairs, 1615 
Woodward Street, Austin, Texas 78772, telephone (512) 326-6394.

SUPPLEMENTARY INFORMATION: The Department is proposing to amend its 
system of records entitled ``Customer User Provisioning System (CUPS)'' 
by updating the system manager and address to Deputy Director, Security 
Systems, 1615 Woodward Street, Austin, Texas 78772. The telephone 
number is (512) 326-6021; updating the system location name from 
Corporate Data Center Operations (CDCO) to Enterprise Operations (EO); 
and changing the information contact to Andrea Birkland, Chief, Systems 
Access Management, Department of Veterans Affairs, 1615 Woodward 
Street, Austin, Texas 78772, telephone (512) 326-6394.

Signing Authority

    The Secretary of Veterans Affairs, or designee, approved this 
document and authorized the undersigned to sign and submit the document 
to the Office of the Federal Register for publication electronically as 
an official document of the Department of Veterans Affairs. Robert L. 
Nabors II, Chief of Staff, approved this document on January 11, 2016, 
for publication.

    Dated: January 12, 2016.
Kathleen M. Manwell,
Program Analyst, VA Privacy Service, Office of Privacy and Records 
Management, Department of Veterans Affairs.
87VA005OP

SYSTEM NAME:
    Customer User Provisioning System (CUPS)-VA.

SYSTEM LOCATION:
    The automated records are maintained by the Enterprise Operations 
(EO), 1615 Woodward Street, Austin, TX 78772. The paper records will be 
maintained at each VA field station that has a responsibility for CUPS 
input.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    All Department of Veterans Affairs employees, employees of other

[[Page 3863]]

government agencies, and authorized contractor personnel who have 
requested and have been granted access to the automated resources of VA 
Enterprise Operations (EO).

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records in this system, in both paper and electronic form, will 
include the names and network user-ID of all personnel who have 
requested and been granted access to the automated resources at EO. The 
records will also include business address and telephone number, job 
title, and information relating to data file and computer system access 
permissions granted to that individual.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Title 38, United States Code, Section 501.

PURPOSE(S):
    The purpose of this system of records is to allow EO in Austin, 
Texas, to maintain a current list of all VA employees, employees of 
other government agencies, and authorized contractor personnel who 
require access to the computer resources of EO, in accordance with 
Federal computer security requirements.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. At the initiative of VA, pertinent information may be disclosed 
to appropriate Federal, State or local agencies responsible for 
investigating, prosecuting, enforcing or implementing statutes, rules, 
regulations or orders, where VA becomes aware of an indication of a 
violation or potential violation of civil or criminal law or 
regulation.
    2. Disclosure of specific information may be made to a Federal 
agency, in response to its request, to the extent that the information 
requested is relevant and necessary to the requesting agency's decision 
in connection with hiring or retaining an employee, issuing a security 
clearance, conducting a security or suitability investigation on an 
individual, classifying jobs, awarding a contract or issuing a license, 
grant or other benefit.
    3. Disclosure of information may be made to officials of the Merit 
Systems Protection Board, including the Office of the Special Counsel, 
the Federal Labor Relations Authority and its General Counsel or the 
Equal Employment Opportunity Commission, when requested in performance 
of their authorized duties, and the request is not in connection with a 
law enforcement investigation.
    4. The record of an individual who is covered by this system or 
records may be disclosed to a member of Congress, or staff person 
acting for the member when the member or staff person requests the 
record on behalf of and at the written request of that individual.
    5. Disclosure may be made to the National Archives and Records 
Administration and General Services Administration for record 
management inspections conducted under Authority of Title 44 U.S.C.
    6. VA may disclose information from this system of records to the 
Department of Justice (DoJ), either on VA's initiative or in response 
to DoJ's request for the information, after either VA or DoJ determines 
that such information is relevant to DoJ's representation of the United 
States or any of its components in legal proceedings before a court or 
adjudicative body, provided that, in each case, the agency also 
determines prior to disclosure that release of the records to the DoJ 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records. VA, on its own 
initiative, may disclose records in this system of records in legal 
proceedings before a court or administrative body after determining 
that the disclosure of records to the court or administrative body is a 
use of the information contained in the records that is compatible with 
the purpose for which VA collected the records.
    7. Disclosure of relevant information may be made to individuals, 
organizations, private or public agencies, or other entities with whom 
VA has a contract or agreement or where there is a subcontract to 
perform such services as VA may deem practicable for the purposes of 
laws administered by VA, in order for the contractor or subcontractor 
to perform the services of the contract or agreement.
    8. VA may disclose on its own initiative any information in this 
system, except the names and home addresses of veterans and their 
dependents, that is relevant to a suspected violation or reasonably 
imminent violation of law, whether civil, criminal or regulatory in 
nature and whether arising by general or program statute or by 
regulation, rule or order issued pursuant thereto, to a Federal, State, 
local, tribal, or foreign agency charged with the responsibility of 
investigating or prosecuting such violation, or charged with enforcing 
or implementing the statute, rule, regulation or order. VA may also 
disclose on its own initiative the names and addresses of veterans with 
the responsibility of investigating or prosecuting civil, criminal, or 
regulatory violations if law, or charged with enforcing or implementing 
the statute regulation, or order issued pursuant thereto.
    9. Disclosure to other Federal agencies may be made to assist such 
agencies in preventing and detecting possible fraud or abuse by 
individuals in their operations and programs.
    10. VA may, on its own initiative, disclose any information or 
records to appropriate agencies, entities, and persons when (1) VA 
suspects or has confirmed that the integrity or confidentiality of 
information in the system of records has been compromised; (2) VA has 
determined that as a result of the suspected or confirmed compromise, 
there is a risk of embarrassment or harm to the reputations of the 
record subjects, harm to the economic or property interests, identity 
theft or fraud, or harm to security, confidentially, or integrity of 
this system or other systems or programs (whether maintained by VA or 
another agency or entity) that rely upon the potentially compromised 
information; and (3) the disclosure is to agencies, entities, or 
persons whom VA determines are reasonably necessary to assist or carry 
out the VA's efforts to respond to the suspected or confirmed 
compromise and prevent, minimize, or remedy such harm. This routine use 
permits disclosures by VA to respond to a suspected or confirmed data 
breach, including the conduct of any risk analysis or provision of 
credit protection services as provided in 38 U.S.C. 5724, as the terms 
are defined in 38 U.S.C. 5727.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Each field station responsible for inputting records into the 
system will retain the original signed paper copies of requests for 
system access in locked containers. Data files supporting the automated 
system are stored in a secure area located at EO Data files are stored 
on magnetic disk and, for archival purposes, on magnetic tape.

RETRIEVABILITY:
    Paper records are maintained in alphabetical order by last name of 
the requester. Automated records are retrieved by individual name or by 
a specific automated resource.

SAFEGUARDS:
    Paper records in progress are maintained in a manned room during 
working hours. Paper records

[[Page 3864]]

maintained for archival purposes are stored in locked containers until 
needed. During non-working hours, the paper records are kept in a 
locked container in a secured area. Access to the records is on a need-
to-know basis only. Access to the automated system is via computer 
terminal; standard security procedures, including a unique customer 
identification code and password combination, are used to limit access 
to authorized personnel only.
    Specifically, in order to obtain access to the automated records 
contained in this system of records, an individual must:
    1. Have access to the automated resources of EO An individual may 
not self-register for this access. Formal documentation of the request 
for access, signed by the employee's supervisor, is required before an 
individual may obtain such access. Authorized customers are issued a 
customer identification code and one-time password.
    2. Be an authorized official of the CUPS system. Only two 
individuals per field station may be designated CUPS officials with 
access to add, modify or delete records from the system. These 
individuals require a specific functional task code in their customer 
profile; this functional task can only be assigned by EO. A limited 
number of supervisory or managerial employees throughout VA will have 
read-only access for the purpose of monitoring CUPS activities.

RETENTION AND DISPOSAL:
    Records will be maintained and disposed of in accordance with the 
records disposal authority approved by the Archivist of the United 
States, the National Archives and Records Administration, and published 
in Agency Records Control Schedules.
    Paper records will be destroyed by shredding or other appropriate 
means for destroying sensitive information. Automated storage records 
are retained and destroyed in accordance with a disposition 
authorization approved by the Archivist of the United States.

SYSTEMS AND MANAGER(S) AND ADDRESS:
    Officials responsible for policies and procedures; Deputy Director, 
Security Systems, 1615 Woodward Street, Austin, Texas 78772. The 
telephone number is (512) 326-6021.

NOTIFICATION PROCEDURE:
    Individuals who wish to determine whether this system of records 
contains information about them should contact the Deputy Director, 
Security Systems, 1615 Woodward Street, Austin, Texas 78772. The 
telephone number is (512) 326-6021.

RECORD ACCESS PROCEDURE:
    An individual who seeks access or wishes to contest records 
maintained under his or her name or other personal identifier may 
write, call, or visit the system manager.

CONTESTING RECORD PROCEDURES:
    (See Record Access Procedures above.)

RECORD SOURCE CATEGORIES:
    Individuals who have applied for and been granted access permission 
to the resources of EO.

[FR Doc. 2016-01224 Filed 1-21-16; 8:45 am]
BILLING CODE P