Privacy Act of 1974; System of Records

Download PDF
Federal RegisterAug 1, 2017
82 Fed. Reg. 35872 (Aug. 1, 2017)

AGENCY:

Department of Veterans Affairs.

ACTION:

Notice of amendment to system of records—Department of Veterans Affairs Federal Docket Management System Commenter Information (VAFDMS—Commenter Info)—(140VA00REG).

SUMMARY:

Pursuant to the provisions of the Privacy Act, notice is hereby given that the Department of Veterans Affairs (VA) is amending the system of records currently entitled, “Department of Veterans Affairs Federal Docket Management System (VAFDMS—Commenter Info)—(140VA02REG)” as set forth in the Federal Register on March 3, 2015. VA is amending the system name, clarifying storage location, and updating the address for notification and record access procedures. VA is republishing the system notice in its entirety.

DATES:

Comments on the amendment of this system of records must be received no later than August 31, 2017. If no public comment is received, the new system will become effective August 31, 2017.

ADDRESSES:

Written comments concerning the modified system of records may be submitted through www.Regulations.gov ; by mail or hand-delivery to the Director, Regulations Management (00REG), Department of Veterans Affairs, 810 Vermont Avenue NW., Room 1068, Washington, DC 20420; or by fax to (202) 273-9026. (This is not a toll-free telephone number.) Comments should indicate that they are submitted in response to the amendment of “Department of Veterans Affairs Federal Docket Management System (VAFDMS)—(140VA00REG).” Copies of comments received will be available for public inspection in the Office of Regulation Policy and Management, Room 1063B, between the hours of 8 a.m. and 4:30 p.m., Monday through Friday (except holidays). Please call (202) 461-4902 for an appointment. (This is not a toll-free telephone number.) In addition, comments may be viewed online at www.Regulations.gov .

FOR FURTHER INFORMATION CONTACT:

Jeffrey M. Martin, Privacy Officer, Office of Regulation Policy and Management (00REG), Office of the General Counsel, Department of Veterans Affairs, 810 Vermont Avenue NW., Washington, DC 20420, (202) 461-4902.

SUPPLEMENTARY INFORMATION:

A Notice of Establishment of New System of Records was published in the Federal Register on February 9, 2007 (72 FR 6315), and amended on March 25, 2008 (73 FR 15856) and further amended on March 3, 2015 (80 FR 11525).

I. Description of the System of Records

The Department of Veterans Affairs Federal Docket Management System (VAFDMS) serves as a central, electronic repository for VA rulemaking and non-rulemaking dockets including Federal Register rules, notices, supporting materials such as scientific and economic analyses, and public comments. The portion of VAFDMS information that comes under the Privacy Act is personal identifying information (name and contact address/email address). This information permits VA to identify individuals who have submitted comments in response to VA rulemaking documents or notices so that communications or other actions, as appropriate and necessary, can be effected, such as clarification of the comment, direct response to a comment, and other activities associated with the rulemaking or notice process. Identification is possible only if the individual voluntarily provides identifying information when submitting a comment. If such information is not furnished, the submitted comments and/or supporting documentation cannot be linked to an individual.

00REG's Management will review each incoming public submission and determine whether it is a public comment under the Administrative Procedure Act (APA) or a non-comment (which may include comments relating only to personal issues outside the scope of the rulemaking, comments from VA employees in accordance with the guidance below, and comments that were received by VA after the due date stated in the proposed rule (late comments).

The Office of Regulation Policy and Management's longstanding policy provides in part that it will not consider comments from VA employees as public comments unless they were submitted on their off-duty time in a private (vs employment) capacity. Thus, comments that include a VA email and/or mailing address as part of the contact information are not treated as public comments. In addition, comments that indicate that they are made in a VA employee's official capacity are not treated as public comments. Even though these comments will not be treated as public comments, they will be provided to the VA program office for consideration.

On the other hand, a comment from a VA employee that does not purport to be a comment given in an official VA capacity or to provide an official VA view, and that does not give a VA email or mailing address as part of the contact information, will be treated as a public comment, although it provides factual information relating to the commenter's VA employment.

VAFDMS permits members of the public to search posted public comments received by name of the individual submitting the comment on the www.Regulations.gov Web site. All the contents of posted comments are searchable. Unless the individual submits the comment anonymously, a name search will result in the comment being displayed for view. If the comment is submitted electronically using www.Regulations.gov , the viewed comment will not include the name of the submitter or any other identifying information about the individual except the information that the submitter has opted to include as part of his or her general comment. If a comment is submitted in writing, the information scanned and uploaded into VAFDMS will contain the submitter's name, unless the individual submits the comment anonymously. All comments received will become a matter of public record and will be posted without change to www.regulations.gov including any personal information provided. Comments submitted on behalf of organizations in writing that have to be scanned and uploaded into VAFDMS will not be redacted.

II. Amendments to System Name

VA is renaming the system of records to reflect the categories of individuals on whom information is maintained. Thus “Department of Veterans Affairs Federal Docket Management System (VAFDMS)—(140VA02REG)” is renamed as, “Department of Veterans Affairs Federal Docket Management System Commenter Information (VAFDMS—Commenter Info)—(140VA00REG)”.

III. Amendment to Storage

VA is providing greater detail as to where records are stored.

IV. Update to the Address for Notification and Record Access Procedures

VA is correcting the mailbox for the office in the address for notification and record access procedures from 02REG to 00REG.

The notice of intent to publish an advance copy of the system notice has been sent to the appropriate Congressional Committees and to the Director of the Office of Management and Budget (OMB), as required by 5 U.S.C. 552a(r) (Privacy Act), as amended, and guidelines issued by OMB published at 65 FR 77677 on December 12, 2000.

Signing Authority

The Secretary of Veterans Affairs, or designee, approved this document and authorized the undersigned to sign and submit the document to the Office of the Federal Register for publication electronically as an official document of the Department of Veterans Affairs. Gina S. Farrisee, Deputy Chief of Staff, Department of Veterans Affairs, approved this document on June 23, 2017 for publication.

Dated: July 26, 2017.

Kathleen M. Manwell,

Program Analyst, VA Privacy Service, Office of Privacy Information and Identity Protection, Department of Veterans Affairs.

140VA00REG

SYSTEM NAME:

Department of Veterans Affairs Federal Docket Management System Commenter Information (VAFDMS—Commenter Info).

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Primary location: Electronic records are kept at the U.S. Environmental Protection Agency, Research Triangle Park, NC 27711-0001. Secondary location: Duplicate electronic records are kept at Department of Veterans Affairs, 810 Vermont Avenue NW., Washington, DC 20420.

SYSTEM MANAGER(S) AND ADDRESSES:

Jeffrey M. Martin, Privacy Officer, Office of Regulation Policy and Management (00REG), Department of Veterans Affairs, 810 Vermont Ave. NW., Washington, DC 20420; telephone (202) 461-4902.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

44 U.S.C. 3501, Note; Sec. 206(d), Public Law 107-347; 5 U.S.C. 301, 552, 552a, and 553.

PURPOSE:

To permit the Department of Veterans Affairs (VA) to identify individuals who have submitted comments in response to VA rulemaking documents or notices, so that communications or other actions, as appropriate and necessary, can be effected, such as to seek clarification of the comment, to directly respond to a comment, and for other activities associated with the rulemaking or notice process.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals who voluntarily provide personal contact information when submitting a public comment and/or supporting materials in response to a Department of Veterans Affairs rulemaking document or notice.

CATEGORIES OF RECORDS IN THE SYSTEM:

Full name, postal address, email address, phone and fax numbers of the individual submitting comments, the name of the organization or individual that the individual represents (if any), and the comments, as well as other supporting documentation, furnished by the individual. Comments may include personal information about the commenter.

RECORD SOURCE CATEGORIES:

Individuals; public or private organizations.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PUROSES OF SUCH USES:

1. Congress: VA may disclose information from the record of an individual in response to an inquiry from the congressional office made at the request of that individual.

VA must be able to provide information about individuals to adequately respond to inquiries from Members of Congress at the request of constituents who have sought their assistance.

2. Data breach response and remedial efforts: VA may, on its own initiative, disclose information from this system to appropriate agencies, entities, and persons when (1) VA suspects or has confirmed that the integrity or confidentiality of information in the system of records has been compromised; (2) the Department has determined that as a result of the suspected or confirmed compromise there is a risk of embarrassment or harm to the reputations of the record subjects, harm to economic or property interests, identity theft or fraud, or harm to the security, confidentiality, or integrity of this system or other systems or programs (whether maintained by the Department or another agency or entity) that rely upon the potentially compromised information; and (3) the disclosure is to agencies, entities, or persons whom VA determines are reasonably necessary to assist or carry out the Department's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. This routine use permits disclosures by the Department to respond to a suspected or confirmed data breach, including the conduct of any risk analysis or provision of credit protection services as provided in 38 U.S.C. 5724.

a. Effective Response. A federal agency's ability to respond quickly and effectively in the event of a breach of federal data is critical to its efforts to prevent or minimize any consequent harm. An effective response necessitates disclosure of information regarding the breach to those individuals affected by it, as well as to persons and entities in a position to cooperate, either by assisting in notification to affected individuals or playing a role in preventing or minimizing harms from the breach.

b. Disclosure of Information. Often, the information to be disclosed to such persons and entities is maintained by federal agencies and is subject to the Privacy Act (5 U.S.C. 552a). The Privacy Act prohibits the disclosure of any record in a system of records by any means of communication to any person or agency absent the written consent of the subject individual, unless the disclosure falls within one of twelve statutory exceptions. In order to ensure an agency is in the best position to respond in a timely and effective manner, in accordance with 5 U.S.C. 552a(b)(3) of the Privacy Act, agencies should publish a routine use for appropriate systems specifically applying to the disclosure of information in connection with response and remedial efforts in the event of a data breach.

3. Data breach response and remedial efforts with another Federal agency VA may, on its own initiative, disclose information from this system to another Federal agency or Federal entity, when VA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

4. Law Enforcement: VA may, on its own initiative, disclose information in this system, except the names and home addresses of veterans and their dependents, which is relevant to a suspected or reasonably imminent violation of law, whether civil, criminal or regulatory in nature and whether arising by general or program statute or by regulation, rule or order issued pursuant thereto, to a Federal, state, local, tribal, or foreign agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule or order. On its own initiative, VA may also disclose the names and addresses of veterans and their dependents to a Federal agency charged with the responsibility of investigating or prosecuting civil, criminal or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, rule or order issued pursuant thereto.

VA must be able to provide on its own initiative information that pertains to a violation of laws to law enforcement authorities in order for them to investigate and enforce those laws. Under 38 U.S.C. 5701(a) and (f), VA may disclose the names and addresses of veterans and their dependents to Federal entities with law enforcement responsibilities. This is distinct from the authority to disclose records in response to a qualifying request from a law enforcement entity, as authorized by Privacy Act subsection 5 U.S.C. 552a(b)(7).

5. Litigation: VA may disclose information from this system of records to the Department of Justice (DoJ), either on VA's initiative or in response to DoJ's request for the information, after either VA or DoJ determines that such information is relevant to DoJ's representation of the United States or any of its components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that release of the records to the DoJ is a use of the information contained in the records that is compatible with the purpose for which VA collected the records. VA, on its own initiative, may disclose records in this system of records in legal proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information contained in the records that is compatible with the purpose for which VA collected the records.

To determine whether to disclose records under this routine use, VA will comply with the guidance promulgated by the Office of Management and Budget in a May 24, 1985, memorandum entitled “Privacy Act Guidance—Update,” currently posted at http://www.whitehouse.gov/omb/inforeg/guidance1985.pdf.

VA must be able to provide information to DoJ in litigation where the United States or any of its components is involved or has an interest. A determination would be made in each instance that under the circumstances involved, the purpose is compatible with the purpose for which VA collected the information. This routine use is distinct from the authority to disclose records in response to a court order under subsection (b)(11) of the Privacy Act, 5 U.S.C. 552(b)(11), or any other provision of subsection (b), in accordance with the court's analysis in Doe v. DiGenova, 779 F.2d 74, 78-85 (D.C. Cir. 1985) and Doe v. Stephens, 851 F.2d 1457, 1465-67 (D.C. Cir. 1988).

6. Contractors: VA may disclose information from this system of records to individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to perform such services as VA may deem practicable for the purposes of laws administered by VA, in order for the contractor, subcontractor, public or private agency, or other entity or individual with whom VA has a contract or agreement to perform services under the contract or agreement.

This routine use includes disclosures by an individual or entity performing services for VA to any secondary entity or individual to perform an activity that is necessary for individuals, organizations, private or public agencies, or other entities or individuals with whom VA has a contract or agreement to provide the service to VA.

This routine use, which also applies to agreements that do not qualify as contracts defined by Federal procurement laws and regulations, is consistent with OMB guidance in OMB Circular A-130, App. I, paragraph 5a(1)(b) that agencies promulgate routine uses to address disclosure of Privacy Act-protected information to contractors in order to perform the services contracts for the agency.

7. Equal Employment Opportunity Commission (EEOC): VA may disclose information from this system to the EEOC when requested in connection with investigations of alleged or possible discriminatory practices, examination of Federal affirmative employment programs, or other functions of the Commission as authorized by law or regulation.

VA must be able to provide information to EEOC to assist it in fulfilling its duties to protect employees' rights, as required by statute and regulation.

8. Federal Labor Relations Authority (FLRA): VA may disclose information from this system to the FLRA, including its General Counsel, information related to the establishment of jurisdiction, investigation, and resolution of allegations of unfair labor practices, or in connection with the resolution of exceptions to arbitration awards when a question of material fact is raised; for it to address matters properly before the Federal Services Impasses Panel, investigate representation petitions, and conduct or supervise representation elections.

VA must be able to provide information to FLRA to comply with the statutory mandate under which it operates.

9. Merit Systems Protection Board (MSPB): VA may disclose information from this system to the MSPB, or the Office of the Special Counsel, when requested in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and such other functions promulgated in 5 U.S.C. 1205 and 1206, or as authorized by law.

VA must be able to provide information to MSPB to assist it in fulfilling its duties as required by statute and regulation.

10. National Archives and Records Administration (NARA) and General Services Administration (GSA): VA may disclose information from this system to NARA and GSA in records management inspections conducted under title 44, U.S.C.

NARA is responsible for archiving old records which are no longer actively used but may be appropriate for preservation, and for the physical maintenance of the Federal government's records. VA must be able to provide the records to NARA in order to determine the proper disposition of such records.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are maintained electronically. See System Location.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are retrieved by various data elements and key word searches, among which are by: Name, Agency, Docket Type, Docket Sub-Type, Agency Docket ID, Docket Title, Docket Category, Document Type, CFR Part, Date Comment Received, and Federal Register Published Date.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records will be maintained and disposed of, in accordance with records disposition authority, approved by the Archivist of the United States.

PHYSICAL, PROCEDURAL, AND ADMINISTRATIVE SAFEGUARDS:

Electronic records are maintained in a secure, password protected, electronic system that utilizes security hardware and software to include: multiple firewalls, active intruder detection, and role-based access controls. Access to electronic records is limited to those officials who require the records to perform their official duties consistent with the purpose for which the information was collected. All personnel whose official duties require access to the information are trained in the proper safeguarding and use of the information.

RECORD ACCESS PROCEDURES:

Individuals seeking to access or contest the contents of records, about themselves, contained in this System of Records should address a written request, including full name, address and telephone number to the Office of Regulation Policy and Management (00REG), Department of Veterans Affairs, 810 Vermont Ave. NW., Washington, DC 20420.

CONTESTING RECORD PROCEDURE:

See Record Access Procedure above.

NOTIFICATION PROCEDURES:

Individuals seeking to determine whether this System of Records contains information about them should address written inquiries to the Office of Regulation Policy and Management (00REG), Department of Veterans Affairs, 810 Vermont Ave. NW., Washington, DC 20420. Requests should contain the full name, address and telephone number of the individual making the inquiry.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

There are no exemptions being claimed for this system.

HISTORY:

A Notice of Establishment of New System of Records was published in the Federal Register on February 9, 2007 (72 FR 6315), and amended on March 25, 2008 (73 FR 15856) and further amended on March 3, 2015 (80 FR 11525).

[FR Doc. 2017-16083 Filed 7-31-17; 8:45 am]

BILLING CODE 8320-01-P