AGENCY:

Department of Veterans Affairs (VA).

ACTION:

Notice of modified of System of Records.

SUMMARY:

As required by the Privacy Act of 1974, notice is hereby given that the Department of Veterans Affairs (VA) is amending the system of records entitled, “Veterans Health Administration Leadership and Workforce Development-VA” (161VA10A2) as set forth in a notice, published in the Federal Register on February 22, 2010. VA is amending the system of records by revising the System Name, System Manger, Purpose of the System, Categories of Records in the System, Record Source Categories, Routine Uses of Records Maintained in the System, Policies and Practices for Storage of Records, Policies and Practices for Retrievability of Records, Policies and Practices for Retention and Disposal, Safeguards, and Record Access Procedure. VA is republishing the system notice in its entirety.

DATES:

Comments on this amended system of records must be received no later than April 13, 2018. If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by VA, the amended system will become effective April 13, 2018.

ADDRESSES:

Written comments may be submitted through www.Regulations.gov; by mail or hand-delivery to Director, Regulation Policy and Management (00REG), Department of Veterans Affairs, 810 Vermont Avenue NW, Room 1064, Washington, DC 20420; or by fax to (202) 273-9026 (not a toll-free number). Comments should indicate that they are submitted in response to “Veterans Health Administration Leadership and Workforce Development-VA”. Copies of comments received will be available for public inspection in the Office of Regulation Policy and Management, Room 1063B, between the hours of 8:00 a.m. and 4:30 p.m., Monday through Friday (except holidays). Please call (202) 461-4902 for an appointment. (This is not a toll-free number.) In addition, comments may be viewed online at www.Regulations.gov.

FOR FURTHER INFORMATION CONTACT:

Chris Jaqua, Veterans Health Administration Human Capital Systems and Services (HCSS) Program Office, Department of Veterans Affairs, 55 North Robinson Avenue, Oklahoma City, OK 73102; telephone (405) 552-4345.

SUPPLEMENTARY INFORMATION:

The System Name is being changed from “Veterans Health Administration Leadership and Workforce Development-VA” to “Veterans Health Administration Human Capital Management”.

The System Manager has been amended to replace “Diana Rogers, Department of Veterans Affairs, Veterans Health Administration High Performance Development Model (HPDM) Program Office, 55 North Robinson Avenue, Oklahoma City, Oklahoma 73102; telephone (405) 552-4336” with Officials maintaining the system:

Manager of the Human Capital Systems and Services (HCSS), 55 North Robinson Avenue, Suite 1010, Oklahoma City, OK 73102.

Director of Events Division, Employee Education System, #1 Jefferson Barracks Drive, Building 56, St. Louis, MO 63125.

Deputy Director of Events Division, Employee Education System, #1 Jefferson Barracks Drive, Building 56, St. Louis, MO 63125.

Associate Director of Web Architecture, Employee Education System, 2200 Fort Roots Drive, Building 11, North Little Rock, AR 72114.

The Purpose of the System is being amended to include leadership and organization development and Records will support pairing of learning and professional growth services by internal coaches and consultants to VA employees and leaders.

The Categories of Records in the System is being amended to include: The Talent Assessment Data 1. • Work Setting status • Service Type • Clinical position type • Coaching preference • Performance standards • Resume;4. Veterans Benefits Administration;9. Coach- Coach status • Education • Biographical information • Availability • Years;10. Identification of boss; 11. Program Management • Inquiry Status • Inquiry date • Enrollment status • Enrollment date • Pairing status • Open/closed status • Referral source • Close reason • Survey status • Service start and end dates • Target group • Group location • Organizational chart • Service requested • Organizational opportunities/challenges • Complaints • Barriers to work • Signed agreement; 12. Service contact information • Contact dates • Contact time • Contact type • Contact notes; 13. Development Assessments Assessment type • Results and summaries; 14. Employee Requesting Information • Leadership interests and experiences • Number of direct reports • Current role descriptors • Self-described characteristics • Readiness for change • Current and future role preferences • Aspirations; 15. Credentialing Audio Recordings and Transcripts • Audio file.

The Record Source Categories is being amended to replace 89VA16 with 89VA10NB. Veterans Benefits Administration (VBA) is being included.

The Routine Uses of Records Maintained in the System has been amended by adding language to Routine Use #7 which states, “a. Effective Response. A federal agency's ability to respond quickly and effectively in the event of a breach of federal data is critical to its efforts to prevent or minimize any consequent harm. An effective response necessitates disclosure of information regarding the breach to those individuals affected by it, as well as to persons and entities in a position to cooperate, either by assisting in notification to affected individuals or playing a role in preventing or minimizing harms from the breach. b. Disclosure of Information. Often, the information to be disclosed to such persons and entities is maintained by federal agencies and is subject to the Privacy Act (5 U.S.C. 552a). The Privacy Act prohibits the disclosure of any record in a system of records by any means of communication to any person or agency absent the written consent of the subject individual, unless the disclosure falls within one of twelve statutory exceptions. In order to ensure an agency is in the best position to respond in a timely and effective manner, in accordance with 5 U.S.C. 552a(b)(3) of the Privacy Act, agencies should publish a routine use for appropriate systems specifically applying to the disclosure of information in connection with response and remedial efforts in the event of a data breach.”

Routine Uses of Records Maintained in the System has been amended by adding Routine Use #8 which states “VA may disclosure any audio files and accompanying transcripts to coaching credentialing entities for the sole purpose of evaluation of a coach who is applying for an advanced coaching credential.”

The following Routine Uses are being added:Start Printed Page 11298

Routine use #9, “VA may, on its own initiative, disclose information from this system to another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.” VA needs this routine use for the data breach response and remedial efforts with another Federal agency.

Routine use #10, “VA may disclose information from this system to the Equal Employment Opportunity Commission (EEOC) when requested in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or other functions of the Commission as authorized by law or regulation.” VA must be able to provide information to EEOC to assist it in fulfilling its duties to protect employees' rights, as required by statute and regulation.

Routine use #11, “VA may disclose information from this system to the Federal Labor Relations Authority (FLRA), including its General Counsel, information related to the establishment of jurisdiction, investigation, and resolution of allegations of unfair labor practices, or in connection with the resolution of exceptions to arbitration awards when a question of material fact is raised; for it to address matters properly before the Federal Services Impasses Panel, investigate representation petitions, and conduct or supervise representation elections.” VA must be able to provide information to FLRA to comply with the statutory mandate under which it operates.

Routine use #12, “VA may disclose information from this system to the Merit Systems Protection Board (MSPB), or the Office of the Special Counsel, when requested in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by law.” VA must be able to provide information to MSPB to assist it in fulfilling its duties as required by statute and regulation.

The Policies and Practices for Storage of Records is being amended to include the VACIN Server in Cincinnati, Ohio.

Policies and Practices for Retrievability of Records has been amended to include organization number and position number or other assigned identifiers of the organizations, positions or individuals on whom records are maintained.

Policies and Practices for Retention and Disposal is being amended to replace paper records and information maintained and disposed of in accordance with records disposition authority approved by the Archivist of the United States with the records are disposed of in accordance with General records 4.3, item 031.

The Physical, Procedural, and Administrative Safeguards is being amended to remove:

1. Access to Veterans Affairs working and storage areas is restricted to Veterans Affairs employees on a “need-to-know” basis; strict control measures are enforced to ensure that disclosure to these individuals is also based on this same principle. Generally, Veterans Affairs file areas are locked after normal duty hours and the facilities are protected from outside access by the Federal Protective Service or other security personnel.

2. Access to computer rooms at health care facilities is generally limited by appropriate locking devices and restricted to authorized Veterans Affairs employees and vendor personnel. Automatic Data Processing peripheral devices are placed in secure areas.

Access to information stored on automated storage media at other Veterans Affairs locations is controlled by individually unique passwords/codes. Employees are limited to only that information in the file which is needed in the performance of their official duties.

3. Access to the Little Rock Campus Servers is restricted to Center employees, Federal Protective Service and other security personnel. Access to computer rooms is restricted to authorized operational personnel through electronic scanning and locking devices. All other persons gaining access to computer rooms are escorted after identity verification and log entry to track person, date, time in, and time out of the room. Information stored in the computer may be accessed by authorized Veterans Affairs employees at remote locations including Veterans Affairs health care facilities, Information Systems Centers, Veterans Affairs Central Office, and Veteran Integrated Service Networks. Access is controlled by secure individually unique system authentication.

The Physical, Procedural, and Administrative Safeguards section will be replaced with the following language:

1. Access to and use of national administrative databases, warehouses, and data marts are limited to those persons whose official duties require such access, and VA has established security procedures to ensure that access is appropriately limited. Information security officers and system data stewards review and authorize data access requests. VA regulates data access with security software that authenticates users and requires individually-unique codes and passwords. VA requires information security training for all staff and instructs staff on the responsibility each person has for safeguarding data confidentiality.

2. Physical access to computer rooms housing national administrative databases, warehouses, and data marts is restricted to authorized staff and protected by a variety of security devices. Unauthorized employees, contractors, and other staff are not allowed in computer rooms.

3. Data transmissions between operational systems and national administrative databases, warehouses, and data marts maintained by this system of record are protected by state-of-the-art telecommunication software and hardware. This may include firewalls, intrusion detection devices, encryption, and other security measures necessary to safeguard data as it travels across the Wide Area Network.

The Record Access Procedure is amended to include the Program Office in which requests for services were made.

The Report of Intent to Amend a System of Records Notice and an advance copy of the system notice have been sent to the appropriate Congressional committees and to the Director of Office of Management and Budget (OMB) as required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by OMB (65 FR 77677), December 12, 2000.

Signing Authority

The Senior Agency Official for Privacy, or designee, approved this document and authorized the undersigned to sign and submit the document to the Office of the Federal Register for publication electronically as an official document of the Department of Veterans Affairs. John Oswalt, Executive Director for Privacy, Department of Veterans Affairs approved this document on February 2, 2018 for publication.

SYSTEM NAME

Veterans Health Administration Human Capital Management-VA (61VA10A2)

SECURITY CLASSIFICATION:

None.

SYSTEM LOCATION:

Records are maintained at the North Little Rock Campus, 2200 Fort Roots Drive, Little Rock, Arkansas 72114.

SYSTEM MANAGER(S):

Officials maintaining the system:

Manager of the Human Capital Systems and Services (HCSS), 55 North Robinson Avenue, Suite 1010, Oklahoma City, OK 73102.

Director of Events Division, Employee Education System, #1 Jefferson Barracks Drive, Building 56, St. Louis, MO 63125.

Deputy Director of Events Division, Employee Education System, #1 Jefferson Barracks Drive, Building 56, St. Louis, MO 63125.

Associate Director of Web Architecture, Employee Education System, 2200 Fort Roots Drive, Building 11, North Little Rock, AR 72114.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Title 38, United States Code (U.S.C.), Section 501a.

PURPOSE(S) OF THE SYSTEM:

The records and information may be used for the management of Veterans Health Administration (VHA) executive and senior executive employees and employees in national programs for performance appraisal and bonus award entries, bonus and appraisal documentation storage, rank award and type given, supervisory training status, leadership and organization development, and employee position management. Records will support pairing of learning and professional growth services by internal coaches and consultants to VA employees and leaders. Reports for workforce succession planning and analysis, VHA supervisory training status and course grade, bonus award dollar amounts per executive and non-executive employee used by Performance Review Boards. Human resource position creation, and fill actions, employee action and assignment tracking data is collected for business processing and analysis.

Workgroups are developed for survey use and data collection. Data that is entered and stored can be extracted from the database and used for other applications.

CATEGORIES OF INDIVIDUALS COVERED BY THIS SYSTEM:

The records include information from and concerning Veterans Affairs Central Office, VHA, VHA Canteen, VHA Central Office, VBA, and National Cemetery Administration (NCA) personnel.

CATEGORIES OF RECORDS IN THE SYSTEM:

The records may include information related to: People, work groups, workforce, funding, leadership classes, personal development plans, supervisory levels, mentor and coach roles and certifications, High Performance Development Model, senior executive information and recruitment, human resources automation, positions, organizations, the Talent Assessment Data and locations of VHA top management positions. Central Office and Veterans Integrated Service Network (VISN) managers and staff, facility directors, associate directors, chiefs of staff, and other senior clinical and administrative field managers' positions are included. The VHA Executive Management Program consists of the functions that fall under the purview of the VHA Executive Resources Board and the VHA Performance Review Board. Their functions include executive development, recruitment and placement; organizational analysis; succession planning; and performance assessment and recognition. The method used to collect this information is a proprietary system using relational technology. Information from this database is joined and expanded with information from the VHA executive program processes (i.e., organization, vacancies, recruitment efforts, performance, etc.). This combination of information is used in the administration of the Executive Resources Board and Performance Review Board functions. The sharing and development of information involving executives and organizations provides an effective means for accomplishing the Executive Resources Board and Performance Review Board objectives. The following modules are in VHA Leadership and Workforce Development: VHA Leadership and Workforce Development Home, Performance, Workgroups, VA National Database for Interns, Student Educational Experience Program, High Performance Development Model Funding, Executive Career Field Career Development Plan On-Line Application, Technical Career Field Preceptor On-Line Application, Career Development Plans, Workforce Planning, Class and Program Management (includes: Graduate Healthcare Administration Training Program, School at Work, Leadership Effectiveness Accountability Development, Technical Career Field, Executive Career Field Candidate Development Program, Senior Executive Service Candidate Development programs, Ethics, Professional Development Plans, Supervisory Training, Open Season (VHA Executive Recruitment), WebHR (Web-based Human Resource module), and Mentor Coach Certification). VHA Leadership and Workforce Development data contains:

1. Employee data.

• Employee legal name
• Social Security number
• Veteran's preference
• Vietnam Era veteran
• Retirement plan
• Tenure
• Universal personal identification number
• Universal user name
• Sex
• Supervisory status
• Supervisory training status
• Work contact information
• Facility
• Network Identification
• Home contact information
• Home of record contact information
• Assigned facility/organization
• Pay plan
• Pay grade
• Step
• Retirement eligibility
• Union membership
• Leave balances
• Program
• Credentials
• Grievance
• Disciplinary actions
• Third-party and other employee actions
• Work Setting status
• Service Type
• Clinical position type
• Coaching preference
• Performance standards
• Resume

2. Employee position data.

• VHA Leadership and Workforce Development position titles
• High Performance Development Management ratings
• Position requestor contact data
• Legal authority
• Competitive Level
• Fair Labor Standards Act category
• Drug testing position indicator
• Citizenship/Residency status
• English language proficiencyStart Printed Page 11300
• Announcement status
• Vacancy status
• Date job opened
• Days to open
• Days to issue certificate
• Date job closed
• Job type/Occupation series/Grade
• Pay plan
• Work schedule
• Appropriation code
• Cost center
• Date candidates referred
• Date nomination received
• Date to Executive Resources Board
• Date credentials complete
• Date recruitment received
• Position start and end dates
• Appointment start and end dates
• Position location

 ○ Location complexity rating

• Position reporting official
• Position status

 ○ Supervisory

 ○ Bargaining unit

 ○ Senior executive pay band

• Level of supervisory responsibility
• Date of offer
• Position status change
• Reason for change
• Position authorization data
• Announcement tracking data (location and dates of actions)
• Area of consideration
• Number of applicants (internal, external, not qualified)
• Number interviewed
• Applicant outcome and notification
• Selecting official
• Re-announcement

 • Position cancelations

 • Date fingerprinted

 • Background check data

 • Physician Comp Panel and Standards

• Board data

3. Bonus data.

• Executive/Senior Executive Service

 ○ Pay band and band max pay

 ○ Proposed pay adjustment

 ○ Proposed rating

 ○ Approved rating

 ○ Approved bonus pay

 ○ Actual pay

 ○ Rank award

• Type
• Previous year nomination and award amount
• Current year nomination

 ○ Bonus pool total

 ○ Local bonus funding amount

 ○ Form Uploads

• Appraisal
• High level reviews
• Comments
• Bonus justification
• Rank award nominations
• Non-Executive (each Fiscal Year)

 ○ Rating

 ○ Award amount

 ○ Pay adjustment (Yes/No)

4. Workgroups and Organizations.

• Just under 100 codes—not job occupation series codes—code developed for the All Employee Survey

 ○ Agency selection

 ○ Veterans Affairs

 ○ VHA

 ○ VBA

 ○ NCA

• Agency networks
• Agency organizations
• Formal and informal name
• Organization type
• Network
• Physical location
• Duty Code
• Complexity Level
• Station number
• Workgroup supervisory designations
• Workgroup coordinator assignment
• Workgroup coordinator contact info

5. Development Plans.

• Uploaded text document

 ○ Document filled from template

 ○ Free text employee documentation

6. Funding.

• Program funding
• Program funds available
• Reimbursement type
• Appropriation code
• Fiscal contact name and phone
• Amount per employee
• Fund control point
• Requested average salary
• Approved funds
• Withdrawn funds
• Date funding sent
• Approval funding comments
• Approved Full Time Equivalents dollars
• Cost center

7. Career Programs.

• Program Eligibility criteria
• Program waiver
• Program employee applied
• Class title
• Program/Class year
• School name and state
• Major
• Anticipated graduation date
• Application status
• Employment history
• Education history
• Competency data (application questions and answers)
• Applicant endorsers
• Class administrator assignments
• Employee list per class
• Program completion status
• Requested number of student hires
• Requested funding for student salary
• Student work schedule
• Number Full Time Equivalents requested

8. Workforce Planning—Annual Corporate Office and VISNs.

• Planning team members
• Strategic direction
• Historical analysis

 ○ Employee reason to leave

 ○ Equal employment opportunity category of employee

• Projected workforce-rational and issues
• Recruitment and Retention programs used
• Leadership programs/activities and participation
• Workplace morale assessment
• Work plan comments

9. Mentor and Coach Information.

• Mentor status
• Coach status
• Core training

 ○ Courses

 ○ Date and location

 ○ Training instructors

 ○ Training history

• Certification level
• Education
• Biographical information
• Availability
• Practical experience years, hours and event

10. Perseus Survey Software.

• Employee legal name
• Last 4 social security number
• VISNs
• Facility/Office
• Work Setting (Section/Division/Campus/Product Line/Service/Department)
• Occupation
• Identification of supervisory chain of command
• Identification of boss
• Identification of peer and subordinate relationships
• Demographic information

 ○ Gender

 ○ Age

 ○ Race/National Origin

 ○ Tenure

 ○ Grade Level

• Data Input in Response to survey questions (questionnaires which cover the following types of topics as an example)

 ○ Assessment Inventories, such as 360 Assessments, WES/MBI Instruments

 ○ Customer Satisfaction surveys/evaluations (High Performance Development Model, Health Care Retention and Recruitment Office, National Center for Organizational Development, Delegated Examining Units, Workforce Management and Consulting Office)

 ○ Organizational assessment instruments such as Civility, Respect Start Printed Page 11301and Engagement in the Workplace Evaluation, VA Nursing Outcomes Database Registered Nursing survey, Education Inventories, Center for Faith Based and Community Initiatives Communications survey, Aggressive Behavior Prevention Survey, Integrated Ethics Workbook, Methicillin Resistant Staphylococcus Aureus, Office of Personal Management All Employee Survey, Exit/Entrance Surveys, Organizational Climate Assessment Program surveys, surveys for specific facilities/offices

 ○ Program Assessments/Proficiency surveys such as Technical Career Field Return on Investment survey, Supervisory Training Pre/Post Test surveys, Human Resource Proficiency Tracking survey

 ○ Professional Assessment surveys such as Executive Career Field Candidate/Mentor questionnaires, Acting Director/Senior Executive Service applicant assessments

11. Program Management.

• Inquiry Status
• Inquiry date
• Enrollment status
• Enrollment date
• Pairing status
• Open/closed status
• Referral source
• Close reason
• Survey status
• Service start and end dates
• Target group
• Group location
• Organizational chart
• Service requested
• Organizational opportunities/challenges
• Complaints
• Barriers to work
• Signed agreement

12. Service Contact Information.

• Contact dates
• Contact time
• Contact type
• Contact notes

13. Development Assessments.

• Assessment type
• Results and summaries

14. Employee Requesting Information.

• Leadership interests and experiences
• Number of direct reports
• Current role descriptors
• Self-described characteristics
• Readiness for change
• Current and future role preferences
• Aspirations

15. Credentialing Audio Recordings and Transcripts.

• Audio file

RECORD SOURCE CATEGORIES:

Information in this system of records is provided by VA's employees associated to VA Medical Centers, VA Corporate Offices, VBA, NCA, VHA Corporate Offices, VHA Canteen, VISNs and facilities.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

1. The record of an individual who is covered by a system of records may be disclosed to a Member of Congress, or a staff person acting for the Member, when the Member or staff person requests the record on behalf of and at the written request of the individual.

2. Disclosure may be made to the National Archives and Records Administration and the General Services Administration in records management inspections conducted under authority of Title 44, Chapter 29, of the United States Code.

3. VA may disclose information in this system of records to the Department of Justice (DOJ), either on VA's initiative or in response to DOJ's request for the information, after either VA or DOJ determines that such information is relevant to DOJ's representation of the United States or any of its components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that disclosure of the records to the DOJ is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA, on its own initiative, may disclose records in this system of records in legal proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information contained in the records that is compatible with the purpose for which VA collected the records.

4. Disclosure may be made to individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to perform such services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor, subcontractor, public or private agency, or other entity or individual with whom VA has an agreement or contract to perform the services of the contract or agreement. This routine use includes disclosures by the individual or entity performing the service for VA to any secondary entity or individual to perform an activity that is necessary for individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to provide the service to VA.

5. VA may disclose on its own initiative any information in this system, except the names and home addresses of Veterans and their dependents, that is relevant to a suspected or reasonably imminent violation of law, whether civil, criminal, or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, to a Federal, state, local, tribal, or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule, or order. On its own initiative, VA may also disclose the names and addresses of Veterans and their dependents to a Federal agency charged with the responsibility of investigating or prosecuting civil, criminal, or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule, or order issued pursuant thereto.

6. Disclosure to other Federal agencies may be made to assist such agencies in preventing and detecting possible fraud or abuse by individuals in their operations and programs.

7. VA may, on its own initiative disclose any information or records to appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that the integrity or confidentiality of information in the system of records has been compromised; (2) VA has determined that as a result of the suspected or confirmed compromise there is a risk of embarrassment or harm to the reputations of the record subjects, harm to economic or property interests, identity theft or fraud, or harm to the security, confidentiality, or integrity of this system or other systems or programs (whether maintained by VA or another agency or entity) that rely upon the potentially compromised information; and (3) the disclosure is to agencies, entities, or persons whom VA determines are reasonably necessary to assist or carry out VA's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. This routine use permits disclosures by VA to respond to a suspected or confirmed data breach, including the conduct of any risk analysis or provision of credit protection services as provided in 38 U.S.C. 5724, as the terms are defined in 38 U.S.C. 5727.

a. Effective Response. A Federal agency's ability to respond quickly and effectively in the event of a breach of Federal data is critical to its efforts to prevent or minimize any consequent harm. An effective response necessitates Start Printed Page 11302disclosure of information regarding the breach to those individuals affected by it, as well as to persons and entities in a position to cooperate, either by assisting in notification to affected individuals or playing a role in preventing or minimizing harms from the breach.

b. Disclosure of Information. Often, the information to be disclosed to such persons and entities is maintained by Federal agencies and is subject to the Privacy Act (5 U.S.C. 552a). The Privacy Act prohibits the disclosure of any record in a system of records by any means of communication to any person or agency absent the written consent of the subject individual, unless the disclosure falls within one of twelve statutory exceptions. In order to ensure an agency is in the best position to respond in a timely and effective manner, in accordance with 5 U.S.C. 552a(b)(3) of the Privacy Act, agencies should publish a routine use for appropriate systems specifically applying to the disclosure of information in connection with response and remedial efforts in the event of a data breach.

8. VA may disclose any audio files and accompanying transcripts to coaching credentialing entities for the sole purpose of evaluation of a coach who is applying for an advanced coaching credential.

9. VA may, on its own initiative, disclose information from this system to another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

10. VA may disclose information from this system to the Equal Employment Opportunity Commission (EEOC) when requested in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or other functions of the Commission as authorized by law or regulation.

11. VA may disclose information from this system to the Federal Labor Relations Authority (FLRA), including its General Counsel, information related to the establishment of jurisdiction, investigation, and resolution of allegations of unfair labor practices, or in connection with the resolution of exceptions to arbitration awards when a question of material fact is raised; for it to address matters properly before the Federal Services Impasses Panel, investigate representation petitions, and conduct or supervise representation elections.

12. VA may disclose information from this system to the Merit Systems Protection Board (MSPB), or the Office of the Special Counsel, when requested in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by law.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are maintained on the HPDM1 Server and VACIN Server and backup servers in Little Rock, Arkansas and Cincinnati, Ohio.

POLICIES AND PRACTICES FOR RETRIEVABILITY OF RECORDS:

Records are retrieved by name, social security number, position number, organization number, position number, or other assigned identifiers of the organizations, positions or individuals on whom they are maintained.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

The records are disposed of in accordance with General records 4.3, item 031.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

1. Access to and use of national administrative databases, warehouses, and data marts are limited to those persons whose official duties require such access, and VA has established security procedures to ensure that access is appropriately limited. Information security officers and system data stewards review and authorize data access requests. VA regulates data access with security software that authenticates users and requires individually-unique codes and passwords. VA requires information security training for all staff and instructs staff on the responsibility each person has for safeguarding data confidentiality.

2. Physical access to computer rooms housing national administrative databases, warehouses, and data marts is restricted to authorized staff and protected by a variety of security devices. Unauthorized employees, contractors, and other staff are not allowed in computer rooms.

3. Data transmissions between operational systems and national administrative databases, warehouses, and data marts maintained by this system of record are protected by state-of-the-art telecommunication software and hardware. This may include firewalls, intrusion detection devices, encryption, and other security measures necessary to safeguard data as it travels across the Wide Area Network.

RECORD ACCESS PROCEDURE:

Individuals seeking information regarding access to and contesting of records in this system may write, call or visit the VA facility location where they are or were employed or made contact or the Program Office in which requests for services were made.

CONTESTING RECORD PROCEDURES:

(See Record Access procedures above.)

NOTIFICATION PROCEDURE:

Individuals who wish to determine whether this system of records contains information about them should contact the VA facility location at which they are or were employed. Inquiries should include the person's full name, social security number, dates of employment, date(s) of contact, and return address.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

Under Title 5 U.S.C. § 552a(k)(6), the head of any agency may exempt any system of records within the agency from certain provisions of the Privacy Act, if the system of records is testing or examination material used solely to determine individual qualifications for appointment or promotion in the Federal service the disclosure of which would compromise the objectivity or fairness of the testing or examination process. The Talent Assessment Data within the system of records is considered examination material used to determine if an employee has the qualifications, leadership skills and experience necessary to become a Medical Center Director.

Based upon the foregoing, the Secretary of Veterans Affairs has exempted this system of records, to the extent that it encompasses information pertaining to criminal law enforcement related activities from the following provisions of the Privacy Act of 1974, as permitted by 5 U.S.C. § 552a(k)(6):

5 U.S.C. § 552a(c)(3).

5 U.S.C. § 552a(d)(1) through (4).

5 U.S.C. § 552a(e)(1).

5 U.S.C. § 552a(e)(4)(G), (H) and (I).

5 U.S.C. § 552a(f).Start Printed Page 11303

5 U.S.C. § 552a(e)(4)(G), (H) and (I).

5 U.S.C. § 552a(f).

Reasons for exemptions: The exemption of examination material in this system of records is necessary to ensure candid and complete assessment of individual qualifications for appointment or promotion in VHA. The disclosure of the Talent Assessment Data would compromise the objectivity of the examination for the individuals and the willingness to provide full, candid assessments by the reviewers.

HISTORY:

Last full publication provided in 75 FR 34 dated February 22, 2010.