[Federal Register Volume 85, Number 80 (Friday, April 24, 2020)]
[Notices]
[Pages 23134-23139]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-08615]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Office of Accountability and Whistleblower Protection (OAWP), 
Department of Veterans Affairs (VA).

ACTION: Notice of a New System of Records.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974, notice is hereby given 
that the Department of Veterans Affairs (VA) is establishing a new 
system of records known as the ``Matter Tracking System (MTS)-VA,'' 
(190VA70).

DATES: Comments on this new system of records must be received no later 
than 30 days after date of publication in the Federal Register. If no 
public comment is received during the period allowed for comment or 
unless otherwise published in the Federal Register by VA, the new 
system of records will become effective a minimum of 30 days after date 
of publication in the Federal Register. If VA receives public comments, 
VA shall review the comments to determine whether any changes to the 
notice are necessary.

ADDRESSES: Written comments may be submitted through 
www.Regulations.gov; by mail or hand-delivery to Director, Regulation 
Policy and Management (00REG), Department of Veterans Affairs, 810 
Vermont Ave. NW, Room 1064, Washington, DC 20420; or by fax to (202) 
273-9026 (not a toll-free number). Comments should indicate that they 
are submitted in response to the ``Matter Tracking System (MTS)-VA,'' 
(190VA70). Copies of comments received will be available for public 
inspection in the Office of Regulation Policy and Management, Room 
1063B, between the hours of 8:00 a.m. and 4:30 p.m., Monday through 
Friday (except holidays). Please call (202) 461-4902 for an 
appointment. (This is not a toll-free number.) In addition, comments 
may be viewed online at www.Regulations.gov.

FOR FURTHER INFORMATION CONTACT: Tanya Guimont, Supervisory FOIA 
Officer, Office of Accountability and Whistleblower Protection, 810 
Vermont Ave. NW, Mail Stop 70, Washington, DC 20420; telephone (202) 
461-6100. (This is not a toll-free number.)

SUPPLEMENTARY INFORMATION: 

I. Description of Proposed Systems of Records

    The MTS is an accountability matter management and reporting 
solution to fulfill the requirements of 38 U.S.C. 323. Microsoft 
Dynamics 365 (MD 365)

[[Page 23135]]

fulfills OAWP's need for an accountability matter management solution 
to track the office's workload and administrative functions. The MD 
Azure Cloud 365 application is hosted on the Federal Risk and 
Authorization Management Program (FedRAMP) High Government cloud.

II. Proposed Routine Use Disclosures of Data in the System

    We are proposing to establish the following Routine Use disclosures 
of information maintained in the system. To the extent that records 
contained in the system include information protected by 38 U.S.C. 7332 
(i.e., medical treatment information related to drug abuse, alcoholism 
or alcohol abuse, sickle cell anemia, or infection with the human 
immunodeficiency virus, 38 U.S.C. 5705 (i.e., quality assurance 
records); or information protected 45 CFR parts 160 and 164 (i.e., 
individually identifiable health information), such information cannot 
be disclosed under a routine use unless there is also specific 
statutory authority permitting the disclosure.
    1. VA may disclose information from the record of an individual in 
response to an inquiry from the congressional office made at the 
request of that individual. VA must be able to provide information 
about individuals to adequately respond to inquiries from Members of 
Congress at the request of constituents who have sought their 
assistance.
    2. VA may disclose information from this system to appropriate 
agencies, entities, and persons when (1) VA suspects or has confirmed 
that there has been a breach of the system of records; (2) VA has 
determined that as a result of the suspected or confirmed breach there 
is a risk of harm to individuals, VA (including its information 
systems, programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, and 
persons is reasonably necessary to assist in connection with VA's 
efforts to respond to the suspected or confirmed breach or to prevent, 
minimize, or remedy such harm.
    This routine use permits disclosures by the Department to respond 
to a suspected or confirmed data breach, including the conduct of any 
risk analysis or provision of credit protection services as provided in 
38 U.S.C. 5724.
    a. Effective Response. A federal agency's ability to respond 
quickly and effectively in the event of a breach of federal data is 
critical to its efforts to prevent or minimize any consequent harm. An 
effective response necessitates disclosure of information regarding the 
breach to those individuals affected by it, as well as to persons and 
entities in a position to cooperate, either by assisting in 
notification to affected individuals or playing a role in preventing or 
minimizing harms from the breach.
    b. Disclosure of Information. Often, the information to be 
disclosed to such persons and entities is maintained by federal 
agencies and is subject to the Privacy Act (5 U.S.C. 552a). The Privacy 
Act prohibits the disclosure of any record in a system of records by 
any means of communication to any person or agency absent the written 
consent of the subject individual, unless the disclosure falls within 
one of twelve statutory exceptions. To ensure an agency is in the best 
position to respond in a timely and effective manner, in accordance 
with 5 U.S.C. 552a(b)(3) of the Privacy Act, agencies should publish a 
routine use for appropriate systems specifically applying to the 
disclosure of information in connection with response and remedial 
efforts in the event of a data breach.
    3. VA may disclose information in this system, except the names and 
home addresses of Veterans and their dependents, which is relevant to a 
suspected or reasonably imminent violation of law, whether civil, 
criminal or regulatory in nature and whether arising by general or 
program statute or by regulation, rule or order issued pursuant 
thereto, to a Federal, state, local, tribal, or foreign agency charged 
with the responsibility of investigating or prosecuting such violation, 
or charged with enforcing or implementing the statute, regulation, rule 
or order. On its own initiative, VA may also disclose the names and 
addresses of Veterans and their dependents to a Federal agency charged 
with the responsibility of investigating or prosecuting civil, criminal 
or regulatory violations of law, or charged with enforcing or 
implementing the statute, regulation, rule or order issued pursuant 
thereto. VA must be able to provide on its own initiative information 
that pertains to a violation of laws to law enforcement authorities for 
them to investigate and enforce those laws. Under 38 U.S.C. 5701(a) and 
(f), VA may only disclose the names and addresses of Veterans and their 
dependents to Federal entities with law enforcement responsibilities. 
This is distinct from the authority to disclose records in response to 
a qualifying request from a law enforcement entity, as authorized by 
Privacy Act subsection 5 U.S.C. 552a(b)(7).
    4. VA may disclose information from this system of records to the 
Department of Justice (DoJ), either on VA's initiative or in response 
to DoJ's request for the information, after either VA or DoJ determines 
that such information is relevant to DoJ's representation of the United 
States or any of its components in legal proceedings before a court or 
adjudicative body, provided that, in each case, the agency also 
determines prior to disclosure that release of the records to DoJ is a 
use of the information contained in the records that is compatible with 
the purpose for which VA collected the records. VA, on its own 
initiative, may disclose records in this system of records in legal 
proceedings before a court or administrative body after determining 
that the disclosure of the records to the court or administrative body 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records. VA must be able to 
provide information to DoJ in litigation where the United States or any 
of its components is involved or has an interest. A determination would 
be made in each instance that under the circumstances involved, the 
purpose is compatible with the purpose for which VA collected the 
information. This routine use is distinct from the authority to 
disclose records in response to a court order under subsection (b)(11) 
of the Privacy Act, 5 U.S.C. 552(b)(11), or any other provision of 
subsection (b), in accordance with the court's analysis in Doe v. 
DiGenova, 779 F.2d 74, 78-84 (D.C. Cir. 1985) and Doe v. Stephens, 851 
F.2d 1457, 1465-67 (D.C. Cir. 1988).
    5. VA may disclose information from this system of records to 
individuals, organizations, private or public agencies, or other 
entities or individuals with whom VA has a contract or agreement to 
perform such services as VA may deem practicable for the purposes of 
laws administered by VA, in order for the contractor, subcontractor, 
public or private agency, or other entity or individual with whom VA 
has a contract or agreement to perform services under the contract or 
agreement. This routine use includes disclosures by an individual or 
entity performing services for VA to any secondary entity or individual 
to perform an activity that is necessary for individuals, 
organizations, private or public agencies, or other entities or 
individuals with whom VA has a contract or agreement to provide the 
service to VA. This routine use, which also applies to agreements that 
do not qualify as contracts defined by Federal procurement laws and 
regulations, is

[[Page 23136]]

consistent with the Office of Management and Budget (OMB) guidance in 
OMB Circular A-108, paragraph 6(j) that agencies promulgate routine 
uses to address disclosure of Privacy Act-protected information to 
contractors to perform the services contracts for the agency.
    6. VA may disclose information from this system to the Equal 
Employment Opportunity Commission (EEOC) when requested in connection 
with investigations of alleged or possible discriminatory practices, 
examination of Federal affirmative employment programs, or other 
functions of the Commission as authorized by law or regulation. VA must 
be able to provide information to EEOC to assist it in fulfilling its 
duties to protect employees' rights, as required by statute and 
regulation.
    7. VA may disclose information from this system to the Federal 
Labor Relations Authority (FLRA), including its General Counsel, 
information related to the establishment of jurisdiction, 
investigation, and resolution of allegations of unfair labor practices, 
or in connection with the resolution of exceptions to arbitration 
awards when a question of material fact is raised; for it to address 
matters properly before the Federal Services Impasses Panel, 
investigate representation petitions, and conduct or supervise 
representation elections. VA must be able to provide information to 
FLRA to comply with the statutory mandate under which it operates.
    8. VA may disclose information from this system to the Merit 
Systems Protection Board (MSPB), or the Office of the Special Counsel, 
when requested in connection with appeals, special studies of the civil 
service and other merit systems, review of rules and regulations, 
investigation of alleged or possible prohibited personnel practices, 
and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as 
authorized by law. VA must be able to provide information to MSPB to 
assist it in fulfilling its duties as required by statute and 
regulation.
    9. VA may disclose information from this system to the National 
Archives and Records Administration (NARA) and General Services 
Administration (GSA) in records management inspections conducted under 
Title 44, U.S.C. NARA is responsible for archiving old records which 
are no longer actively used but may be appropriate for preservation, 
and for the physical maintenance of the Federal government's records. 
VA must be able to provide the records to NARA to determine the proper 
disposition of such records.
    10. Data breach response and remedial efforts with another Federal 
agency: VA may disclose information from this system to another Federal 
agency or Federal entity, when VA determines that information from this 
system of records is reasonably necessary to assist the recipient 
agency or entity in (1) responding to a suspected or confirmed breach 
or (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    11. Disclosure to other Federal agencies may be made to assist such 
agencies in preventing and detecting possible fraud or abuse by 
individuals in their operations and programs.
    12. VA may disclose information from this system of records to a 
former VA employee or contractor, as well as the authorized 
representative of a current or former VA employee or contractor in 
pending or reasonably anticipated litigation, or in proceedings before 
any court, adjudicative, or administrative body, or in an action or 
proposed action by VA, when it is relevant or necessary to the 
litigation or administrative proceedings and one of the following is a 
party or has an interest in in the actions described above:
    (a) VA or any Component thereof;
    (b) Any employee or former employee of VA in his or her official 
capacity;
    (c) Any employee or former employee of VA in his or her individual 
capacity when VA has agreed to represent the employee; or
    (d) The U.S. Government or any agency thereof.
    13. Federal Agencies, for Litigation: VA may, on its own 
initiative, disclose information to another federal agency, court, or 
party in litigation before a court or other administrative proceeding 
conducted by an agency, if VA is a party to the proceeding and needs to 
disclose the information to protect its interests.
    14. VA may disclose information from this system of records to 
individuals and/or their representatives to provide updates on the 
status of an OAWP investigation, disclosure, allegations, and the 
outcome of that investigation. VA may also disclose information to VA 
employees regarding the status and outcome of a complaint made against 
them.
    15. VA may disclose information from this system of records when 
requested from another agency as part of a mandatory background check 
of the employee. VA must be able to provide information to assist other 
agencies in its duties to conduct complete and thorough background 
checks as required by statute and regulation.

III. Compatibility of the Proposed Routine Uses

    The Privacy Act permits VA to disclose information about 
individuals without their consent for a routine use when the 
information will be used for a purpose that is compatible with the 
purpose for which VA collected the information. In all the routine use 
disclosures described above, either the recipient of the information 
will use the information in connection with a matter relating to one of 
VA's programs, to provide a benefit to the VA, or to disclose 
information as required by law.
    The disclosures of individually-identifiable health information 
contemplated in the routine uses published in this new system of 
records notice are permitted under the Privacy Rule or required by law. 
However, to also have authority to make such disclosures under the 
Privacy Act, VA must publish these routine uses. Consequently, VA is 
publishing these routine uses to the routine uses portion of the system 
of records notice stating that any disclosure pursuant to the routine 
uses in this system of records notice must be either required by law or 
permitted by the Privacy Rule, before VA may disclose the covered 
information.
    The notice of intent to publish and an advance copy of the system 
notice have been sent to the appropriate Congressional committees and 
to the Director, Office of Management and Budget, as required by 5 
U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB (65 FR 
77677), December 12, 2000.

Signing Authority

    The Senior Agency Official for Privacy, or designee, approved this 
document and authorized the undersigned to sign and submit the document 
to the Office of the Federal Register for publication electronically as 
an official document of the Department of Veterans Affairs. James P. 
Gfrerer, Assistant Secretary for Information and Technology and Chief 
Information Officer, Department of Veterans Affairs, approved this 
document on December 20, 2019.

    Dated: April 20, 2020.
Amy L. Rose,
Program Analyst, VA Privacy Service, Department of Veterans Affairs.

SYSTEM NAME AND NUMBER:
    Matter Tracking System (MTS)-VA, (190VA70).

[[Page 23137]]

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Department of Veterans Affairs (VA), Office of Accountability and 
Whistleblower Protection (OAWP), 810 Vermont Ave. NW, Mail Stop 70, 
Washington, DC 20420.

SYSTEM MANAGER(S):
    FOIA Officer, Office of Accountability and Whistleblower 
Protection, 810 Vermont Ave. NW, Mail Stop 70, Washington, DC 20420; 
telephone at (202) 461-4119. (This is not a toll-free number.)

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    38 U.S.C. 323.

PURPOSE(S) OF THE SYSTEM:
    The MTS is a matter management solution to assist in meeting the 
need for real-time reporting and tracking of incidents contemplated by 
the Department of Veterans Affairs Accountability and Whistleblower 
Protection Act of 2017 (Pub. L. 115-41). The solution will allow OAWP 
to track workload and administrative functions. The system is an 
integral component of the OAWP information technology (IT) architecture 
and allows for more efficient operations.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The MTS contains the following categories of individuals: 
Disclosing Party (DP), Whistleblowers, and Persons of Interest (POI). 
DPs are individuals who submit a matter to OAWP. Whistleblowers are DPs 
who are VA employees or applicants for employment that have submitted a 
disclosure which the individual reasonably believes evidences a 
violation of a law, rule, or regulation; gross mismanagement; a gross 
waste of funds; an abuse of authority; or a substantial and specific 
danger to public health or safety. Per 38 U.S.C. 323, the Assistant 
Secretary of OAWP, cannot disclose the identity of a Whistleblower who 
is an employee without the employee's consent, unless otherwise 
provided for under law.
    A POI is an individual who is alleged to have committed a violation 
of law, rule, or regulation; gross mismanagement; a gross waste of 
funds; an abuse of authority; or a substantial and specific danger to 
public health or safety. A POI could also be an individual against whom 
an allegation of whistleblower retaliation or senior leader misconduct 
or poor performance is made.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records and information in this system include submissions of 
disclosures, matters, persons of interest, disciplinary actions, and 
recommendations of the Government Accountability Office (GAO), the VA 
Office of Inspector General (OIG), the Office of Medical Inspector 
(OMI), and the Office of Special Counsel (OSC).

RECORD SOURCE CATEGORIES:
    Information entered into the system by OAWP employees is obtained 
from VA employees, third parties (e.g., a Veteran, VA beneficiary, VA 
contractor, or private party), VA records, congressional, federal, 
state, and local offices or agencies.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    1. VA may disclose information from this system in response to an 
inquiry from the congressional office made at the request of that 
individual.
    2. VA may disclose information from this system to appropriate 
agencies, entities, and persons when (1) VA suspects or has confirmed 
that there has been a breach of the system of records; (2) VA has 
determined that as a result of the suspected or confirmed breach there 
is a risk of harm to individuals, VA (including its information 
systems, programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, and 
persons is reasonably necessary to assist in connection with VA's 
efforts to respond to the suspected or confirmed breach or to prevent, 
minimize, or remedy such harm.
    3. VA may disclose information from this system, except the names 
and home addresses of Veterans and their dependents, which is relevant 
to a suspected or reasonably imminent violation of law, whether civil, 
criminal, or regulatory in nature and whether arising by general or 
program statute or by regulation, rule, or order issued pursuant 
thereto, to a Federal, state, local, tribal, or foreign agency charged 
with the responsibility of investigating or prosecuting such violation, 
or charged with enforcing or implementing the statute, regulation, rule 
or order. On its own initiative, VA may also disclose the names and 
addresses of Veterans and their dependents to a Federal agency charged 
with the responsibility of investigating or prosecuting civil, criminal 
or regulatory violations of law, or charged with enforcing or 
implementing the statute, regulation, rule or order issued pursuant 
thereto. VA must be able to provide on its own initiative information 
that pertains to a violation of laws to law enforcement authorities for 
them to investigate and enforce those laws. Under 38 U.S.C. 5701(a) and 
(f), VA may only disclose the names and addresses of Veterans and their 
dependents to Federal entities with law enforcement responsibilities. 
This is distinct from the authority to disclose records in response to 
a qualifying request from a law enforcement entity, as authorized by 
Privacy Act subsection 5 U.S.C. 552a(b)(7).
    4. VA may disclose information from this system to the Department 
of Justice (DoJ), either on VA's initiative or in response to DoJ's 
request for the information, after either VA or DoJ determines that 
such information is relevant to DoJ's representation of the United 
States or any of its components in legal proceedings before a court or 
adjudicative body, provided that, in each case, the agency also 
determines prior to disclosure that release of the records to the DoJ 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records. VA, on its own 
initiative, may disclose records in this system of records in legal 
proceedings before a court or administrative body after determining 
that the disclosure of the records to the court or administrative body 
is a use of the information contained in the records that is compatible 
with the purpose for which VA collected the records. VA must be able to 
provide information to DoJ in litigation where the United States or any 
of its components is involved or has an interest. A determination would 
be made in each instance that under the circumstances involved, the 
purpose is compatible with the purpose for which VA collected the 
information. This routine use is distinct from the authority to 
disclose records in response to a court order under subsection (b)(11) 
of the Privacy Act, 5 U.S.C. 552(b)(11), or any other provision of 
subsection (b), in accordance with the court's analysis in Doe v. 
DiGenova, 779 F.2d 74, 78-84 (D.C. Cir. 1985) and Doe v. Stephens, 851 
F.2d 1457, 1465-67 (D.C. Cir. 1988).
    5. VA may disclose information from this system to individuals, 
organizations, private or public agencies, or other entities or 
individuals with whom VA has a contract or agreement to perform such 
services as VA may deem practicable for the purposes of laws 
administered by VA, in order for the contractor, subcontractor, public 
or private agency, or other entity or individual with whom VA has a 
contract or agreement to

[[Page 23138]]

perform services under the contract or agreement. This routine use 
includes disclosures by an individual or entity performing services for 
VA to any secondary entity or individual to perform an activity that is 
necessary for individuals, organizations, private or public agencies, 
or other entities or individuals with whom VA has a contract or 
agreement to provide the service to VA. This routine use, which also 
applies to agreements that do not qualify as contracts defined by 
Federal procurement laws and regulations, is consistent with the Office 
of Management and Budget (OMB) guidance in OMB Circular A-108, 
paragraph 6(j) that agencies promulgate routine uses to address 
disclosure of Privacy Act-protected information to contractors to 
perform the services contracts for the agency.
    6. VA may disclose information from this system to the Equal 
Employment Opportunity Commission (EEOC) when requested in connection 
with investigations of alleged or possible discriminatory practices, 
examination of Federal affirmative employment programs, or other 
functions of the Commission as authorized by law or regulation.
    7. VA may disclose information from this system to the Federal 
Labor Relations Authority (FLRA), including its General Counsel, 
information related to the establishment of jurisdiction, 
investigation, and resolution of allegations of unfair labor practices, 
or in connection with the resolution of exceptions to arbitration 
awards when a question of material fact is raised; for it to address 
matters properly before the Federal Services Impasses Panel, 
investigate representation petitions, and conduct or supervise 
representation elections.
    8. VA may disclose information from this system to the Merit 
Systems Protection Board (MSPB), or the Office of the Special Counsel, 
when requested in connection with appeals, special studies of the civil 
service and other merit systems, review of rules and regulations, 
investigation of alleged or possible prohibited personnel practices, 
and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as 
authorized by law.
    9. VA may disclose information from this system to the National 
Archives and Records Administration (NARA) and General Services 
Administration (GSA) in records management inspections conducted under 
Title 44, U.S.C. NARA is responsible for archiving old records which 
are no longer actively used but may be appropriate for preservation, 
and for the physical maintenance of the Federal government's records.
    10. VA may disclose information from this system to another Federal 
agency or Federal entity when VA determines that information from this 
system of records is reasonably necessary to assist the recipient 
agency or entity in (1) responding to a suspected or confirmed breach 
or (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    11. Disclosure to other Federal agencies may be made to assist such 
agencies in preventing and detecting possible fraud or abuse by 
individuals in their operations and programs.
    12. VA may disclose information from this system of records to a 
former VA employee or contractor, as well as the authorized 
representative of a current or former employee or contractor of VA 
Attorneys representing individuals conducting litigation in pending or 
reasonably anticipated litigation, or in proceedings before any court, 
adjudicative, or administrative body, or in an action or proposed 
action by VA, when it is relevant or necessary to the litigation or 
administrative proceeding, and one of the following is a party or has 
an interest in the actions described above:
    a. VA or any Component thereof;
    b. Any employee or former employee of VA in his or her official 
capacity;
    c. Any employee or former employee of VA in his or her individual 
capacity when VA has agreed to represent the employee; or
    d. The U.S. Government or any agency thereof.
    13. VA may, on its own initiative, disclose information to another 
federal agency, court, or party in litigation before a court or other 
administrative proceeding conducted by an agency, if VA is a party to 
the proceeding and needs to disclose the information to protect its 
interests.
    14. VA may disclose information from this system of records to 
individuals and/or their representatives to provide updates on the 
status of an OAWP investigation, disclosure, allegations and the 
outcome of that investigation. VA may also disclose information to VA 
employees regarding the status and outcome of a complaint made against 
them.
    15. VA may disclose information from this system of records when 
requested from another agency as part of a mandatory background check 
of the employee. VA must be able to provide information to assist other 
agencies in its duties to conduct complete and thorough background 
checks as required by statute and regulation.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records within the Matter Tracker are stored on a FedRAMP cloud 
database, protected by certified ``High'' security controls.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Information and records are retrieved by matter, disclosing party 
name, or person of interest name.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records will be maintained and disposed of in accordance with VA 
Directive 6300. VA will use NARA regulations (36 CFR 1234.6) for 
managing electronic records.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Information in the system is protected from unauthorized access 
through administrative, physical, and technical safeguards. Access to 
computerized information is restricted to authorized OAWP personnel on 
a need-to-know basis. Computer system documentation is maintained in a 
secure environment in the FedRAMP cloud database, protected by 
certified ``High'' security controls. Routine vulnerability reviews are 
conducted under the `Dynamics 365 for Government Assessing' Authority 
to Operate.

RECORD ACCESS PROCEDURES:
    An individual who seeks access to or wishes to contest records 
maintained under his or her name in this system must submit an email to 
[email protected].

CONTESTING RECORD PROCEDURES:
    (See records access procedures above.)

NOTIFICATION PROCEDURES:
    An individual who wishes to determine whether a record is being 
maintained under his or her name in this system must email 
[email protected].

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    Pursuant to subsection (k)(2) of the Privacy Act, 5 U.S.C. 
552a(k)(2), this system of records is exempt from subsections (c)(3), 
(d), (e)(1), (e)(4)(G), (e)(4)(H), (e)(4)(I), and (f) of the Act.

[[Page 23139]]

HISTORY:
    None.

[FR Doc. 2020-08615 Filed 4-23-20; 8:45 am]
 BILLING CODE 8320-01-P