[Federal Register Volume 89, Number 77 (Friday, April 19, 2024)]
[Notices]
[Pages 28805-28808]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-08383]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF LABOR
Privacy Act of 1974; System of Records
AGENCY: Occupational Safety and Health Administration (OSHA),
Department of Labor.
ACTION: Notice of a modified system of records.
-----------------------------------------------------------------------
SUMMARY: The Privacy Act of 1974 and Office of Management and Budget
(OMB) Circular No. A-108 requires that each agency publish notice of a
new or modified system of records that it maintains. This notice
proposes to modify an existing system of records to add three
additional statutes to the ``Authority'' section of the system, and to
add two new routine uses and revise one routine use for the Department
of Labor (DOL), Occupational Safety and Health Administration (OSHA),
Retaliation Complaint File, DOL/OSHA-1, as well as to make general
updates to provide more detail and clarity regarding OSHA's practices
for disclosing, storing, retaining, and disposing of records in this
system and the technical, physical, and administrative safeguards that
OSHA relies on to protect records in this system from unauthorized
disclosure.
DATES: Comments must be received no later than May 20, 2024. This
modification is effective upon publication of this Notice. If no public
comments are received, the new routine uses will be effective beginning
May 20, 2024. If DOL receives public comments, DOL will review the
comments to determine whether any changes to the notice are necessary.
ADDRESSES: We invite you to submit comments on this notice. You may
submit comments by any of the following methods:
Federal e-Rulemaking Portal: https://www.regulations.gov
or https://www.federalregister.gov. Follow the instructions for
submitting comments.
Mail, Hand Delivery, or Courier: 200 Constitution Avenue
NW, Room N-3653, Washington, DC 20210. In your comment, specify
``Retaliation Complaint File, DOL/OSHA-1.''
All comments will be made public and will be posted without change
to https://www.regulations.gov, including any personal information
provided.
FOR FURTHER INFORMATION CONTACT: To submit general questions about the
system, contact Lee Martin by telephone at 202-693-2199 or by email at
osha.dwpp@dol.gov. Please include ``Retaliation Complaint File, DOL/
OSHA-1'' in the submission.
SUPPLEMENTARY INFORMATION: The Retaliation Complaint File, DOL/OSHA-1
modified system of records includes three additional OSHA statutes and
two new routine uses. The new statutes to be added are: The Taxpayer
First Act (26 U.S.C. 7623(d)); The Criminal Antitrust Anti-Retaliation
Act (15 U.S.C. 7a-3); and The Anti-Money Laundering Act (31 U.S.C.
5323(a)(5), (g) & (j)). DOL is adding routine uses e. and f. regarding
disclosure of records, as needed, to address a suspected breach of
DOL's or another agency's records systems. DOL has also revised routine
use c. to note that disclosure of appropriate, relevant, necessary, and
compatible investigative records may be made to OSHA-approved
occupational safety and health State Plan agencies (State Plans), as
well as Federal agencies, responsible for investigating, prosecuting,
enforcing, or implementing laws related to one or more of the statutes
listed under AUTHORITY FOR MAINTENANCE OF THE SYSTEM where OSHA deems
such disclosure compatible with the purpose for which the records were
collected. Former routine use e. (permitting disclosure of statistical
reports containing aggregated results of program activities and
outcomes to the media, researchers, or other interested parties) is
being re-designated as routine use g. Additionally, DOL is making
general updates to provide more detail and clarity regarding OSHA's
practices for storing, retaining, and disposing of records in this
system and the technical, physical, and administrative safeguards that
OSHA relies on to protect records in this system from unauthorized
disclosure.
SYSTEM NAME AND NUMBER:
Retaliation Complaint File, DOL/OSHA-1.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The system resides in a secure cloud service environment provided
through Amazon Web Services (AWS). Records from the secure cloud
service are accessed by DOL personnel located at the Occupational
Safety and Health Administration (OSHA)'s national, regional, and area
offices. Address information for regional and area offices can be found
at: https://www.osha.gov/contactus/bystate. Pursuant to DOL's
Flexiplace Programs (also known as ``telework'' pursuant to the
Telework Enhancement Act), copies of records may be temporarily located
at alternative worksites, including employees' homes or at
geographically convenient satellite offices for periods of time. All
appropriate safeguards are taken at these sites.
SYSTEM MANAGER(S):
Lee Martin, Director of the Directorate of Whistleblower Protection
Programs, Occupational Safety and Health Administration, U.S.
Department of Labor, 200 Constitution Avenue NW, Room N-3647,
Washington, DC 20210.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
a. The Occupational Safety and Health Act (29 U.S.C. 660(c));
b. The Surface Transportation Assistance Act (49 U.S.C. 31105);
c. The Asbestos Hazard Emergency Response Act (15 U.S.C. 2651);
d. The International Safe Container Act (46 U.S.C. 80507);
e. The Safe Drinking Water Act (42 U.S.C. 300j-9(i));
f. The Federal Water Pollution Control Act (33 U.S.C. 1367);
g. The Toxic Substances Control Act (15 U.S.C. 2622);
h. The Wendell H. Ford Aviation Investment and Reform Act for the
21st Century (49 U.S.C. 42121);
i. The Solid Waste Disposal Act (42 U.S.C. 6971);
j. The Clean Air Act (42 U.S.C. 7622);
k. The Comprehensive Environmental Response, Compensation and
Liability Act of 1980 (42 U.S.C. 9610);
l. The Energy Reorganization Act of 1978 (42 U.S.C. 5851);
m. The Pipeline Safety Improvement Act of 2002 (49 U.S.C. 60129);
n. The Corporate and Criminal Fraud Accountability Act of 2002,
Title VIII of the Sarbanes-Oxley Act of 2002 (18 U.S.C. 1514A);
o. The Federal Railroad Safety Act (49 U.S.C. 20109);
p. The National Transit Systems Security Act (6 U.S.C. 1142);
q. The Consumer Product Safety Improvement Act (15 U.S.C. 2087);
r. The Affordable Care Act (29 U.S.C. 218C);
s. The Consumer Financial Protection Act of 2010 (12 U.S.C. 5567);
t. The Seaman's Protection Act (46 U.S.C. 2114);
u. The FDA Food Safety Modernization Act (21 U.S.C. 399d);
v. The Moving Ahead for Progress in the 21st Century Act (49 U.S.C.
30171);
w. The Taxpayer First Act (26 U.S.C. 7623(d));
x. The Criminal Antitrust Anti-Retaliation Act (15 U.S.C. 7a-3);
and
y. The Anti-Money Laundering Act (31 U.S.C. 5323(a)(5), (g) & (j)).
PURPOSE(S) OF THE SYSTEM:
The records are used to support a determination by OSHA on the
merits of a complaint alleging violation of the employee protection
provisions of one or more of the statutes listed under AUTHORITY FOR
MAINTENANCE OF THE SYSTEM. The records also are used as the basis of
statistical reports on such activity by the system manager, national
office administrators, regional administrators, investigators, and
their supervisors in OSHA. The reports may be released to the public.
The reports do not contain any identifying information and are
generally used for statistical purposes.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals who have filed complaints alleging retaliation against
them by their employers, or by others, for engaging in activities
protected under the various statutes set forth below, popularly
referenced as whistleblower protection statutes are covered by the
system. Complainants may file such claims with OSHA pursuant to the
following statutes: The Occupational Safety and Health Act (29 U.S.C.
660(c)); the Surface Transportation Assistance Act (49 U.S.C. 31105);
the Asbestos Hazard Emergency Response Act (15 U.S.C. 2651); the
International Safe Container Act (46 U.S.C. 80507); the Safe Drinking
Water Act (42 U.S.C. 300j-9(i)); the Federal Water Pollution Control
Act (33 U.S.C. 1367); the Toxic Substances Control Act (15 U.S.C.
2622); the Wendell H. Ford Aviation Investment and Reform Act for the
21st Century (49 U.S.C. 42121); the Solid Waste Disposal Act (42 U.S.C.
6971); the Clean Air Act (42 U.S.C. 7622); the Comprehensive
Environmental Response, Compensation and Liability Act of 1980 (42
U.S.C. 9610); the Energy Reorganization Act of 1978 (42 U.S.C. 5851);
the Pipeline Safety Improvement Act of 2002 (49 U.S.C. 60129); the
Corporate and Criminal Fraud Accountability Act of 2002, Title VIII of
the Sarbanes-Oxley Act of 2002 (18 U.S.C. 1514A); the Federal Railroad
Safety Act (49 U.S.C. 20109); the National Transit Systems Security Act
(6 U.S.C. 1142); the Consumer Product Safety Improvement Act (15 U.S.C.
2087); the Affordable Care Act (29 U.S.C. 218C); the Consumer Financial
Protection Act of 2010 (12 U.S.C. 5567); the Seaman's Protection Act
(46 U.S.C. 2114); the FDA Food Safety Modernization Act (21 U.S.C.
399d); the Moving Ahead for Progress in the 21st Century Act (49 U.S.C.
30171); the Taxpayer First Act (26 U.S.C. 7623(d)); the Criminal
Antitrust Anti-Retaliation Act (15 U.S.C. 7a-3); and the Anti-Money
Laundering Act (31 U.S.C. 5323(a)(5), (g) & (j)).
CATEGORIES OF RECORDS IN THE SYSTEM:
Records in the system include the complainant's name, address,
telephone numbers, occupation, place of employment, and other
identifying data along with the allegation, OSHA forms, and evidence
offered in the allegation's proof. Records in the system also includes
the respondent's name, address, telephone numbers, response to
notification of the complaint, statements, and any other evidence or
background material submitted as evidence. This material includes
records of interviews and other data gathered by the investigator.
RECORD SOURCE CATEGORIES:
Records contained in this system are obtained from individual
complainants who filed allegation(s) of retaliation by employer(s)
against employee(s) or persons who have engaged in protected
activities. OSHA uses the OSHA Online Whistleblower Complaint Form
(OSHA 8-60.1) approved under OMB Control No. 1218-0236 to collect
initial complainant information. Records contained in this system are
also obtained from employers, employees other than an individual
complainant, and other witnesses.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
In addition to the disclosures permitted under 5 U.S.C. 552a(b), as
well as those contained in DOL's Universal Routine Uses of Records,\1\
a record from this system of records may be disclosed as follows:
---------------------------------------------------------------------------
\1\ See https://www.dol.gov/general/privacy under the heading
``System of Records Notices (SORNs).''
---------------------------------------------------------------------------
a. Disclosure of the complaint, as well as the identity of the
complainant, and any interviews, statements, or other information
provided by the complainant, or information about the complainant given
to OSHA, may be made to the respondent, so that the complaint can
proceed to a resolution.
Note: Personal information about other employees that is
contained in the complainant's file, such as statements taken by
OSHA or information for use as comparative data, such as wages,
bonuses, the substance of promotion recommendations, supervisory
assessments of professional conduct and ability, or disciplinary
actions generally may be withheld from the respondent when it could
violate the other employee's privacy rights, cause intimidation or
harassment to the other employee, or impair future investigations by
making it more difficult to collect similar information from other
employees.
b. Disclosure of the respondent's responses to the complaint and
any other evidence it submits may be shared with the complainant so
that the complaint can proceed to a resolution.
c. Disclosure of appropriate, relevant, necessary, and compatible
investigative records may be made to other Federal agencies and State
Plans responsible for investigating, prosecuting, enforcing, or
implementing laws related to the statutes listed under AUTHORITY FOR
MAINTENANCE OF THE SYSTEM where OSHA deems such disclosure compatible
with the purpose for which the records were collected.
d. Disclosure of appropriate, relevant, necessary, and compatible
investigative records may be made to another agency or instrumentality
of any governmental jurisdiction within or under the control of the
United States, for a civil or criminal law enforcement activity, if the
activity is authorized by law, and if that agency or instrumentality
has made a written request to OSHA, specifying the particular portion
desired and the law enforcement activity for which the record is
sought.
e. Disclosure of information contained in this system of records
may be made to appropriate agencies, entities, and persons when (1) DOL
suspects or confirms a breach of the system of records; (2) DOL
determines as a result of the suspected or confirmed breach, there is a
risk of harm to individuals, DOL (including its information systems,
programs, and operations), the Federal Government, or national
security; and (3) the disclosure made to such agencies, entities, and
persons is reasonably necessary to assist in connection with DOL's
efforts to respond to the suspected or confirmed breach or to prevent,
minimize, or remedy such harm.
f. Disclosure of information contained in this system of records
may be made to another Federal agency or Federal entity, when DOL
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (1) responding to
a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
g. Statistical reports containing aggregated results of program
activities and outcomes may be disclosed to the media, researchers, or
other interested parties. Disclosure may be in response to requests
made by telephone, email, fax, or letter, by a mutually convenient
method. Statistical data may also be posted by the system manager on
the OSHA web page.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Electronic records in this system of records are stored on AWS, in
a self-contained system. Limited paper case files may be used on a
temporary basis and kept in locked offices. The system is contained
behind the DOL firewall. Users access the system via their personal
identity verification (PIV) card for internal federal users or through
login.gov for State Plan users.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrieved by complainant's name, respondent's name, or
case number. The system is contained behind the DOL firewall. Users
access the system via their personal identity verification (PIV) card
for internal federal users or through login.gov for State Plan users.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are maintained primarily in the DOL IT system on the AWS
server. Limited paper case files may be maintained at applicable
locations as set out above under the heading SYSTEM LOCATION. System
records are destroyed five years after a case is closed, in accordance
with Records Schedule Number DAA-0100-2018-0002-0009. Paper copies of
case files that are not scanned are retained on-site until the five-
year retention period has been met and then destroyed.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Records in this system are safeguarded in accordance with
applicable rules and policies, including all applicable DOL automated
systems security and access policies. Access to the system containing
the records is limited to those individuals deemed as authorized
personnel. Records in the system are protected from unauthorized access
and misuse through a combination of administrative, technical, and
physical security measures. Administrative measures include policies
that limit system access to individuals within an agency with a
legitimate business need and regular review of security procedures and
best practices to enhance security. Technical measures include system
design that allows individuals within an agency access only to data for
which they are responsible; role-based access controls that allow
individuals access only to data for their agency or reporting unit;
multi-factor authentication to access the system; and use of encryption
for certain data transfers. Physical security measures include the use
of DOL cloud data centers which meet government requirements for
storage of sensitive data.
RECORD ACCESS PROCEDURES:
If an individual wishes to access their own data in the system, the
individual should contact OSHA directly and follow the instructions for
making a Privacy Act Request on DOL's web page at: https://www.dol.gov/general/privacy/instructions. DOL also describes its process for
requesting records under the Privacy Act in regulations at 29 CFR 71.2.
Individuals who need additional assistance may also reach out to DOL's
Privacy Office by email at privacy@dol.gov.
CONTESTING RECORD PROCEDURES:
If an individual wishes to request a correction or amendment of a
record, the individual should direct their request to OSHA directly.
The request must be in writing and must identify:
The name of the individual making the request,
The particular record in question,
The correction or amendment sought,
The justification for the change, and
Any other pertinent information to help identify the file.
Additional information can be found on DOL's web page at: https://www.dol.gov/general/privacy/instructions. DOL also describes its
process for requesting a correction or amendment at 29 CFR 71.9.
Individuals who need additional assistance may also reach out to DOL's
Privacy Office by email at privacy@dol.gov.
NOTIFICATION PROCEDURES:
If an individual wishes to know if a system contains their
information, the individual should contact OSHA directly and follow the
instructions for making a Privacy Act Request on DOL's web page at:
https://www.dol.gov/general/privacy/instructions. DOL also describes
its process for requesting records under the Privacy Act in regulations
at 29 CFR 71.2. Individuals who need additional assistance may also
reach out to DOL's Privacy Office by email at privacy@dol.gov.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
In accordance with 5 U.S.C. 552a(k)(2), investigatory material in
this system of records compiled for law enforcement purposes is exempt
from subsections (c)(3); (d); (e)(1); (e)(4)(G), (H), and (I); and (f)
of 5 U.S.C. 552a.
However, if any individual is denied any right, privilege, or
benefit that the individual would otherwise be entitled to by Federal
law or for which the they would otherwise be eligible, such material
shall be provided. To the extent that the disclosure of such material
would reveal the identity of a source who furnished information to the
Government under an express promise \2\ that the identity of the source
would be held in confidence, DOL will not furnish such records to the
individual.
---------------------------------------------------------------------------
\2\ For sources who furnished information to the Government
prior to January 1, 1975, the standard is an implied promise that
the identity of the source would be held in confidence.
---------------------------------------------------------------------------
HISTORY:
This is a full publication of the modified SORN in its entirety
that replaces the previously published SORN found at 81 FR 25765,
25853-54 (April 29, 2016).
Carolyn Angus-Hornbuckle,
Assistant Secretary for Administration and Management.
[FR Doc. 2024-08383 Filed 4-18-24; 8:45 am]
BILLING CODE 4510-26-P
