[Federal Register Volume 89, Number 77 (Friday, April 19, 2024)]
[Notices]
[Pages 28805-28808]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-08383]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF LABOR


Privacy Act of 1974; System of Records

AGENCY: Occupational Safety and Health Administration (OSHA), 
Department of Labor.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: The Privacy Act of 1974 and Office of Management and Budget 
(OMB) Circular No. A-108 requires that each agency publish notice of a 
new or modified system of records that it maintains. This notice 
proposes to modify an existing system of records to add three 
additional statutes to the ``Authority'' section of the system, and to 
add two new routine uses and revise one routine use for the Department 
of Labor (DOL), Occupational Safety and Health Administration (OSHA), 
Retaliation Complaint File, DOL/OSHA-1, as well as to make general 
updates to provide more detail and clarity regarding OSHA's practices 
for disclosing, storing, retaining, and disposing of records in this 
system and the technical, physical, and administrative safeguards that 
OSHA relies on to protect records in this system from unauthorized 
disclosure.

DATES: Comments must be received no later than May 20, 2024. This 
modification is effective upon publication of this Notice. If no public 
comments are received, the new routine uses will be effective beginning 
May 20, 2024. If DOL receives public comments, DOL will review the 
comments to determine whether any changes to the notice are necessary.

ADDRESSES: We invite you to submit comments on this notice. You may

[[Page 28806]]

submit comments by any of the following methods:
     Federal e-Rulemaking Portal: https://www.regulations.gov 
or https://www.federalregister.gov. Follow the instructions for 
submitting comments.
     Mail, Hand Delivery, or Courier: 200 Constitution Avenue 
NW, Room N-3653, Washington, DC 20210. In your comment, specify 
``Retaliation Complaint File, DOL/OSHA-1.''
    All comments will be made public and will be posted without change 
to https://www.regulations.gov, including any personal information 
provided.

FOR FURTHER INFORMATION CONTACT: To submit general questions about the 
system, contact Lee Martin by telephone at 202-693-2199 or by email at 
[email protected]. Please include ``Retaliation Complaint File, DOL/
OSHA-1'' in the submission.

SUPPLEMENTARY INFORMATION: The Retaliation Complaint File, DOL/OSHA-1 
modified system of records includes three additional OSHA statutes and 
two new routine uses. The new statutes to be added are: The Taxpayer 
First Act (26 U.S.C. 7623(d)); The Criminal Antitrust Anti-Retaliation 
Act (15 U.S.C. 7a-3); and The Anti-Money Laundering Act (31 U.S.C. 
5323(a)(5), (g) & (j)). DOL is adding routine uses e. and f. regarding 
disclosure of records, as needed, to address a suspected breach of 
DOL's or another agency's records systems. DOL has also revised routine 
use c. to note that disclosure of appropriate, relevant, necessary, and 
compatible investigative records may be made to OSHA-approved 
occupational safety and health State Plan agencies (State Plans), as 
well as Federal agencies, responsible for investigating, prosecuting, 
enforcing, or implementing laws related to one or more of the statutes 
listed under AUTHORITY FOR MAINTENANCE OF THE SYSTEM where OSHA deems 
such disclosure compatible with the purpose for which the records were 
collected. Former routine use e. (permitting disclosure of statistical 
reports containing aggregated results of program activities and 
outcomes to the media, researchers, or other interested parties) is 
being re-designated as routine use g. Additionally, DOL is making 
general updates to provide more detail and clarity regarding OSHA's 
practices for storing, retaining, and disposing of records in this 
system and the technical, physical, and administrative safeguards that 
OSHA relies on to protect records in this system from unauthorized 
disclosure.

SYSTEM NAME AND NUMBER:
    Retaliation Complaint File, DOL/OSHA-1.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The system resides in a secure cloud service environment provided 
through Amazon Web Services (AWS). Records from the secure cloud 
service are accessed by DOL personnel located at the Occupational 
Safety and Health Administration (OSHA)'s national, regional, and area 
offices. Address information for regional and area offices can be found 
at: https://www.osha.gov/contactus/bystate. Pursuant to DOL's 
Flexiplace Programs (also known as ``telework'' pursuant to the 
Telework Enhancement Act), copies of records may be temporarily located 
at alternative worksites, including employees' homes or at 
geographically convenient satellite offices for periods of time. All 
appropriate safeguards are taken at these sites.

SYSTEM MANAGER(S):
    Lee Martin, Director of the Directorate of Whistleblower Protection 
Programs, Occupational Safety and Health Administration, U.S. 
Department of Labor, 200 Constitution Avenue NW, Room N-3647, 
Washington, DC 20210.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    a. The Occupational Safety and Health Act (29 U.S.C. 660(c));
    b. The Surface Transportation Assistance Act (49 U.S.C. 31105);
    c. The Asbestos Hazard Emergency Response Act (15 U.S.C. 2651);
    d. The International Safe Container Act (46 U.S.C. 80507);
    e. The Safe Drinking Water Act (42 U.S.C. 300j-9(i));
    f. The Federal Water Pollution Control Act (33 U.S.C. 1367);
    g. The Toxic Substances Control Act (15 U.S.C. 2622);
    h. The Wendell H. Ford Aviation Investment and Reform Act for the 
21st Century (49 U.S.C. 42121);
    i. The Solid Waste Disposal Act (42 U.S.C. 6971);
    j. The Clean Air Act (42 U.S.C. 7622);
    k. The Comprehensive Environmental Response, Compensation and 
Liability Act of 1980 (42 U.S.C. 9610);
    l. The Energy Reorganization Act of 1978 (42 U.S.C. 5851);
    m. The Pipeline Safety Improvement Act of 2002 (49 U.S.C. 60129);
    n. The Corporate and Criminal Fraud Accountability Act of 2002, 
Title VIII of the Sarbanes-Oxley Act of 2002 (18 U.S.C. 1514A);
    o. The Federal Railroad Safety Act (49 U.S.C. 20109);
    p. The National Transit Systems Security Act (6 U.S.C. 1142);
    q. The Consumer Product Safety Improvement Act (15 U.S.C. 2087);
    r. The Affordable Care Act (29 U.S.C. 218C);
    s. The Consumer Financial Protection Act of 2010 (12 U.S.C. 5567);
    t. The Seaman's Protection Act (46 U.S.C. 2114);
    u. The FDA Food Safety Modernization Act (21 U.S.C. 399d);
    v. The Moving Ahead for Progress in the 21st Century Act (49 U.S.C. 
30171);
    w. The Taxpayer First Act (26 U.S.C. 7623(d));
    x. The Criminal Antitrust Anti-Retaliation Act (15 U.S.C. 7a-3); 
and
    y. The Anti-Money Laundering Act (31 U.S.C. 5323(a)(5), (g) & (j)).

PURPOSE(S) OF THE SYSTEM:
    The records are used to support a determination by OSHA on the 
merits of a complaint alleging violation of the employee protection 
provisions of one or more of the statutes listed under AUTHORITY FOR 
MAINTENANCE OF THE SYSTEM. The records also are used as the basis of 
statistical reports on such activity by the system manager, national 
office administrators, regional administrators, investigators, and 
their supervisors in OSHA. The reports may be released to the public. 
The reports do not contain any identifying information and are 
generally used for statistical purposes.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals who have filed complaints alleging retaliation against 
them by their employers, or by others, for engaging in activities 
protected under the various statutes set forth below, popularly 
referenced as whistleblower protection statutes are covered by the 
system. Complainants may file such claims with OSHA pursuant to the 
following statutes: The Occupational Safety and Health Act (29 U.S.C. 
660(c)); the Surface Transportation Assistance Act (49 U.S.C. 31105); 
the Asbestos Hazard Emergency Response Act (15 U.S.C. 2651); the 
International Safe Container Act (46 U.S.C. 80507); the Safe Drinking 
Water Act (42 U.S.C. 300j-9(i)); the Federal Water Pollution Control 
Act (33 U.S.C. 1367); the Toxic Substances Control Act (15 U.S.C. 
2622); the Wendell H. Ford Aviation Investment and Reform Act for the 
21st Century (49 U.S.C. 42121); the Solid Waste Disposal Act (42 U.S.C. 
6971); the Clean Air Act (42 U.S.C. 7622); the Comprehensive

[[Page 28807]]

Environmental Response, Compensation and Liability Act of 1980 (42 
U.S.C. 9610); the Energy Reorganization Act of 1978 (42 U.S.C. 5851); 
the Pipeline Safety Improvement Act of 2002 (49 U.S.C. 60129); the 
Corporate and Criminal Fraud Accountability Act of 2002, Title VIII of 
the Sarbanes-Oxley Act of 2002 (18 U.S.C. 1514A); the Federal Railroad 
Safety Act (49 U.S.C. 20109); the National Transit Systems Security Act 
(6 U.S.C. 1142); the Consumer Product Safety Improvement Act (15 U.S.C. 
2087); the Affordable Care Act (29 U.S.C. 218C); the Consumer Financial 
Protection Act of 2010 (12 U.S.C. 5567); the Seaman's Protection Act 
(46 U.S.C. 2114); the FDA Food Safety Modernization Act (21 U.S.C. 
399d); the Moving Ahead for Progress in the 21st Century Act (49 U.S.C. 
30171); the Taxpayer First Act (26 U.S.C. 7623(d)); the Criminal 
Antitrust Anti-Retaliation Act (15 U.S.C. 7a-3); and the Anti-Money 
Laundering Act (31 U.S.C. 5323(a)(5), (g) & (j)).

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records in the system include the complainant's name, address, 
telephone numbers, occupation, place of employment, and other 
identifying data along with the allegation, OSHA forms, and evidence 
offered in the allegation's proof. Records in the system also includes 
the respondent's name, address, telephone numbers, response to 
notification of the complaint, statements, and any other evidence or 
background material submitted as evidence. This material includes 
records of interviews and other data gathered by the investigator.

RECORD SOURCE CATEGORIES:
    Records contained in this system are obtained from individual 
complainants who filed allegation(s) of retaliation by employer(s) 
against employee(s) or persons who have engaged in protected 
activities. OSHA uses the OSHA Online Whistleblower Complaint Form 
(OSHA 8-60.1) approved under OMB Control No. 1218-0236 to collect 
initial complainant information. Records contained in this system are 
also obtained from employers, employees other than an individual 
complainant, and other witnesses.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to the disclosures permitted under 5 U.S.C. 552a(b), as 
well as those contained in DOL's Universal Routine Uses of Records,\1\ 
a record from this system of records may be disclosed as follows:
---------------------------------------------------------------------------

    \1\ See https://www.dol.gov/general/privacy under the heading 
``System of Records Notices (SORNs).''
---------------------------------------------------------------------------

    a. Disclosure of the complaint, as well as the identity of the 
complainant, and any interviews, statements, or other information 
provided by the complainant, or information about the complainant given 
to OSHA, may be made to the respondent, so that the complaint can 
proceed to a resolution.

    Note:  Personal information about other employees that is 
contained in the complainant's file, such as statements taken by 
OSHA or information for use as comparative data, such as wages, 
bonuses, the substance of promotion recommendations, supervisory 
assessments of professional conduct and ability, or disciplinary 
actions generally may be withheld from the respondent when it could 
violate the other employee's privacy rights, cause intimidation or 
harassment to the other employee, or impair future investigations by 
making it more difficult to collect similar information from other 
employees.

    b. Disclosure of the respondent's responses to the complaint and 
any other evidence it submits may be shared with the complainant so 
that the complaint can proceed to a resolution.
    c. Disclosure of appropriate, relevant, necessary, and compatible 
investigative records may be made to other Federal agencies and State 
Plans responsible for investigating, prosecuting, enforcing, or 
implementing laws related to the statutes listed under AUTHORITY FOR 
MAINTENANCE OF THE SYSTEM where OSHA deems such disclosure compatible 
with the purpose for which the records were collected.
    d. Disclosure of appropriate, relevant, necessary, and compatible 
investigative records may be made to another agency or instrumentality 
of any governmental jurisdiction within or under the control of the 
United States, for a civil or criminal law enforcement activity, if the 
activity is authorized by law, and if that agency or instrumentality 
has made a written request to OSHA, specifying the particular portion 
desired and the law enforcement activity for which the record is 
sought.
    e. Disclosure of information contained in this system of records 
may be made to appropriate agencies, entities, and persons when (1) DOL 
suspects or confirms a breach of the system of records; (2) DOL 
determines as a result of the suspected or confirmed breach, there is a 
risk of harm to individuals, DOL (including its information systems, 
programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, and 
persons is reasonably necessary to assist in connection with DOL's 
efforts to respond to the suspected or confirmed breach or to prevent, 
minimize, or remedy such harm.
    f. Disclosure of information contained in this system of records 
may be made to another Federal agency or Federal entity, when DOL 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    g. Statistical reports containing aggregated results of program 
activities and outcomes may be disclosed to the media, researchers, or 
other interested parties. Disclosure may be in response to requests 
made by telephone, email, fax, or letter, by a mutually convenient 
method. Statistical data may also be posted by the system manager on 
the OSHA web page.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Electronic records in this system of records are stored on AWS, in 
a self-contained system. Limited paper case files may be used on a 
temporary basis and kept in locked offices. The system is contained 
behind the DOL firewall. Users access the system via their personal 
identity verification (PIV) card for internal federal users or through 
login.gov for State Plan users.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by complainant's name, respondent's name, or 
case number. The system is contained behind the DOL firewall. Users 
access the system via their personal identity verification (PIV) card 
for internal federal users or through login.gov for State Plan users.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained primarily in the DOL IT system on the AWS 
server. Limited paper case files may be maintained at applicable 
locations as set out above under the heading SYSTEM LOCATION. System 
records are destroyed five years after a case is closed, in accordance 
with Records Schedule Number DAA-0100-2018-0002-0009. Paper copies of 
case files that are not scanned are retained on-site until the five-
year retention period has been met and then destroyed.

[[Page 28808]]

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records in this system are safeguarded in accordance with 
applicable rules and policies, including all applicable DOL automated 
systems security and access policies. Access to the system containing 
the records is limited to those individuals deemed as authorized 
personnel. Records in the system are protected from unauthorized access 
and misuse through a combination of administrative, technical, and 
physical security measures. Administrative measures include policies 
that limit system access to individuals within an agency with a 
legitimate business need and regular review of security procedures and 
best practices to enhance security. Technical measures include system 
design that allows individuals within an agency access only to data for 
which they are responsible; role-based access controls that allow 
individuals access only to data for their agency or reporting unit; 
multi-factor authentication to access the system; and use of encryption 
for certain data transfers. Physical security measures include the use 
of DOL cloud data centers which meet government requirements for 
storage of sensitive data.

RECORD ACCESS PROCEDURES:
    If an individual wishes to access their own data in the system, the 
individual should contact OSHA directly and follow the instructions for 
making a Privacy Act Request on DOL's web page at: https://www.dol.gov/general/privacy/instructions. DOL also describes its process for 
requesting records under the Privacy Act in regulations at 29 CFR 71.2. 
Individuals who need additional assistance may also reach out to DOL's 
Privacy Office by email at [email protected].

CONTESTING RECORD PROCEDURES:
    If an individual wishes to request a correction or amendment of a 
record, the individual should direct their request to OSHA directly. 
The request must be in writing and must identify:
     The name of the individual making the request,
     The particular record in question,
     The correction or amendment sought,
     The justification for the change, and
     Any other pertinent information to help identify the file.
    Additional information can be found on DOL's web page at: https://www.dol.gov/general/privacy/instructions. DOL also describes its 
process for requesting a correction or amendment at 29 CFR 71.9. 
Individuals who need additional assistance may also reach out to DOL's 
Privacy Office by email at [email protected].

NOTIFICATION PROCEDURES:
    If an individual wishes to know if a system contains their 
information, the individual should contact OSHA directly and follow the 
instructions for making a Privacy Act Request on DOL's web page at: 
https://www.dol.gov/general/privacy/instructions. DOL also describes 
its process for requesting records under the Privacy Act in regulations 
at 29 CFR 71.2. Individuals who need additional assistance may also 
reach out to DOL's Privacy Office by email at [email protected].

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    In accordance with 5 U.S.C. 552a(k)(2), investigatory material in 
this system of records compiled for law enforcement purposes is exempt 
from subsections (c)(3); (d); (e)(1); (e)(4)(G), (H), and (I); and (f) 
of 5 U.S.C. 552a.
    However, if any individual is denied any right, privilege, or 
benefit that the individual would otherwise be entitled to by Federal 
law or for which the they would otherwise be eligible, such material 
shall be provided. To the extent that the disclosure of such material 
would reveal the identity of a source who furnished information to the 
Government under an express promise \2\ that the identity of the source 
would be held in confidence, DOL will not furnish such records to the 
individual.
---------------------------------------------------------------------------

    \2\ For sources who furnished information to the Government 
prior to January 1, 1975, the standard is an implied promise that 
the identity of the source would be held in confidence.
---------------------------------------------------------------------------

HISTORY:
    This is a full publication of the modified SORN in its entirety 
that replaces the previously published SORN found at 81 FR 25765, 
25853-54 (April 29, 2016).

Carolyn Angus-Hornbuckle,
Assistant Secretary for Administration and Management.
[FR Doc. 2024-08383 Filed 4-18-24; 8:45 am]
BILLING CODE 4510-26-P