AGENCY:

Department of Veterans Affairs (VA).

ACTION:

Notice of publication of new system of records.

SUMMARY:

The Privacy Act of 1974 (Title 5, United States Code (U.S.C.), Section 552 requires that all agencies publish in the Federal Register a notice of the existence of and character of their systems of records. Notice is hereby given that the Department of Veterans Affairs (VA) is adding a new system of Start Printed Page 18753records entitled “Non-Health Data Analyses and Projections for VA Policy and Planning—VA” (149VA008A).

DATES:

Comments on the amendment of this system of records must be received no later than May 14, 2007. If no public comment is received, the new system will become effective May 14, 2007.

ADDRESSES:

Written comments may be submitted through http://www.Regulations.gov; by mail or hand-delivery to the Director, Regulations Management (00REG), Department of Veterans Affairs, 810 Vermont Ave., NW., Room 1068, Washington, DC 20420; or by fax to (202) 273-9026. Copies of comments received will be available for public inspection in the Office of Regulation Policy and Management, Room 1063B, between the hours of 8 a.m. and 4:30 p.m. Monday through Friday (except holidays). Please call (202) 273-9515 for an appointment. In addition, during the comment period, comments may be viewed online through the Federal Docket Management System.

FOR FURTHER INFORMATION CONTACT:

Dat Tran, Director, Office of Data Development and Analysis, (008A3), U.S. Department of Veterans Affairs, 810 Vermont Ave., NW., Washington, DC 20420, (202) 273-6482.

SUPPLEMENTARY INFORMATION:

I. Description of the Proposed System of Records

The “Non-Health Data Analyses and Projections for VA Policy and Planning” system of records is a collection of non-health-related database extracts utilized by the Department of Veterans Affairs' Office of Policy and Planning (OPP) to perform its statutory mission under title 38, U.S.C. 527. OPP supports VA's Office of the Secretary, Administrations, and staff offices through qualitative, quantitative, and actuarial analyses, projections, and evaluations regarding all non-health-related benefits issues involving service members, veterans, survivors, and dependents. A more complete description of the duties and activities of Office of Policy and Planning (OPP) is at http://www1.va.gov/​op3/​docs/​008_​org.pdf.

The extracts are provided from master databases under the jurisdiction of the Veterans Benefits Administration, Department of Defense (DoD), and other Federal and State agencies. This system of records will not contain protected health information covered by the HIPAA Privacy and Security Rules.

These data extracts contain personal identifiers (e.g., social security numbers and military service numbers etc.), residential and professional contact data (e.g., address and telephone numbers etc.), population demographics (e.g., gender and zip codes etc.), military service-related data (e.g., branch of service and service dates etc.), financial-related data (e.g., amount of historic benefit payments etc.), claims processing codes and information (e.g., disability compensation and pension award codes etc.), and other VA and non-VA Federal information.

The information is retrievable by social security number, military service number, claim or file number, non-VA Federal benefit identifiers, and other personal identifiers. Consequently, a Privacy Act system of records must be established in order to protect this information.

II. Proposed Routine Use of Disclosures of Data in the System

VA is proposing to establish the following routine use disclosures of the information that will be maintained in the system.

1. Upon suspicion or confirmation of compromised data in this system of records, OPP may disclose any system records to law enforcement and security entities, as necessary, for the investigations of any data security, identity theft, and fraud issues.

2. Disclosure may be made to a Member of Congress or to a Congressional staff member in response to an inquiry of the Congressional office made at the written request of the constituent about whom the record is maintained.

3. Any system records disclosure may be made to the National Archives and Records Administration in records management inspections under title 44, U.S.C.

4. Any information in this system may be disclosed to the Department of Justice (DOJ), including United States (U.S.) Attorneys, upon its official request in order for VA to respond to pleadings, interrogatories, orders or inquiries from DOJ and to supply DOJ with information to enable DOJ to represent the U.S. Government in any phase of litigation or in any case or controversy involving VA.

5. Any system records may be disclosed to a Federal agency for the conduct of research and data analysis to perform a statutory purpose of that Federal agency upon the prior written request of that agency, provided that there is legal authority under all applicable confidentiality statutes and regulations to provide the data and OPP has determined prior to the disclosure that OPP data handling requirements are satisfied. OPP may disclose limited individual identification information to another Federal agency for the purpose of matching and acquiring information held by that agency for OPP to use for the purposes stated for this system of records.

6. Any system records may be disclosed to individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to perform such services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor, subcontractor, public or private agency, or other entity or individual with whom VA has an agreement or contract to perform the services of the contract or agreement. This routine use includes disclosures by the individual or entity performing the service for VA to any secondary entity or individual to perform an activity that is necessary for individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to provide the service to VA.

7. Any system records disclosure may be made to the Office of Management and Budget (OMB) in order for them to perform their statutory responsibilities for evaluating federal programs.

8. Upon receipt of a written request, VA may disclose information to any state, tribe, county, or municipal agency for the purposes of outreach to a benefit under Title 38 Code of Federal Regulations (CFR).

9. Any records may be disclosed to appropriate agencies, entities, and persons under the following circumstances: When (1) It is suspected or confirmed that the security or confidentiality of information in the system of records has been compromised; (2) the Department has determined that as a result of the suspected or confirmed compromise there is a risk of embarrassment or harm to the reputations of the record subjects, harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the Department or another agency or entity) that rely upon the compromised information; and (3) the disclosure is made to such agencies, entities, and persons who are reasonably necessary to assist in connection with the Department's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

10. VA may disclose information in this system of records to the Department of Justice (DoJ), either on VA's initiative or in response to DoJ's request for the information, after either VA or DoJ Start Printed Page 18754determines that such information is relevant to DoJ's representation of the United States or any of its components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that disclosure of the records to the Department of Justice is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA, on its own initiative, may disclose records in this system of records in legal proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information contained in the records that is compatible with the purpose for which VA collected the records.

In determining whether to disclose records under this routine use, VA will comply with the guidance promulgated by the Office of Management and Budget in a May 24, 1985, memorandum entitled “Privacy Act Guidance—Update”, currently posted at http://www.whitehouse.gov/​omb/​inforeg/​guidance1985.pdf.

11. VA may disclose on its own initiative any information in this system, except the names and home addresses of veterans and their dependents, which is relevant to a suspected or reasonably imminent violation of law, whether civil, criminal or regulatory in nature, and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, to a Federal, State, local, tribal, or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule or order. On its own initiative, VA may also disclose the names and addresses of veterans and their dependents to a Federal agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto.

III. Compatibility of the Proposed Routine Uses

The Privacy Act permits VA to disclose information about individuals without their consent for a routine use when the information will be used for a purpose that is compatible with the purpose for which we collected the information. In all of the routine use disclosures, either the recipient of the information will use the information in connection with a matter relating to one of VA's programs, or will use the information to provide a benefit to VA, or disclosure is required by law.

The “notice of intent to publish” and an advance copy of the system notice have been sent to the appropriate Congressional committees and the OMB's Director as required by title 5, U.S.C. a(r) (Privacy Act) and guidelines issued by OMB on December 12, 2000 (65FR77677).

149VA008A

SYSTEM NAME:

“Non-Health Data Analyses and Projections for VA Policy and Planning—VA”.

SYSTEM LOCATION:

One location for electronic and paper records, following VA-approved procedures, is in the Office of the Director, Office of Data Development and Analysis, (008A3), U.S. Department of Veterans Affairs, 810 Vermont Ave., NW., Washington, DC 20420. Electronic records are also placed on a Department of Veterans Affairs' (VA's) secured server housed at VA's Austin Automation Center, 1615 Woodward St., Austin, TX 78772. Records necessary for a contractor to perform a contract with VA are located at the respective contractor's facility.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

1. Service members and veterans who have applied for any non-health-related benefits under title 38, U.S.C.

2. Veterans' spouse, surviving spouse, previous spouse, children, and parents who have applied for any non-health-related benefit under title 38, U.S.C.

3. Beneficiaries of other Federal agencies or other governmental entities.

4. Individuals who have applied for any non-health-related benefits under title 38, U.S.C., but who do not meet the requirements under Title 38 to receive such benefits.

CATEGORIES OF RECORDS IN THE SYSTEM:

The records may include personal identifiers (e.g., social security numbers and military service numbers etc.), residential and professional contact data (e.g., address and telephone numbers etc.), population demographics (e.g., gender and zip codes etc.), military service-related data (e.g., branch of service and service dates etc.), financial-related data (e.g., amount of historic benefit payments etc.), claims processing codes and information (e.g., disability compensation and pension award codes etc.), and other VA and non-VA Federal information.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Title 38, U.S.C. 527.

PURPOSE(S):

Non-health-related qualitative, quantitative, and actuarial analyses and projections to support policy analyses and recommendations to improve VA services for veterans and their families. Analysis and review of policy and long-term planning issues affecting veterans programs to support legislative, regulatory and policy recommendations, decisions and initiatives. These activities are conducted for the Secretary, VA Administrations and Staff Offices, special programs and projects within the Department (e.g., special studies, advisory committees and task forces etc.), and entities external to VA, such as the Office of Management and Budget (OMB), and the United States (U.S.) Congress.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

Note:

To the extent that records contained in the system include individually-identifiable information protected by title 38, U.S.C. 7332, that information cannot be disclosed under any of the following routine uses unless there is also specific disclosure authority in title 38, U.S.C. 7332.

1. Upon suspicion or confirmation of compromised data in this system of records, Office of Policy and Planning (OPP) may disclose any system records to law enforcement and security entities, as necessary, for the investigations of any data security, identity theft, and fraud issues.

2. Disclosure may be made to a Member of Congress or to a Congressional staff member in response to an inquiry of the Congressional office made at the written request of the constituent about whom the record is maintained.

3. Any system records disclosure may be made to the National Archives and

Records Administration in records management inspections under title 44, U.S.C.

4. Any information in this system may be disclosed to the Department of Justice (DOJ), including U.S. Attorneys, upon its official request in order for VA to respond to pleadings, interrogatories, orders or inquiries from DOJ and to supply DOJ with information to enable DOJ to represent the U.S. Government in any phase of litigation or in any case or controversy involving VA.

5. Any system records may be disclosed to a Federal agency for the Start Printed Page 18755conduct of research and data analysis to perform a statutory purpose of that Federal agency upon the prior written request of that agency, provided that there is legal authority under all applicable confidentiality statutes and regulations to provide the data and OPP has determined prior to the disclosure that OPP data handling requirements are satisfied. OPP may disclose limited individual identification information to another Federal agency for the purpose of matching and acquiring information held by that agency for OPP to use for the purposes stated for this system of records.

6. Any system records may be disclosed to individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to perform such services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor, subcontractor, public or private agency, or other entity or individual with whom VA has an agreement or contract to perform the services of the contract or agreement. This routine use includes disclosures by the individual or entity performing the service for VA to any secondary entity or individual to perform an activity that is necessary for individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to provide the service to VA.

7. Any system records disclosure may be made to the OMB in order for them to perform their statutory responsibilities for evaluating Federal programs.

8. Upon receipt of a written request, VA may disclose information to any state, tribe, county, or municipal agency for the purposes of outreach to a benefit under Title 38 Code of Federal Regulations (CFR).

9. Any records may be disclosed to appropriate agencies, entities, and persons under the following circumstances: When (1) It is suspected or confirmed that the security or confidentiality of information in the system of records has been compromised; (2) the Department has determined that as a result of the suspected or confirmed compromise there is a risk of embarrassment or harm to the reputations of the record subjects, harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the Department or another agency or entity) that rely upon the compromised information; and (3) the disclosure is made to such agencies, entities, and persons who are reasonably necessary to assist in connection with the Department's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

10. VA may disclose information in this system of records to the Department of Justice (DoJ), either on VA's initiative or in response to DoJ's request for the information, after either VA or DoJ determines that such information is relevant to DoJ's representation of the United States or any of its components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that disclosure of the records to the Department of Justice is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA, on its own initiative, may disclose records in this system of records in legal proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information contained in the records that is compatible with the purpose for which VA collected the records.

In determining whether to disclose records under this routine use, VA will comply with the guidance promulgated by the Office of Management and Budget in a May 24, 1985, memorandum entitled “Privacy Act Guidance—Update”, currently posted at http://www.whitehouse.gov/​omb/​inforeg/​guidance1985.pdf.

11. VA may disclose on its own initiative any information in this system, except the names and home addresses of veterans and their dependents, which is relevant to a suspected or reasonably imminent violation of law, whether civil, criminal or regulatory in nature, and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, to a Federal, State, local, tribal, or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule or order. On its own initiative, VA may also disclose the names and addresses of veterans and their dependents to a Federal agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:

The Department will not make disclosures from this system of records to consumer reporting agencies.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:

STORAGE:

OPP's records are maintained electronically or in hard-copy form. All portable electronic storage devices and media are stored in a combination-locked safe which is secured inside a key-accessed room at the U.S. Department of Veterans Affairs, 810 Vermont Ave., NW., Washington, DC 20420. Other electronic data is placed on VA's segregated server which is housed at VA's Austin Automation Center, 615 Woodward St., Austin, TX 78772. Information stored on paper is kept locked in file cabinets when not in immediate use. All imported and exported OPP data is handled and housed via the provisions of signed data use agreements and current VA data security policies, procedures, and directives. When contractors must have access to data in this system of records in order to perform the contract, contractors house VA data in their own facilities in accordance with current VA data security policies, procedures and directives.

RETRIEVABILITY:

OPP's records may be retrieved by using an individual's social security number, military service number, VA claim or file number, non-VA Federal benefit identifiers, and other personal identifiers.

SAFEGUARDS:

All VA offices are protected from outside access by security personnel seven days a week. Entrances and exits are monitored by security cameras and protected by an alarm system. All VA staff and visitors are required to either have a VA-issued employment identification card or a temporary visitor identification badge. All work stations are secured during daytime and evening hours.

Electronic data located in Washington, DC is stored in a combination-key-locked safe which is secured inside a limited-access room. Authorized employee access to the limited-access room and the safe is based upon strict business needs as determined by OPP's Assistant Secretary. Textual data is stored in key-locked cabinets inside secured rooms. Access to the server in the Austin Automation Center in Austin, TX is Start Printed Page 18756generally limited by appropriate locking devices and restricted to authorized VA personnel. The Austin Automation Center is a secure facility.

All data requests must be in writing, reviewed by a panel of OPP personnel, concurred on by OPP's Assistant Secretary, and released under the auspices of a signed data use agreement. File extracts provided for specific official uses will be limited to contain only the information fields needed for the analysis. Data used for analyses will have individual identifying characteristics removed or encrypted whenever possible. Unencrypted sensitive variables will only be used for analysis as a last resort.

Security complies with applicable Federal Information Processing Standards (FIPS) issued by the National Institute of Standards and Technology (NIST). Health information files containing unique identifiers such as social security numbers are encrypted to NIST-verified FIPS 140-2 standard or higher for storage, transport, or transmission. All files stored or transmitted on laptops, workstations, data storage devices and media are encrypted. Files are kept encrypted at all times except when data is in immediate use, per specifications by VA Office of Information Technology. NIST publications were consulted in development of security for this system of records.

In the event of a contract or special project, VA may secure the services of contractors and/or subcontractors. In such cases, VA will maximize the utilization of encrypted data, when possible. Contractors and their subcontractors are required to maintain the same level of security as VA staff for non-health care information that has been disclosed to them. Unless explicitly authorized in writing by the VA, sensitive or protected data made available to the contractor and subcontractors shall not be divulged or made known in any manner to any person.

All VA employees and contractors are mandated to complete annual cyber security and privacy training.

RETENTION AND DISPOSAL:

In accordance with Title 36, CFR, Section 1234.34, Destruction of Electronic Records, “electronic records may be destroyed only in accordance with a records disposition schedule approved by the Archivist of the United States, including General Records Schedules.” This Office's electronic files are destroyed or deleted when no longer needed for administrative, legal, audit, or other operational purposes in accordance with records disposition authority approved by the Archivist.

If the Archivist has not approved disposition authority for any records covered by the system notice, the System Manager will take immediate action to have the disposition of records in the system reviewed and paperwork initiated to obtain an approved records disposition authority in accordance with VA Handbook 6300.1, Records Management Procedures. The records may not be destroyed until VA obtains an approved records disposition authority. OPP will publish an amendment to this notice upon issuance of a NARA-approved disposition authority.

SYSTEM MANAGER(S) AND ADDRESS(ES):

OPP's system manager is the Director, Office of Data Development and Analysis, (008A3), U.S. Department of Veterans Affairs, 810 Vermont Ave., NW., Washington, DC 20420.

NOTIFICATION PROCEDURE:

An individual who wishes to determine whether a record is being maintained in this system under his or her name or other personal identifier, or wants to determine the contents of such record, should submit a written request to the Director, Office of Data Development and Analysis, (008A3), U.S. Department of Veterans Affairs, 810 Vermont Ave., NW., Washington, DC 20420. Such requests must contain a reasonable description of the records requested. In addition, identification of the individual requesting the information will be required in the written request and will minimally consist of the requester's name, signature, social security number, address, telephone number, and return address.

RECORD ACCESS PROCEDURES:

(See Notification procedure above.)

CONTESTING RECORDS PROCEDURES:

(See Notification procedure above.)

RECORD SOURCE CATEGORIES:

This Office's information is obtained from VA's benefits-related databases, the DoD, Federal and State agencies, and other organizations whose data is necessary to accomplish the purpose for this system of records.