OSHA requirements are set by statute, standards and regulations. Our interpretation letters explain these requirements and how they apply to particular circumstances, but they cannot create additional employer obligations. This letter constitutes OSHA's interpretation of the requirements discussed. Note that our enforcement guidance may be affected by changes to OSHA rules. Also, from time to time we update our guidance in response to new information. To keep apprised of such developments, you can consult OSHA's website at https://www.osha.gov.

April 16, 1999

Mr. Shawn T. Christon
Schauer & Associates, Inc.
3808 West Elm Street
Suite 100
P.O. Box 090678
Milwaukee, WI 53209-0678

Dear Mr. Christon:

This is in response to your letter of July 8, 1998, inquiring as to whether 29 CFR 1926.1101(n)(2)(ii)(F) in the Construction Industry Asbestos standard promulgated by the Occupational Safety and Health Administration (OSHA) conflicts with the Privacy Act, 5 U.S.C. 552a (1994), (hereinafter "the Privacy Act"). We apologize for the long delay in our response to you. After careful consideration, OSHA believes that there is no conflict. Employers must continue to use Social Security numbers pursuant to 29 CFR 1926.1101(n)(2)(ii)(F).

According to 29 CFR 1926.1101(n)(2)(ii)(F), employers who do asbestos-related work must keep records "of all measurements taken to monitor employee exposure to asbestos." In relevant part, these records are to include the Social Security numbers of those employees whose exposures are represented therein.

Your concern relates to Public Law No. 93-579, 7.5 U.S.C. 552a (Note). This section, which was originally part of the Privacy Act, but was not codified, provides, in relevant part, that "[i]t shall be unlawful for any Federal, State or local government agency to deny to any individual any right, benefit, or privilege provided by law because of such individual's refusal to disclose his Social Security account number."

In order to be protected by this statutory section, an individual must meet the following conditions: first, the individual must have refused to disclose his Social Security number, and, second, a government agency must deny a "right, benefit or privilege provided by law" as a result of that refusal. There is no "right, benefit, or privilege" at issue here. Rather, employers are under a legal obligation to include employee Social Security numbers as part of their employee asbestos exposure record keeping procedures.

OSHA has an important reason for requiring the Social Security numbers: many employees have identical or similar names; identifying employees solely by name makes it difficult to determine to which employee a particular records pertains. The present system avoids this problem because Social Security numbers are unique to the individual.

OSHA does not intend for its rules to endanger employee privacy and, although we have stated that the Privacy Act does not apply, employers are required to grant full access to the complete exposure records to only the following individuals or entities: employees and their designated representatives, the National Institute for Occupational Safety and Health (NIOSH), and OSHA. If the employer provides other parties access to the exposure records, the Social Security numbers may be expunged from the records prior to allowing access. Therefore, the unaltered records are not "public" records; the risk is avoided that employee Social Security numbers will be revealed to the "public."

I hope this answers your questions regarding the Privacy Act and the use of Social Security numbers as required by 29 CFR 1926.1101(n)(2)(ii)(F). We appreciate the opportunity to clarify this matter for you. If you have further questions, please feel free to contact Mr. Gail Brinkerhoff in OSHA's Office of Health Compliance Assistance at (202) 693-2142.

Sincerely,

Richard E. Fairfax
Director
Directorate of Compliance Programs