AGENCY:

Veterans Experience Office, Department of Veterans Affairs (VA).

ACTION:

Notice of a new system of records.

SUMMARY:

The Privacy Act of 1974 requires that all agencies publish in the Federal Register a notice of the existence and character of their systems of records. Notice is hereby given that the Department of Veterans Affairs (VA) is establishing a new system of records entitled “Veterans Affairs Profile-VA” (VA Profile) (192VA30). This system of records is an enterprise Master Data Management (MDM) solution that modernizes VA systems by ensuring VA customer data is synchronized and shared across the VA, regardless of the channel used to provide the information. This system of records contains VA customer contact information to support a range of business activities that are used by Veterans, eligible beneficiaries, other VA customers, and the different administrations supporting VA customers.

DATES:

Comments on this new system of records must be received no later than 30 days after date of publication in the Federal Register . If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by VA, the new system of records will become effective a minimum of 30 days after the date of publication in the Federal Register . If VA receives public comments, VA shall review the comments to determine whether any changes to the notice are necessary.

FOR FURTHER INFORMATION CONTACT:

Trisha Dang, Veterans Experience Office (VEO), Department of Veterans Affairs, 810 Vermont Ave NW, Building 810, Washington DC 20420; Telephone (202) 461-9898; email trisha.dang@va.gov .

SUPPLEMENTARY INFORMATION:

VA Profile is an enterprise Master Data Management (MDM) solution designed to provide a comprehensive VA customer Profile and to enable seamless interaction with authoritative sources of customer data. Starting with contact information, VA Profile will ensure that the Veterans Health Administration (VHA), the Veterans Benefits Administration (VBA), and the National Cemetery Administration (NCA) have access to accurate and timely information about Veterans and eligible beneficiaries. VA Profile will facilitate the updating of Veterans information, providing a complete view of their Master Record, enforce data specifications and data quality for each assigned VA Common Information Subject Area, and ensure key data is available and usable across the VA enterprise. Benefits of VA Profile for the Veteran include increased consistency, accuracy and timeliness of information received from VA; improved customer experience; enhanced VA customer engagement; and reduced burden to VA customers providing the same information multiple times to the VA.

Signing Authority

The Senior Agency Official for Privacy, or designee, approved this document and authorized the undersigned to sign and submit the document to the Office of the Federal Register for publication electronically as an official document of the Department of Veterans Affairs. Kurt D. DelBene, Assistant Secretary for Information and Technology and Chief Information Officer, approved this document on May 9, 2022 for publication.

SYSTEM NAME AND NUMBER:

“Veterans Affairs Profile” (VA Profile) (192VA30)

SECURITY CLASSIFICATION:

Unclassified

SYSTEM LOCATION:

The VA Profile system maintains records in a system known as the VA Profile Data Repository (VA PROFILEDB) hosted in a containerized environment at a federally rated FISMA moderate data center at the Austin Information Technology Center (AITC), located at 1615 East Woodward Street, Austin, Texas 78772. Capabilities implemented in FY2020 and later will be hosted in the FISMA-high VA Enterprise Cloud (VAEC).

SYSTEM MANAGER(S):

Trisha Dang, Veterans Experience Office (VEO), Department of Veterans Affairs, 810 Vermont Ave. NW, Building 810, Washington, DC 20420; Telephone (202) 461-9898; email trisha.dang@va.gov.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Title 38, United States Code, Section 501 and Section 7304.

PURPOSE(S) OF THE SYSTEM:

The purpose of VA Profile is to source authoritative common and shared information about VA customers, starting with contact information. Information in this system of records is mastered, meets VA data quality standards, and allows VA customers to use a single touchpoint to update contact information and other key data. VA Profile will enable synchronization of information to provide each VA administration with an updated, accurate, and timely customer Profile. VA Profile is the authoritative storage repository for certain common customer data, specifically contact information, and VA Profile functions as a pass-through with synchronization of customer Profile data stored in other VA authoritative data sources.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Records in the system contain Veteran and eligible beneficiary information. This includes Veterans and eligible beneficiaries who are receiving or have received benefits from VBA, Veterans who are receiving or have received healthcare from VHA, and records of other beneficiaries entitled to VHA healthcare.

CATEGORIES OF RECORDS IN THE SYSTEM:

The records, or information contained in the system of records, may include identifying information and will store contact information, specifically: mailing and residence address, daytime, evening, mobile, and fax phone numbers, and personal email address. VA Profile Services are used to share common data with other VA systems and lines of business.

RECORD SOURCE CATEGORIES:

Information in this system of records is provided by Veterans, their families and/or advocates, eligible dependents, and those in the VA workforce located at the facilities where customer Records in the VA Profile system may be accessed, and is synchronized with other VA systems and applications under the following Systems of Records: National Patient Database-VA (121VA10A7), VA/DoD Identity Repository (138VA005Q), Enrollment and Eligibility Records-VA (147VA10), Veterans Health Information Systems and Technology Architecture (VistA) Records-VA (79VA10), VBA Compensation, Pension, Education, and Vocational Rehabilitation and Employment Records (58VA21/22/28), Administrative Data Repository—VA (150VA19). Start Printed Page 36208

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

1. Congress: VA may disclose information to a Member of Congress or staff acting upon the Member's behalf when the Member or staff requests the information on behalf of, and at the request of, the individual who is the subject of the record.

2. Data breach response and remediation, for VA: VA may disclose information to appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that there has been a breach of the system of records,· (2) VA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, VA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with VA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

3. Data breach response and remediation, for another Federal agency: VA may disclose information to another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

4. Law Enforcement: VA may disclose information that, either alone or in conjunction with other information, indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature, to a Federal, state, local, territorial, tribal, or foreign law enforcement authority or other appropriate entity charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing such law. The disclosure of the names and addresses of veterans and their dependents from VA records under this routine use must also comply with the provisions of 38 U.S.C. 5701.

5. DoJ for Litigation or Administrative Proceeding: VA may disclose information to the Department of Justice (DoJ), or in a proceeding before a court, adjudicative body, or other administrative body before which VA is authorized to appear, when:

(a) VA or any component thereof;

(b) Any VA employee in his or her official capacity;

(c) Any VA employee in his or her individual capacity where DoJ has agreed to represent the employee; or

(d) The United States, where VA determines that litigation is likely to affect the agency or any of its components, is a party to such proceedings or has an interest in such proceedings, and VA determines that use of such records is relevant and necessary to the proceedings.

6. Contractors: VA may disclose information to contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for VA, when reasonably necessary to accomplish an agency function related to the records.

7. OPM: VA may disclose information to the Office of Personnel Management (OPM) in connection with the application or effect of civil service laws, rules, regulations, or OPM guidelines in particular situations.

8. EEOC: VA may disclose information to the Equal Employment Opportunity Commission (EEOC) in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or other functions of the Commission as authorized by law.

9. FLRA: VA may disclose information to the Federal Labor Relations Authority (FLRA) in connection with: the investigation and resolution of allegations of unfair labor practices, the resolution of exceptions to arbitration awards when a question of material fact is raised; matters before the Federal Service Impasses Panel; and the investigation of representation petitions and the conduct or supervision of representation elections.

10. MSPB: VA may disclose information to the Merit Systems Protection Board (MSPB) and the Office of the Special Counsel in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by law.

11. NARA: VA may disclose information to NARA in records management inspections conducted under 44 U.S.C. 2904 and 2906, or other functions authorized by laws and policies governing NARA operations and VA records management responsibilities.

11. Federal Agencies, for Computer Matches: VA may disclose information from this system to other federal agencies for the purpose of conducting computer matches to obtain information to determine or verify eligibility of veterans receiving VA benefits or medical care under Title 38, U.S.C.

12. Federal Agencies, for Research: VA may disclose information to a Federal agency for the purpose of conducting research and data analysis to perform a statutory purpose of that Federal agency upon the prior written request of that agency.

13. Researchers, for Research: VA may disclose information from this system to epidemiological and other research facilities approved by the Under Secretary for Health for research purposes determined to be necessary and proper, provided that the names and addresses of veterans and their dependents will not be disclosed unless those names and addresses are first provided to VA by the facilities making the request.

14. Federal Agencies, Courts, Litigants, for Litigation or Administrative Proceedings: VA may disclose information to another federal agency, court, or party in litigation before a court or in an administrative proceeding conducted by a Federal agency, when the government is a party to the judicial or administrative proceeding.

15. Consumer Reporting Agencies: VA may disclose information as is reasonably necessary to identify such individual or concerning that individual's indebtedness to the United States by virtue of the person's participation in a benefits program administered by the Department, to a consumer reporting agency for the purpose of locating the individual, obtaining a consumer report to determine the ability of the individual to repay an indebtedness to the United States, or assisting in the collection of such indebtedness, provided that the provisions of 38 U.S.C. 57019(g)(2) and (4) have been met.

16. Law Enforcement, for Locating Fugitive: In compliance with 38 U.S.C. 5313B(d), VA may disclose information from this system of records to any Federal, state, local, tribal, or foreign law enforcement agency to identify, locate, or report a known fugitive felon. If the disclosure is in response to a request from a law enforcement entity, the request must meet the requirements for a qualifying law enforcement request under the Privacy Act, 5 U.S.C. 552a(b)(7). Start Printed Page 36209

17. OMB: VA may disclose information to the Office of Management and Budget (OMB) for the performance of its statutory responsibilities for evaluating Federal programs.

18. Nonprofits, for Release of Names and Addresses (RONA): VA may disclose the name(s) and address(es) of present or former members of the armed services or their beneficiaries: (1) to a nonprofit organization if the release is directly connected with the conduct of programs and the utilization of benefits under Title 38, and (2) to any criminal or civil law enforcement governmental agency or instrumentality charged under applicable law with the protection of the public health or safety, if a qualified representative of such organization, agency, or instrumentality has made a written request that such names or addresses be provided for a purpose authorized by law; provided that the records will not be used for any purpose other than that stated in the request and that organization, agency, or instrumentality is aware of the penalty provision of 38 U.S.C. 5701(f).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

The VA Profile system will utilize both Government and Commercial Off-the Shelf (GOTS) and (COTS) platforms that will be hosted initially at the VA Austin Information Technology Center in Austin, TX. The platform will be Trusted internet Connection (TIC) certified and Federal Risk and Authorization Management Program (FedRAMP) certified and meet all requirements for Federal Information Security Management Act of 2002 (FISMA) Moderate compliance. Hosting transitioned to a FedRAMP certified VA Government Cloud (GovCloud) site in early Federal Fiscal Year (FFY) 2020 and meets all requirements for Federal Information Security Management Act of 2002 (FISMA) High compliance. Records will be maintained at an OI&T approved VA sponsored data warehouse location via secured cloud storage.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records may be retrieved by assigned identifiers, such as an internal entry number of a partner system that maintains information on the individuals. Only those with assigned rights, as defined in their SSO login, will have access to records at a specific record level. Aggregated, non-attributional data will be retrieved via geolocation and provided to management at those locations.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

VA Profile records are maintained and disposed of in accordance with records disposition authority approved by the Archivist of the United States. The records are disposed of in accordance with General Records Schedule 20, item 4. Item 4 provides for deletion of data files when the agency determines that the files are no longer needed for administrative, legal, audit, or other operational purposes.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Access to and use of national administrative databases, warehouses, data marts and cloud storage sites are limited to those persons whose official duties require such access, and the VA has established security procedures to ensure that access is appropriately limited. Information security officers and system data stewards review and authorize data access requests. VA regulates data access with security software that authenticates users and requires individually unique codes and passwords. VA provides information security training to all staff and instructs staff on the responsibility each person has for safeguarding data confidentiality.

VA maintains Business Associate Agreements and Non-Disclosure Agreements with contracted resources to maintain confidentiality of the information.

Physical access to computer rooms housing national administrative databases, warehouses, and data marts is restricted to authorized staff and protected by a variety of security devices. Unauthorized employees, contractors, and other staff are not allowed in computer rooms. The Federal Protective Service or other security personnel provide physical security for the buildings housing computer rooms and data centers.

Data transmissions between operational systems and national administrative databases, warehouses, and data marts maintained by this system of record are protected by state-of-the-art telecommunication software and hardware. This may include firewalls, intrusion detection devices, encryption, and other security measures necessary to safeguard data as it travels across the VA Wide Area Network.

In most cases, copies of back-up computer files are maintained at off-site locations.

RECORD ACCESS PROCEDURES:

An individual (or duly authorized representative of such individual) who seeks access to or wishes to contest records maintained under his or her name or other personal identifier may write or call the individual listed under Notification Procedure below.

CONTESTING RECORD PROCEDURES:

See Notification Procedure below.

NOTIFICATION PROCEDURES:

Individuals seeking information regarding access to and contesting of records maintained by VA may write, call, or visit the nearest VA regional office or VHA facility. Address locations for VBA regional offices are listed in VA Appendix 1 of 58VA21/22/28 and address locations for VHA facilities are listed in VA Appendix 1 of the biennial publications of Privacy Act Issuances.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

N/A, this is a new SORN.