[Federal Register Volume 88, Number 242 (Tuesday, December 19, 2023)]
[Notices]
[Pages 87844-87847]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-27831]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS


Privacy Act of 1974; System of Records

AGENCY: Department of Veteran Affairs (VA), Office of Information and 
Technology (OIT).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974, notice is hereby given 
that VA is modifying the system of records titled, ``Call Detail 
Records-VA'' (90VA194). This system is used to generate call detail 
records to capture information regarding calls made on telephone 
systems, including who made the call (calling party number), who was 
called (called party number), the date and time the call was made, the 
duration of the call, and other usages and diagnostic information 
elements (e.g., features used, reason for call termination).

DATES: Comments on this modified system of records must be received no 
later than 30 days after date of publication in the Federal Register. 
If no public comment is received during the period allowed for comment 
or unless otherwise published in the Federal Register by VA, the 
modified system of records will become effective a minimum of 30 days 
after date of publication in the Federal Register. If VA receives 
public comments, VA shall review the comments to determine whether any 
changes to the notice are necessary.

ADDRESSES: Comments may be submitted through www.Regulations.gov or 
mailed to VA Privacy Service, 810 Vermont Avenue NW, (005X6F), 
Washington, DC 20420. Comments should indicate that they are submitted 
in response to Call Detail Records--VA

[[Page 87845]]

90VA194. Comments received will be available at regulations.gov for 
public viewing, inspection or copies.

FOR FURTHER INFORMATION CONTACT: Office of Information and Technology 
Privacy Officer, Gina Siefert, Department of Veterans Affairs, 810 
Vermont Avenue NW., Washington, DC 20420; telephone (202) 632-8430 
(Note: This is not a toll-free number) or [email protected]

SUPPLEMENTARY INFORMATION: VA is amending the system of records by 
revising the System Location; System Manager; Categories of Individuals 
Covered by the System; Routine Uses of Records Maintained in the 
System, Including Categories of Users and Purposes of Such Uses; 
Policies and Practices for Storage of Records; Policies and Practices 
for Retrieval of Records; Policies and Practices for Retention and 
Disposal of Records; Record Access Procedures; Contesting Records 
Procedures; and Notification Procedures.
    The Categories of Individuals Covered by the System is being 
updated to reflect ``Individuals who are assigned telephone numbers or 
are authorized to use VA telephone services, and individuals who 
receive or make calls billed to the VA.''
    The System location will be updated to replace individual local VHA 
facilities with ``VA OIT Trusted internet Gateway Data Centers''.
    The System Manager is being updated to ``Deputy Director for 
Operations, Unified Communications. Telephone number (202) 632-9603.''
    Routine Uses of Records Maintained in the System, Including 
Categories of Users and Purposes of Such Uses are being modified to 
remove current Routine Uses number 1 and number 2; and to update 
current language for the remaining Routine Uses, numbers 3 through 17. 
This system will now have 15 Routine Uses.
    Policies and Practices for Storage of Records is being updated to 
reflect ``Records are maintained in electronic form in VA Data Centers.
    Policies and Practices for Retrieval of Records is being updates to 
remove ``date, time, cost.''
    Policies and Practices for Retention and Disposal of Records is 
being updated to reflect ``Records in this system are retained and 
disposed of in accordance with the schedule approved by the Archivist 
of the United States, VA Records Control Schedule 10-1 Item Number 
2525.1.''
    Record Access Procedures is being updated to reflect: ``Individuals 
wishing to request access to records pertaining to them should contact 
the System Manager in writing as indicated above. A request for access 
to records must contain the requester's full name, address, telephone 
number, be signed by the requester, and describe the records sought in 
sufficient detail to enable VA personnel to locate them with a 
reasonable amount of effort.''
    Contesting Records Procedures is being updated to reflect: 
``Individuals seeking to contest or amend records in this system 
pertaining to them should contact the System Manager in writing as 
indicated above. A request to contest or amend records must state 
clearly and concisely what record is being contested, the reasons for 
contesting it, and the proposed amendment to the record.''
    Notification Procedures is being updated to reflect: ``Generalized 
notice is provided by the publication of this notice. For specific 
notice, see Record Access Procedure, above.''
    The Report of Intent to Amend a System of Records Notice and an 
advance copy of the system notice have been sent to the appropriate 
Congressional committees and to the Director of the Office of 
Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy 
Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.

Signing Authority

    The Senior Agency Official for Privacy, or designee, approved this 
document and authorized the undersigned to sign and submit the document 
to the Office of the Federal Register for publication electronically as 
an official document of the Department of Veterans Affairs. Kurt D. 
DelBene, Assistant Secretary for Information and Technology and Chief 
Information Officer, approved this document on November 11, 2023 for 
publication.

    Dated: December 14, 2023.
Amy L. Rose,
Government Information Specialist, VA Privacy Service, Office of 
Compliance, Risk and Remediation, Office of Information and Technology, 
Department of Veterans Affairs.

SYSTEM NAME AND NUMBER:
    Call Detail Records-VA 90VA194

SECURITY CLASSIFICATION:
    Unclassified

SYSTEM LOCATION:
    Electronic records are located in VA OIT Trusted internet Gateway 
Data Centers.

SYSTEM MANAGER(S):
    Deputy Director for Operations, Unified Communications. Telephone 
number (202) 632-9603. (Note: This is not a toll-free number)

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    38 U.S.C. 501

PURPOSE(S) OF THE SYSTEM:
    The system is used to generate call detail records to capture 
information regarding calls made on telephone systems, including who 
made the call (calling party number), who was called (called party 
number), the date and time the call was made, the duration of the call, 
and other usages and diagnostic information elements.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals who are assigned telephone numbers or are authorized to 
use VA telephone services, and individuals who receive or make calls 
billed to the VA.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Call detail records consist of information on VA Enterprise 
Telephone system telephone calls placed from VA telephones or otherwise 
billed to VA including the originating and destination telephone 
number, date and time of call, duration of call, and Originating and 
Terminating Devices for internal VA organizational location of 
telephones.

RECORD SOURCE CATEGORIES:
    Records in this system are obtained from the following sources: a) 
Local VA telephone directories and other telephone assignment records; 
b) call detail records provided by suppliers of telephone services; and 
c) the individual on whom the record is maintained.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    1. Congress: To a Member of Congress or staff acting upon the 
Member's behalf when the Member or staff requests the information on 
behalf of, and at the request of, the individual who is the subject of 
the record.
    2. Data breach response and remediation, for VA: To appropriate 
agencies, entities, and persons when (1) VA suspects or has confirmed 
that there has been a breach of the system of records; (2) VA has 
determined that as a result of the suspected or confirmed breach there 
is a risk of harm to individuals, VA (including its information 
systems, programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, and 
persons is reasonably necessary to assist

[[Page 87846]]

in connection with VA's efforts to respond to the suspected or 
confirmed breach or to prevent, minimize, or remedy such harm.
    3. Data breach response and remediation, for another Federal 
agency: To another Federal agency or Federal entity, when VA determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach.
    4. Law Enforcement: To a Federal, State, local, Territorial, 
Tribal, or foreign law enforcement authority or other appropriate 
entity charged with the responsibility of investigating or prosecuting 
a violation or potential violation of law, whether civil, criminal, or 
regulatory in nature, or charged with enforcing or implementing such 
law, provided that the disclosure is limited to information that, 
either alone or in conjunction with other information, indicates such a 
violation or potential violation. The disclosure of the names and 
addresses of veterans and their dependents from VA records under this 
routine use must also comply with the provisions of 38 U.S.C. 5701.
    5. Department of Justice (DoJ), Litigation, Administrative 
Proceeding: To the DoJ, or in a proceeding before a court, adjudicative 
body, or other administrative body before which VA is authorized to 
appear, when:
    (a) VA or any component thereof;
    (b) Any VA employee in his or her official capacity;
    (c) Any VA employee in his or her individual capacity where DoJ has 
agreed to represent the employee; or
    (d) The United States, where VA determines that litigation is 
likely to affect the agency or any of its components is a party to such 
proceedings or has an interest in such proceedings, and VA determines 
that use of such records is relevant and necessary to the proceedings.
    6. Contractors: To contractors, grantees, experts, consultants, 
students, and others performing or working on a contract, service, 
grant, cooperative agreement, or other assignment for VA, when 
reasonably necessary to accomplish an agency function related to the 
records.
    7. Office of Personnel Management (OPM): To the OPM in connection 
with the application or effect of civil service laws, rules, 
regulations, or OPM guidelines in particular situations.
    8. Equal Employment Opportunity Commission (EEOC): To the EEOC in 
connection with investigations of alleged or possible discriminatory 
practices, examination of Federal affirmative employment programs, or 
other functions of the Commission as authorized by law.
    9. Federal Labor Relations Authority (FLRA): To the FLRA in 
connection with the investigation and resolution of allegations of 
unfair labor practices, the resolution of exceptions to arbitration 
awards when a question of material fact is raised, matters before the 
Federal Service Impasses Panel, and the investigation of representation 
petitions and the conduct or supervision of representation elections.
    10. Merit Systems Protection Board (MSPB): To the MSPB in 
connection with appeals, special studies of the civil service and other 
merit systems, review of rules and regulations, investigation of 
alleged or possible prohibited personnel practices, and such other 
functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by 
law.
    11. National Archives and Records Administration (NARA): To the 
NARA in records management inspections conducted under 44 U.S.C. 2904 
and 2906, or other functions authorized by laws and policies governing 
NARA operations and VA records management responsibilities.
    12. Federal Agencies, Courts, Litigants, for Litigation or 
Administrative Proceedings:
    To another Federal agency, court, or party in litigation before a 
court or in an administrative proceeding conducted by a Federal agency, 
when the Government is a party to the judicial or administrative 
proceeding.
    13. Governmental Agencies, for VA Hiring, Security Clearance, 
Contract, License, Grant: To a Federal, State, local, or other 
governmental agency maintaining civil or criminal violation records, or 
other pertinent information, such as employment history, background 
investigations, or personal or educational background, to obtain 
information relevant to VA's hiring, transfer, or retention of an 
employee, issuance of a security clearance, letting of a contract, or 
issuance of a license, grant, or other benefit. The disclosure of the 
names and addresses of veterans and their dependents from VA records 
under this routine use must also comply with the provisions of 38 
U.S.C. 5701.
    14. Unions: To officials of labor organizations recognized under 5 
U.S.C. chapter 71 provided that the disclosure is limited to 
information identified in 5 U.S.C. 7114(b)(4) that is relevant and 
necessary to their duties of exclusive representation concerning 
personnel policies, practices, and matters affecting working conditions
    15. Consumer Reporting Agencies: To a consumer reporting agency for 
the purpose of locating the individual, obtaining a consumer report to 
determine the ability of the individual to repay an indebtedness to the 
United States, or assisting in the collection of such indebtedness, 
provided that the provisions of 38 U.S.C. 5701(g)(2) and (4) have been 
met, provided that the disclosure is limited to information that is 
reasonably necessary to identify such individual or concerning that 
individual's indebtedness to the United States by virtue of the 
person's participation in a benefits program administered by the 
Department.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are maintained in electronic form in VA Data Centers.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by VA organizational unit, originating 
telephone number, destination telephone number, location and/or 
duration of call.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records in this system are retained and disposed of in accordance 
with the schedule approved by the Archivist of the United States, VA 
Records Control Schedule Records Control Schedule 10-1 Item Number 
2525.1.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    1. Access to telecommunication areas at VA facilities is generally 
limited by appropriate locking devices and restricted to authorized 
employees and vendor personnel. Generally, VA areas are always locked, 
and the facilities are protected from outside access by the Federal 
Protective Service or other security personnel. 2. Access to file 
information or the database is controlled by VA Office of Information 
and Technology employees. The system recognizes authorized VA employees 
and Contractors by two factor authentication methods. Accessing the 
database remotely uses encryption and two factor authentication 
methods.

RECORD ACCESS PROCEDURES:
    Individuals wishing to request access to records pertaining to them 
should contact the System Manager in writing as indicated above. A 
request for access

[[Page 87847]]

to records must contain the requester's full name, address, telephone 
number, be signed by the requester, and describe the records sought in 
sufficient detail to enable VA personnel to locate them with a 
reasonable amount of effort.

CONTESTING RECORD PROCEDURES:
    Individuals seeking to contest or amend records in this system 
pertaining to them should contact the System Manager in writing as 
indicated above. A request to contest or amend records must state 
clearly and concisely what record is being contested, the reasons for 
contesting it, and the proposed amendment to the record.

NOTIFICATION PROCEDURES:
    Generalized notice is provided by the publication of this notice. 
For specific notice, see Record Access Procedure, above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    74 FR 17283 (April 14, 2009).

[FR Doc. 2023-27831 Filed 12-18-23; 8:45 am]
BILLING CODE P