[Federal Register Volume 86, Number 218 (Tuesday, November 16, 2021)]
[Notices]
[Pages 63384-63386]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-24894]


=======================================================================
-----------------------------------------------------------------------

FEDERAL DEPOSIT INSURANCE CORPORATION


Privacy Act of 1974; System of Records

AGENCY: Federal Deposit Insurance Corporation (FDIC).

ACTION: Notice of New System of Records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as 
amended, the FDIC is establishing FDIC-036 Ensuring Workplace Health 
and Safety in Response to a Public Health Emergency. This system of 
records maintains information collected in response to a public health 
emergency, such as a pandemic or epidemic, from FDIC personnel 
(including political appointees, onboarding employees, employees, 
detailees, contractors, consultants, interns, and volunteers), and 
visitors to FDIC facilities.

DATES: This action will become effective on November 16, 2021 The 
routine uses in this action will become effective on December 16, 2021 
unless the FDIC makes changes based on comments received. Written 
comments should be submitted on or before December 16, 2021.

ADDRESSES: Interested parties are invited to submit written comments 
identified by Privacy Act Systems of Records by any of the following 
methods:
     Federal eRulemaking Portal: http://regulations.gov. Follow 
the instructions for submitting comments.
     Agency website: https://www.fdic.gov/resources/regulations/federal-register-publications/. Follow the instructions for 
submitting comments on the FDIC website.
     Email: [email protected].
     Mail: Shannon Dahn, Chief, Privacy Program, Federal 
Deposit Insurance Corporation, 550 17th Street NW, Washington, DC 
20429.
     Hand Delivery: Comments may be hand-delivered to the guard 
station at the rear of the 17th Street NW building (located on F 
Street), on business days between 7:00 a.m. and 5:00 p.m.

FOR FURTHER INFORMATION CONTACT: Shannon Dahn, Chief, Privacy Program, 
703-516-5500, [email protected].

SUPPLEMENTARY INFORMATION: Pursuant to the Privacy Act, 5 U.S.C. 552a, 
FDIC is establishing a new system of records, FDIC-036 Ensuring 
Workplace Health and Safety in Response to a Public Health Emergency. 
FDIC is committed to providing all FDIC personnel with a safe and 
healthy work environment. When the Secretary of Health and

[[Page 63385]]

Human Services declares a public health emergency under Section 319 of 
the Public Health Act, FDIC may develop and institute additional safety 
measures to protect the workforce and those individuals entering FDIC 
facilities. These measures may include instituting activities such as 
requiring FDIC personnel and visitors to provide information before 
being allowed access to a FDIC facility, medical screening, and contact 
tracing. FDIC personnel may also need to provide information before 
being authorized to travel.FDIC will collect and maintain information 
in accordance with the Americans with Disabilities Act of 1990 and 
regulations and guidance published by the U.S. Occupational Safety and 
Health Administration, the U.S. Equal Employment Opportunity 
Commission, and the U.S. Centers for Disease Control and Prevention.

SYSTEM NAME AND NUMBER:
    Ensuring Workplace Health and Safety in Response to a Public Health 
Emergency, FDIC-036.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Records are maintained at FDIC facilities in Arlington, Virginia 
and regional offices. Original and duplicate systems may exist, in 
whole or in part, at secure sites and on secure servers maintained by 
third-party service providers for the FDIC.

SYSTEM MANAGER(S):
    Special Advisor to FDIC's Chief Operating Officer, 3501 Fairfax 
Drive, Arlington, VA 22226, [email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Sections 9, 11, and 12 of the Federal Deposit Insurance Act (12 
U.S.C. 1819, 1821, and 1822); American with Disabilities Act, including 
42 U.S.C. 12112(d)(3)(B), 29 CFR 1630.2(r), 1630.14(b), (c), (d)(4); 
Title VII of the Civil Rights Act, 42 U.S.C. 2000e; 29 U.S.C. 791; 
Workforce safety federal requirements, including the Occupational 
Safety and Health Act of 1970, 5 U.S.C. 7902; 29 U.S.C. Chapter 15 
(e.g., 29 U.S.C. 668), 29 CFR part 1904, 29 CFR 1910.1020, and 29 CFR 
1960.66; Executive Order 13164; Executive Order 12196; Executive Order 
on Requiring Coronavirus Disease 2019 Vaccination for Federal Employees 
dated September 9, 2021; Executive Order 14042, Ensuring Adequate COVID 
Safety Protocols for Federal Contractors.

PURPOSE(S) OF THE SYSTEM:
    The information in the system is collected to assist the FDIC with 
maintaining a safe and healthy workplace and respond to a public health 
emergency (as defined by the U.S. Department of Health and Human 
Services and declared by its Secretary), such as a pandemic or 
epidemic. These measures may include instituting activities such as 
requiring FDIC personnel to provide information before being allowed 
access to a FDIC facility, medical screening, contact tracing, to 
provide information before being authorized to travel, and to comply 
with applicable mandates related to a public health emergency. These 
measures may also include requiring visitor information to determine 
whether to admit an individual to an FDIC facility and to conduct 
contract tracing when necessary for those who have visited.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by this system include FDIC personnel 
(including political appointees, onboarding employees, employees, 
detailees, contractors, consultants, interns, and volunteers) and 
visitors to a FDIC facility during a public health emergency, such as a 
pandemic or epidemic. FDIC may also maintain information on FDIC 
personnel's emergency contacts.

CATEGORIES OF RECORDS IN THE SYSTEM:
    FDIC personnel information may include:
     Name;
     Contact information (e.g., email address, phone number);
     Recent travel history;
     Whether they provide dependent care for an individual in a 
high-risk category;
     Health information, including:
    [cir] Body temperature,
    [cir] Confirmation of pathogen or communicable disease test,
    [cir] Test results,
    [cir] Dates, symptoms, potential or actual exposure to a pathogen 
or communicable disease,
    [cir] Immunization or vaccination information, and
    [cir] Information to support a request for exemption from a 
vaccination (e.g., medical diagnosis or religious beliefs);
     Contact tracing information, including:
    [cir] Dates when they visited the FDIC facility,
    [cir] Locations that they visited within the facility (e.g., office 
and cubicle number),
    [cir] Duration of time spent in the facility, and
    [cir] Whether they may have potentially come into contact with a 
contagious person while visiting the facility.
    Information about visitors to FDIC facilities may include:
     Name;
     Contact information;
     Recent travel history;
     Health information, including:
    [cir] Body temperature,
    [cir] Confirmation of pathogen or communicable disease test,
    [cir] Test results,
    [cir] Dates, symptoms, potential or actual exposure to a pathogen 
or communicable disease, and
    [cir] Attestation of vaccine status;
     Contact tracing information, including:
    [cir] Dates when they visited the FDIC facility,
    [cir] Locations that they visited within the facility (e.g., office 
and cubicle number),
    [cir] Duration of time spent in the facility, and
    [cir] Whether they may have potentially come into contact with a 
contagious person while visiting the facility.
    Information about emergency contacts may include:
     Name,
     Phone number, and
     Email addresses.

RECORD SOURCE CATEGORIES:
    The information in this system is collected in part directly from 
the individual or from the individual's emergency contact. Information 
is also collected from security systems monitoring access to FDIC 
facilities, such as video surveillance and turnstiles, human resources 
systems, emergency notification systems, and federal, state, and local 
agencies assisting with the response to a public health emergency. 
Information may also be collected from property management companies 
responsible for managing office buildings that house FDIC facilities.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside the FDIC 
as a routine use as follows:
    (1) To appropriate Federal, State, local and foreign authorities 
responsible for investigating or prosecuting a violation of, or for 
enforcing or implementing a statute, rule, regulation, or order issued, 
when the information indicates a

[[Page 63386]]

violation or potential violation of law, whether civil, criminal, or 
regulatory in nature, and whether arising by general statute or 
particular program statute, or by regulation, rule, or order issued 
pursuant thereto;
    (2) To a court, magistrate, or other administrative body in the 
course of presenting evidence, including disclosures to counsel or 
witnesses in the course of civil discovery, litigation, or settlement 
negotiations or in connection with criminal proceedings, when the FDIC 
is a party to the proceeding or has a significant interest in the 
proceeding, to the extent that the information is determined to be 
relevant and necessary;
    (3) To a congressional office in response to an inquiry made by the 
congressional office at the request of the individual who is the 
subject of the record;
    (4) To appropriate agencies, entities, and persons when (a) the 
FDIC suspects or has confirmed that there has been a breach of the 
system of records; (b) the FDIC has determined that as a result of the 
suspected or confirmed breach there is a risk of harm to individuals, 
the FDIC (including its information systems, programs, and operations), 
the Federal Government, or national security; the FDIC and (c) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with the FDIC's efforts to respond to 
the suspected or confirmed breach or to prevent, minimize, or remedy 
such harm;
    (5) To another Federal agency or Federal entity, when the FDIC 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (a) responding to 
a suspected or confirmed breach or (b) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach;
    (6) To contractors, grantees, volunteers, and others performing or 
working on a contract, service, grant, cooperative agreement, or 
project for the FDIC, the Office of Inspector General for the purpose 
of assisting FDIC respond to a public health emergency;
    (7) To a Federal, State, or local agency to the extent necessary to 
comply with laws governing reporting of infectious disease; and
    (8) To the FDIC personnel member's emergency contact for purposes 
of locating a personnel member during a public health emergency or to 
communicate that the FDIC personnel member may have potentially been 
exposed to a virus as the result of a pandemic or epidemic while 
visiting a FDIC facility.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored in electronic media and in paper format within 
individual file folders.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Electronic media and paper format are indexed and retrieved by 
employee name, employee identification number, office location, or 
office/division name.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    FDIC is in the process of creating a new records schedule for 
declared public health emergencies. FDIC maintains emergency contact 
information until superseded or obsolete, or upon separation or 
transfer of employee.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Electronic records are password-protected and accessible only by 
authorized personnel. Paper records are maintained in lockable file 
cabinets accessible only to authorized personnel.

RECORD ACCESS PROCEDURES:
    Individuals wishing to request access to records about them in this 
system of records must submit their request in writing to the FDIC FOIA 
& Privacy Act Group, 550 17th Street NW, Washington, DC 20429, or email 
[email protected]. Requests must include full name, address, and 
verification of identity in accordance with FDIC regulations at 12 CFR 
part 310.

CONTESTING RECORD PROCEDURES:
    Individuals wishing to contest or request an amendment to their 
records in this system of records must submit their request in writing 
to the FDIC FOIA & Privacy Act Group, 550 17th Street NW, Washington, 
DC 20429, or email [email protected]. Requests must specify the 
information being contested, the reasons for contesting it, and the 
proposed amendment to such information in accordance with FDIC 
regulations at 12 CFR part 310.

NOTIFICATION PROCEDURES:
    Individuals wishing to know whether this system contains 
information about them must submit their request in writing to the FDIC 
FOIA & Privacy Act Group, 550 17th Street NW, Washington, DC 20429, or 
email [email protected]. Requests must include full name, address, and 
verification of identity in accordance with FDIC regulations at 12 CFR 
part 310.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

Federal Deposit Insurance Corporation.

    Dated at Washington, DC, on November 9, 2021.
James P. Sheesley,
Assistant Executive Secretary.
[FR Doc. 2021-24894 Filed 11-15-21; 8:45 am]
BILLING CODE 6714-01-P