[Federal Register Volume 86, Number 190 (Tuesday, October 5, 2021)]
[Notices]
[Pages 55005-55007]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-21679]


-----------------------------------------------------------------------

DEPARTMENT OF LABOR

[Docket No: DOL-2021-00##]


Privacy Act of 1974; System of Records

AGENCY: Office of Assistant Secretary for Administration and 
Management, DOL.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974, and Office of 
Management and Budget (OMB) Circular No. A-108, this notice is a new 
Privacy Act System of Records titled Contractor and Visitor Public 
Health Emergency Records DOL/OASAM-38, which include information on 
contractor employees who work in, as well as visitors to, Department of 
Labor (DOL) facilities during declared public health emergencies. The 
system contains information provided by the contractor's employees 
including such information as their applicable vaccination or medical 
countermeasure status and whether they are experiencing symptoms 
associated with the public health emergency. Each contractor with 
employees who will work in DOL facilities (regardless of whether the 
contract is with DOL or another Federal agency such as GSA) will be 
asked to confirm if its employees have been vaccinated or have received 
appropriate medical countermeasures, in addition, the contractor will 
be required to ensure that its employees follow the guidelines 
specified for working in DOL facilities, for example, to mitigate the 
spread of COVID-19, not fully vaccinated employees are required to wear 
masks and maintain physical distancing. Visitors to DOL facilities will 
also be asked to provide information about their vaccination or medical 
countermeasure status and may be asked to provide proof of their status 
and information about whether they are experiencing any symptoms 
associated with the public health emergency.

DATES: 
    Comment Dates: We will consider comments that we receive on or 
before November 4, 2021.
    Applicable date: This notice is applicable upon publication, 
subject to a 30-day review and comment period for the routine uses.

ADDRESSES: We invite you to submit comments on this notice. You may 
submit comments by any of the following methods:
     Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Mail, hand delivery, or courier: 200 Constitution Avenue 
NW, N-1301, Washington, DC. In your comment, specify Docket ID DOL-
2021-00##.
     Federal mailbox: https://dol.gov/privacy.
    All comments will be made public by DOL and will be posted without 
change to http://www.regulations.gov, including any personal 
information provided.

FOR FURTHER INFORMATION CONTACT: To submit general questions about the 
system, contact Rick Kryger, at telephone 292-693-4158, or email 
[email protected].

SUPPLEMENTARY INFORMATION: DOL is establishing a system of records, 
DOL/OASAM-38, subject to the Privacy Act of 1974, 5 U.S.C. 552a. The 
purpose of this new system of records is to house information provided 
by contractors, subcontractors, their employees, and visitors needed 
for DOL to take appropriate actions during a public health emergency. 
The information collected includes medical countermeasures, such as 
vaccinations, diagnostic test results, whether the individual is 
experiencing relevant symptoms, and any other information necessary to 
assist DOL with determining appropriate mitigation measures to take 
with respect to contractor employees and visitors in DOL facilities or 
in the performance of duties associated with the Department.
    In general, the information will be used to confirm that 
contractors, their employees, and visitors to DOL facilities are aware 
of and complying with requirements necessitated by the public

[[Page 55006]]

health emergency, such as those to wear masks and maintain physical 
distancing while working onsite or visiting a DOL facility. For onsite 
contractor employees, the information will be used to make decisions 
such as office space planning and assigning office space, assigning 
tasks that require individuals to work in close physical proximity, as 
well for operational staffing requirements for carrying out work in 
field operations.

Privacy Act

    As required by the Privacy Act (specifically 5 U.S.C. 552a(r)) and 
implemented by the Office of Management and Budget (OMB) Circular A-
108, DOL has provided a report of this system of records to the Office 
of Information and Regulatory Affairs, Office of Management and Budget; 
the Chairman, Committee on Government Reform and Oversight, House of 
Representatives; and the Chairman, Committee on Governmental Affairs, 
United States Senate.

SYSTEM NAME AND NUMBER:
    Contractor and Visitor Public Health Emergency Records DOL/OASAM-
38.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The U.S. Department of Labor (DOL) Office of Assistant Secretary 
and Administration and Management owns the Contractor and Visitor 
Public Health Emergency Records System, which is housed in secure 
datacenters in the continental United States. Each DOL agency that has 
contractors working in a DOL facility has custody of the records 
pertaining to its own contracts. Contact the system manager for 
additional information.

SYSTEM MANAGER(S):
    Rick Kryger, Deputy Chief Information Officer, Office of the 
Assistant Secretary for Administration and Management, U.S. Department 
of Labor, 200 Constitution Avenue NW, N-1301, Washington, DC 20210.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    National Emergencies Act (50 U.S.C. 1601-1651); the Robert T. 
Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5121, 
5192(1)); 5 U.S.C. 301, 7901, 7902, and 7903; the Occupational Safety 
and Health Act (29 U.S.C. 668), Executive Order 12,196 ``Occupational 
safety and health programs for Federal employees;'' Workforce 
Innovation and Opportunity Act (WIOA) WIOA 159(g) ((29 U.S.C. 3209(g)) 
and WIOA 147(a)(3)(J) ((29 U.S.C. 3197(a)(3)(J)).

PURPOSE(S) OF THE SYSTEM:
    To capture and report health and safety-related information during 
public health emergencies. Such reporting will be provided to DOL 
contracting officers and other authorized officials in DOL to enable 
the agency to use the data from the system to review submissions for 
compliance with applicable mitigation requirements, and, in the case of 
contractor employees, with contractual terms and conditions for 
contracts for which they are responsible.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The Contractor and Visitor Public Health Emergency Records System 
contains records related to employees of prime and subcontractors who 
are performing work on federal contract awards at any DOL facility, or 
in shared operations. An owner, agent, or employee of a prime or 
subcontractor may enter or certify information, as applicable.
    The Contractor and Visitor Public Health Emergency Records System 
may also contain records related to visitors to DOL facilities, such 
as, but not limited to, volunteers, individuals from outside the DOL 
workforce on detail to DOL, experts/consultants, and grantees.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The information in the system of records consists of electronic or 
hard copy records, including records of vaccination status or other 
medical countermeasures (such as diagnostic test results), status of 
employees or visitors, and other health and safety information related 
to the public health emergency. The information in the system of 
records includes the name of the person entering, and as applicable, 
certifying, information on behalf of the prime or subcontractor, their 
position within the company, phone number, and email address. 
Categories of records include, but are not limited to: Name, unique 
identifier assigned by the prime or subcontractor, medical 
countermeasure (vaccination or diagnostic test) status, symptom 
questionnaires and other information relevant and necessary for 
mitigation purposes. Optional records that may be required for certain 
contracts or in certain geographic areas include: name, position, work 
phone number, email address, DOL facility, lands, or shared operations 
at which the employee will be working on-site, and other similar 
records related to their official responsibilities.

RECORDS SOURCE CATEGORIES:
    Contract employee records are created, reviewed and, as 
appropriate, certified by the prime or subcontractor. Records 
pertaining to the individual entering and certifying data in the system 
may be created by the individual, by a contracting officer, or in the 
case of a subcontractor by the prime contractor or another 
subcontractor. Visitor records are created, reviewed and, as 
appropriate, certified by the appropriate Agency Official receiving the 
visitor to the DOL facility.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those universal routine uses previously published 
and listed at https://www.dol.gov/agencies/sol/privacy/intro, 
information in this system may be disclosed to state and local public 
health officials for purposed related to the public health emergency, 
such as contract tracing.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Electronic records in this system of records are stored on security 
measure protected (for example, e-authentication, password, restricted 
access protocol, etc.) databases, electronically on e-media devices 
(computer hard drive, magnetic disc, tape, digital media, CD, DVD, 
etc.). Paper copies of records are stored within secured or locked 
facilities.

POLICIES AND PRACTICES FOR RETRIEVEAL OF RECORDS:
    Records may be retrieved by the individual's name, unique 
identifier assigned by the prime or subcontractor, vaccination status, 
position, or facility at which the employee will be working on-site.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained in file folders and DOL computer systems at 
applicable locations as set out above under the heading ``System 
Location.'' System records will be retained and disposed of according 
to DOL's records maintenance and disposition schedules as well as any 
applicable General Records Schedules.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records in this system of records are safeguarded in accordance 
with applicable rules and policies, including all applicable DOL 
automated systems security and access policies. Strict controls have 
been imposed to minimize the risk of compromising the

[[Page 55007]]

information that is being stored. Access to the computer systems 
containing the records in this system of records is limited to those 
individuals who have a need to know the information for the performance 
of their official duties and who have appropriate clearances or 
permissions.
    Records in the system are protected from unauthorized access and 
misuse through a combination of administrative, technical, and physical 
security measures. Administrative measures include but are not limited 
to policies that limit system access to individuals within an agency 
with a legitimate business need, and regular review of security 
procedures and best practices to enhance security. Technical measures 
include but are not limited to system design that allows prime 
contractor and subcontractor employees access only to data for which 
they are responsible; role-based access controls that allow government 
employees access only to data regarding contracts awarded by their 
agency or reporting unit; required use of strong passwords that are 
frequently changed; and use of encryption for certain data transfers. 
Physical security measures include but are not limited to the use of 
data centers which meet government requirements for storage of 
sensitive data.

RECORDS ACCESS PROCEDURES:
    Prime and subcontractors enter and review their own data in the 
system and are responsible for ensuring that those data are correct. If 
an individual wishes to access their own data in the system after it 
has been submitted, that individual should consult the System Manager.

CONTESTING RECORD PROCEDURES:
    Individuals desiring to contest or amend information maintained in 
the system should direct their request to the above listed System 
Manager and should include the reason for contesting it and the 
proposed amendment to the information with supporting information to 
show how the record is inaccurate. A request for contesting records 
pertaining to an individual should contain:
     Name, and
     Any other pertinent information to help identify the file.

NOTIFICATION PROCEDURES:
    An individual may request information regarding this system of 
records or information as to whether the system contains records 
pertaining to the individual from the System Manager above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

Milton Stewart,
Senior Agency Official for Privacy, Office of the Assistant Secretary 
for Administration and Management, U.S. Department of Labor.
[FR Doc. 2021-21679 Filed 10-4-21; 8:45 am]
BILLING CODE 4510-04-P