[Federal Register Volume 86, Number 75 (Wednesday, April 21, 2021)]
[Notices]
[Pages 20739-20742]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-08273]


-----------------------------------------------------------------------

DEPARTMENT OF JUSTICE

[CPCLO Order No. 001-2021]


Privacy Act of 1974; Systems of Records

AGENCY: Justice Management Division, United States Department of 
Justice.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974 and Office of Management 
and Budget (OMB) Circular No. A-108, notice is hereby given that the 
Justice Management Division, (JMD), a component within the United 
States Department of Justice (DOJ or ``the Department''), proposes to 
develop a new system of records notice titled, ``DOJ Personnel Public 
Health Emergency Records System,'' JUSTICE/JMD-025. JMD proposes to 
establish this system of records to protect the Department's workforce 
and respond to Coronavirus Disease 2019 (COVID-19), a declared public 
health emergency, and other high-consequence public health threats.

DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this notice is 
effective upon publication, subject to a 30-day period in which to 
comment on the routine uses, described below. Please submit any 
comments by May 21, 2021.

ADDRESSES: The public, OMB, and Congress are invited to submit any 
comments by mail to the United States Department of Justice, Office of 
Privacy and Civil Liberties, ATTN: Privacy Analyst, Two Constitution 
Square (2CON), 145 N Street, NE, Suite 8W.300, Washington, DC 20530; by 
facsimile at 202-307-0693; or by email at [email protected]. 
To ensure proper handling, please reference the above CPCLO Order No. 
on your correspondence.

FOR FURTHER INFORMATION CONTACT: Michael H. Allen, Deputy Assistant 
Attorney General, Policy, Management, and Procurement, 950 Pennsylvania 
Avenue NW, Washington, DC 20530-0001, (202) 514-3101.

SUPPLEMENTARY INFORMATION: This system of records covers information 
necessary and relevant to Department activities responding to and 
mitigating COVID-19 and other high-consequence public health threats, 
and diseases or illnesses relating to a public health emergency. Such 
information may include information on Department personnel, including 
employees, interns, and contractors, who have contracted or may have 
been exposed to a suspected or confirmed disease or illness that is the 
subject of a declared public health emergency or who undergo 
preventative testing for, or receive a vaccination to prevent, a 
disease or illness that is the subject of a declared public health 
emergency, in accordance with federal, state, or local public health 
orders. The information collected may include identifying and contact 
information of individuals who have been suspected or confirmed to have 
contracted a disease or illness, or who have been exposed to an 
individual who had been suspected or confirmed to have contracted a 
disease or illness, related to a declared public health emergency; 
individual circumstances and dates of suspected exposure; testing 
results, symptoms, and treatments; vaccination records; health status 
information; and other information necessary and relevant to Department 
activities responding to and mitigating COVID-19 and other high-
consequence public health threats and diseases or illnesses relating to 
a public health emergency. The Department maintains this information to 
understand the impact of an illness or disease on the Department 
workforce, and to assist in reducing the spread of the disease or 
illness among Department personnel. In certain instances, depending on 
the type of record collected and maintained, records maintained in this 
system of records may also be covered by Office of Personnel 
Management/Government-10 Employee Medical File System Records, 75 FR 
35,099 (June 21, 2010). However, JUSTICE/JMD-025 covers additional 
records--specifically records collected in response to COVID-19, a 
high-consequence public health threat, as well as other declared public 
health emergencies.
    When collecting information on Department employees, there are 
several employment laws that govern the collection, dissemination, and 
retention of employee medical information. These employment laws 
include the Americans with Disability Act (ADA), the Rehabilitation Act 
of 1973 (Rehab Act), and the Occupational Safety and Health Act of 1970 
(OSH Act). Generally, under federal employment laws, medical 
information pertaining to employees is confidential and may be obtained 
by an employer only for certain reasons and only at certain points in 
the employment relationship. In response to a high-consequence public 
health threat such as COVID-19, or relating to other public health 
emergencies, an employer may be permitted to collect certain employee 
medical information that it would not otherwise be permitted to 
collect, depending upon the circumstances. This system of records will 
apply if it is determined that the circumstances permit the Department 
to legally collect the employee medical information at issue.
    Further, this system of records notice (SORN) includes a reference 
to the Genetic Information Nondiscrimination Act of 2008 (GINA), 42 
U.S.C. 2000ff to ff-11. Title II of GINA prohibits employment 
discrimination based on genetic information, including family medical 
history; restricts the circumstances under which employers may lawfully 
acquire applicants' and employees' genetic information; and prohibits 
the disclosure of applicants' and employees' genetic information, with 
limited exceptions, including those stated in 42 U.S.C. 2000ff-5(b) and 
29 CFR 1635.9(b). The Department may request the circumstances of an 
individual's suspected or actual exposure to a disease or illness, 
including the source of exposure. Although it is not the intent for the 
Department to collect family medical information, an individual may 
indicate that they were exposed to specific family members who have 
been diagnosed with, or are suspected to have, the disease or illness 
in question. To the extent this information may be acquired 
inadvertently, such information will be kept as a ``confidential 
medical record'' and maintained separately from an employee's general 
medical files,

[[Page 20740]]

pursuant to 42 U.S.C. 2000ff-5(a) and 29 CFR 1635.9(a).
    In accordance with 5 U.S.C. 552a(r), the Department has provided a 
report to OMB and Congress on this new system of records.

    Dated: April 16, 2021.
Peter A. Winn,
Acting Chief Privacy and Civil Liberties Officer,United States 
Department of Justice.

JUSTICE/JMD-025
SYSTEM NAME AND NUMBER:
    DOJ Personnel Public Health Emergency Records System, JUSTICE/JMD-
025.

SECURITY CLASSIFICATION:
    Controlled Unclassified Information.

SYSTEM LOCATION:
    Records may be maintained at all locations at which the Department 
of Justice (DOJ), or contractors on behalf of the Department, operate 
or at which DOJ operations are supported, including the Robert F. 
Kennedy Main Justice Department Building, 950 Pennsylvania Avenue NW, 
Washington, DC 20530-0001.
    Additionally, records may be maintained electronically at one or 
more of the Department's data centers, including, but not limited to, 
one or more of the Department's Core Enterprise Facilities (CEF), 
including, but not limited to, the Department's CEF East, Clarksburg, 
WV 26306, or CEF West, Pocatello, ID 83201. Records within this system 
of records may be transferred to a Department-authorized cloud service 
provider within the Continental United States. Access to these 
electronic records may occur at any location at which the DOJ operates 
or where DOJ Office of the Chief Information Officer (OCIO) operations 
are supported. Some or all of the information in the system may be 
duplicated at other locations where the Department has granted direct 
access to support DOJ operations, system backup, emergency 
preparedness, and/or continuity of operations. To determine the 
location of a particular record maintained in this system of records, 
contact the system manager, whose contact information is listed in the 
``SYSTEM MANAGER(S)'' paragraph, below.

SYSTEM MANAGER(S):
    Michael H. Allen, Deputy Assistant Attorney General, Policy, 
Management and Procurement, 950 Pennsylvania Avenue NW, Washington, DC 
20530-0001, (202) 514-3101.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Workforce safety federal requirements, including the Occupational 
Safety and Health Act of 1970, Executive Order No. 12,196, Occupational 
safety and health programs for Federal employees, 5 U.S.C. 7902; 
federal laws related to a specific public health emergency or high-
consequence public health threat, including, Executive Order No. 
13,994, Ensuring a Data-Driven Response to COVID-19 and Future High-
Consequence Public Health Threats, and federal laws that authorize the 
Attorney General to create and maintain federal records of agency 
activities, including 5 U.S.C. 301 and 44 U.S.C. 3101.

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system is to maintain records necessary and 
relevant to Department activities responding to and mitigating COVID-
19, other high-consequence public health threats, or diseases and 
illnesses relating to a public health emergency. Such records include 
those records needed to understand the impact of an illness or disease 
on the Department workforce, and to assist in protecting the 
Department's workforce from, and responding to, a declared public 
health emergency or other high-consequence public health threats. Among 
other things, DOJ may use the information collected to facilitate the 
provision of vaccines to DOJ personnel, including employees, interns, 
and contractors; to inform individuals who may have been in proximity 
of a person possibly infected with the disease or illness at or on 
buildings, grounds, and properties that are owned, leased, or used by 
the Department; or to confirm which personnel have received 
vaccinations to prevent such disease or illness to spread throughout 
the Department's workforce.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Department personnel, including employees, interns, and 
contractors.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records maintained in this system may include:
    A. Full name, telephone number, worksite, email address, 
supervisor's name, address and contact information and/or the 
contractor's supervisor/contracting officer representative name, 
address and contact information;
    B. Date(s) and circumstances of the individual's suspected or 
actual exposure to disease or illness including symptoms, as well as 
locations within the Department workplace where an individual may have 
contracted or been exposed to the disease or illness;
    C. Other individual information directly related to the disease or 
illness (e.g. testing results/information, symptoms, treatments such as 
vaccines, and source of exposure);
    D. Appointment scheduling information, including the date, time and 
location of a scheduled appointment.
    E. Medical screening information, including the individual's name, 
date of birth, age, category of employment, current medical status, 
vaccination history, and any relevant medical history.
    F. Vaccination records, including the date, type, and dose of 
vaccine administered to the individual.

RECORD SOURCE CATEGORIES:
    Records may be obtained from DOJ personnel and contractors who may 
provide relevant information on a suspected or confirmed disease or 
illness, or the prevention of such disease or illness, which is the 
subject of a declared public health emergency. Information may also be 
sourced from personnel at medical facilities, or from existing systems 
of records, including but not limited to OPM/GOVT-10, Employee Medical 
File System Records, 75 FR 35,099 (June 21, 2010), and modified at 80 
FR 74,815 (Nov. 30, 2015).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b), all or a portion of the records or information contained in 
this system of records may be disclosed as a routine use pursuant to 5 
U.S.C. 552a(b)(3) under the circumstances or for the purposes described 
below, to the extent such disclosures are compatible with the purposes 
for which the information was collected:
    A. To appropriate medical facilities, or federal, state, local, 
tribal, territorial or foreign government agencies, to the extent 
permitted by law, for the purpose of protecting the vital interests of 
individual(s), including to assist the United States Government in 
responding to or mitigating high-consequence public health threats, or 
diseases and illnesses relating to a public health emergency.
    B. Where a record, either alone or in conjunction with other 
information, indicates a violation or potential violation of law--
criminal, civil, or regulatory in nature--the relevant records may be 
referred to the appropriate federal, state, local, territorial, tribal, 
or foreign law

[[Page 20741]]

enforcement authority or other appropriate entity charged with the 
responsibility for investigating or prosecuting such violation or 
charged with enforcing or implementing such law.
    C. In an appropriate proceeding before a court, grand jury, or 
administrative or adjudicative body, when the Department determines 
that the records are arguably relevant to the proceeding; or in an 
appropriate proceeding before an administrative or adjudicative body 
when the adjudicator determines the records to be relevant to the 
proceeding.
    D. To contractors, grantees, experts, consultants, students, and 
others performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for the Federal Government, when 
necessary to accomplish an agency function related to this system of 
records.
    E. To a former employee of the Department for purposes of: 
responding to an official inquiry by a federal, state, or local 
government entity or professional licensing authority, in accordance 
with applicable Department regulations; or facilitating communications 
with a former employee that may be necessary for personnel-related or 
other official purposes where the Department requires information and/
or consultation assistance from the former employee regarding a matter 
within that person's former area of responsibility.
    F. To Federal, state, local, territorial, tribal, foreign, or 
international licensing agencies or associations which require 
information concerning the suitability or eligibility of an individual 
for a license or permit.
    G. To a Member of Congress or staff acting upon the Member's behalf 
when the Member or staff requests the information on behalf of, and at 
the request of, the individual who is the subject of the record.
    H. To the National Archives and Records Administration for purposes 
of records management inspections conducted under the authority of 44 
U.S.C. 2904 and 2906.
    I. To appropriate agencies, entities, and persons when (1) the 
Department suspects or has confirmed that there has been a breach of 
the system of records; (2) the Department has determined that as a 
result of the suspected or confirmed breach there is a risk of harm to 
individuals, the Department (including its information systems, 
programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, and 
persons is reasonably necessary to assist in connection with the 
Department's efforts to respond to the suspected or confirmed breach or 
to prevent, minimize, or remedy such harm.
    J. To another Federal agency or Federal entity, when the Department 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach, or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    K. To any agency, organization, or individual for the purpose of 
performing authorized audit or oversight operations of the Department 
and meeting related reporting requirements.
    L. To such recipients and under such circumstances and procedures 
as are mandated by Federal statute or treaty.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    All records in this system of records are maintained electronically 
and in paper and are in compliance with applicable executive orders, 
statutes, and agency implementing recommendations. Electronic records 
are stored in databases and/or on hard disks, removable storage 
devices, or other electronic media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    The Department will retrieve records by any of the categories of 
records, including name, location, date of vaccination, or work status.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    To the extent applicable, to ensure compliance with Americans with 
Disabilities Act (ADA), the Rehabilitation Act, and the Genetic 
Information Nondiscrimination Act of 2008 (GINA), medical information 
must be ``maintained on separate forms and in separate medical files 
and be treated as a confidential medical record.'' 42 U.S.C. 
12112(d)(3)(B); 42 U.S.C. sec 2000ff-5(a); 29 CFR 1630.14(b)(1), 
(c)(1), (d)(4)(i); and 29 CFR 1635.9(a). This means that medical 
information and documents must be stored separately from other 
personnel records. As such, the Department must keep medical records 
for at least one year from creation date. 29 CFR 1602.14. Further, 
records compiled under this SORN will be maintained in accordance with 
NARA General Records Schedule (GRS) 2.7, Items 010, 070 or 080, and 
NARA records retention schedules DAA-GRS2017-0010-0001, DAA-GRS2017-
0010-0012, and DAA-GRS2017-0010-0013, to the extent applicable.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The Department safeguards records in this system according to 
applicable rules and polices, including all applicable DOJ automated 
systems security and access policies. The Department has imposed strict 
controls to minimize the risk of compromising the information that is 
being stored. Users of individual computers can only gain access to the 
data by a valid user identification and password. Paper records are 
maintained in a secure, access-controlled room, with access limited to 
authorized personnel.

RECORD ACCESS PROCEDURES:
    All requests for access to records must be in writing and should be 
addressed to the Justice Management Division, ATTN: FOIA Contact, 
Department of Justice, Rm. 1111, 950 Pennsylvania Avenue NW, 
Washington, DC 20530-000, phone: 202-514-3101, email: 
[email protected]. The envelope and letter should be clearly marked 
``Privacy Act Access Request.'' The request must describe the records 
sought in sufficient detail to enable Department personnel to locate 
them with a reasonable amount of effort. The request must include a 
general description of the records sought and must include the 
requester's full name, current address, and date and place of birth. 
The request must be signed and either notarized or submitted under 
penalty of perjury. Some information may be exempt from the access 
provisions as described in the ``EXEMPTIONS PROMULGATED FOR THE 
SYSTEM'' paragraph, below. An individual who is the subject of a record 
in this system of records may access those records that are not exempt 
from access. A determination whether a record may be accessed will be 
made at the time a request is received.
    Although no specific form is required, you may obtain forms for 
this purpose from the FOIA/Privacy Act Mail Referral Unit, United 
States Department of Justice, 950 Pennsylvania Avenue NW, Washington, 
DC 20530, or on the Department of Justice website at https://www.justice.gov/oip/oip-request.html.
    More information regarding the Department's procedures for 
accessing records in accordance with the Privacy Act can be found at 28 
CFR part 16 Subpart D, ``Protection of Privacy and Access to Individual 
Records Under the Privacy Act of 1974.''

[[Page 20742]]

CONTESTING RECORD PROCEDURES:
    Individuals seeking to contest or amend records maintained in this 
system of records must direct their requests to the address indicated 
in the ``RECORD ACCESS PROCEDURES'' paragraph, above. All requests to 
contest or amend records must be in writing and the envelope and letter 
should be clearly marked ``Privacy Act Amendment Request.'' All 
requests must state clearly and concisely what record is being 
contested, the reasons for contesting it, and the proposed amendment to 
the record. Some information may be exempt from the amendment 
provisions as described in the ``EXEMPTIONS PROMULGATED FOR THE 
SYSTEM'' paragraph, below. An individual who is the subject of a record 
in this system of records may contest or amend those records that are 
not exempt. A determination of whether a record is exempt from the 
amendment provisions will be made after a request is received.
    More information regarding the Department's procedures for amending 
or contesting records in accordance with the Privacy Act can be found 
at 28 CFR 16.46, ``Requests for Amendment or Correction of Records.''

 NOTIFICATION PROCEDURES:
    Individuals may be notified if a record in this system of records 
pertains to them when the individuals request information utilizing the 
same procedures as those identified in the ``RECORD ACCESS PROCEDURES'' 
paragraph, above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

[FR Doc. 2021-08273 Filed 4-20-21; 8:45 am]
BILLING CODE 4410-NW-P