[Federal Register Volume 88, Number 79 (Tuesday, April 25, 2023)]
[Notices]
[Pages 24972-24975]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-08428]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

[Docket No. 230412-0098]


Privacy Act of 1974; System of Records

AGENCY: Department of Commerce.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: The U.S. Department of Commerce (``Department'') is 
establishing a new system of records to cover the collection and 
maintenance of records pertaining to the implementation of the Helping 
American Victims Afflicted by Neurological Attacks Act of 2021 (HAVANA 
Act). The HAVANA Act provides the authority for the Secretary of 
Commerce and other agency heads to provide payments to certain 
individuals who have incurred qualifying injuries to the brain.

DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this notice 
will go into effect without further notice on April 25, 2023 unless 
otherwise revised pursuant to comments received. All routine uses will 
go into effect on May 25, 2023. Comments must be received on or before 
May 25, 2023.

ADDRESSES: You may submit comments, identified as pertaining to 
``COMMERCE/DEPT-32, Helping American Victims Afflicted by Neurological 
Attacks Act of 2021 (HAVANA Act) Records,'' by any of the following 
methods:
     Mail: Send to Charles Cutshall, Chief Privacy Officer and 
Director of Open Government, U.S. Department of Commerce, Office of 
Privacy and Open Government, 1401 Constitution Ave. NW, Room 61025, 
Washington, DC 20230.
     Email: Send to [email protected].
    Please submit your comments using only one of these methods. All 
comments must be submitted in English, or if not, be accompanied by an 
English translation.

FOR FURTHER INFORMATION CONTACT: Tahira Murphy, Deputy for Departmental 
Privacy Operations, [email protected] or (202) 482-8075.

SUPPLEMENTARY INFORMATION: On December 20, 2019, Congress gave 
authority (Pub. L. 116-94, Division J, Title IX, section 901) to the 
Department of State to pay benefits to certain individuals for injuries 
suffered after January 1, 2016 in the Republic of Cuba, the People's 
Republic of China, or another foreign country designated by the 
Department of State, in connection with certain injuries designated by 
the Secretary of State. These benefits were limited to Department of 
State employees, their dependents and other individuals affiliated with 
the Department of State.
    On January 1, 2021, Congress amended this law (Pub. L. 116-283, 
div. A, title XI, section 1110), authorizing other federal government 
agencies (such as the Department of Commerce) to provide benefits to 
their own employees

[[Page 24973]]

for those injuries. These provisions are codified at 22 U.S.C. 2680b.
    On October 8, 2021, the ``Helping American Victims Afflicted by 
Neurological Attacks'' (HAVANA) Act of 2021 became law (Pub. L. 117-
46). In this latest Act, Congress authorized federal government 
agencies to compensate affected current employees, former employees, 
and their dependents for qualifying injuries to the brain. Section 3 of 
the HAVANA Act of 2021 removed the requirement in Public Law 116-94, 
Division J, Title IX, Section 901, that the qualifying injury occur in 
``the Republic of Cuba, People's Republic of China, or other foreign 
country designated by the Secretary of State'' for the purpose of 
making a payment under the HAVANA Act.

SYSTEM NAME AND NUMBER:
    COMMERCE/DEPT-32, Helping American Victims Afflicted by 
Neurological Attacks Act of 2021 (HAVANA Act) Records.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    This system is located at the U.S. Department of Commerce, Office 
of Human Resources Management, 1401 Constitution Ave. NW, Room 5001, 
Washington, DC 20230.

SYSTEM MANAGER(S):
    Chief Human Capital Officer, [email protected], U.S. Department of 
Commerce, Office of Human Resources Management, 1401 Constitution Ave, 
NW, Room 5001, Washington, DC 20230.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    This system is authorized by the Helping American Victims Afflicted 
by Neurological Attacks Act of 2021 (Pub. L. 117-46), codified at 22 
U.S.C. 2680b, and the Department's implementing regulations.

PURPOSE(S) OF THE SYSTEM:
    The system maintains records essential to the mission of the 
Department of Commerce, which is committed to protecting its employees 
and their dependents from injury. Records maintained in this system of 
record are collected, maintained, and disclosed to make payments to 
claimants in accordance with the HAVANA Act for qualifying injuries to 
the brain incurred in connection with war, insurgency, hostile act, 
terrorist activity, or other incidents designated by the Secretary of 
State or Secretary of Commerce, as permitted by law, and which were not 
the result of the willful misconduct of the claimant.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The categories of individuals on whom records are maintained in 
this system include:
    1. ``Covered employees,'' an employee of the Department of Commerce 
who, on or after January 1, 2016, becomes injured by reason of a 
qualifying injury to the brain. Covered employees include Department of 
Commerce employees in the Foreign Service, National Oceanic and 
Atmospheric Administration Commissioned Corps Officers, and Department 
of Commerce employees who meet the definition of ``employee'' set forth 
in 5 U.S.C. 2105(a).
    2. ``Covered individuals,'' any former employee of the Department 
(including retired or separated employees) who, on or after January 1, 
2016, becomes injured by a qualifying injury to the brain while they 
were a covered employee of the Department.
    3. ``Covered Dependents,'' a family member of a current or former 
Department employee who, on or after January 1, 2016, becomes injured 
by reason of a qualifying injury to the brain while the dependent's 
sponsor was an employee of the Department.
    4. Board-certified physicians responsible for assessing and 
diagnosing qualify injuries to the brain.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The categories of records in this system include:
    1. Biographic information, including first name, last name, and 
date of birth.
    2. Contact information, including address (i.e., street address, 
city, state, and zip code), email address, and phone number.
    3. Employment information, including current employer, employment 
status, and other information related to current or former employment 
with the Department's Foreign and Civil Service or with the National 
Oceanic and Atmospheric Administration Commissioned Corps, such as duty 
station.
    4. Familial information, including government-issued birth 
certificate, Consular Report of Birth Abroad, adoption certificates and 
decrees, guardianship (medical and financial), Power of Attorney 
(medical and financial), or other documents required to verify the 
relationship between a covered employee or covered individual and their 
dependents.
    5. Geographical information, including the location and date of an 
incident. An ``incident'' is defined as a ``qualifying injury to the 
brain'' under the HAVANA Act. The Department has adopted the standard 
set forth by the Department of State in its regulations implementing 
the HAVANA Act. The standard accounts for a variety of observable 
impacts to an individual, including either a concussion, a penetrating 
injury, or absent either of those, the ability of an appropriately 
certified physician to review one of a variety of forms of medical 
imaging evidence indicating permanent alterations in brain function.
    6. Medical information, including (1) information that identifies 
the individual as having suffered an acute injury to the brain such as, 
but not limited to, a concussion, penetrating injury, or as the 
consequence of an event that leads to permanent alterations in brain 
function as demonstrated by confirming correlative findings on imaging 
studies (to include computed tomography scan (CT), or magnetic 
resonance imaging scan (MRI)), or electroencephalogram (EEG); (2) a 
medical diagnosis of a traumatic brain injury (TBI) that required 
active medical treatment for 12 months or more; and (3) information 
that identifies the individual as having suffered acute onset of new 
persistent, disabling neurologic symptoms as demonstrated by confirming 
correlative findings on imaging studies (to include CT or MRI), or EEG, 
or physical exam, or other appropriate testing, and that required 
active medical treatment for 12 months or more.
    7. Benefit information, including whether the Social Security 
Administration has approved an individual for Social Security 
Disability Insurance or Supplemental Security Insurance (SSI) benefits.
    8. Financial information, including bank account information 
necessary to disburse payment to eligible individuals.

RECORD SOURCE CATEGORIES:
    The sources for the records maintained in this system include:
    1. Covered employees;
    2. Covered dependents;
    3. Covered individuals;
    4. Legal representatives or other individuals acting on behalf of 
covered employees, covered dependents, or covered individuals;
    5. Board-certified physicians;
    6. Federal and state agencies; and
    7. Financial Institutions.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under the 
Privacy

[[Page 24974]]

Act of 1974, as amended, 5 U.S.C. 552a(b), records maintained as part 
of this system of records may be routinely disclosed pursuant to 5 
U.S.C. 552a(b)(3), as consistent with the Rehabilitation Act or other 
laws, regulations, or policies concerning confidential medical 
information (as applicable), as follows:
    1. To the U.S. Department of Labor to determine whether an 
individual has no reemployment potential.
    2. To the U.S. Department of State to verify an individual's prior 
employment and to determine eligibility.
    3. To a state Board of Medicine, or any similar organization, 
responsible for primary-source public licensing and discipline 
information to verify the status of a certifying physician's medical 
license.
    4. To a certified physician attesting to an individual's 
eligibility when necessary to follow up regarding information provided 
on an individual's application.
    5. To a financial institution to process payment to covered 
individuals and dependents who are eligible for payment in accordance 
with the HAVANA Act, codified at 22 U.S.C. 2680b, and the Department's 
implementing regulations.
    6. To another federal agency to identify their current and former 
covered employees, and current and former dependents who reported an 
anomalous health incident.
    7. To the U.S. Department of Defense (DoD) to facilitate covered 
individuals receiving treatment from DoD medical treatment facilities.
    8. To contractors performing or working on a contract for the 
Federal government when necessary to accomplish an agency function.
    9. To oversight authorities responsible for reviewing Departmental 
programs.
    10. To the U.S. Department of Justice (DOJ), or in a proceeding 
before a court, adjudicative body, or other administrative body which 
the Department is authorized to appear, when
    a. the Department, or any component thereof;
    b. any employee of the Department in their official capacity; or
    c. any employee of the Department where the DOJ or the Department 
has agreed to represent the employee; or
    d. the United States, when the Department determines that 
litigation is likely to affect the Department or any of its components;
    is a party to litigation or has an interest in such litigation, and 
the use of such records by the DOJ or the Department is deemed by the 
Department to be relevant and necessary to the litigation.
    11. To the National Archives and Records Administration (NARA) 
pursuant to its records management and inspection authorities under 44 
U.S.C. 2904 and 2906.
    12. To appropriate agencies, entities, and persons when (1) the 
Department suspects or has confirmed that there has been a breach of 
the system of records; (2) the Department has determined that as a 
result of the suspected or confirmed breach there is a risk of harm to 
individuals, the Department (including its information systems, 
programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, and 
persons is reasonably necessary to assist in connection with the 
Department's efforts to respond to the suspected or confirmed breach or 
to prevent, minimize, or remedy such harm.
    13. To another Federal agency or Federal entity, when the 
Department determines that information from this system of records is 
reasonably necessary to assist the recipient agency or entity in (1) 
responding to a suspected or confirmed breach or (2) preventing, 
minimizing, or remedying the risk of harm to individuals, the recipient 
agency or entity (including its information systems, programs, and 
operations), the Federal Government, or national security, resulting 
from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records maintained in this system of records are stored 
electronically.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    The records are retrieved by an individual's name.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    These records are currently unscheduled. In accordance with NARA 
rules codified at 36 CFR 1225.16, we maintain unscheduled records until 
NARA approves an agency-specific records schedule or publishes a 
corresponding General Records Schedule.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records are protected from unauthorized access and improper use 
through administrative, technical, and physical security measures 
employed by the Department. Administrative safeguards include 
maintenance of written policies, standards, and procedures reinforced 
by training and periodic auditing. In addition, medical information 
collected is maintained on separate forms and in separate medical files 
and is treated as a confidential medical record. Technical security 
safeguards include restrictions on computer access to authorized 
individuals who have a legitimate need to know the information; 
required use of strong passwords that are frequently changed; multi-
factor authentication for remote access and access to many network 
components; use of encryption for certain data types and transfers; and 
firewalls and intrusion detection applications. Physical safeguards 
include restrictions on building access to authorized individuals, use 
of security guard services, and video surveillance.

RECORD ACCESS PROCEDURES:
    Individuals seeking to access records maintained in this system of 
records must submit an access request in accordance with the 
Department's Privacy Act implementing regulations in 15 CFR part 4, 
subpart B. The regulations define the procedures for making requests 
for records in person, not in person, and on behalf of a minor or by a 
legal guardian.

CONTESTING RECORD PROCEDURES:
    Individuals contesting the content of records about themselves 
contained in this system of records must submit a request for 
correction or amendment in accordance with the Department's Privacy Act 
implementing regulations in 15 CFR part 4, subpart B. The regulations 
define the procedures for making requests for correction or amendment 
and include what should be submitted with the request.

NOTIFICATION PROCEDURES:
    Individuals seeking to determine whether this system of records 
contains information about themselves must submit a request in 
accordance with the Department's Privacy Act implementation regulations 
in 15 CFR part 4, subpart B. The regulations define the procedures for 
making inquiries and what information should be submitted with the 
request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

    Dated: April 14, 2023.


[[Page 24975]]


    Notice of New System of Record.
Charles Cutshall,
Department of Commerce, Senior Agency Official for Privacy, Chief 
Privacy Officer and Director of Open Government.
[FR Doc. 2023-08428 Filed 4-21-23; 11:15 am]
BILLING CODE 3510-17-P