2023-20052. Privacy Act of 1974; System of Records  

  • Start Preamble

    AGENCY:

    Financial Services Center (FSC), Department of Veterans Affairs (VA).

    ACTION:

    Notice of a modified system of records.

    SUMMARY:

    Pursuant to the Privacy Act of 1974, notice is hereby given that the VA is modifying the system of records entitled, “Corporate Travel and Charge Cards—VA” (131VA047). This system is used for operating, auditing and managing the charge card program involving commercial purchases authorized by VA employees. It is an end-to-end travel management service that includes all aspects of official Federal business travel including travel planning, authorization, reservations, ticketing, fulfillment, expense reimbursement and travel management reporting. These records will include permanent change of station moves that have been approved for relocation entitlements. The system serves as a repository that captures all required documentation that would assist with providing instructions to obtain a government passport, visa and country clearance, as applicable, as well as timely approval routing, as outlined in VA travel policy for VA employees traveling in an official capacity to a foreign country.

    DATES:

    Comments on this modified system of records must be received no later than 30 days after date of publication in the Federal Register . If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by VA, the modified system of records will become effective a minimum of 30 days after date of publication in the Federal Register . If VA receives public comments, VA shall review the comments to determine whether any changes to the notice are necessary.

    ADDRESSES:

    Comments may be submitted through www.regulations.gov or mailed to VA Privacy Service, 810 Vermont Avenue NW, (005X6F), Washington, DC 20420. Comments should indicate that they are submitted in response to Corporate Travel and Charge Cards—VA (131VA047). Comments received will be available at www.regulations.gov for public viewing, inspection or copies.

    Start Further Info

    FOR FURTHER INFORMATION CONTACT:

    For Charge Cards: Lori Thomas, Chief Charge Card Service Division, 512–460–5189 or Lori.Thomas2@va.gov.

    For iMove: Adrian Quesada, Division Chief of Permanent Change of Station (PCS) Division, 512–460–5204 or Adrian.Quesada@va.gov. For Temporary Travel: Gary McWilson, Chief, TDY Travel Service Division, 512–460–5111 or Gary.McWilson@

    Start Printed Page 63675

    va.gov. For Foreign Travel Portal (FTP): Jessie Murphy, Division Chief of Travel Logistics and Conference (TLCD) Division, Financial Services Center, Department of Veterans Affairs, 1615 Woodward Street, Austin, TX 78772, 202–461–6294, 202–815–9397 or Jessie.Murphy@va.gov.

    End Further Info End Preamble Start Supplemental Information

    SUPPLEMENTARY INFORMATION:

    VA is modifying the systems of records by revising the following sections: System Name, System Location, Authority for Maintenance of the System, Categories of Individuals Covered by the System, Categories of Records in the System, Record Source Categories, Policies and Practices for Storage of Records, Policies and Practices for Retrieval of Records, Policies and Practices for Retention and Disposal of Records, Record Access Procedures, Contesting Records Procedures and Notification Procedures and History.

    System Name will be removed and now include: “Corporate Travel and Charge Cards—VA”

    The System Location will include: “Records are located at the Financial Services Center in Austin, Texas.”

    Categories of Individuals Covered by the System will include: “The users will cover current and former VA employees and VA employees' spouses and children.”

    The Categories of Records in the System will include: “Employee information to include name, social security number, tax identification number, home address (prior/new), phone numbers (work, home and cell), title, salary information (grade/rank), retirement plan, W–2 tax information and employee email address. Family information will include names of family members (spouse/children), birth dates of family members (spouse, children) and salary information of spouse (if available).

    Policies and Practices for Storage of Records will now include: “Records are maintained electronically on computer storage devices such as servers and cloud storage. The computer storage devices are located at the FSC-Austin; iMove backups will be maintained at a disaster recovery site designated by Microsoft Azure Government. Computer records are maintained in a secure password protected environment.”

    Record Source Categories will now include: “employee submitted information and VA's HRSmart system”.

    Police and Practices for Retrieval of Records will now include: “Records in this system are retrieved by name, social security number or other assigned identifier.”

    Policies and Practices for Retention and Disposal of Records will now include “Records in this system are retained and disposed of in accordance with the schedule approved by the Archivist of the United States, Records Control Schedule 1.1, Item 10.”

    Contesting Records Procedures will now include “Individuals seeking to contest or amend records in this system pertaining to them should contact the system manager in writing as indicated above. A request to contest or amend records must state clearly and concisely what record is being contested, the reasons for contesting it, and the proposed amendment to the record.

    Record Access Procedures will now include: “Individuals seeking information on the existence and content of records in this system pertaining to them should contact the system manager in writing as indicated above. A request for access to records must contain the requester's full name, address, telephone number, be signed by the requester, and describe the records sought in sufficient detail to enable VA personnel to locate them with a reasonable amount of effort.”

    Notification Procedures will now include: “Generalized notice is provided by the publication of this notice. For specific notice, see Record Access Procedure, above.”

    VA is republishing this system of records notice in its entirety.

    Signing Authority

    The Senior Agency Official for Privacy, or designee, approved this document and authorized the undersigned to sign and submit the document to the Office of the Federal Register for publication electronically as an official document of the Department of Veterans Affairs. Kurt D. DelBene, Assistant Secretary for Information and Technology and Chief Information Officer, approved this document on August 7, 2023 for publication.

    Start Signature

    Dated: September 12, 2023.

    Amy L. Rose,

    Government Information Specialist, VA Privacy Service, Office of Compliance, Risk and Remediation, Office of Information and Technology, Department of Veterans Affairs.

    End Signature

    SYSTEM NAME AND NUMBER:

    Corporate Travel and Charge Cards—VA (131VA047).

    SECURITY CLASSIFICATION:

    Unclassified.

    SYSTEM LOCATION:

    Records are located in the Financial Services Center (FSC), Austin, TX.

    iMove: Backup, recovery and archived digital media is stored by Amazon Web Services.

    SYSTEM MANAGER(S):

    For Charge Cards: Lori Thomas, Chief Charge Card Service Division, 512–460–5189 or Lori.Thomas2@va.gov.

    For iMove: Adrian Quesada, Division Chief of Permanent Change of Station (PCS) Division, 512–460–5204 or Adrian.Quesada@va.gov.

    For Temporary Travel: Gary McWilson, Chief, TDY Travel Service Division, 512–460–5111 or Gary.McWilson@va.gov.

    For Foreign Travel Portal: Jessie Murphy, Division Chief of Travel Logistics and Conference (TLCD) Division, Financial Services Center, Department of Veterans Affairs, 1615 Woodward Street, Austin, TX 78772, 202–461–6294, 202–815–9397 or Jessie.Murphy@va.gov.

    AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

    48 CFR 13; 31 U.S.C. 3511; VA Financial Policy, vol. XIV; Federal Acquisition Regulation (FAR) part 13; 48 CFR part 13; and Public Law 93–579 section 7(b).

    PURPOSE(S) OF THE SYSTEM:

    The purposes of this system are operating, auditing and managing the purchase card program involving commercial purchases by authorized VA employees; processing and managing official VA relocation obligations and payments to maintain records on current VA employees who are relocating to another office location within VA and have been approved for relocation entitlements; record relocation disbursements in order to compute and record taxes and W–2s; establish a comprehensive beginning-to-end foreign travel service system containing required information to facilitate issuance of a Government passport, visa, and country clearance, as applicable, while also ensuring the processing and reporting of foreign travel is centralized, auditable and complies with all applicable rules and regulations.

    CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

    Individuals covered by the system are current VA employees who have their own Government assigned charge card, or who have had a charge card. Records cover current and former VA employees and VA employees' spouses and children.

    CATEGORIES OF RECORDS IN THE SYSTEM:

    Records include name, work addresses, work telephone numbers, information needed for identification verification, charge card applications, charge card statements, terms and Start Printed Page 63676 conditions for use of the charge card and monthly reports from contractor(s) showing charges to individual account numbers, balances and other types of account analysis. Records encompass the following employee Information: name; social security number; tax identification number; home address both prior and current; phone numbers including work, home and cell; title; salary information including grade and/or rank; retirement plan; W–2 tax information; and employee email address. Records also encompass the following family information: names of family members including spouses and children; birth dates of family members including spouse and children; and salary information of spouse, if available. This information is entered based on a questionnaire that the employee submits.

    RECORD SOURCE CATEGORIES:

    Record sources include transactional data from the contracting bank, employee submitted information and VA's HRSmart system.

    ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

    1. Congress: To a Member of Congress or staff acting upon the Member's behalf when the Member or staff requests the information on behalf of, and at the request of, the individual who is the subject of the record.

    2. Data breach response and remediation, for VA: To appropriate agencies, entities and persons when (1) VA suspects or has confirmed that there has been a breach of the system of records; (2) VA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, VA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities and persons is reasonably necessary to assist in connection with VA's efforts to respond to the suspected or confirmed breach or to prevent, minimize or remedy such harm involving.

    3. Data breach response and remediation, for another Federal agency: To another Federal agency or Federal entity, when VA determines that the information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs and operations), the Federal Government or national security, resulting from a suspected or confirmed breach.

    4. Law Enforcement: To a Federal, State, local, Territorial, Tribal, or foreign law enforcement authority or other appropriate entity charged with the responsibility of investigating or prosecuting a violation or potential violation of law, whether civil, criminal, or regulatory in nature, or charged with enforcing or implementing such law, provided that the disclosure is limited to information that, either alone or in conjunction with other information, indicates such a violation or potential violation of law. The disclosure of the names and addresses of veterans and their dependents from VA records under this routine use must also comply with the provisions of 38 U.S.C. 5701.

    5. Department of Justice for Litigation or Administrative Proceeding: To the Department of Justice (DoJ), or in a proceeding before a court, adjudicative body or other administrative body before which VA is authorized to appear, when:

    (a) VA or any component thereof;

    (b) Any VA employee in his or her official capacity;

    (c) Any VA employee in his or her individual capacity where DoJ has agreed to represent the employee; or

    (d) The United States, where VA determines that litigation is likely to affect the agency or any of its components is a party to such proceedings or has an interest in such proceedings, and VA determines that use of such records is relevant and necessary to the proceedings.

    6. Contractors: To contractors, grantees, experts, consultants, students and others performing or working on a contract, service, grant, cooperative agreement or other assignment for VA, when reasonably necessary to accomplish an agency function related to the records.

    7. Office of Personnel Management (OPM): To OPM in connection with the application or effect of civil service laws, rules, regulations or OPM guidelines in particular situations.

    8. Equal Employment Opportunity Commission (EEOC): To the EEOC in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or other functions of the Commission as authorized by law.

    9. Federal Labor Relations Authority (FLRA): To the FLRA in connection with the investigation and resolution of allegations of unfair labor practices, the resolution of exceptions to arbitration awards when a question of material fact is raised; matters before the Federal Service Impasses Panel, and the investigation of representation petitions and the conduct or supervision of representation elections.

    10. Merit Systems Protection Board (MSPB): To the MSPB in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by law.

    11. Nation Archives and Records Administration (NARA): To NARA in records management inspections conducted under 44 U.S.C. 2904 and 2906, or other functions authorized by laws and policies governing NARA operations and VA records management responsibilities.

    12. Federal Agencies, Courts, Litigants, for Litigation or Administrative Proceedings: To another Federal agency, court or party in litigation before a court or in an administrative proceeding conducted by a Federal Agency when the government is a party to the judicial or administrative proceeding.

    13. Law Enforcement for Locating Fugitive: To any Federal, State, local, Territorial, Tribal or foreign law enforcement agency in order to identify, locate or report a known fugitive felon, in compliance with 38 U.S.C. 5313B(d).

    14. Office of Management and Budget (OMB): To the OMB for the performance of its statutory responsibilities for evaluating Federal programs.

    15. Treasury, to Report Earnings as Income: To the Department of the Treasury to report calendar year earnings of $600 or more for income tax reporting purposes.

    16. Federal Register , for Rulemaking: To make available for public review comments submitted in response to VA's solicitation of public comments as part of the agency's notice and rulemaking activities under the Administrative Procedure Act (APA), provided that the disclosure is limited to information necessary to comply with the requirements of the APA, if VA determines that release of personally identifiable information, such as an individual's telephone number, is integral to the public's understanding of the comment submitted.

    17. Unions: To officials of labor organizations recognized under 5 U.S.C. 71 provided that the disclosure is limited to information identified in 5 U.S.C. 7114(b)(4) that is relevant and necessary to their duties of exclusive representation concerning personnel Start Printed Page 63677 policies, practices, and matters affecting working conditions.

    POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

    Records are maintained electronically on computer storage devices such as servers and cloud storage. The computer storage devices are located at the FSC-Austin; iMove backups will be maintained at a disaster recovery site designated by Microsoft Azure Government. Computer records are maintained in a secure password protected environment.

    POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

    These records may be retrieved using various combinations of name or charge card number of the individual on whom the records are maintained. Electronic file records are retrieved by name and/or travel authorization number.

    POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

    Records in this system are retained and disposed of in accordance with the schedule approved by the Archivist of the United States, General Records Schedule 1.1, Item number 10.

    ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

    Access to these records is restricted to authorized VA employees or contractors, on a “need to know” basis. Offices where these records are maintained are locked after working hours and are protected from outside access by the Federal Protective Service, other security officers and alarm systems. Access to computerized records is restricted to authorized VA employees or contractors, by means of unique user identification and passwords.

    Security controls used to protect personal sensitive data are commensurate with those required for an information system rated moderate for confidentiality, integrity, and availability, as prescribed in NIST Special Publication, 800–53, “Recommended Security Controls for Federal Information Systems,” Revision 4. Administrative controls include the policies and procedures governing the agency program and systems operated within, background investigations for privileged users, and rules of behavior. Technical controls include role-based, user access controls and data encryption.

    RECORD ACCESS PROCEDURES:

    Individuals seeking information on the existence and content of records in this system pertaining to them should contact the system manager in writing as indicated above. A request for access to records must contain the requester's full name, address, telephone number, be signed by the requester, and describe the records sought in sufficient detail to enable VA personnel to locate them with a reasonable amount of effort.

    CONTESTING RECORD PROCEDURES:

    Individuals seeking to contest or amend records in this system pertaining to them should contact the system manager in writing as indicated above. A request to contest or amend records must state clearly and concisely what record is being contested, the reasons for contesting it, and the proposed amendment to the record.

    NOTIFICATION PROCEDURES:

    Generalized notice is provided by the publication of this notice. For specific notice, see Record Access Procedure, above.

    EXEMPTIONS PROMULGATED FOR THE SYSTEM:

    None.

    HISTORY:

    70 FR 7320 (February 11, 2005); 74 FR 14618 (March 31, 2009); 80 FR 54370 (September 9, 2015); 86 FR 52550 (September 21, 2021).

    End Supplemental Information

    [FR Doc. 2023–20052 Filed 9–14–23; 8:45 am]

    BILLING CODE P