[Federal Register Volume 85, Number 79 (Thursday, April 23, 2020)] [Notices] [Pages 22798-22801] From the Federal Register Online via the Government Publishing Office [www.gpo.gov] [FR Doc No: 2020-08610] ----------------------------------------------------------------------- DEPARTMENT OF VETERANS AFFAIRS Privacy Act of 1974; System of Records AGENCY: Office of Small & Disadvantaged Business Utilization (OSDBU), Department of Veterans Affairs (VA). ACTION: Notice of a new system of records. ----------------------------------------------------------------------- SUMMARY: The purpose of this new system of record is to gather and maintain information on small businesses owned and controlled by Veterans, including service-disabled Veterans, to enable them to effectively compete for Federal contracts, as well as working with the Small Business Administration in its provision of services to Veteran- owned businesses under the Veterans Entrepreneurship and Small Business Development Act of 1999. DATES: Comments on this new system of records must be received no later than 30 days after date of publication in the Federal Register. If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by VA, the new system of records will become effective a minimum of 30 days after date of publication in the Federal Register. If VA receives public comments, VA shall review the comments to determine whether any changes to the notice are necessary. ADDRESSES: Written comments may be submitted through www.Regulations.gov; by mail or hand-delivery to Director, Regulation Policy and Management (00REG), Department of Veterans Affairs, 810 Vermont Ave. NW, Room 1064, Washington, DC 20420; or by fax to (202) 273-9026 (not a toll-free number). Comments should indicate that they are submitted in response to 181VAOSDBU, Center for Verification and Evaluation (CVE) VA VetBiz Vendor Information Pages (VIP). Copies of comments received will be available for public inspection in the Office of Regulation Policy and Management, Room 1063B, between the hours of 8:00 a.m. and 4:30 p.m., Monday through Friday (except holidays). Please call (202) 461-4902 for [[Page 22799]] an appointment. (This is not a toll-free number.) In addition, comments may be viewed online at Regulations.gov. FOR FURTHER INFORMATION CONTACT: For general questions about the system contact Ray Dockery at the Office of Small & Disadvantaged Business Utilization at 1-866-584-2344 or [email protected]. SUPPLEMENTARY INFORMATION: The Office of Small and Disadvantaged Business Utilization (OSDBU), Center for Verification and Evaluation (CVE) operates and maintains the Department of Veterans Affairs (VA), CVE VetBiz Vendor Information Pages (VIP) solution using a combination of commercial off-the-shelf software (COTS) and cloud-based applications. These COTS and Cloud products leverage market-tested products that are currently listed as enterprise solutions in the VA environment and are in compliance with the VA's technology standards for enterprise-class software. The VetBiz VIP solution provides an internet-facing portal for submitting data and tracking the progress of the verification team as well as an integrated customer relationship management (CRM) system with strong document management, collaboration, notification, and reporting functionality in alignment with the security requirements dictated by the collection, capture, and distribution of sensitive material. This SORN has been revised based on the feedback from Office of Information and Regulatory Affairs (OIRA) within the Office of Management and Budget (OMB). Revisions made:Removed statement advising renaming of SORN, this is a new SORN and the name is not being changed in Supplementary Information Section. Removed the ``on its own initiative'' language in Routine Use 4, 5, and 13. Added ``Federal'' to list of agencies for hiring purposes in Routine Use 15. Removed Department of Health and Human Services (HHS) from Routine Use 17. Updated the SUPPLEMENTARY INFORMATION section with revisions made based on feedback from OIRA/OMB. Signing Authority The Senior Agency Official for Privacy, or designee, approved this document and authorized the undersigned to sign and submit the document to the Office of the Federal Register for publication electronically as an official document of the Department of Veterans Affairs. James P. Gfrerer, Assistant Secretary for Information and Technology and Chief Information Officer, Department of Veterans Affairs, approved this document on November 25, 2019. Dated: April 20, 2020. Amy L. Rose, Program Analyst, VA Privacy Service, Department of Veterans Affairs. SYSTEM NAME AND NUMBER: Center for Verification and Evaluation (CVE) VA VetBiz Vendor Information Pages (VIP) (181VAOSDBU) SECURITY CLASSIFICATION: Information in this SORN is not classified information. SYSTEM LOCATION: The system is hosted on the Veterans Affairs (VA) Enterprise Cloud (EC), Microsoft Azure Government (MAG). The VA EC MAG is located in Azure Government Region 1 (USGOV VIRGINIA) and 2 (USGOV IOWA) and is designed to allow U.S. government agencies, contractors and customers to move sensitive workloads into the cloud for addressing specific regulatory and compliance requirements. SYSTEM MANAGER(S): Ray Dockery, Information Technology Systems Integration, Department of Veterans Affairs (VA), Office of Small & Disadvantaged Business Utilization (OSDBU), 810 Vermont Ave. NW, Room 1064, Washington, DC 20420. 1-866-584-2344 AUTHORITY FOR MAINTENANCE OF THE SYSTEM: 38 U.S.C. 8127 and Public Law 106-50, as amended. PURPOSE(S) OF THE SYSTEM: To gather and maintain information on small businesses owned and controlled by Veterans, including service-disabled Veterans, to enable them to effectively compete for Federal contracts, as well as working with the Small Business Administration in its provision of services to Veteran-owned businesses under the Veterans Entrepreneurship and Small Business Development Act of 1999, as amended, Public Law 106-50, 113 Stat. 233. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Veterans who have applied to have their small businesses included in the VIP database, and, if deceased, their surviving spouses. CATEGORIES OF RECORDS IN THE SYSTEM: The records will contain data on Veteran-owned companies who have contacted the Center for Veterans Enterprise or have been extracted from e-government databases to which the companies have voluntarily submitted the data as a part of the marketing efforts to the federal government. The records may include business addresses and other contact information, information concerning products/services offered, information pertaining to the business, including Federal contracts, certifications, and security clearances held. RECORD SOURCE CATEGORIES: The information in this system of records is obtained from the following sources: a. Information voluntarily submitted by the business; b. Information gathered from VA contracting activities; c. Information extracted from other business databases. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES: 1. Congress: VA may disclose information from the record of an individual in response to an inquiry from the congressional office made at the request of that individual. VA must be able to provide information about individuals to adequately respond to inquiries from Members of Congress at the request of constituents who have sought their assistance. 2. Data breach response and remedial efforts: VA may disclose information from this system to appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that there has been a breach of the system of records; (2) VA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, VA (including its information systems, programs, and operations), and (3) the Federal Government, or national security; and the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with VA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. 3. Data breach response and remedial efforts with another Federal agency: VA may disclose information from this system to another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information [[Page 22800]] systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. 4. Law Enforcement: VA may disclose information in this system, except the names and home addresses of Veterans and their dependents, which is relevant to a suspected or reasonably imminent violation of law, whether civil, criminal or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, to a Federal, state, local, tribal, or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule or order. On its own initiative, VA may also disclose the names and addresses of Veterans and their dependents to a Federal agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto. 5. Litigation: VA may disclose information from this system of records to the Department of Justice (DoJ) in response to DoJ's request for the information, after either VA or DoJ determines that such information is relevant to DoJ's representation of the United States or any of its components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that release of the records to the DoJ is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA, on its own initiative, may disclose records in this system of records in legal proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. 6. Contractors: VA may disclose information from this system of records to individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to perform such services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor, subcontractor, public or private agency, or other entity or individual with whom VA has a contract or agreement to perform services under the contract or agreement. 7. Equal Employment Opportunity Commission (EEOC): VA may disclose information from this system to the EEOC when requested in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or other functions of the Commission as authorized by law or regulation. 8. Federal Labor Relations Authority (FLRA): VA may disclose information from this system to the FLRA, including its General Counsel, information related to the establishment of jurisdiction, investigation, and resolution of allegations of unfair labor practices, or in connection with the resolution of exceptions to arbitration awards when a question of material fact is raised; for it to address matters properly before the Federal Service Impasses Panel, investigate representation petitions, and conduct or supervise representation elections. 9. Merit Systems Protection Board (MSPB): VA may disclose information from this system to the MSPB, or the Office of the Special Counsel, when requested in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by law. 10. National Archives and Records Administration (NARA) and General Services Administration (GSA): VA may disclose information from this system to NARA and GSA in records management inspections conducted under title 44, U.S.C. 11. Federal Agencies, for Research: VA may disclose information from this system to a Federal agency to conduct research and data analysis to perform a statutory purpose of that Federal agency upon the prior written request of that agency, provided that there is legal authority under all applicable confidentiality statutes and regulations to provide the data and VA has determined prior to the disclosure that the VA data handling requirements are satisfied. 12. Federal Agencies, for Computer Matches: VA may disclose identifying information, including social security number, concerning Veterans, spouses of Veterans, and the beneficiaries of Veterans to other federal agencies for the purpose of conducting computer matches to obtain information to determine or verify eligibility of Veterans receiving VA medical care under Title 38, U.S.C. 13. Federal Agencies, for Litigation: VA may disclose information to another federal agency, court, or party in litigation before a court or other administrative proceeding conducted by an agency, if VA is a party to the proceeding and needs to disclose the information to protect its interests. 14. Federal, State, Local Agencies, Organizations, for Claimants' Benefits: VA may disclose health care information as deemed necessary and proper to federal, state, and local government agencies and national health organizations in order to assist in the development of programs that will be beneficial to claimants, to protect their rights under law, and assure that they are receiving all benefits to which they are entitled. 15. Federal, State, or Local Agency, for Hiring: Any information in this system may be disclosed to a Federal, State, or local agency, upon its official request, to the extent that it is relevant and necessary to that agency's decision on: The hiring, transfer or retention of an employee, the issuance of a security clearance, the letting of a contract, or the issuance or continuance of a license, grant or other benefit by the agency; provided, that if the information pertains to a Veteran, the name and address of the Veteran will not be disclosed unless the name and address is provided first by the requesting Federal, State, or local agency. 16. OMB: VA may disclose information from this system of records to the Office of Management and Budget (OMB) for the performance of its statutory responsibilities for evaluating Federal programs. 17. SSA, for SSN Validation: VA may disclose names and social security numbers of Veterans, spouses of Veterans, and the beneficiaries of Veterans, and other identifying information as is reasonably necessary may be disclosed to the Social Security Administration to conduct computer matches to obtain information to validate the social security numbers maintained in VA records. 18. Treasury, IRS: VA may disclose the name of a Veteran or beneficiary, other information as is reasonably necessary to identify such individual, and any other information concerning the individual's indebtedness by virtue of a person's participation in a benefits program administered by VA, may be disclosed to the Department of the Treasury, Internal Revenue Service, for the collection of Title 38 benefit overpayments, overdue indebtedness, and/or costs of services provided to an individual not entitled to such services, by the withholding of all or a portion of the person's Federal income tax refund. 19. Outreach: VA may disclose information from this system of records, [[Page 22801]] upon request, to any state, tribe, country, or municipal agency for the purposes of outreach to a benefit under Title 38, Code of Federal Regulations. POLICIES AND PRACTICES FOR STORAGE OF RECORDS: The VetBiz VIP will be stored in a computerized database. The system will operate on servers, located on the VA EC MAG, Region 1 (Virginia) and 2 (Iowa). Data backups will reside on appropriate media, according to normal system backup plans for VA Enterprise Operations. The system will be managed by VA OSDBU, in VA Headquarters, Washington, DC. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: Automated records may be retrieved by the names of the Veteran business owners and/or their social security numbers. POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: Records will be maintained and disposed of, in accordance with the records disposal authority approved by the Archivist of the United States, the National Archives and Records Administration, and published in Agency Records Control Schedules. ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: Read access to the system is via internet access, while VA staff, and contractor personnel will have access to the system, via VA Intranet and local connections, for operations, management and maintenance purposes and tasks. Access to the Intranet portion of the system is via VA PIV authentication and role-based access control, at officially approved access points. Veteran-owned small businesses will establish and maintain user-ids and passwords for accessing their corporate information under system control using VA's DS Logon or ID.me through Access VA. Policy regarding issuance of user-ids and passwords is formulated in VA by the Office of Information and Technology, Washington, DC. Security for data in the VetBiz database complies with applicable statutes, regulations and government-wide and VA policies. The system is configured so that access to the public data elements in the database does not lead to access to the non-public data elements, such as Veteran social security number. RECORD ACCESS PROCEDURES: Individuals seeking access to records about themselves, contained in this system of records, may access the records via the internet, or submit a written request to the system manager. CONTESTING RECORD PROCEDURES: The agency procedures whereby an individual can be notified at his or her request how he or she can contest the content of any record pertaining to him or her in the system. NOTIFICATION PROCEDURES: Individuals wishing to inquire, whether this system of records contains information about themselves, should contact the Deputy Director, IT Systems Integration (00SB), 810 Vermont Ave. NW, Washington, DC 20420. EXEMPTIONS PROMULGATED FOR THE SYSTEM: There are no exemptions for the system. HISTORY: Not applicable, this is a new SORN. [FR Doc. 2020-08610 Filed 4-22-20; 8:45 am] BILLING CODE 8320-01-P