Federal Register, Volume 87 Issue 115 (Wednesday, June 15, 2022)

[Federal Register Volume 87, Number 115 (Wednesday, June 15, 2022)]
[Notices]
[Pages 36207-36209]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-12864]



[[Page 36207]]

=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Veterans Experience Office, Department of Veterans Affairs 
(VA).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: The Privacy Act of 1974 requires that all agencies publish in 
the Federal Register a notice of the existence and character of their 
systems of records. Notice is hereby given that the Department of 
Veterans Affairs (VA) is establishing a new system of records entitled 
``Veterans Affairs Profile-VA'' (VA Profile) (192VA30). This system of 
records is an enterprise Master Data Management (MDM) solution that 
modernizes VA systems by ensuring VA customer data is synchronized and 
shared across the VA, regardless of the channel used to provide the 
information. This system of records contains VA customer contact 
information to support a range of business activities that are used by 
Veterans, eligible beneficiaries, other VA customers, and the different 
administrations supporting VA customers.

DATES: Comments on this new system of records must be received no later 
than 30 days after date of publication in the Federal Register. If no 
public comment is received during the period allowed for comment or 
unless otherwise published in the Federal Register by VA, the new 
system of records will become effective a minimum of 30 days after the 
date of publication in the Federal Register. If VA receives public 
comments, VA shall review the comments to determine whether any changes 
to the notice are necessary.

FOR FURTHER INFORMATION CONTACT: Trisha Dang, Veterans Experience 
Office (VEO), Department of Veterans Affairs, 810 Vermont Ave NW, 
Building 810, Washington DC 20420; Telephone (202) 461-9898; email 
[email protected].

SUPPLEMENTARY INFORMATION: VA Profile is an enterprise Master Data 
Management (MDM) solution designed to provide a comprehensive VA 
customer Profile and to enable seamless interaction with authoritative 
sources of customer data. Starting with contact information, VA Profile 
will ensure that the Veterans Health Administration (VHA), the Veterans 
Benefits Administration (VBA), and the National Cemetery Administration 
(NCA) have access to accurate and timely information about Veterans and 
eligible beneficiaries. VA Profile will facilitate the updating of 
Veterans information, providing a complete view of their Master Record, 
enforce data specifications and data quality for each assigned VA 
Common Information Subject Area, and ensure key data is available and 
usable across the VA enterprise. Benefits of VA Profile for the Veteran 
include increased consistency, accuracy and timeliness of information 
received from VA; improved customer experience; enhanced VA customer 
engagement; and reduced burden to VA customers providing the same 
information multiple times to the VA.

Signing Authority

    The Senior Agency Official for Privacy, or designee, approved this 
document and authorized the undersigned to sign and submit the document 
to the Office of the Federal Register for publication electronically as 
an official document of the Department of Veterans Affairs. Kurt D. 
DelBene, Assistant Secretary for Information and Technology and Chief 
Information Officer, approved this document on May 9, 2022 for 
publication.

    Dated: June 10, 2022.
Amy L. Rose,
Program Analyst, VA Privacy Service, Office of Information Security, 
Office of Information and Technology, Department of Veterans Affairs.

SYSTEM NAME AND NUMBER:
    ``Veterans Affairs Profile'' (VA Profile) (192VA30)

SECURITY CLASSIFICATION:
    Unclassified

SYSTEM LOCATION:
    The VA Profile system maintains records in a system known as the VA 
Profile Data Repository (VA PROFILEDB) hosted in a containerized 
environment at a federally rated FISMA moderate data center at the 
Austin Information Technology Center (AITC), located at 1615 East 
Woodward Street, Austin, Texas 78772. Capabilities implemented in 
FY2020 and later will be hosted in the FISMA-high VA Enterprise Cloud 
(VAEC).

SYSTEM MANAGER(S):
    Trisha Dang, Veterans Experience Office (VEO), Department of 
Veterans Affairs, 810 Vermont Ave. NW, Building 810, Washington, DC 
20420; Telephone (202) 461-9898; email [email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Title 38, United States Code, Section 501 and Section 7304.

PURPOSE(S) OF THE SYSTEM:
    The purpose of VA Profile is to source authoritative common and 
shared information about VA customers, starting with contact 
information. Information in this system of records is mastered, meets 
VA data quality standards, and allows VA customers to use a single 
touchpoint to update contact information and other key data. VA Profile 
will enable synchronization of information to provide each VA 
administration with an updated, accurate, and timely customer Profile. 
VA Profile is the authoritative storage repository for certain common 
customer data, specifically contact information, and VA Profile 
functions as a pass-through with synchronization of customer Profile 
data stored in other VA authoritative data sources.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Records in the system contain Veteran and eligible beneficiary 
information. This includes Veterans and eligible beneficiaries who are 
receiving or have received benefits from VBA, Veterans who are 
receiving or have received healthcare from VHA, and records of other 
beneficiaries entitled to VHA healthcare.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records, or information contained in the system of records, may 
include identifying information and will store contact information, 
specifically: mailing and residence address, daytime, evening, mobile, 
and fax phone numbers, and personal email address. VA Profile Services 
are used to share common data with other VA systems and lines of 
business.

RECORD SOURCE CATEGORIES:
    Information in this system of records is provided by Veterans, 
their families and/or advocates, eligible dependents, and those in the 
VA workforce located at the facilities where customer Records in the VA 
Profile system may be accessed, and is synchronized with other VA 
systems and applications under the following Systems of Records: 
National Patient Database-VA (121VA10A7), VA/DoD Identity Repository 
(138VA005Q), Enrollment and Eligibility Records-VA (147VA10), Veterans 
Health Information Systems and Technology Architecture (VistA) Records-
VA (79VA10), VBA Compensation, Pension, Education, and Vocational 
Rehabilitation and Employment Records (58VA21/22/28), Administrative 
Data Repository--VA (150VA19).

[[Page 36208]]

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    1. Congress: VA may disclose information to a Member of Congress or 
staff acting upon the Member's behalf when the Member or staff requests 
the information on behalf of, and at the request of, the individual who 
is the subject of the record.
    2. Data breach response and remediation, for VA: VA may disclose 
information to appropriate agencies, entities, and persons when (1) VA 
suspects or has confirmed that there has been a breach of the system of 
records,[middot] (2) VA has determined that as a result of the 
suspected or confirmed breach there is a risk of harm to individuals, 
VA (including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with VA's efforts to respond to the suspected or 
confirmed breach or to prevent, minimize, or remedy such harm.
    3. Data breach response and remediation, for another Federal 
agency: VA may disclose information to another Federal agency or 
Federal entity, when VA determines that information from this system of 
records is reasonably necessary to assist the recipient agency or 
entity in (1) responding to a suspected or confirmed breach or (2) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    4. Law Enforcement: VA may disclose information that, either alone 
or in conjunction with other information, indicates a violation or 
potential violation of law, whether civil, criminal, or regulatory in 
nature, to a Federal, state, local, territorial, tribal, or foreign law 
enforcement authority or other appropriate entity charged with the 
responsibility of investigating or prosecuting such violation or 
charged with enforcing or implementing such law. The disclosure of the 
names and addresses of veterans and their dependents from VA records 
under this routine use must also comply with the provisions of 38 
U.S.C. 5701.
    5. DoJ for Litigation or Administrative Proceeding: VA may disclose 
information to the Department of Justice (DoJ), or in a proceeding 
before a court, adjudicative body, or other administrative body before 
which VA is authorized to appear, when:
    (a) VA or any component thereof;
    (b) Any VA employee in his or her official capacity;
    (c) Any VA employee in his or her individual capacity where DoJ has 
agreed to represent the employee; or
    (d) The United States, where VA determines that litigation is 
likely to affect the agency or any of its components, is a party to 
such proceedings or has an interest in such proceedings, and VA 
determines that use of such records is relevant and necessary to the 
proceedings.
    6. Contractors: VA may disclose information to contractors, 
grantees, experts, consultants, students, and others performing or 
working on a contract, service, grant, cooperative agreement, or other 
assignment for VA, when reasonably necessary to accomplish an agency 
function related to the records.
    7. OPM: VA may disclose information to the Office of Personnel 
Management (OPM) in connection with the application or effect of civil 
service laws, rules, regulations, or OPM guidelines in particular 
situations.
    8. EEOC: VA may disclose information to the Equal Employment 
Opportunity Commission (EEOC) in connection with investigations of 
alleged or possible discriminatory practices, examination of Federal 
affirmative employment programs, or other functions of the Commission 
as authorized by law.
    9. FLRA: VA may disclose information to the Federal Labor Relations 
Authority (FLRA) in connection with: the investigation and resolution 
of allegations of unfair labor practices, the resolution of exceptions 
to arbitration awards when a question of material fact is raised; 
matters before the Federal Service Impasses Panel; and the 
investigation of representation petitions and the conduct or 
supervision of representation elections.
    10. MSPB: VA may disclose information to the Merit Systems 
Protection Board (MSPB) and the Office of the Special Counsel in 
connection with appeals, special studies of the civil service and other 
merit systems, review of rules and regulations, investigation of 
alleged or possible prohibited personnel practices, and such other 
functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by 
law.
    11. NARA: VA may disclose information to NARA in records management 
inspections conducted under 44 U.S.C. 2904 and 2906, or other functions 
authorized by laws and policies governing NARA operations and VA 
records management responsibilities.
    11. Federal Agencies, for Computer Matches: VA may disclose 
information from this system to other federal agencies for the purpose 
of conducting computer matches to obtain information to determine or 
verify eligibility of veterans receiving VA benefits or medical care 
under Title 38, U.S.C.
    12. Federal Agencies, for Research: VA may disclose information to 
a Federal agency for the purpose of conducting research and data 
analysis to perform a statutory purpose of that Federal agency upon the 
prior written request of that agency.
    13. Researchers, for Research: VA may disclose information from 
this system to epidemiological and other research facilities approved 
by the Under Secretary for Health for research purposes determined to 
be necessary and proper, provided that the names and addresses of 
veterans and their dependents will not be disclosed unless those names 
and addresses are first provided to VA by the facilities making the 
request.
    14. Federal Agencies, Courts, Litigants, for Litigation or 
Administrative Proceedings: VA may disclose information to another 
federal agency, court, or party in litigation before a court or in an 
administrative proceeding conducted by a Federal agency, when the 
government is a party to the judicial or administrative proceeding.
    15. Consumer Reporting Agencies: VA may disclose information as is 
reasonably necessary to identify such individual or concerning that 
individual's indebtedness to the United States by virtue of the 
person's participation in a benefits program administered by the 
Department, to a consumer reporting agency for the purpose of locating 
the individual, obtaining a consumer report to determine the ability of 
the individual to repay an indebtedness to the United States, or 
assisting in the collection of such indebtedness, provided that the 
provisions of 38 U.S.C. 57019(g)(2) and (4) have been met.
    16. Law Enforcement, for Locating Fugitive: In compliance with 38 
U.S.C. 5313B(d), VA may disclose information from this system of 
records to any Federal, state, local, tribal, or foreign law 
enforcement agency to identify, locate, or report a known fugitive 
felon. If the disclosure is in response to a request from a law 
enforcement entity, the request must meet the requirements for a 
qualifying law enforcement request under the Privacy Act, 5 U.S.C. 
552a(b)(7).

[[Page 36209]]

    17. OMB: VA may disclose information to the Office of Management 
and Budget (OMB) for the performance of its statutory responsibilities 
for evaluating Federal programs.
    18. Nonprofits, for Release of Names and Addresses (RONA): VA may 
disclose the name(s) and address(es) of present or former members of 
the armed services or their beneficiaries: (1) to a nonprofit 
organization if the release is directly connected with the conduct of 
programs and the utilization of benefits under Title 38, and (2) to any 
criminal or civil law enforcement governmental agency or 
instrumentality charged under applicable law with the protection of the 
public health or safety, if a qualified representative of such 
organization, agency, or instrumentality has made a written request 
that such names or addresses be provided for a purpose authorized by 
law; provided that the records will not be used for any purpose other 
than that stated in the request and that organization, agency, or 
instrumentality is aware of the penalty provision of 38 U.S.C. 5701(f).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    The VA Profile system will utilize both Government and Commercial 
Off-the Shelf (GOTS) and (COTS) platforms that will be hosted initially 
at the VA Austin Information Technology Center in Austin, TX. The 
platform will be Trusted internet Connection (TIC) certified and 
Federal Risk and Authorization Management Program (FedRAMP) certified 
and meet all requirements for Federal Information Security Management 
Act of 2002 (FISMA) Moderate compliance. Hosting transitioned to a 
FedRAMP certified VA Government Cloud (GovCloud) site in early Federal 
Fiscal Year (FFY) 2020 and meets all requirements for Federal 
Information Security Management Act of 2002 (FISMA) High compliance. 
Records will be maintained at an OI&T approved VA sponsored data 
warehouse location via secured cloud storage.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by assigned identifiers, such as an 
internal entry number of a partner system that maintains information on 
the individuals. Only those with assigned rights, as defined in their 
SSO login, will have access to records at a specific record level. 
Aggregated, non-attributional data will be retrieved via geolocation 
and provided to management at those locations.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    VA Profile records are maintained and disposed of in accordance 
with records disposition authority approved by the Archivist of the 
United States. The records are disposed of in accordance with General 
Records Schedule 20, item 4. Item 4 provides for deletion of data files 
when the agency determines that the files are no longer needed for 
administrative, legal, audit, or other operational purposes.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Access to and use of national administrative databases, warehouses, 
data marts and cloud storage sites are limited to those persons whose 
official duties require such access, and the VA has established 
security procedures to ensure that access is appropriately limited. 
Information security officers and system data stewards review and 
authorize data access requests. VA regulates data access with security 
software that authenticates users and requires individually unique 
codes and passwords. VA provides information security training to all 
staff and instructs staff on the responsibility each person has for 
safeguarding data confidentiality.
    VA maintains Business Associate Agreements and Non-Disclosure 
Agreements with contracted resources to maintain confidentiality of the 
information.
    Physical access to computer rooms housing national administrative 
databases, warehouses, and data marts is restricted to authorized staff 
and protected by a variety of security devices. Unauthorized employees, 
contractors, and other staff are not allowed in computer rooms. The 
Federal Protective Service or other security personnel provide physical 
security for the buildings housing computer rooms and data centers.
    Data transmissions between operational systems and national 
administrative databases, warehouses, and data marts maintained by this 
system of record are protected by state-of-the-art telecommunication 
software and hardware. This may include firewalls, intrusion detection 
devices, encryption, and other security measures necessary to safeguard 
data as it travels across the VA Wide Area Network.
    In most cases, copies of back-up computer files are maintained at 
off-site locations.

RECORD ACCESS PROCEDURES:
    An individual (or duly authorized representative of such 
individual) who seeks access to or wishes to contest records maintained 
under his or her name or other personal identifier may write or call 
the individual listed under Notification Procedure below.

CONTESTING RECORD PROCEDURES:
    See Notification Procedure below.

NOTIFICATION PROCEDURES:
    Individuals seeking information regarding access to and contesting 
of records maintained by VA may write, call, or visit the nearest VA 
regional office or VHA facility. Address locations for VBA regional 
offices are listed in VA Appendix 1 of 58VA21/22/28 and address 
locations for VHA facilities are listed in VA Appendix 1 of the 
biennial publications of Privacy Act Issuances.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    N/A, this is a new SORN.

[FR Doc. 2022-12864 Filed 6-14-22; 8:45 am]
BILLING CODE 8320-01-P