[Federal Register Volume 88, Number 203 (Monday, October 23, 2023)]
[Notices]
[Pages 72820-72823]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-23327]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Veterans Experience Office, Department of Veterans Affairs 
(VA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974, notice is hereby given 
that the Department of Veterans Affairs (VA) is modifying the system of 
records titled ``Veterans Affairs Profile-VA'' (192VA30). VA Profile 
contains information about Veterans; their families, caregivers, and 
survivors; and other VA customers to facilitate the title 38 benefits 
and services provided by the different administrations and program 
offices.

DATES: Comments on this modified system of records must be received no 
later than 30 days after date of publication in the Federal Register. 
If no public comment is received during the period allowed for comment 
or unless otherwise published in the Federal Register by VA, the 
modified system of records will become effective a minimum of 30 days 
after the date of publication in the Federal Register. If VA receives 
public comments, VA shall review the comments to determine whether any 
changes to the notice are necessary.

ADDRESSES: Comments may be submitted through www.Regulations.gov or 
mailed to VA Privacy Service, 810 Vermont Avenue NW, (005X6F), 
Washington, DC 20420. Comments should indicate that they are submitted 
in response to'' Veterans Affairs Profile-VA'' (192VA30). Comments 
received will be available at regulations.gov for public viewing, 
inspection or copies.

FOR FURTHER INFORMATION CONTACT: Trisha Dang, Veterans Experience 
Office (VEO), Department of Veterans Affairs, 810 Vermont Ave. NW, 
Building 810,

[[Page 72821]]

Washington, DC 20420; Telephone (202) 461-9898; email 
[email protected].

SUPPLEMENTARY INFORMATION: VA is modifying the Veterans Affairs Profile 
system of records by making minor revisions to the Routine Uses of 
Records Maintained in the System; and updating the System Location; 
Purpose of the System; Categories of Individuals Covered by the System; 
Categories of Records in the System; Record Source Categories; Policies 
and Practices for Storage of Records; Administrative, Technical, and 
Physical Safeguards; Record Access Procedures; and Contesting Record 
Procedures.
    The Report of Intent to Amend a System of Records Notice and an 
advance copy of the system notice have been sent to the appropriate 
Congressional committees and to the Director of the Office of 
Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy 
Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.

Signing Authority

    The Senior Agency Official for Privacy, or designee, approved this 
document and authorized the undersigned to sign and submit the document 
to the Office of the Federal Register for publication electronically as 
an official document of the Department of Veterans Affairs. Kurt D. 
DelBene, Assistant Secretary for Information and Technology and Chief 
Information Officer, approved this document on September 13, 2023 for 
publication.

    Dated: October 18, 2023.
Amy L. Rose,
Government Information Specialist, VA Privacy Service, Office of 
Compliance, Risk and Remediation, Office of Information and Technology, 
Department of Veterans Affairs.

SYSTEM NAME AND NUMBER:
    Veterans Affairs Profile (VA Profile) (192VA30).

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The VA Profile system is maintained in a system known as the VA 
Profile Data Repository (VA PROFILEDB) hosted at an OI&T approved VA 
sponsored data warehouse location via secured cloud storage on a 
Federal Risk and Authorization Management Program (FedRAMP) certified 
VA Enterprise Cloud (VAEC).

SYSTEM MANAGER(S):
    Trisha Dang, Veterans Experience Office (VEO), Department of 
Veterans Affairs, 810 Vermont Ave. NW, Building 810, Washington, DC 
20420; Telephone (202) 461-9898; email [email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    38 U.S.C. 501, 7304.

PURPOSE(S) OF THE SYSTEM:
    The purpose of VA Profile is to serve as the authoritative data 
source for common customer profiles of Veterans; their families, 
caregivers, and survivors; and other VA customers. The profile data in 
this system of records is mastered and synchronized with information in 
other data sources, meet VA data quality standards, and is updated 
using a single touchpoint service. Through synchronization of 
information from various data sources, VA Profile provides VA 
administrations and program offices with a customer profile that is 
accurate, relevant, complete, and timely.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Records in the system contain information about Veterans; their 
families, caregivers, and survivors; and eligible beneficiaries who are 
receiving or have received title 38 benefits and services; and other 
individuals who may be entitled to title 38 benefits and services.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records may include identifying data and contact information, such 
as names; mailing and residential addresses; daytime, evening, mobile, 
and fax phone numbers; and email addresses.

RECORD SOURCE CATEGORIES:
    Records contain information provided by Veterans as well as their 
families, advocates, and dependents. Information is also obtained from 
other VA components and systems of records, including National Patient 
Database-VA (121VA10A7), VA/DoD Identity Repository (138VA005Q); 
Enrollment and Eligibility Records-VA (147VA10), Veterans Health 
Information Systems and Technology Architecture (VistA) Records-VA 
(79VA10),Compensation, Pension, Education, and Vocational 
Rehabilitation and Employment Records (58VA21/22/28), Administrative 
Data Repository-VA (150VA19), and supplemented with information 
purchased from data brokers.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    1. Congress: To a Member of Congress or staff acting upon the 
Member's behalf when the Member or staff requests the information on 
behalf of, and at the request of, the individual who is the subject of 
the record.
    2. Data breach response and remediation, for VA: To appropriate 
agencies, entities, and persons when (a) VA suspects or has confirmed 
that there has been a breach of the system of records; (b) VA has 
determined that as a result of the suspected or confirmed breach there 
is a risk of harm to individuals, VA (including its information 
systems, programs, and operations), the Federal Government, or national 
security; and (c) the disclosure made to such agencies, entities, and 
persons is reasonably necessary to assist in connection with VA's 
efforts to respond to the suspected or confirmed breach or to prevent, 
minimize, or remedy such harm.
    3. Data breach response and remediation, for another Federal 
agency: To another Federal agency or Federal entity, when VA determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (a) responding to a suspected 
or confirmed breach or (b) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach.
    4. Law Enforcement: To a Federal, state, local, territorial, 
tribal, or foreign law enforcement authority or other appropriate 
entity charged with the responsibility of investigating or prosecuting 
a violation or potential violation of law, whether civil, criminal, or 
regulatory in nature, or charged with enforcing or implementing such 
law, provided that the disclosure is limited to information that, 
either alone or in conjunction with other information, indicates such a 
violation or potential violation. The disclosure of the names and 
addresses of veterans and their dependents from VA records under this 
routine use must also comply with the provisions of 38 U.S.C. 5701.
    5. DoJ, Litigation, Administrative Proceeding: To the Department of 
Justice (DoJ), or in a proceeding before a court, adjudicative body, or 
other administrative body before which VA is authorized to appear, 
when:
    (a) VA or any component thereof;
    (b) Any VA employee in his or her official capacity;
    (c) Any VA employee in his or her individual capacity where DoJ has 
agreed to represent the employee; or
    (d) The United States, where VA determines that litigation is 
likely to affect the agency or any of its

[[Page 72822]]

components, is a party to such proceedings or has an interest in such 
proceedings, and VA determines that use of such records is relevant and 
necessary to the proceedings.
    6. Contractors: To contractors, grantees, experts, consultants, 
students, and others performing or working on a contract, service, 
grant, cooperative agreement, or other assignment for VA, when 
reasonably necessary to accomplish an agency function related to the 
records.
    7. OPM: To the Office of Personnel Management (OPM) in connection 
with the application or effect of civil service laws, rules, 
regulations, or OPM guidelines in particular situations.
    8. EEOC: To the Equal Employment Opportunity Commission (EEOC) in 
connection with investigations of alleged or possible discriminatory 
practices, examination of Federal affirmative employment programs, or 
other functions of the Commission as authorized by law.
    9. FLRA: To the Federal Labor Relations Authority (FLRA) in 
connection with: the investigation and resolution of allegations of 
unfair labor practices, the resolution of exceptions to arbitration 
awards when a question of material fact is raised, matters before the 
Federal Service Impasses Panel; and the investigation of representation 
petitions and the conduct or supervision of representation elections.
    10. MSPB: To the Merit Systems Protection Board (MSPB) in 
connection with appeals, special studies of the civil service and other 
merit systems, review of rules and regulations, investigation of 
alleged or possible prohibited personnel practices, and such other 
functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by 
law.
    11. NARA: To the National Archives and Records Administration 
(NARA) in records management inspections conducted under 44 U.S.C. 2904 
and 2906, or other functions authorized by laws and policies governing 
NARA operations and VA records management responsibilities.
    12. Federal Agencies, for Computer Matches: To other federal 
agencies for the purpose of conducting computer matches to obtain 
information to determine or verify eligibility of veterans receiving VA 
benefits or medical care under title 38.
    13. Federal Agencies, for Research: To a Federal agency for the 
purpose of conducting research and data analysis to perform a statutory 
purpose of that Federal agency upon the prior written request of that 
agency.
    14. Researchers, for Research: To epidemiological and other 
research facilities approved by the Under Secretary for Health for 
research purposes determined to be necessary and proper, provided that 
the names and addresses of veterans and their dependents will not be 
disclosed unless those names and addresses are first provided to VA by 
the facilities making the request.
    15. Federal Agencies, Courts, Litigants, for Litigation or 
Administrative Proceedings: To another federal agency, court, or party 
in litigation before a court or in an administrative proceeding 
conducted by a federal agency, when the government is a party to the 
judicial or administrative proceeding.
    16. Consumer Reporting Agencies: To a consumer reporting agency for 
the purpose of locating the individual, obtaining a consumer report to 
determine the ability of the individual to repay an indebtedness to the 
United States, or assisting in the collection of such indebtedness, 
provided that the provisions of 38 U.S.C. 5701(g)(2) and (4) have been 
met, and the disclosure is limited to information as is reasonably 
necessary to identify such individual or concerning that individual's 
indebtedness to the United States by virtue of the person's 
participation in a benefits program administered by the Department.
    17. Law Enforcement, for Locating Fugitive: To any Federal, state, 
local, territorial, tribal, or foreign law enforcement agency to 
identify, locate, or report a known fugitive felon, in compliance with 
38 U.S.C. 5313B(d).
    18. OMB: To the Office of Management and Budget (OMB) for the 
performance of its statutory responsibilities for evaluating Federal 
programs.
    19. Nonprofits, for Release of Names and Addresses (RONA): To a 
nonprofit organization if the release is directly connected with the 
conduct of programs and the utilization of benefits under Title 38, 
provided that the disclosure is limited to the names and addresses of 
present or former members of the armed services or their beneficiaries, 
that the records will not be used for any purpose other than that 
stated in the request, and the that organization is aware of the 
penalty provision of 38 U.S.C. 5701(f).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records will be maintained at an OI&T approved VA sponsored data 
warehouse location via secured cloud storage on a Federal Risk and 
Authorization Management Program (FedRAMP) certified VA Government 
Cloud (GovCloud) site.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by name or other identifiers, such as an 
internal entry number of a partner system that maintains information on 
the individuals.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records in this system are maintained and disposed of in accordance 
with the schedule approved by the Archivist of the United States, 
General Records Schedule 5.2, item 020, which provides for disposition 
of intermediary records, e.g., copies of electronic records from one 
system that are used as source records to another system.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Access to VA Profile is limited to those persons whose official 
duties require such access. VA has established security procedures to 
ensure that access is appropriately limited, including review by 
information security officers and system data stewards of data access 
requests; and privacy and information security training required 
annually of all users of VA information or information systems.
    Access is regulated with security software that requires each user 
to be authenticated, and the system is hosted on a FedRAMP-certified, 
FISMA-high VA Government Cloud (GovCloud); and transmissions are 
protected by firewalls, intrusion detection devices, encryption, and 
other security measures.
    Physical access to computer rooms housing national administrative 
databases, warehouses, and data marts is restricted to authorized staff 
and protected by a variety of security devices. Unauthorized employees, 
contractors, and other staff are not allowed in computer rooms. The 
Federal Protective Service or other security personnel provide physical 
security for the buildings housing computer rooms and data centers, and 
copies of back-up computer files are generally maintained at off-site 
locations.

RECORD ACCESS PROCEDURES:
    Individuals seeking access to records in this system pertaining to 
them must contact the system manager in writing as indicated above. The 
request for access must contain the requester's full name, address, 
telephone number, and signature, and describe the records sought in 
sufficient detail to enable VA to locate them with a reasonable amount 
of effort.

[[Page 72823]]

CONTESTING RECORD PROCEDURES:
    Individuals seeking to contest or amend records in this system 
pertaining to them must contact the system manager in writing as 
indicated above. A request to contest or amend must state clearly and 
concisely what record is being contested, the basis for contesting it, 
and the proposed amendment to the record.

NOTIFICATION PROCEDURES:
    Generalized notice is provided by the publication of this notice. 
For specific notice, see Record Access Procedure, above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    87 FR 36207 (June 15, 2022).

[FR Doc. 2023-23327 Filed 10-20-23; 8:45 am]
BILLING CODE P