[Federal Register Volume 87, Number 19 (Friday, January 28, 2022)]
[Notices]
[Pages 4668-4671]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-01799]


-----------------------------------------------------------------------

PENSION BENEFIT GUARANTY CORPORATION


Privacy Act of 1974; Systems of Records

AGENCY: Pension Benefit Guaranty Corporation.

ACTION: Notice of new systems of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974 the Pension Benefit 
Guaranty Corporation (PBGC) is proposing to establish two new systems 
of records: (1) PBGC-27: Ensuring Workplace Health and Safety in 
Response to a Public Health Emergency; and (2) PBGC-28: Physical 
Security and Facility Access. PBGC-27 will maintain information 
collected to assist PBGC with maintaining a safe and healthy workplace 
and to protect PBGC staff working on-site from risks associated with a 
public health emergency (as defined by the U.S. Department of Health 
and Human Services and declared by its Secretary), such as a pandemic 
or epidemic. PBGC-28 will maintain information collected while 
providing visitor, employee, and government contractor access control; 
physical and operational security; and video surveillance for PBGC 
facilities.

DATES: The new systems of records described herein will become 
effective February 28, 2022, without further notice, unless comments 
result in a contrary determination and a notice is published to that 
effect. Comments must be received on or before February 28, 2022 to be 
assured of consideration.

ADDRESSES: You may submit written comments to PBGC by any of the 
following methods:
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the website instructions for submitting comments.
     Email: [email protected]. Refer to SORN in the subject 
line.
     Mail or Hand Delivery: Regulatory Affairs Division, Office 
of the General Counsel, Pension Benefit Guaranty Corporation, 1200 K 
Street NW, Washington, DC 20005.
    Commenters are strongly encouraged to submit public comments 
electronically. PBGC expects to have limited personnel available to 
process public comments that are submitted on paper through mail. Until 
further notice, any comments submitted on paper will be considered to 
the extent practicable.
    All submissions must include the agency's name (Pension Benefit 
Guaranty Corporation, or PBGC) and reference this notice. Comments 
received will be posted without change to PBGC's website, http://www.pbgc.gov, including any personal information provided. Do not 
submit comments that include any personally identifiable information or 
confidential business information. Copies of comments may also be 
obtained by writing to Disclosure Division, Office of the General 
Counsel, Pension Benefit Guaranty Corporation, 1200 K Street NW, 
Washington, DC 20005, or calling 202-326-4040 during normal business 
hours. (TTY users may call the Federal relay service toll-free at 1-
800-877-8339 and ask to be connected to 202-326-4040.)

FOR FURTHER INFORMATION CONTACT: Shawn Hartley, Chief Privacy Officer, 
Pension Benefit Guaranty Corporation, Office of the General Counsel, 
1200 K Street NW, Washington, DC 20005, 202-229-6321. For access to any 
of PBGC's systems of records, contact D. Camilla Perry, Disclosure 
Officer, Office of the General Counsel, Disclosure Division, 1200 K 
Street NW, Washington, DC 20005, or by calling 202-229-4040, or go to 
https://www.pbgc.gov/about/policies/pg/privacy-at-pbgc/system-of-records-notices.

SUPPLEMENTARY INFORMATION: PBGC is proposing to establish two new 
Systems of Records:

(1) PBGC-27: Ensuring Workplace Health and Safety in Response to a 
Public Health Emergency

    PBGC is proposing to establish a new system of records titled 
``Ensuring Workplace Health and Safety in Response to a Public Health 
Emergency.'' The purpose of this system is to assist PBGC with 
maintaining a safe and healthy workplace and to protect PBGC staff 
working on-site from risks associated with a public health emergency 
(as defined by the U.S. Department of Health and Human Services and 
declared by its Secretary), such as a pandemic or epidemic. This system 
maintains information collected about PBGC staff and visitors accessing 
PBGC facilities during a public health emergency, including a pandemic 
or epidemic. It maintains biographical information collected about PBGC 
staff and visitors.

(2) PBGC-28: Physical Security and Facility Access

    PBGC is proposing to establish a new system of records titled 
``Physical Security and Facility Access.'' The purpose of this system 
is to maintain information to allow PBGC to provide for its facilities: 
Control of access by visitors, employees, and government contractors; 
physical and operational security; and video surveillance. This system 
can also be used to maintain information from issuing temporary 
facility access for employees and contractors who are not in possession 
of their Personal Identity Verification (PIV) card or office key.
    Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to 
submit

[[Page 4669]]

written comments on this proposed new notice. A report has been sent to 
Congress and the Office of Management and Budget for their evaluation.

    Issued in Washington, DC.
Gordon Hartogensis,
Director, Pension Benefit Guaranty Corporation.

SYSTEM NAME AND NUMBER:
    PBGC-27: Ensuring Workplace Health and Safety in Response to a 
Public Health Emergency--PBGC.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    PBGC, 1200 K Street NW, Washington, DC 20005 (Records may be kept 
at an additional location as backup for Continuity of Operations).

SYSTEM MANAGER(S) AND ADDRESS:
    Workplace Solutions Department/Emergency Management, PBGC, 1200 K 
Street NW, Washington, DC 20005.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    General Duty Clause, Section 5(a)(1) of the Occupational Safety and 
Health (OSH) Act of 1970 (29 U.S.C. 627), Executive Order 12196, 
Occupational safety and health programs for Federal employees (Feb. 26, 
1980), Executive Order 14043, Requiring Coronavirus Disease 2019 
Vaccination for Federal Employees (Sep. 14, 2021), Executive Order 
14042, Executive Order on Ensuring Adequate COVID Safety Protocols for 
Federal Contractors (Sep. 9, 2021), and the National Defense 
Authorization Act For Fiscal Year 2017 (5 U.S.C. 6329c(b)). Information 
will be collected and maintained in accordance with the Americans with 
Disabilities Act of 1990 (42 U.S.C. 12101 et seq.)

PURPOSE(S):
    The information in the system is collected to assist PBGC with 
maintaining a safe and healthy workplace and to protect PBGC staff 
working on-site from risks associated with a public health emergency 
(as defined by the U.S. Department of Health and Human Services and 
declared by its Secretary), such as a pandemic or epidemic.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by this system include PBGC staff (e.g., 
political appointees, employees, detailees, contractors, consultants, 
interns, and volunteers) and visitors to a PBGC facility during a 
public health emergency, such as a pandemic or epidemic.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system maintains information collected about PBGC staff and 
visitors accessing PBGC facilities during a public health emergency, 
including a pandemic or epidemic. It maintains biographical information 
collected about PBGC staff and visitors that includes, but is not 
limited to, their name, contact information, or whether they are in a 
high-risk category. It maintains health information collected about 
PBGC staff that includes, but is not limited to, temperature checks, 
test results, dates, symptoms, and potential or actual exposure to a 
pathogen. It maintains health information collected about building 
visitors, that includes, but is not limited to, temperature checks, 
test results, dates, symptoms, and potential or actual exposure to a 
pathogen. It maintains information collected about PBGC staff and 
visitors to a PBGC facility necessary to conduct contact tracing that 
includes, but is not limited to, the dates when they visited the 
facility, the locations that they visited within the facility (e.g., 
office and cubicle number), the duration of time spent in the facility, 
whether they may have potentially come into contact with a contagious 
person while visiting the facility, travel dates and locations, and a 
preferred contact number. It maintains information about emergency 
contacts for PBGC staff that includes, but is not limited to, the 
emergency contact's name, phone number, and email address.

RECORD SOURCE CATEGORIES:
    The information in this system is collected in part directly from 
the individual or from the individual's emergency contact. Information 
is also collected from human resources systems, emergency notification 
systems, and Federal, state, and local agencies assisting with the 
response to a public health emergency. Information may also be 
collected from property management companies responsible for managing 
office buildings that house PBGC facilities including security systems 
monitoring access to PBGC facilities, video surveillance, and access 
control devices.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Information about covered individuals may be disclosed without 
consent as permitted by the Privacy Act of 1974, 5 U.S.C. 522a(b), and:
    1. General Routine Uses G1 through G14 apply to this system of 
records (see Prefatory Statement of General Routine Uses at 83 FR 6247 
(Feb. 13, 2018)).
    These records and information in these records may also be 
disclosed:
    2. To a Federal, state, or local agency to the extent necessary to 
comply with laws governing reporting of infectious disease;
    3. To PBGC staff member's emergency contact for purposes of 
locating a staff member during a public health emergency;
    4. To federal contractors performing physical security and/or 
access control duties at PBGC facilities.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are maintained manually in paper and/or electronic form, 
including computer databases, magnetic tapes, and discs. Records are 
also maintained on PBGC's secure network and back-up tapes.

RETRIEVABILITY:
    Records are retrieved by the name of the individual.

RETENTION AND DISPOSAL:
    Records are maintained in accordance with the General Records 
Retention Schedules issued by the National Archives and Records 
Administration (NARA) or a PBGC records disposition schedule approved 
by NARA. Records existing on paper are destroyed beyond recognition. 
Records existing on computer storage media are destroyed according to 
the applicable PBGC media practice Records of emergency contacts for 
PBGC staff will be maintained in accordance with General Records 
Schedule 5.3, Item 020: Employee Emergency Contact Information, which 
requires that the records be destroyed when superseded or obsolete, or 
upon separation or transfer of employee. PBGC will work with the 
National Archives and Records Administration (NARA) to draft and secure 
approval of a records disposition schedule to cover the remainder of 
the records described in this SORN. Until this records disposition 
schedule is approved by NARA, PBGC will maintain, and not destroy, 
these records.

SAFEGUARDS:
    PBGC has adopted appropriate administrative, technical, and 
physical controls in accordance with PBGC's security program to protect 
the security, integrity, and availability of the information, and to 
ensure that records are not disclosed to or accessed by unauthorized 
individuals.
    Paper records are kept in file cabinets in areas of restricted 
access that are

[[Page 4670]]

locked after office hours. Electronic records are stored on computer 
networks and protected by assigning user identification numbers to 
individuals needing access to the records and by passwords set by 
authorized users that must be changed periodically.

RECORD ACCESS PROCEDURE:
    Individuals, or third parties with written authorization from the 
individual, wishing to request access to their records in accordance 
with 29 CFR 4902.4, should submit a written request to the Disclosure 
Officer, PBGC, 1200 K Street NW, Washington, DC 20005, providing their 
name, address, date of birth, and verification of their identity in 
accordance with 29 CFR 4902.3(c).

CONTESTING RECORD PROCEDURE:
    Individuals, or third parties with written authorization from the 
individual, wishing to amend their records must submit a written 
request, in accordance with 29 CFR 4902.5, identifying the information 
they wish to correct in their file, in addition to following the 
requirements of the Record Access Procedure above.

NOTIFICATION PROCEDURE:
    Individuals, or third parties with written authorization from the 
individual, wishing to learn whether this system of records contains 
information about them should submit a written request to the 
Disclosure Officer, PBGC, 1200 K Street NW, Washington, DC 20005, 
providing their name, address, date of birth, and verification of their 
identity in accordance with 29 CFR 4902.3(c).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY
    None.

SYSTEM NAME AND NUMBER:
    PBGC-28: Physical Security and Facility Access.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Pension Benefit Guaranty Corporation (PBGC), 1200 K Street NW, 
Washington, DC 20005. (Records may be kept at an additional location as 
backup for continuity of operations.)

SYSTEM MANAGER(S) AND ADDRESS:
    Director, Workplace Solutions Department, PBGC, 1200 K Street NW, 
Washington, DC 20005.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Executive Order 12977; 6 CFR part 37; Homeland Security 
Presidential Directive (HSPD) 12: Policy for a Common Identification 
Standard for Federal Employees and Contractors.

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system is to maintain information to allow PBGC 
to provide for its facilities: Control of visitor, employee, and 
government contractor access; physical and operational security; and 
video surveillance. It can also be used to maintain information from 
issuing temporary facility access for employees and contractors who are 
not in possession of their Personal Identity Verification (PIV) card or 
office key.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Current PBGC employees, students, interns, government contractors, 
employees of other agencies, vendors, and other authorized visitors who 
access PBGC facilities.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system contains records relating to employee and government 
contractor access, visitor access, and facility security. This includes 
government Personal Identity Verification (PIV) cards, visitor, 
contractor, and employee access records, temporary access cards, 
biometric data, and video surveillance recordings. PIV card records 
include the following information: Name, type of access, employee 
affiliation, expiration date, activation date, credential serial 
number, height, eye color, and hair color. Visitor access records 
include the following information: Name, reason for visit, organization 
name, date and time of visit, floor visited, and temporary visitor 
badge number or barcode. Employee access records include date and time 
of room or facility access and fingerprint or other biometric data.

RECORD SOURCE CATEGORIES:
    Subject individuals, employees, visitors, contractors, vendors, and 
others visiting PBGC facilities.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Information about covered individuals may be disclosed without 
consent as permitted by the Privacy Act of 1974, 5 U.S.C. 552a(b), and:
    1. General Routine Uses G1 through G5 and G7 through G12 apply to 
this system of records (See Prefatory Statement of General Routine Uses 
at 83 FR 6247 (Feb. 13, 2018)).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are maintained manually in paper and/or electronic form 
(including computer databases or discs). Records may also be maintained 
on back-up tapes, or on a PBGC or a contractor-hosted network.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by any one of the following: Employee or 
contractor name, PIV card number, temporary access card number, access 
clearance, key number, key removal date and time, visitor name, date 
and time of visit, organization, name of PBGC personnel escorting the 
visitor, visitor badge number, and reason for visit.

RETENTION AND DISPOSAL:
    Records are maintained and destroyed in accordance with the 
National Archives and Record Administration's (NARA) Basic Laws and 
Authorities (44 U.S.C. 3301, et seq.) or a PBGC records disposition 
schedule approved by NARA. Records existing on paper are destroyed 
beyond recognition. Records existing on computer storage media are 
destroyed according to the applicable PBGC media practice for physical 
security and access control systems and will be maintained in 
accordance with General Records Schedule 5.6 Security Records Items: 
010, 021, 100, 111, 120, 121, 130, and 240.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    PBGC has established security and privacy protocols that meet the 
required security and privacy standards issued by the National 
Institute of Standards and Technology (NIST). Records are maintained in 
a secure, password protected electronic system that utilizes security 
hardware and software to include multiple firewalls, active intruder 
detection, and role-based access controls. PBGC has adopted appropriate 
administrative, technical, and physical controls in accordance with 
PBGC's security program to protect the confidentiality, integrity, and 
availability of the information, and to ensure that records are not 
disclosed to or accessed by unauthorized individuals.
    Electronic records are stored on computer networks, which may 
include cloud-based systems, and protected by controlled access with 
PIV cards, assigning user accounts to individuals needing access to the 
records and by passwords set by authorized users that must be changed 
periodically.

[[Page 4671]]

RECORD ACCESS PROCEDURES:
    Individuals, or third parties with written authorization from the 
individual, wishing to request access to their records in accordance 
with 29 CFR 4902.4, should submit a written request to the Disclosure 
Officer, PBGC, 1200 K Street NW, Washington, DC 20005, providing their 
name, address, date of birth, and verification of their identity in 
accordance with 29 CFR 4902.3(c).

CONTESTING RECORD PROCEDURES:
    Individuals, or third parties with written authorization from the 
individual, wishing to amend their records must submit a written 
request, in accordance with 29 CFR 4902.5, identifying the information 
they wish to correct in their file, following the requirements of 
Record Access Procedure above.

NOTIFICATION PROCEDURES:
    Individuals, or third parties with written authorization from the 
individual, wishing to learn whether this system of records contains 
information about them should submit a written request to the 
Disclosure Officer, PBGC, 1200 K Street NW, Washington, DC 20005, 
providing their name, address, date of birth, and verification of their 
identity in accordance with 29 CFR 4902.3(c).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

[FR Doc. 2022-01799 Filed 1-27-22; 8:45 am]
BILLING CODE 7709-02-P