2023-27831. Privacy Act of 1974; System of Records  

  • Start Preamble

    AGENCY:

    Department of Veteran Affairs (VA), Office of Information and Technology (OIT).

    ACTION:

    Notice of a modified system of records.

    SUMMARY:

    Pursuant to the Privacy Act of 1974, notice is hereby given that VA is modifying the system of records titled, “Call Detail Records-VA” (90VA194). This system is used to generate call detail records to capture information regarding calls made on telephone systems, including who made the call (calling party number), who was called (called party number), the date and time the call was made, the duration of the call, and other usages and diagnostic information elements ( e.g., features used, reason for call termination).

    DATES:

    Comments on this modified system of records must be received no later than 30 days after date of publication in the Federal Register . If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by VA, the modified system of records will become effective a minimum of 30 days after date of publication in the Federal Register . If VA receives public comments, VA shall review the comments to determine whether any changes to the notice are necessary.

    ADDRESSES:

    Comments may be submitted through www.Regulations.gov or mailed to VA Privacy Service, 810 Vermont Avenue NW, (005X6F), Washington, DC 20420. Comments should indicate that they are submitted in response to Call Detail Records—VA Start Printed Page 87845 90VA194. Comments received will be available at regulations.gov for public viewing, inspection or copies.

    Start Further Info

    FOR FURTHER INFORMATION CONTACT:

    Office of Information and Technology Privacy Officer, Gina Siefert, Department of Veterans Affairs, 810 Vermont Avenue NW., Washington, DC 20420; telephone (202) 632–8430 (Note: This is not a toll-free number) or OITPRIVACY@va.gov

    End Further Info End Preamble Start Supplemental Information

    SUPPLEMENTARY INFORMATION:

    VA is amending the system of records by revising the System Location; System Manager; Categories of Individuals Covered by the System; Routine Uses of Records Maintained in the System, Including Categories of Users and Purposes of Such Uses; Policies and Practices for Storage of Records; Policies and Practices for Retrieval of Records; Policies and Practices for Retention and Disposal of Records; Record Access Procedures; Contesting Records Procedures; and Notification Procedures.

    The Categories of Individuals Covered by the System is being updated to reflect “Individuals who are assigned telephone numbers or are authorized to use VA telephone services, and individuals who receive or make calls billed to the VA.”

    The System location will be updated to replace individual local VHA facilities with “VA OIT Trusted internet Gateway Data Centers”.

    The System Manager is being updated to “Deputy Director for Operations, Unified Communications. Telephone number (202) 632–9603.”

    Routine Uses of Records Maintained in the System, Including Categories of Users and Purposes of Such Uses are being modified to remove current Routine Uses number 1 and number 2; and to update current language for the remaining Routine Uses, numbers 3 through 17. This system will now have 15 Routine Uses.

    Policies and Practices for Storage of Records is being updated to reflect “Records are maintained in electronic form in VA Data Centers.

    Policies and Practices for Retrieval of Records is being updates to remove “date, time, cost.”

    Policies and Practices for Retention and Disposal of Records is being updated to reflect “Records in this system are retained and disposed of in accordance with the schedule approved by the Archivist of the United States, VA Records Control Schedule 10–1 Item Number 2525.1.”

    Record Access Procedures is being updated to reflect: “Individuals wishing to request access to records pertaining to them should contact the System Manager in writing as indicated above. A request for access to records must contain the requester's full name, address, telephone number, be signed by the requester, and describe the records sought in sufficient detail to enable VA personnel to locate them with a reasonable amount of effort.”

    Contesting Records Procedures is being updated to reflect: “Individuals seeking to contest or amend records in this system pertaining to them should contact the System Manager in writing as indicated above. A request to contest or amend records must state clearly and concisely what record is being contested, the reasons for contesting it, and the proposed amendment to the record.”

    Notification Procedures is being updated to reflect: “Generalized notice is provided by the publication of this notice. For specific notice, see Record Access Procedure, above.”

    The Report of Intent to Amend a System of Records Notice and an advance copy of the system notice have been sent to the appropriate Congressional committees and to the Director of the Office of Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.

    Signing Authority

    The Senior Agency Official for Privacy, or designee, approved this document and authorized the undersigned to sign and submit the document to the Office of the Federal Register for publication electronically as an official document of the Department of Veterans Affairs. Kurt D. DelBene, Assistant Secretary for Information and Technology and Chief Information Officer, approved this document on November 11, 2023 for publication.

    Start Signature

    Dated: December 14, 2023.

    Amy L. Rose,

    Government Information Specialist, VA Privacy Service, Office of Compliance, Risk and Remediation, Office of Information and Technology, Department of Veterans Affairs.

    End Signature

    SYSTEM NAME AND NUMBER:

    Call Detail Records-VA 90VA194

    SECURITY CLASSIFICATION:

    Unclassified

    SYSTEM LOCATION:

    Electronic records are located in VA OIT Trusted internet Gateway Data Centers.

    SYSTEM MANAGER(S):

    Deputy Director for Operations, Unified Communications. Telephone number (202) 632–9603. (Note: This is not a toll-free number)

    AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

    38 U.S.C. 501

    PURPOSE(S) OF THE SYSTEM:

    The system is used to generate call detail records to capture information regarding calls made on telephone systems, including who made the call (calling party number), who was called (called party number), the date and time the call was made, the duration of the call, and other usages and diagnostic information elements.

    CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

    Individuals who are assigned telephone numbers or are authorized to use VA telephone services, and individuals who receive or make calls billed to the VA.

    CATEGORIES OF RECORDS IN THE SYSTEM:

    Call detail records consist of information on VA Enterprise Telephone system telephone calls placed from VA telephones or otherwise billed to VA including the originating and destination telephone number, date and time of call, duration of call, and Originating and Terminating Devices for internal VA organizational location of telephones.

    RECORD SOURCE CATEGORIES:

    Records in this system are obtained from the following sources: a) Local VA telephone directories and other telephone assignment records; b) call detail records provided by suppliers of telephone services; and c) the individual on whom the record is maintained.

    ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

    1. Congress: To a Member of Congress or staff acting upon the Member's behalf when the Member or staff requests the information on behalf of, and at the request of, the individual who is the subject of the record.

    2. Data breach response and remediation, for VA: To appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that there has been a breach of the system of records; (2) VA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, VA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist Start Printed Page 87846 in connection with VA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

    3. Data breach response and remediation, for another Federal agency: To another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

    4. Law Enforcement: To a Federal, State, local, Territorial, Tribal, or foreign law enforcement authority or other appropriate entity charged with the responsibility of investigating or prosecuting a violation or potential violation of law, whether civil, criminal, or regulatory in nature, or charged with enforcing or implementing such law, provided that the disclosure is limited to information that, either alone or in conjunction with other information, indicates such a violation or potential violation. The disclosure of the names and addresses of veterans and their dependents from VA records under this routine use must also comply with the provisions of 38 U.S.C. 5701.

    5. Department of Justice (DoJ), Litigation, Administrative Proceeding: To the DoJ, or in a proceeding before a court, adjudicative body, or other administrative body before which VA is authorized to appear, when:

    (a) VA or any component thereof;

    (b) Any VA employee in his or her official capacity;

    (c) Any VA employee in his or her individual capacity where DoJ has agreed to represent the employee; or

    (d) The United States, where VA determines that litigation is likely to affect the agency or any of its components is a party to such proceedings or has an interest in such proceedings, and VA determines that use of such records is relevant and necessary to the proceedings.

    6. Contractors: To contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for VA, when reasonably necessary to accomplish an agency function related to the records.

    7. Office of Personnel Management (OPM): To the OPM in connection with the application or effect of civil service laws, rules, regulations, or OPM guidelines in particular situations.

    8. Equal Employment Opportunity Commission (EEOC): To the EEOC in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or other functions of the Commission as authorized by law.

    9. Federal Labor Relations Authority (FLRA): To the FLRA in connection with the investigation and resolution of allegations of unfair labor practices, the resolution of exceptions to arbitration awards when a question of material fact is raised, matters before the Federal Service Impasses Panel, and the investigation of representation petitions and the conduct or supervision of representation elections.

    10. Merit Systems Protection Board (MSPB): To the MSPB in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by law.

    11. National Archives and Records Administration (NARA): To the NARA in records management inspections conducted under 44 U.S.C. 2904 and 2906, or other functions authorized by laws and policies governing NARA operations and VA records management responsibilities.

    12. Federal Agencies, Courts, Litigants, for Litigation or Administrative Proceedings:

    To another Federal agency, court, or party in litigation before a court or in an administrative proceeding conducted by a Federal agency, when the Government is a party to the judicial or administrative proceeding.

    13. Governmental Agencies, for VA Hiring, Security Clearance, Contract, License, Grant: To a Federal, State, local, or other governmental agency maintaining civil or criminal violation records, or other pertinent information, such as employment history, background investigations, or personal or educational background, to obtain information relevant to VA's hiring, transfer, or retention of an employee, issuance of a security clearance, letting of a contract, or issuance of a license, grant, or other benefit. The disclosure of the names and addresses of veterans and their dependents from VA records under this routine use must also comply with the provisions of 38 U.S.C. 5701.

    14. Unions: To officials of labor organizations recognized under 5 U.S.C. chapter 71 provided that the disclosure is limited to information identified in 5 U.S.C. 7114(b)(4) that is relevant and necessary to their duties of exclusive representation concerning personnel policies, practices, and matters affecting working conditions

    15. Consumer Reporting Agencies: To a consumer reporting agency for the purpose of locating the individual, obtaining a consumer report to determine the ability of the individual to repay an indebtedness to the United States, or assisting in the collection of such indebtedness, provided that the provisions of 38 U.S.C. 5701(g)(2) and (4) have been met, provided that the disclosure is limited to information that is reasonably necessary to identify such individual or concerning that individual's indebtedness to the United States by virtue of the person's participation in a benefits program administered by the Department.

    POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

    Records are maintained in electronic form in VA Data Centers.

    POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

    Records may be retrieved by VA organizational unit, originating telephone number, destination telephone number, location and/or duration of call.

    POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

    Records in this system are retained and disposed of in accordance with the schedule approved by the Archivist of the United States, VA Records Control Schedule Records Control Schedule 10–1 Item Number 2525.1.

    ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

    1. Access to telecommunication areas at VA facilities is generally limited by appropriate locking devices and restricted to authorized employees and vendor personnel. Generally, VA areas are always locked, and the facilities are protected from outside access by the Federal Protective Service or other security personnel. 2. Access to file information or the database is controlled by VA Office of Information and Technology employees. The system recognizes authorized VA employees and Contractors by two factor authentication methods. Accessing the database remotely uses encryption and two factor authentication methods.

    RECORD ACCESS PROCEDURES:

    Individuals wishing to request access to records pertaining to them should contact the System Manager in writing as indicated above. A request for access Start Printed Page 87847 to records must contain the requester's full name, address, telephone number, be signed by the requester, and describe the records sought in sufficient detail to enable VA personnel to locate them with a reasonable amount of effort.

    CONTESTING RECORD PROCEDURES:

    Individuals seeking to contest or amend records in this system pertaining to them should contact the System Manager in writing as indicated above. A request to contest or amend records must state clearly and concisely what record is being contested, the reasons for contesting it, and the proposed amendment to the record.

    NOTIFICATION PROCEDURES:

    Generalized notice is provided by the publication of this notice. For specific notice, see Record Access Procedure, above.

    EXEMPTIONS PROMULGATED FOR THE SYSTEM:

    None.

    HISTORY:

    74 FR 17283 (April 14, 2009).

    End Supplemental Information

    [FR Doc. 2023–27831 Filed 12–18–23; 8:45 am]

    BILLING CODE P