[Federal Register Volume 86, Number 214 (Tuesday, November 9, 2021)]
[Notices]
[Pages 62142-62144]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-24402]


-----------------------------------------------------------------------

DEPARTMENT OF AGRICULTURE


Privacy Act of 1974; System of Records

AGENCY: Office of Secretary, USDA.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974, and Office of 
Management and Budget (OMB) Circular No. A-108, this notice is a new 
Privacy Act System of Records titled USDA/OSEC-02 Contractor and 
Visitor Public Health Emergency Records, which include information on 
contractor employees who work in, as well as visitors to, Department of 
Agriculture (USDA) facilities during declared public health 
emergencies. The system contains information provided by the 
contractor's employees including such information as their applicable 
vaccination or medical countermeasure status and whether they are 
experiencing symptoms associated with the public health emergency. Each 
contractor with employees who will work in USDA facilities (regardless 
of whether the contract is with USDA or another Federal agency) will be 
asked to confirm if its employees have been vaccinated or have received 
appropriate medical countermeasures, in addition, the contractor will 
be required to ensure that its employees follow the guidelines 
specified for working in USDA facilities, for example, to mitigate the 
spread of COVID-19, not fully vaccinated employees are required to wear 
masks and maintain physical distancing. Visitors to USDA facilities 
will also be asked to provide information about their vaccination or 
medical countermeasure status and may be asked to provide proof of 
their status and information about whether they are experiencing any 
symptoms associated with the public health emergency.

DATES: This notice is applicable upon publication, subject to a 30-day 
review and comment period for the routine uses. We will consider 
comments received on or before November 29, 2021.

ADDRESSES: The public, OMB, and Congress are invited to submit any 
comments by mail to the United States Department of Agriculture, 
Privacy Office, ATTN: Privacy Analyst, 1400 Independence Ave. SW, 
Washington, DC 20250; by telephone at 202-384-5026; or by email at 
SM.OCIO.CIO.UsdaPrivacy

FOR FURTHER INFORMATION CONTACT: Sullie Coleman, Chief Privacy Officer, 
1400 Independence Ave. SW, Washington, DC 20250, 202-604-0467.

SUPPLEMENTARY INFORMATION: USDA is establishing a system of records, 
USDA/OSEC-02, subject to the Privacy Act of 1974, 5 U.S.C. 552a. The 
purpose of this new system of records is to house information provided 
by contractors, subcontractors, their employees, and visitors needed 
for USDA to take appropriate actions during a public health emergency. 
The information collected includes medical countermeasures, such as 
vaccinations, diagnostic test results, whether the individual is 
experiencing relevant symptoms, and any other information necessary to 
assist USDA with determining appropriate mitigation measures to take 
with respect to contractor employees and visitors in USDA facilities or 
in the performance of duties associated with the Department. In 
general, the information will be used to confirm that contractors, 
their employees, and visitors to USDA facilities are aware of and 
complying with requirements necessitated by the public health 
emergency, such as those to wear masks and maintain physical distancing 
while working onsite or visiting a USDA facility. For onsite contractor 
employees, the information will be used to make decisions such as 
office space planning and assigning office space, assigning tasks that 
require individuals to work in close physical proximity, as well for 
operational staffing requirements for carrying out work in field 
operations.
    As required by the Privacy Act (specifically 5 U.S.C. 552a(r)) and 
implemented by the Office of Management and Budget (OMB) Circular A108, 
USDA has provided a report of this system of records to the Office of 
Information and Regulatory Affairs, Office of Management and Budget; 
the Chairman, Committee on Government Reform and Oversight, House of 
Representatives; and the Chairman, Committee on Governmental Affairs, 
United States Senate.

SYSTEM NAME AND NUMBER:
    USDA/OSEC-02 Contractor and Visitor Public Health Emergency Records

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Micro-Soft (MS) 365 Multi-Tenant (MT) provides Exchange and 
SharePoint Access for USDA/OSEC-02 Contractor and Visitor Public Health 
Emergency Records. Tenant locations are defaulted to Geo based on the 
country. In the United States, these records may be maintained 
electronically at one or more of Microsoft Data Centers, including, but 
not limited to, Boydton, Virginia, and Cheyenne, Wyoming. The agency, 
U.S. Department of Agriculture, address is 1400 Independence Ave. SW,

[[Page 62143]]

Washington, DC 20250 and the address of the third-party service 
provider is Microsoft, 1 Microsoft Way, Redmond, Washington 98052-6399.

SYSTEM MANAGER(S):
    Contact information of the agency official who is responsible for 
this system is USDA OCIO-CEC MS 365 Program Manager, 2312 E Bannister 
Road, Mail Stop 9198, Kansas City, MO 64114, 816-926-6860.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    National Emergencies Act (50 U.S.C. 1601-1651); the Robert T. 
Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5121, 
5192(1)); 5 U.S.C. 301, 7901, 7902, and 7903; the Occupational Safety 
and Health Act (29 U.S.C. 668), Executive Order 12196, Occupational 
safety, and health programs for Federal employees; Executive Order 
14042, Ensuring Adequate COVID Safety Protocols for Federal 
Contractors; Workforce Innovation and Opportunity Act (WIOA) WIOA 
159(g) ((29 U.S.C. 3209(g)) and WIOA 147(a)(3)(J) ((29 U.S.C. 
3197(a)(3)(J)).

PURPOSE(S) OF THE SYSTEM:
    To capture and report health and safety-related information during 
public health emergencies. Such reporting will be provided to USDA 
contracting officers and other authorized officials in USDA to enable 
the agency to use the data from the system to review submissions for 
compliance with applicable mitigation requirements, and, in the case of 
contractor employees, with contractual terms and conditions for 
contracts for which they are responsible.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    USDA/OSEC-02 Contractor and Visitor Public Health Emergency Records 
System contains records related to employees of prime and 
subcontractors who are performing work on federal contract awards at 
any USDA facility, or in shared operations. An owner, agent, or 
employee of a prime or subcontractor may enter or certify information, 
as applicable.
    USDA/OSEC-02 Contractor and Visitor Public Health Emergency Records 
System may also contain records related to visitors to USDA facilities, 
such as, but not limited to, volunteers, individuals from outside the 
USDA workforce on detail to USDA, experts/consultants, and grantees.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The information in the system of records consists of electronic 
records, including records of vaccination status or other medical 
countermeasures (such as diagnostic test results), status of employees 
or visitors, and other health and safety information related to the 
public health emergency. The information in the system of records 
includes the name of the person entering, and as applicable, 
certifying, information on behalf of the prime or subcontractor, their 
position within the company, phone number, and email address.
    Categories of records include, but are not limited to: Name, unique 
identifier assigned by the prime or subcontractor, medical 
countermeasure (vaccination or diagnostic test) status, symptom 
questionnaires and other information relevant and necessary for 
mitigation purposes. Optional records that may be required for certain 
contracts or in certain geographic areas include: Name, position, work 
phone number, email address, USDA facility, lands, or shared operations 
at which the employee will be working on-site, and other similar 
records related to their official responsibilities.

RECORD SOURCE CATEGORIES:
    Contract employee records are created, reviewed and, as 
appropriate, certified by the prime or subcontractor. Records 
pertaining to the individual entering and certifying data in the system 
may be created by the individual, by a contracting officer, or in the 
case of a subcontractor by the prime contractor or another 
subcontractor. Visitor records are created, reviewed and, as 
appropriate, certified by the appropriate Agency Official receiving the 
visitor to the USDA facility.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b), all or a portion of the records or information contained in 
this system of records may be disclosed as a routine use pursuant to 5 
U.S.C. 552a(b)(3) under the circumstances or for the purposes described 
below, to the extent such disclosures are compatible with the purposes 
for which the information was collected:
    A. To appropriate medical facilities, or federal, state, local, 
tribal, territorial, or foreign government agencies, to the extent 
permitted by law, for the purpose of protecting the vital interests of 
individual(s), including to assist the United States Government in 
responding to or mitigating high consequence public health threats, or 
diseases and illnesses relating to a public health emergency.
    B. Where a record, either alone or in conjunction with other 
information, indicates a violation or potential violation of law--
criminal, civil, or regulatory in nature--the relevant records may be 
referred to the appropriate federal, state, local, territorial, tribal, 
or foreign law enforcement authority or other appropriate entity 
charged with the responsibility for investigating or prosecuting such 
violation or charged with enforcing or implementing such law.
    C. In an appropriate proceeding before a court, grand jury, or 
administrative or adjudicative body, when the Department determines 
that the records are arguably relevant to the proceeding; or in an 
appropriate proceeding before an administrative or adjudicative body 
when the adjudicator determines the records to be relevant to the 
proceeding.
    D. To contractors, grantees, experts, consultants, students, and 
others performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for the Federal Government, when 
necessary to accomplish an agency function related to this system of 
records.
    E. To a former employee of the Department for purposes of: 
Responding to an official inquiry by a federal, state, or local 
government entity or professional licensing authority, in accordance 
with applicable Department regulations; or facilitating communications 
with a former employee that may be necessary for personnel-related or 
other official purposes where the Department requires information and/
or consultation assistance from the former employee regarding a matter 
within that person's former area of responsibility.
    F. To Federal, state, local, territorial, tribal, foreign, or 
international licensing agencies or associations which require 
information concerning the suitability or eligibility of an individual 
for a license or permit.
    G. To a Member of Congress or staff acting upon the Member's behalf 
when the Member or staff requests the information on behalf of, and at 
the request of, the individual who is the subject of the record.
    H. To the National Archives and Records Administration for purposes 
of records management inspections conducted under the authority of 44 
U.S.C. 2904 and 2906.
    I. To appropriate agencies, entities, and persons when

[[Page 62144]]

    (1) the Department suspects or has confirmed that there has been a 
breach of the system of records;
    (2) the Department has determined that as a result of the suspected 
or confirmed breach there is a risk of harm to individuals, the 
Department (including its information systems, programs, and 
operations), the Federal Government, or national security; and
    (3) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with the Department's 
efforts to respond to the suspected or confirmed breach or to prevent, 
minimize, or remedy such harm.
    J. To another Federal agency or Federal entity, when the Department 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in
    (1) responding to a suspected or confirmed breach, or
    (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    K. To any agency, organization, or individual for the purpose of 
performing authorized audit or oversight operations of the Department 
and meeting related reporting requirements.
    L. To such recipients and under such circumstances and procedures 
as are mandated by Federal statute or treaty.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    All records in this system of records are maintained electronically 
and in paper and are in compliance with applicable executive orders, 
statutes, and agency implementing recommendations. Electronic records 
are stored in databases and/or on hard disks, removable storage 
devices, or other electronic media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    The Department will retrieve records by the individual's name, 
unique identifier assigned by the prime or subcontractor, vaccination 
status, position, or facility at which the employee will be working on-
site.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    To the extent applicable, to ensure compliance with Americans with 
Disabilities Act (ADA) and the Rehabilitation Act, medical information 
must be ``maintained on separate forms and in separate medical files 
and be treated as a confidential medical record.'' 42 U.S.C. 
12112(d)(3)(B). This means that medical information and documents must 
be stored separately from other personnel records. As such, the 
Department must keep medical records for at least one year from 
creation date. 29 CFR 1602.14. Further, records compiled under this 
SORN will be maintained in accordance with NARA General Records 
Schedule (GRS) 2.7, Items 010, 070 or 080, and NARA records retention 
schedules DAA- GRS2017-0010-0001, DAA-GRS2017-0010-0012, and DAA-
GRS2017-0010-0013, to the extent applicable.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The Department safeguards records in this system according to 
applicable rules and polices, including all applicable USDA automated 
systems security and access policies. The Department has imposed strict 
controls to minimize the risk of compromising the information that is 
being stored. Users of individual computers can only gain access to the 
data by a valid user identification and password. Paper records are 
maintained in a secure, access-controlled room, with access limited to 
authorized personnel.

RECORD ACCESS PROCEDURES:
    All requests for access to records must be in writing and should be 
addressed to the USDA Departmental FOIA Office, ATTN: Departmental FOIA 
Officer, 1400 Independence Avenue SW South Building, Room 4104, 
Washington, DC 20250-0706, Email: usda.gov">USDAFOIA@ocio.usda.gov. The envelope 
and letter should be clearly marked ``Privacy Act Access Request.'' The 
request must describe the records sought in sufficient detail to enable 
Department personnel to locate them with a reasonable amount of effort. 
The request must include a general description of the records sought 
and must include the requester's full name, current address, and date 
and place of birth. The request must be signed and either notarized or 
submitted under penalty of perjury. Additional details on procedures 
for access under the Privacy Act can be found in USDA Department 
Regulation 3515-002 Privacy Policy and Compliance for Personally 
Identifiable Information (PII) or at Privacy Policy and Compliance for 
Personally Identifiable Information (PII) (usda.gov).

CONTESTING RECORD PROCEDURES:
    Individuals seeking to contest or amend records maintained in this 
system of records must direct their requests to the address indicated 
in the ``RECORD ACCESS PROCEDURES'' paragraph, above. All requests to 
contest or amend records must be in writing and the envelope and letter 
should be clearly marked ``Privacy Act Amendment Request.'' All 
requests must state clearly and concisely what record is being 
contested, the reasons for contesting it, and the proposed amendment to 
the record. Additional details on procedures for contesting or amending 
records under the Privacy Act can be found in USDA Department 
Regulation 3515-002 Privacy Policy and Compliance for Personally 
Identifiable Information (PII) or at Privacy Policy and Compliance for 
Personally Identifiable Information (PII) (usda.gov).

NOTIFICATION PROCEDURES:
    Individuals may be notified if a record in this system of records 
pertains to them when the individuals request information utilizing the 
same procedures as those identified in the ``RECORD ACCESS PROCEDURES'' 
paragraph, above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

Sullie Coleman,
Chief Privacy Officer, United States Department of Agriculture.
[FR Doc. 2021-24402 Filed 11-8-21; 8:45 am]
BILLING CODE 3410-90-P