AGENCY:

Department of Veterans Affairs (VA), Office of Small & Disadvantaged Business Utilization (OSDBU).

ACTION:

Notice of a modified system of records.

SUMMARY:

Pursuant to the Privacy Act of 1974, notice is hereby given that the VA is modifying the system of records entitled, “Veterans Enterprise Management System (VEMS)–VA” (181VAOSDBU). This system provides VA personnel with access to resources that allow them to perform market research on Veteran Owned Small Businesses (VOSB) and Service-Disabled Veteran Owned Small Businesses (SDVOSB). The system also provides a platform for registration and announcement of VA OSDBU supported events, as well as provides OSDBU with the data and reports needed to manage their responsibilities under the Veterans Entrepreneurship and Small Business Development Act of 1999.

DATES:

Comments on this modified system of records must be received no later than 30 days after date of publication in the Federal Register . If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by VA, the modified system of records will become effective a minimum of 30 days after date of publication in the Federal Register . If VA receives public comments, VA shall review the comments to determine whether any changes to the notice are necessary.

ADDRESSES:

Comments may be submitted through www.Regulations.gov or mailed to VA Privacy Service, 810 Vermont Avenue NW, (005X6F), Washington, DC 20420. Comments should indicate that they are submitted in response to Veterans Enterprise Management System VA VetBiz Portal-VA (181VAOSDBU). Comments received will be available at regulations.gov for public viewing, inspection or copies.

FOR FURTHER INFORMATION CONTACT:

For general questions about the system contact Carol Cleveland at Office of Small & Disadvantaged Business Utilization at 810 I Street NW, Washington, DC 20420, osdbuexeccorr@va.gov and (202) 461–4600 (Note: this is not a toll-free number).

SUPPLEMENTARY INFORMATION:

The purpose of this modified system of records is to notify that VA will no longer gather information to substantiate that small businesses owned and controlled by Veterans are qualified for contracts under the Vets First Program. The Small Business Administration has taken over these functions as directed in the William H. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021. The social security number and date of birth fields will be stripped from the system contact records. Personal and professional papers gathered to support the Verification Program will be disposed of in accordance with applicable records control schedule.

The Report of Intent to Amend a System of Records Notice and an advance copy of the system notice have been sent to the appropriate Congressional committees and to the Director of the Office of Management and Budget (OMB) as required by the Privacy Act and guidelines issued by OMB, December 12, 2000.

Signing Authority

The Senior Agency Official for Privacy, or designee, approved this document and authorized the undersigned to sign and submit the document to the Office of the Federal Register for publication electronically as an official document of the Department of Veterans Affairs. Kurt D. DelBene, Assistant Secretary for Information and Technology and Chief Information Officer, approved this document on July 27, 2023 for publication.

SYSTEM NAME AND NUMBER:

Veterans Enterprise Management System (VEMS) VA VetBiz Portal–VA (181VAOSDBU).

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

The system is hosted on the VA Enterprise Cloud (EC), Microsoft Azure Government (MAG). The VA EC MAG is Start Printed Page 60268 in Azure Government Region 1, Region 2, or Region 3.

SYSTEM MANAGER:

Carol Cleveland, Information Technology Systems Integration Program Manager, VA Office of Small & Disadvantaged Business Utilization (OSDBU), 810 Vermont Avenue NW, Room 1064, Washington, DC 20420. Carol.Cleveland@VA.GOV, osdbuexeccorr@va.gov and (202) 461–4600.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

38 U.S.C. 8127 and Public Law 106–50.

PURPOSE(S) OF THE SYSTEM:

1. Provide VA personnel with access to resources that allow them to perform market research upon Veteran Owned Small Businesses (VOSB) and Service-Disabled Veteran Owned Small Businesses (SDVOSB).

2. Provide a platform for registration and announcement of all VA OSDBU supported events.

3. Provides the OSDBU with the data and reports needed to manage their responsibilities under the Veterans Entrepreneurship and Small Business Development Act of 1999.

4. Provide information to VA personnel to use in counseling and assisting small business owners and Veteran entrepreneurs in starting a small business or expanding an existing small business.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The system of records will cover small business owners, Veteran entrepreneurs, large business partners, other small business support partners and VA program and acquisition officials.

CATEGORIES OF RECORDS IN THE SYSTEM:

The records will contain data on VetBiz Portal users. The records may include name, personal mailing address, personal email address, tax identification number, contract acquisition data revenue, environment identifier, agency contract, figures, position title, VISN, office, provider ID., Fedmine module, user ID (Guid), company certification, company org, GSA contract, SAM UEI, is verified, primary email, company type, bonding level, CVE verification date, year established, employees number, employees number vet, is veteran, is minority owned, is service disabled, is WOSB, certified cor, contract acquisition data revenue, sec ID (Guid), title of an event, date of an event, location, company name.

RECORD SOURCE CATEGORIES:

The information in this system of records is obtained from the following sources:

a. Information voluntarily submitted by the user;

b. Information gathered from official VA data sources such as Identity Access Management; and

c. Public information extracted from other business databases, Small Business Administration VetCert database and www.Fedmine.us, a GovSpend Company.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

1. Congress

To a Member of Congress or staff acting upon the Member's behalf when the Member or staff requests the information on behalf of, and at the request of, the individual who is the subject of the record.

2. Data Breach Response and Remediation, for VA

To appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that there has been a breach of the system of records; (2) VA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, VA (including its information systems, programs, and operations), and the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with VA's efforts to respond to the suspected or confirmed breach or to prevent, minimize or remedy such harm.

3. Law Enforcement

To a Federal, state, local, territorial, tribal, or foreign law enforcement authority or other appropriate entity charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing such law, provided that the disclosure is limited to information that, either alone or in conjunction with other information, indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature. The disclosure of the names and addresses of veterans and their dependents from VA records under this routine use must also comply with the provisions of 38 U.S.C. 5701. Data Breach Response and Remediation, for Another Federal Agency.

To another Federal agency or Federal entity, when VA determines that the information is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

4. DoJ for Litigation or Administrative Proceeding

To the Department of Justice (DoJ), or in a proceeding before a court, adjudicative body, or other administrative body before which VA is authorized to appear, when:

(a) VA or any component thereof;

(b) Any VA employee in his or her official capacity;

(c) Any VA employee in his or her individual capacity where DoJ has agreed to represent the employee; or

(d) The United States, where VA determines that litigation is likely to affect the agency or any of its components, is a party to such proceedings or has an interest in such proceedings, and VA determines that use of such records is relevant and necessary to the proceedings.

5. Contractors

To contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for VA, when reasonably necessary to accomplish an agency function related to the records.

6. OPM

To the Office of Personnel Management (OPM) in connection with the application or effect of civil service laws, rules, regulations, or OPM guidelines in particular situations.

7. Federal Agencies, for Research

To a Federal agency for the purpose of conducting research and data analysis to perform a statutory purpose of that Federal agency upon the prior written request of that agency.

8. Federal Agencies, for Computer Matches

To other federal agencies for the purpose of conducting computer matches to obtain information to determine or verify eligibility of Veterans receiving VA benefits or medical care under Title 38, U.S.C.

9. Federal Agencies, Courts, Litigants, for Litigation or Administrative Proceedings

To another federal agency, court, or party in litigation before a court or in an administrative proceeding conducted by a Federal agency, when the government is a party to the judicial or administrative proceeding.

10. Governmental Agencies, for VA Hiring, Security Clearance, Contract, License, Grant Start Printed Page 60269

To a Federal, state, local, or other governmental agency maintaining civil or criminal violation records, or other pertinent information, such as employment history, background investigations, or personal or educational background, to obtain information relevant to VA's hiring, transfer, or retention of an employee, issuance of a security clearance, letting of a contract, or issuance of a license, grant, or other benefit. The disclosure of the names and addresses of Veterans and their dependents from VA records under this routine use must also comply with the provisions of 38 U.S.C. 5701.

11. State or Local Agencies, for Employment

To a state, local, or other governmental agency, upon its official request, as relevant and necessary to that agency's decision on the hiring, transfer, or retention of an employee, the issuance of a security clearance, the letting of a contract, or the issuance of a license, grant, or other benefit by that agency. The disclosure of the names and addresses of Veterans and their dependents from VA records under this routine use must also comply with the provisions of 38 U.S.C. 5701.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records in this system will be stored in a computerized database. The system will operate on servers, located on the VA EC MAG, Region 1 and Region 2, or Region 3. Data backups will reside on appropriate media, according to normal system backup plans for VA Enterprise Operations.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records in this system may be retrieved by:

1. Organization Name.

2. Contact Name.

3. Email Address.

4. Web Address.

5. Area Code and Phone Number.

6. Zip Code.

7. County Code (NaCO).

8. State(s).

9. Service Area Limits (if any).

10. Year Established.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records are maintained and disposed of in accordance with the schedule approved by the Archivist of the United States, DAA–0015–2018–0003, 7 years from the date the records were last modified or updated.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

VA staff and contractors will have access to the system via VA Intranet and local connections, for operations, management and maintenance purposes and tasks. Access to the Intranet portion of the system is done through VA PIV authentication and role-based access control at officially approved access points. Small business owners and Veteran entrepreneurs will establish and maintain user ID's and passwords for accessing the VetBiz Portal using VA's DS Logon, ID.me or Login.gov through Access VA. Policy regarding issuance of user-ids and passwords is formulated in VA by the Office of Information and Technology, Washington, DC. The system is configured so that access to the public data elements in the database does not lead to access to the non-public data elements.

RECORD ACCESS PROCEDURES:

Individuals seeking information on the existence and content of records in this system pertaining to them should contact the system manager in writing as indicated above. A request for access to records must contain the requester's full name, address, telephone number, be signed by the requester, and describe the records sought in sufficient detail to enable VA personnel to locate them with a reasonable amount of effort.

CONTESTING RECORD PROCEDURES:

Individuals seeking to contest or amend records in this system pertaining to them should contact the system manager in writing as indicated above. A request to contest or amend records must state clearly and concisely what record is being contested, the reasons for contesting it, and the proposed amendment to the record.

NOTIFICATION PROCEDURES:

Generalized notice is provided by the publication of this notice. For specific notice, see Record Access Procedure, above. E

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

87 FR 1007 (January 7, 2022).