[Federal Register Volume 87, Number 57 (Thursday, March 24, 2022)]
[Notices]
[Pages 16766-16769]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-06209]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF LABOR
[Docket No: DOL-2021-00##]
Privacy Act of 1974; System of Records
AGENCY: Office of Assistant Secretary for Administration and
Management, DOL.
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: As required by the Privacy Act of 1974, and Office of
Management and Budget (OMB) Circular No. A-108, this notice is a new
Privacy Act System of Records titled Contractor and Visitor Public
Health Emergency Records DOL/OASAM-38, which include information on
contractor employees, special government employees and student
volunteers who work in, as well as visitors to, Department of Labor
(DOL) facilities during declared public health emergencies. The system
contains information provided by the contractor's employees including
such information as their applicable vaccination or medical
countermeasure status and whether they are experiencing symptoms
associated with the public health emergency. Each contractor with
employees who will work in DOL facilities (regardless of whether the
contract is with DOL or another Federal agency such as GSA) will be
asked to confirm if its employees have been vaccinated or have received
appropriate medical countermeasures, in addition, the contractor will
be required to ensure that its employees follow the guidelines
specified for working in DOL facilities, for example, to mitigate the
spread of COVID-19, not fully vaccinated employees are required to wear
masks and maintain physical distancing. Visitors to DOL facilities will
also be asked to provide information about their vaccination or medical
countermeasure status and information about whether they are
experiencing any symptoms associated with the public health emergency.
Contractors, special government employees and student volunteers may
also be asked to provide proof of their vaccination status.
DATES:
Comment Dates: We will consider comments that we receive on or
before April 25, 2022.
Applicable date: This notice is applicable upon publication,
subject to a 30-day review and comment period for the routine uses.
ADDRESSES: We invite you to submit comments on this notice. You may
submit comments by any of the following methods:
Federal e-Rulemaking Portal: http://www.regulations.gov.
Follow the instructions for submitting comments.
Mail, hand delivery, or courier: 200 Constitution Avenue
NW, N-1301, Washington, DC. In your comment, specify Docket ID DOL-
2021-00##.
Federal mailbox: https://dol.gov/privacy.
All comments will be made public by DOL and will be posted without
change to http://www.regulations.gov, including any personal
information provided.
FOR FURTHER INFORMATION CONTACT: To submit general questions about the
system, contact Rick Kryger, at telephone 202-693-4158, or email
kryger.rick.j@dol.gov.
SUPPLEMENTARY INFORMATION: DOL is establishing a system of records,
DOL/OASAM-38, subject to the Privacy Act of 1974, 5 U.S.C. 552a. The
purpose of this new system of records is to house information provided
by contractors, subcontractors, their employees, special government
employees, student volunteers, and visitors needed for DOL to take
appropriate actions during a public health emergency. This system
supports DOL's COVID-19 safety protocols as required by Executive Order
13991; Office of Management and Budget (OMB) Memorandums M-21-15 and M-
21-25; COVID-19 Workplace Safety: Agency Model Safety Principles issued
by the Federal Safer Federal Workforce Task Force; and other applicable
law and policy. Federal labor, employment and workforce health and
safety laws that govern the collection, dissemination, and retention of
DOL employees' medical information include the Americans with
Disability Act (ADA), the Rehabilitation Act of 1973 (Rehab Act), and
the Occupational Safety and Health Act of 1970. The Department of
Health and Human Services (HHS) Secretary may, under section 319 of the
Public Health Service (PHS) Act codified at 42 U.S.C. 247d, declare
that: (a) A disease or disorder presents a public health emergency; or
(b) that a public health emergency, including significant outbreaks of
infectious disease or bioterrorist attacks, otherwise exists.
The Occupational Safety and Health Act (OSHA) of 1970, Public Law
91-596, 29 U.S.C. 668, Section 19(a) requires the head of each Federal
agency to establish and maintain an effective and comprehensive
occupational safety and health program and safe and healthful places
and conditions of employment, and to keep adequate records of all
occupational accidents and illnesses for proper evaluation and
necessary corrective action. OSHA also requires that Federal agencies
maintain an injury and illness prevention program, which is a proactive
process designed to reduce injuries, illnesses, and fatalities.
This OASAM-38 notice covers DOL employees and individuals that do
not fall under Title 5 and OPM's personnel recordkeeping authority and
thus are not covered by the OPM/GOVT-10 SORN. Federal civilian employee
medical records are covered by a government-wide Privacy Act SORN
published by the Office of Personnel Management (OPM), OPM/GOVT-10,
Employee Medical File System Records (75 FR 35099, June 21, 2010;
modification published at 80 FR 74815, November 30, 2015). These
Federal employee confidential medical records are managed in accordance
with OPM regulations at 5 CFR part 293, the OPM/GOVT-10 SORN, and its
published routine uses. The OPM/GOVT-10 SORN covers Federal civilians
that are identified under Title 5 U.S.C. chapter 21. The majority of
DOL Federal employees fall under Title 5 and their medical records are
covered by the OPM/GOVT-10 SORN and must be managed in accordance with
that SORN and applicable OPM regulations.
Any collection of records in DOL/OASAM-38 is only permitted during
a time of a public health emergency or similar health and safety
incident. During such an emergency or incident, DOL will only collect
the minimum information necessary to respond to the emergency or
incident, and comply with Federal workforce safety requirements, when
DOL determines that a significant risk of substantial harm exists to
individuals working at or visiting a DOL controlled facility, or
attending a DOL sponsored event in a non-DOL controlled facility. DOL's
responsibilities for ensuring a safe workforce and secure buildings and
workspaces depend on the nature and circumstances of the public health
emergency.
In order to meet requirements for workforce safety during a public
health emergency or similar incident, DOL may collect records that
could include medical countermeasures, such as vaccinations, diagnostic
test results, whether the individual is experiencing relevant symptoms,
and any other information necessary to assist DOL with determining
appropriate mitigation measures to take with respect to contractor
employees, special government employees, student volunteers and
visitors in DOL facilities or in the performance of duties associated
with the Department.
In general, the information will be used to confirm that
contractors, their employees, special government employees, student
volunteers and visitors to DOL facilities are aware of and complying
with requirements necessitated by the public health emergency, such as
those to wear masks and maintain physical distancing while working
onsite or visiting a DOL
facility. For onsite contractor employees, the information will be used
to make decisions such as office space planning and assigning office
space, assigning tasks that require individuals to work in close
physical proximity, as well for operational staffing requirements for
carrying out work in field operations.
DOL may also collect location and dates of potential exposure,
information related to employee requests for reasonable accommodation,
and other information that may be relevant or required for DOL to
comply with Federal guidelines and prevent or slow the spread of the
COVID-19 disease and mitigate health impacts to DOL personnel,
visitors, and other individuals at DOL controlled facilities and
sponsored events.
This notice also adds required breach routine uses to ensure that
the Department can disclose information necessary to respond to a DOL
breach and to assist another agency in responding to a confirmed or
suspected breach, as appropriate, pursuant to OMB M-17-12.
SYSTEM NAME AND NUMBER:
Contractor and Visitor Public Health Emergency Records DOL/OASAM-
38.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The U.S. Department of Labor (DOL) Office of Assistant Secretary
and Administration and Management owns the Contractor and Visitor
Public Health Emergency Records System, which is housed in secure
datacenters in the continental United States. Each DOL agency that has
contractors working in a DOL facility has custody of the records
pertaining to its own contracts. Contact the system manager for
additional information.
SYSTEM MANAGER(S):
Rick Kryger, Deputy Chief Information Officer, Office of the
Assistant Secretary for Administration and Management, U.S. Department
of Labor, 200 Constitution Avenue NW, N-1301, Washington, DC 20210.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
National Emergencies Act (50 U.S.C. 1601-1651); the Robert T.
Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5121,
5192(1)); Section 319 of the Public Health Service (PHS) Act (42 U.S.C.
247d); 5 U.S.C. 301, 7901, 7902, and 7903; the Occupational Safety and
Health Act (29 U.S.C. 668), Executive Order 12196 ``Occupational safety
and health programs for Federal employees''; Workforce Innovation and
Opportunity Act (WIOA) WIOA 159(g) ((29 U.S.C. 3209(g)) and WIOA
147(a)(3)(J) ((29 U.S.C. 3197(a)(3)(J)).
PURPOSE(S) OF THE SYSTEM:
To capture and report health and safety-related information during
public health emergencies. Such reporting will be provided to DOL
contracting officers and other authorized officials in DOL to enable
the agency to use the data from the system to review submissions for
compliance with applicable mitigation requirements, and, in the case of
contractor employees, with contractual terms and conditions for
contracts for which they are responsible.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The Contractor and Visitor Public Health Emergency Records System
contains records related to employees of prime and subcontractors who
are performing work on federal contract awards at any DOL facility, or
in shared operations. An owner, agent, or employee of a prime or
subcontractor may enter or certify information, as applicable.
The Contractor and Visitor Public Health Emergency Records System
will also contain records related to contractors, subcontractors, their
employees, special government employees, student volunteers, visitors,
individuals from outside the DOL workforce on detail to DOL, experts/
consultants, and grantees.
CATEGORIES OF RECORDS IN THE SYSTEM:
The information in the system of records consists of electronic or
hard copy records, including records of vaccination status or other
medical countermeasures (such as diagnostic test results), status of
employees or visitors, and other health and safety information related
to the public health emergency. The information in the system of
records includes the name of the person entering, and as applicable,
certifying, information on behalf of the prime or subcontractor, their
position within the company, phone number, and email address.
Categories of records include, but are not limited to: Name, unique
identifier assigned by the prime or subcontractor, medical
countermeasure (vaccination or diagnostic test) status, symptom
questionnaires and other information relevant and necessary for
mitigation purposes. Optional records that may be required for certain
contracts or in certain geographic areas include: Name, position, work
phone number, email address, DOL facility, lands, or shared operations
at which the employee will be working on-site, and other similar
records related to their official responsibilities.
RECORDS SOURCE CATEGORIES:
Contract employee records are created, reviewed and, as
appropriate, certified by the prime or subcontractor. Records
pertaining to the individual entering and certifying data in the system
may be created by the individual, by a contracting officer, or in the
case of a subcontractor by the prime contractor or another
subcontractor. Visitor records are created, reviewed and, as
appropriate, certified by the appropriate Agency Official receiving the
visitor to the DOL facility.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act of 1974, and all universal routine uses
listed at 81 FR 25765, 25775 (April 29, 2016) and https://www.dol.gov/agencies/sol/privacy/intro, information in this system may disclosed as
follows:
1. The information in this system may be disclosed to state and
local public health officials for purposed related to the public health
emergency, such as contract tracing.
2. To appropriate agencies, entities, and persons when (1) the DOL
suspects or confirms a breach of the System of Records; (2) the DOL
determines as a result of the suspected or confirmed breach there is a
risk of harm to individuals, the DOL (including its information
systems, programs, and operations), the Federal Government, or national
security; and (3) the disclosure made to such agencies, entities, and
persons is reasonably necessary to assist in connection with the DOL's
efforts to respond to the suspected or confirmed breach or to prevent,
minimize, or remedy such harm.
3. To another Federal agency or Federal entity, when the DOL
determines that information from this System of Records is reasonably
necessary to assist the recipient agency or entity in (1) responding to
a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Electronic records in this system of records are stored on security
measure protected (for example, e-authentication, password, restricted
access protocol, etc.) databases, electronically on e-media devices
(computer hard drive, magnetic disc, tape, digital media, CD, DVD,
etc.). Paper copies of records are stored within secured or locked
facilities.
POLICIES AND PRACTICES FOR RETRIEVEAL OF RECORDS:
Records may be retrieved by the individual's name, unique
identifier assigned by the prime or subcontractor, vaccination status,
position, or facility at which the employee will be working on-site.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are maintained in file folders and DOL computer systems at
applicable locations as set out above under the heading ``System
Location.'' System records will be retained and disposed of according
to DOL's records maintenance and disposition schedules as well as any
applicable General Records Schedules.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Records in this system of records are safeguarded in accordance
with applicable rules and policies, including all applicable DOL
automated systems security and access policies. Strict controls have
been imposed to minimize the risk of compromising the information that
is being stored. Access to the computer systems containing the records
in this system of records is limited to those individuals who have a
need to know the information for the performance of their official
duties and who have appropriate clearances or permissions.
Records in the system are protected from unauthorized access and
misuse through a combination of administrative, technical, and physical
security measures. Administrative measures include but are not limited
to policies that limit system access to individuals within an agency
with a legitimate business need, and regular review of security
procedures and best practices to enhance security. Technical measures
include but are not limited to system design that allows prime
contractor and subcontractor employees access only to data for which
they are responsible; role-based access controls that allow government
employees access only to data regarding contracts awarded by their
agency or reporting unit; required use of strong passwords that are
frequently changed; and use of encryption for certain data transfers.
Physical security measures include but are not limited to the use of
data centers which meet government requirements for storage of
sensitive data.
RECORDS ACCESS PROCEDURES:
Prime and subcontractors enter and review their own data in the
system and are responsible for ensuring that those data are correct. If
an individual wishes to access their own data in the system after it
has been submitted, that individual should consult the System Manager.
CONTESTING RECORD PROCEDURES:
Individuals desiring to contest or amend information maintained in
the system should direct their request to the above listed System
Manager and should include the reason for contesting it and the
proposed amendment to the information with supporting information to
show how the record is inaccurate. A request for contesting records
pertaining to an individual should contain:
Name, and
Any other pertinent information to help identify the file.
NOTIFICATION PROCEDURES:
An individual may request information regarding this system of
records or information as to whether the system contains records
pertaining to the individual from the System Manager above.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
Milton Stewart,
Senior Agency Official for Privacy, Office of the Assistant Secretary
for Administration and Management, U.S. Department of Labor.
[FR Doc. 2022-06209 Filed 3-23-22; 8:45 am]
BILLING CODE 4510-04-P
