AGENCY:

Department of Veterans Affairs.

ACTION:

Notice of Amendment to System of Records.

SUMMARY:

As required by the Privacy Act of 1974, 5 U.S.C. 552a(e), notice is hereby given that the Department of Veterans Affairs (VA) is amending the system of records currently titled “All Employee Survey—VA” (160VA10A2) as set forth in the Federal Register (75 FR 3787). VA is amending the system by revising the System Location, Categories of Records in the System, Purpose, Routine Uses of Records Maintained in the System, Storage, Retrievability, Safeguard, and System Manager and Address.

DATES:

Comments on the amendment of this system of records must be received no later than July 15, 2013. If no public comment is received, the amended system will become effective July 15, 2013.

ADDRESSES:

Written comments may be submitted through www.Regulations.gov;​; by mail or hand-delivery to Director, Regulations Management (02REG), Department of Veterans Affairs, 810 Vermont Avenue NW., Room 1068, Washington, DC 20420; or by fax to (202) 273-9026. Comments received will be available for public inspection in the Office of Regulation Policy and Management, Room 1063B, between the hours of 8:00 a.m. and 4:30 p.m., Monday through Friday (except holidays). Please call (202) 461-4902 (this is not a toll-free number) for an appointment. In addition, during the comment period, comments may be viewed online through the Federal Docket Management System at www.Regulations.gov.

FOR FURTHER INFORMATION CONTACT:

Department of Veterans Affairs, Director of Veterans Health Administration's (VHA) National Center for Organization Development (NCOD), 11500 Northlake Drive, Suite 260, Cincinnati, OH 45249; telephone (513) 247-4680.

SUPPLEMENTARY INFORMATION:

I. Description of Proposed Systems of Records

The All Employee Survey—VA is a data repository that stores all data gathered from the administration of the All Employee Survey taken by VA employees.Start Printed Page 36036

II. Proposed Routine Use Disclosures of Data in the System

We are proposing to establish the following Routine Use disclosures of information maintained in the system:

To the extent that records contained in the system include information protected by 38 U.S.C. 7332, such as, medical treatment information related to drug abuse, alcoholism or alcohol abuse, sickle cell anemia or infection with the human immunodeficiency virus, that information cannot be disclosed under a routine use unless there is also specific statutory authority permitting disclosure.

1. The record of an individual who is covered by a system of records may be disclosed to a Member of Congress, or a staff person acting for the Member, when the Member or staff person requests the record on behalf of and at the written request of the individual.

VA must be able to provide information about individuals to adequately respond to inquiries from Members of Congress at the request of constituents who have sought their assistance.

2. Disclosure may be made to the National Archives and Records Administration and the General Services Administration in records management inspections conducted under authority of Title 44, Chapter 29, of the United States Code. National Archives and Records Administration and General Services Administration are responsible for management of old records no longer actively used, but which may be appropriate for preservation, and for the physical maintenance of the Federal Government's records.

VA must be able to provide the records to National Archives and Records Administration and General Services Administration in order to determine the proper disposition of such records.

3. VA may disclose information from this system of records to the Department of Justice, either on VA's initiative or in response to Department of Justice's request for the information, after either VA or Department of Justice determines that such information is relevant to Department of Justice's representation of the United States or any of its components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that release of the records to the Department of Justice is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA, on its own initiative, may disclose records in this system of records in legal proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information contained in the records that is compatible with the purpose for which VA collected the records.

VA must be able to provide information to Department of Justice in litigation where the United States or any of its components is involved or has an interest. A determination would be made in each instance that under the circumstances involved, the purpose is compatible with the purpose for which Veterans Affairs collected the information. This routine use is distinct from the authority to disclose records in response to a court order under subsection (b)(11) of the Privacy Act, 5 U.S.C. 552(b)(11), or any other provision of subsection (b), in accordance with the court's analysis in Doe v. DiGenova, 779 F.2d 74, 78-84 (D.C. Cir. 1985) and Doe v. Stephens, 851 F.2d 1457, 1465-67 (D.C. Cir. 1988).

4. Disclosure of relevant information may be made to individuals, organizations, private or public agencies, or other entities with whom VA has a contract or agreement or where there is a subcontract to perform such services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor or subcontractor to perform the services of the contract or agreement. This routine use, which also applies to agreements that do not qualify as contracts defined by Federal procurement laws and regulations, is consistent with Office of Management and Budget guidance in Office of Management and Budget Circular A-130, App. I, paragraph 5a(1)(b) that agencies promulgate routine uses to address disclosure of Privacy Act-protected information to contractors in order to perform the services contracts for the agency.

5. VA may disclose on its own initiative any information in the system, except the names and home addresses of veterans and their dependents, that is relevant to a suspected or reasonably imminent violation of the law whether civil, criminal, or regulatory in nature and whether arising by general or program statute or by regulation, rule, or order issued pursuant thereto, to a Federal, state, local, tribal, or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule, or order. VA may also disclose on its own initiative the names and addresses of veterans and their dependents to a Federal agency charged with the responsibility of investigating or prosecuting civil, criminal, or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, or order issued pursuant thereto.

VA must be able to provide on its own initiative information that pertains to a violation of laws to law enforcement authorities in order for them to investigate and enforce those laws. Under 38 U.S.C. 5701(a) and (f), VA may only disclose the names and addresses of veterans and their dependents to Federal entities with law enforcement responsibilities. This is distinct from the authority to disclose records in response to a qualifying request from a law enforcement entity, as authorized by Privacy Act subsection 5 U.S.C. 552a(b)(7).

6. Disclosure to other Federal agencies may be made to assist such agencies in preventing and detecting possible fraud or abuse by individuals in their operations and programs.

This routine use permits disclosures by the Department to report a suspected incident of identity theft and provide information and/or documentation related to or in support of the reported incident.

7. VA may, on its own initiative, disclose any information or records to appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that the integrity or confidentiality of information in the system of records has been compromised; (2) the Department has determined that as a result of the suspected or confirmed compromise, there is a risk of embarrassment or harm to the reputations of the record subjects, harm to economic or property interests, identity theft or fraud, or harm to the security, confidentiality, or integrity of this system or other systems or programs (whether maintained by the Department or another agency or entity) that rely upon the potentially compromised information; and (3) the disclosure is to agencies, entities, or persons whom VA determines are reasonably necessary to assist or carry out the Department's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. This routine use permits disclosures by the Department to respond to a suspected or confirmed data breach, including the conduct of any risk analysis or provision of credit protection services as provided in 38 U.S.C. 5724, as the terms are defined in 38 U.S.C. 5727.Start Printed Page 36037

III. Compatibility of the Proposed Routine Uses

The Privacy Act permits Veterans Affairs to disclose information about individuals without their consent for a routine use when the information will be used for a purpose that is compatible with the purpose for which we collected the information. In all of the routine use disclosures described above, the recipient of the information will use the information in connection with a matter relating to one of VA's programs, will use the information to provide a benefit to VA, or disclosure is required by law.

The notice of intent to publish and an advance copy of the system notice have been sent to the appropriate Congressional committees and to the Director of the Office of Management and Budget as required by 5 U.S.C. 552a(r) (Privacy Act) and guidelines issued by Office of Management and Budget (65 FR 77677), December 12, 2000.

SOR# 160VA10A2

SYSTEM NAME:

“All Employee Survey-VA” 160VA10A2.

SYSTEM LOCATION:

Records are maintained at the National Center for Organization Development (NCOD), 11500 Northlake Drive, Suite 260, Cincinnati, OH 45249. A copy of the system data is saved on CD and stored at a secure locked safe at the same location.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The records include information concerning all VA employees.

CATEGORIES OF RECORDS IN THE SYSTEM:

The records include two formats.

1. Numerically expressed satisfaction ratings and agreement ratings of questions that ask about specific aspects of workplace environment.

2. Starting from year 2012, records include open-ended text comments provided in response to questions about workplace environment. Instructions to open-ended comments, ask respondents not to use any names or other individually identifiable information about self or others.

The numeric and text records may include information related to:

1. All Employee Survey responses by workgroup.

• 7-digit workgroup organization code.
• Workgroup code identifies a valid VA organizational work unit.
• These identification codes will identify work units rather than specific individuals. VA will provide a table of approximately 15,000 to 40,000 valid workgroup organization codes prior to survey administration.

2. All Employee Survey responses by demographics.

• Gender.
• Age in groups of decades.
• Race.
• National origin.
• Incumbency in VA.
• Level of supervisory responsibility.
• Main type of occupational setting.
• Main type of service provided.
• Prior participation in VA trainings.
• Prior service in the U.S. Armed Forces.

3. All Employee Survey responses by national function file.

• Category of workgroup—provides a functional description of the workgroup, by connecting it to a list of services and locations within the working structure of VA organizations. Local survey coordinators (not survey respondents) describe workgroups on this category at the time the work units are assigned unique 7-digit codes. There are close to 100 categories.

4. All Employee Survey responses by occupational group.

• This is a 3-digit code provided to each individual respondent who then can use it to categorize their occupation through self-report.
• There are over 100 codes; they are not job occupation series codes. It is a code developed for the All Employee Survey.

5. All Employee Survey responses by question and modality.

• The response is provided by the interactive Web-based survey, telephone, or paper submission and response type captured.

6. All Employee Survey responses by organization and sub organization title, type, and function.

• The workgroup identifies organization, sub organization if applicable, organization type, and function for which the response is provided.

7. All Employee Survey responses by response rate.

• Responses are stored at the individual level, response rates are reported at the work unit lowest level, and then hierarchically rolled upward in summary totals to the next level within the organization. The hierarchy is based on the organization structure (facility and parents) and the 7-digit workgroup organization code.

Reporting of response data follows the rule of 10 respondents for any survey scores reported for any specific (identified) organizational units or demographic groups. For applied managerial analyses and action planning, any response data for identified organizational units or demographic groups for any survey values that are based on having less than 10 respondents in a group will never be released from the data repository. For scientific statistical analyses and use in publications, data from identified organizational units or demographic groups with less than 10 respondents are released only upon approval of the Organization Assessment Subcommittee (OASC) Chair(s), based on recommendation of a professional committee of organizational research experts. Such use of such data is explicitly limited to a specific requestor, project, and purpose (as detailed in 2, section: Purposes), with a strong data security plan ascertained. Any results of scientific use of the All Employee Survey data will be reported at aggregate level only, with no individual or organizational identities attached.

8. All Employee Survey responses by date and time survey taken.

• Date and time response submitted.

9. All Employee Survey responses by content areas.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Title 38, United States Code, section 501a.

PURPOSE(S):

The records and information may be used for applied managerial as well as scientific statistical analysis of employee satisfaction on quality and quantity of work, personal safety, promotion and training opportunity, fair and equitable treatment, and work/family balance.

For applied managerial use, All Employee Survey records and information pertaining to data validation, evaluation of personnel/organizational management and staffing satisfaction and culture, including workforce effectiveness are shared with facilities and with local, regional and national VA leaders. Action plans, development of goals and follow-up performance measures are developed as a result.

For scientific statistical use, All Employee Survey records and information may be used in research and management studies that support optimal functioning of VA organizations and programs. Such use must balance technical requirements of research designs which ensure scientifically plausible answers, with the need to Start Printed Page 36038protect confidentiality of VA survey respondents and of small respondent groups. Each proposal involving use of All Employee Survey data for studies is therefore evaluated by a professional committee: the Data Use Agreement committee of the OASC of the VHA National Leadership Council. The evaluation serves to ascertain scientific merits, benefit for the VA, existence of a strong data protection plan, and based on these considerations to determine the appropriate level of aggregation of the records released for the specific described purpose.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

To the extent that records contained in the system include information protected by 45 CFR parts 160 and 164, such as, individually identifiable health information, and 38 U.S.C. 7332, such as, medical treatment information related to drug abuse, alcoholism or alcohol abuse, sickle cell anemia or infection with the human immunodeficiency virus, that information cannot be disclosed under a routine use unless there is also specific statutory authority in 38 U.S.C. 7332 and regulatory authority in 45 CFR parts 160 and 164 permitting disclosure.

1. The record of an individual who is covered by a system of records may be disclosed to a Member of Congress, or a staff person acting for the Member, when the Member or staff person requests the record on behalf of and at the written request of the individual.

2. Disclosure may be made to the National Archives and Records Administration and the General Services Administration in records management inspections conducted under authority of Title 44, Chapter 29, of the United States Code.

3. Veterans Affairs may disclose information from this system of records to the Department of Justice, either on Veterans Affairs' initiative or in response to Department of Justice's request for the information, after either VA or Department of Justice determines that such information is relevant to Department of Justice's representation of the United States or any of its components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that release of the records to the Department of Justice is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA, on its own initiative, may disclose records in this system of records in legal proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information contained in the records that is compatible with the purpose for which VA collected the records.

4. Disclosure of relevant information may be made to individuals, organizations, private or public agencies, or other entities with whom VA has a contract or agreement or where there is a subcontract to perform such services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor or subcontractor to perform the services of the contract or agreement.

5. VA may disclose on its own initiative any information in the system, except the names and home addresses of veterans and their dependents, that is relevant to a suspected or reasonably imminent violation of the law whether civil, criminal, or regulatory in nature and whether arising by general or program statute or by regulation, rule, or order issued pursuant thereto, to a Federal, state, local, tribal, or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule, or order. VA may also disclose on its own initiative the names and addresses of veterans and their dependents to a Federal agency charged with the responsibility of investigating or prosecuting civil, criminal, or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, or order issued pursuant thereto.

6. Disclosure to other Federal agencies may be made to assist such agencies in preventing and detecting possible fraud or abuse by individuals in their operations and programs.

7. VA may, on its own initiative, disclose any information or records to appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that the integrity or confidentiality of information in the system of records has been compromised; (2) the Department has determined that as a result of the suspected or confirmed compromise, there is a risk of embarrassment or harm to the reputations of the record subjects, harm to economic or property interests, identity theft or fraud, or harm to the security, confidentiality, or integrity of this system or other systems or programs (whether maintained by the Department or another agency or entity) that rely upon the potentially compromised information; and (3) the disclosure is to agencies, entities, or persons whom VA determines are reasonably necessary to assist or carry out the Department's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. This routine use permits disclosures by the Department to respond to a suspected or confirmed data breach, including the conduct of any risk analysis or provision of credit protection services as provided in 38 U.S.C. 5724, as the terms are defined in 38 U.S.C. 5727.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:

STORAGE:

Records are maintained on the server with a backup copy on compact disk in the VHA National Center for Organization Development (NCOD) Program Office, 11500 Northlake Drive, Suite 260, Cincinnati, OH 45249.

RETRIEVABILITY:

Records may be retrieved by organization name or other assigned identifiers of the respondent groups on whom they are maintained. None of the All Employee Survey records can be confidently ascribed to specific individual respondents.

SAFEGUARDS:

1. Access to VA working and storage areas is restricted to VA employees on a “need-to-know” basis; strict control measures are enforced to ensure that disclosure to these individuals is also based on this same principle. Generally, VA file areas are locked after normal duty hours and the facilities are protected from outside access by the Federal Protective Service or other security personnel.

2. Access to computer rooms at health care facilities is generally limited by appropriate locking devices and restricted to authorized VA employees and vendor personnel. Automatic Data Processing peripheral devices are placed in secure areas. Access to information stored on automated storage media at other VA locations is controlled by individually unique passwords/codes employees are limited to only that information in the file which is needed in the performance of their official duties.

3. Access to the VHA NCOD Server is restricted to Center employees, Federal Protective Service, and other security personnel. Access to computer rooms is restricted to authorized operational personnel through electronic scanning and locking devices. All other persons gaining access to computer rooms are escorted after identity verification and Start Printed Page 36039log entry to track person, date, time in, and time out of the room. Information stored in the computer may be accessed by authorized VA employees at remote locations including VA health care facilities, Information Systems Centers, VA Central Office, and Veterans Integrated Service Networks. Access is controlled by individually unique passwords/codes which must be changed periodically by the employee. The compact disk is stored in the NCOD Office in Cincinnati, Ohio, and is accessible by restricted, authorized personnel through electronic scanning and locking devices.

RETENTION AND DISPOSAL:

Paper records are scanned and digitized for viewing electronically and are destroyed after they have been scanned onto disks, and the electronic copy determined to be an accurate and complete copy of the paper record scanned.

SYSTEM MANAGER(S) AND ADDRESS:

Official responsible for policies and procedures; VHA National Center for Organization Development (NCOD). Officials maintaining the system; Sue Dyrenforth of NCOD, 11500 Northlake Drive, Suite 260, Cincinnati, OH 45249.

NOTIFICATION PROCEDURE:

Individuals who wish to determine whether this system of records contains information about them should contact the Veterans Affairs facility location at which they are or were employed or made or have contact. Inquiries should include the person's full name, social security number, dates of employment, date(s) of contact, and return address.

RECORD ACCESS PROCEDURE:

Individuals seeking information regarding access to and contesting of records in this system may write, call or visit the VA facility location where they are or were employed or made contact.

CONTESTING RECORD PROCEDURES:

(See Record Access Procedures above.)

RECORD SOURCE CATEGORIES:

Information in this system of records is provided by VA employees associated to VA medical centers and corporate offices.