[Federal Register Volume 87, Number 57 (Thursday, March 24, 2022)]
[Notices]
[Pages 16766-16769]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-06209]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF LABOR

[Docket No: DOL-2021-00##]


Privacy Act of 1974; System of Records

AGENCY: Office of Assistant Secretary for Administration and 
Management, DOL.

[[Page 16767]]


ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974, and Office of 
Management and Budget (OMB) Circular No. A-108, this notice is a new 
Privacy Act System of Records titled Contractor and Visitor Public 
Health Emergency Records DOL/OASAM-38, which include information on 
contractor employees, special government employees and student 
volunteers who work in, as well as visitors to, Department of Labor 
(DOL) facilities during declared public health emergencies. The system 
contains information provided by the contractor's employees including 
such information as their applicable vaccination or medical 
countermeasure status and whether they are experiencing symptoms 
associated with the public health emergency. Each contractor with 
employees who will work in DOL facilities (regardless of whether the 
contract is with DOL or another Federal agency such as GSA) will be 
asked to confirm if its employees have been vaccinated or have received 
appropriate medical countermeasures, in addition, the contractor will 
be required to ensure that its employees follow the guidelines 
specified for working in DOL facilities, for example, to mitigate the 
spread of COVID-19, not fully vaccinated employees are required to wear 
masks and maintain physical distancing. Visitors to DOL facilities will 
also be asked to provide information about their vaccination or medical 
countermeasure status and information about whether they are 
experiencing any symptoms associated with the public health emergency. 
Contractors, special government employees and student volunteers may 
also be asked to provide proof of their vaccination status.

DATES: 
    Comment Dates: We will consider comments that we receive on or 
before April 25, 2022.
    Applicable date: This notice is applicable upon publication, 
subject to a 30-day review and comment period for the routine uses.

ADDRESSES: We invite you to submit comments on this notice. You may 
submit comments by any of the following methods:
     Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Mail, hand delivery, or courier: 200 Constitution Avenue 
NW, N-1301, Washington, DC. In your comment, specify Docket ID DOL-
2021-00##.
     Federal mailbox: https://dol.gov/privacy.
    All comments will be made public by DOL and will be posted without 
change to http://www.regulations.gov, including any personal 
information provided.

FOR FURTHER INFORMATION CONTACT: To submit general questions about the 
system, contact Rick Kryger, at telephone 202-693-4158, or email 
[email protected].

SUPPLEMENTARY INFORMATION: DOL is establishing a system of records, 
DOL/OASAM-38, subject to the Privacy Act of 1974, 5 U.S.C. 552a. The 
purpose of this new system of records is to house information provided 
by contractors, subcontractors, their employees, special government 
employees, student volunteers, and visitors needed for DOL to take 
appropriate actions during a public health emergency. This system 
supports DOL's COVID-19 safety protocols as required by Executive Order 
13991; Office of Management and Budget (OMB) Memorandums M-21-15 and M-
21-25; COVID-19 Workplace Safety: Agency Model Safety Principles issued 
by the Federal Safer Federal Workforce Task Force; and other applicable 
law and policy. Federal labor, employment and workforce health and 
safety laws that govern the collection, dissemination, and retention of 
DOL employees' medical information include the Americans with 
Disability Act (ADA), the Rehabilitation Act of 1973 (Rehab Act), and 
the Occupational Safety and Health Act of 1970. The Department of 
Health and Human Services (HHS) Secretary may, under section 319 of the 
Public Health Service (PHS) Act codified at 42 U.S.C. 247d, declare 
that: (a) A disease or disorder presents a public health emergency; or 
(b) that a public health emergency, including significant outbreaks of 
infectious disease or bioterrorist attacks, otherwise exists.
    The Occupational Safety and Health Act (OSHA) of 1970, Public Law 
91-596, 29 U.S.C. 668, Section 19(a) requires the head of each Federal 
agency to establish and maintain an effective and comprehensive 
occupational safety and health program and safe and healthful places 
and conditions of employment, and to keep adequate records of all 
occupational accidents and illnesses for proper evaluation and 
necessary corrective action. OSHA also requires that Federal agencies 
maintain an injury and illness prevention program, which is a proactive 
process designed to reduce injuries, illnesses, and fatalities.
    This OASAM-38 notice covers DOL employees and individuals that do 
not fall under Title 5 and OPM's personnel recordkeeping authority and 
thus are not covered by the OPM/GOVT-10 SORN. Federal civilian employee 
medical records are covered by a government-wide Privacy Act SORN 
published by the Office of Personnel Management (OPM), OPM/GOVT-10, 
Employee Medical File System Records (75 FR 35099, June 21, 2010; 
modification published at 80 FR 74815, November 30, 2015). These 
Federal employee confidential medical records are managed in accordance 
with OPM regulations at 5 CFR part 293, the OPM/GOVT-10 SORN, and its 
published routine uses. The OPM/GOVT-10 SORN covers Federal civilians 
that are identified under Title 5 U.S.C. chapter 21. The majority of 
DOL Federal employees fall under Title 5 and their medical records are 
covered by the OPM/GOVT-10 SORN and must be managed in accordance with 
that SORN and applicable OPM regulations.
    Any collection of records in DOL/OASAM-38 is only permitted during 
a time of a public health emergency or similar health and safety 
incident. During such an emergency or incident, DOL will only collect 
the minimum information necessary to respond to the emergency or 
incident, and comply with Federal workforce safety requirements, when 
DOL determines that a significant risk of substantial harm exists to 
individuals working at or visiting a DOL controlled facility, or 
attending a DOL sponsored event in a non-DOL controlled facility. DOL's 
responsibilities for ensuring a safe workforce and secure buildings and 
workspaces depend on the nature and circumstances of the public health 
emergency.
    In order to meet requirements for workforce safety during a public 
health emergency or similar incident, DOL may collect records that 
could include medical countermeasures, such as vaccinations, diagnostic 
test results, whether the individual is experiencing relevant symptoms, 
and any other information necessary to assist DOL with determining 
appropriate mitigation measures to take with respect to contractor 
employees, special government employees, student volunteers and 
visitors in DOL facilities or in the performance of duties associated 
with the Department.
    In general, the information will be used to confirm that 
contractors, their employees, special government employees, student 
volunteers and visitors to DOL facilities are aware of and complying 
with requirements necessitated by the public health emergency, such as 
those to wear masks and maintain physical distancing while working 
onsite or visiting a DOL

[[Page 16768]]

facility. For onsite contractor employees, the information will be used 
to make decisions such as office space planning and assigning office 
space, assigning tasks that require individuals to work in close 
physical proximity, as well for operational staffing requirements for 
carrying out work in field operations.
    DOL may also collect location and dates of potential exposure, 
information related to employee requests for reasonable accommodation, 
and other information that may be relevant or required for DOL to 
comply with Federal guidelines and prevent or slow the spread of the 
COVID-19 disease and mitigate health impacts to DOL personnel, 
visitors, and other individuals at DOL controlled facilities and 
sponsored events.
    This notice also adds required breach routine uses to ensure that 
the Department can disclose information necessary to respond to a DOL 
breach and to assist another agency in responding to a confirmed or 
suspected breach, as appropriate, pursuant to OMB M-17-12.

SYSTEM NAME AND NUMBER:
    Contractor and Visitor Public Health Emergency Records DOL/OASAM-
38.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The U.S. Department of Labor (DOL) Office of Assistant Secretary 
and Administration and Management owns the Contractor and Visitor 
Public Health Emergency Records System, which is housed in secure 
datacenters in the continental United States. Each DOL agency that has 
contractors working in a DOL facility has custody of the records 
pertaining to its own contracts. Contact the system manager for 
additional information.

SYSTEM MANAGER(S):
    Rick Kryger, Deputy Chief Information Officer, Office of the 
Assistant Secretary for Administration and Management, U.S. Department 
of Labor, 200 Constitution Avenue NW, N-1301, Washington, DC 20210.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    National Emergencies Act (50 U.S.C. 1601-1651); the Robert T. 
Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5121, 
5192(1)); Section 319 of the Public Health Service (PHS) Act (42 U.S.C. 
247d); 5 U.S.C. 301, 7901, 7902, and 7903; the Occupational Safety and 
Health Act (29 U.S.C. 668), Executive Order 12196 ``Occupational safety 
and health programs for Federal employees''; Workforce Innovation and 
Opportunity Act (WIOA) WIOA 159(g) ((29 U.S.C. 3209(g)) and WIOA 
147(a)(3)(J) ((29 U.S.C. 3197(a)(3)(J)).

PURPOSE(S) OF THE SYSTEM:
    To capture and report health and safety-related information during 
public health emergencies. Such reporting will be provided to DOL 
contracting officers and other authorized officials in DOL to enable 
the agency to use the data from the system to review submissions for 
compliance with applicable mitigation requirements, and, in the case of 
contractor employees, with contractual terms and conditions for 
contracts for which they are responsible.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The Contractor and Visitor Public Health Emergency Records System 
contains records related to employees of prime and subcontractors who 
are performing work on federal contract awards at any DOL facility, or 
in shared operations. An owner, agent, or employee of a prime or 
subcontractor may enter or certify information, as applicable.
    The Contractor and Visitor Public Health Emergency Records System 
will also contain records related to contractors, subcontractors, their 
employees, special government employees, student volunteers, visitors, 
individuals from outside the DOL workforce on detail to DOL, experts/
consultants, and grantees.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The information in the system of records consists of electronic or 
hard copy records, including records of vaccination status or other 
medical countermeasures (such as diagnostic test results), status of 
employees or visitors, and other health and safety information related 
to the public health emergency. The information in the system of 
records includes the name of the person entering, and as applicable, 
certifying, information on behalf of the prime or subcontractor, their 
position within the company, phone number, and email address. 
Categories of records include, but are not limited to: Name, unique 
identifier assigned by the prime or subcontractor, medical 
countermeasure (vaccination or diagnostic test) status, symptom 
questionnaires and other information relevant and necessary for 
mitigation purposes. Optional records that may be required for certain 
contracts or in certain geographic areas include: Name, position, work 
phone number, email address, DOL facility, lands, or shared operations 
at which the employee will be working on-site, and other similar 
records related to their official responsibilities.

RECORDS SOURCE CATEGORIES:
    Contract employee records are created, reviewed and, as 
appropriate, certified by the prime or subcontractor. Records 
pertaining to the individual entering and certifying data in the system 
may be created by the individual, by a contracting officer, or in the 
case of a subcontractor by the prime contractor or another 
subcontractor. Visitor records are created, reviewed and, as 
appropriate, certified by the appropriate Agency Official receiving the 
visitor to the DOL facility.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act of 1974, and all universal routine uses 
listed at 81 FR 25765, 25775 (April 29, 2016) and https://www.dol.gov/agencies/sol/privacy/intro, information in this system may disclosed as 
follows:
    1. The information in this system may be disclosed to state and 
local public health officials for purposed related to the public health 
emergency, such as contract tracing.
    2. To appropriate agencies, entities, and persons when (1) the DOL 
suspects or confirms a breach of the System of Records; (2) the DOL 
determines as a result of the suspected or confirmed breach there is a 
risk of harm to individuals, the DOL (including its information 
systems, programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, and 
persons is reasonably necessary to assist in connection with the DOL's 
efforts to respond to the suspected or confirmed breach or to prevent, 
minimize, or remedy such harm.
    3. To another Federal agency or Federal entity, when the DOL 
determines that information from this System of Records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.

[[Page 16769]]

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Electronic records in this system of records are stored on security 
measure protected (for example, e-authentication, password, restricted 
access protocol, etc.) databases, electronically on e-media devices 
(computer hard drive, magnetic disc, tape, digital media, CD, DVD, 
etc.). Paper copies of records are stored within secured or locked 
facilities.

POLICIES AND PRACTICES FOR RETRIEVEAL OF RECORDS:
    Records may be retrieved by the individual's name, unique 
identifier assigned by the prime or subcontractor, vaccination status, 
position, or facility at which the employee will be working on-site.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained in file folders and DOL computer systems at 
applicable locations as set out above under the heading ``System 
Location.'' System records will be retained and disposed of according 
to DOL's records maintenance and disposition schedules as well as any 
applicable General Records Schedules.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records in this system of records are safeguarded in accordance 
with applicable rules and policies, including all applicable DOL 
automated systems security and access policies. Strict controls have 
been imposed to minimize the risk of compromising the information that 
is being stored. Access to the computer systems containing the records 
in this system of records is limited to those individuals who have a 
need to know the information for the performance of their official 
duties and who have appropriate clearances or permissions.
    Records in the system are protected from unauthorized access and 
misuse through a combination of administrative, technical, and physical 
security measures. Administrative measures include but are not limited 
to policies that limit system access to individuals within an agency 
with a legitimate business need, and regular review of security 
procedures and best practices to enhance security. Technical measures 
include but are not limited to system design that allows prime 
contractor and subcontractor employees access only to data for which 
they are responsible; role-based access controls that allow government 
employees access only to data regarding contracts awarded by their 
agency or reporting unit; required use of strong passwords that are 
frequently changed; and use of encryption for certain data transfers. 
Physical security measures include but are not limited to the use of 
data centers which meet government requirements for storage of 
sensitive data.

RECORDS ACCESS PROCEDURES:
    Prime and subcontractors enter and review their own data in the 
system and are responsible for ensuring that those data are correct. If 
an individual wishes to access their own data in the system after it 
has been submitted, that individual should consult the System Manager.

CONTESTING RECORD PROCEDURES:
    Individuals desiring to contest or amend information maintained in 
the system should direct their request to the above listed System 
Manager and should include the reason for contesting it and the 
proposed amendment to the information with supporting information to 
show how the record is inaccurate. A request for contesting records 
pertaining to an individual should contain:
     Name, and
     Any other pertinent information to help identify the file.

NOTIFICATION PROCEDURES:
    An individual may request information regarding this system of 
records or information as to whether the system contains records 
pertaining to the individual from the System Manager above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

Milton Stewart,
Senior Agency Official for Privacy, Office of the Assistant Secretary 
for Administration and Management, U.S. Department of Labor.
[FR Doc. 2022-06209 Filed 3-23-22; 8:45 am]
BILLING CODE 4510-04-P