AGENCY:

Securities and Exchange Commission.

ACTION:

Notice of a new system of records.

SUMMARY:

The Securities and Exchange Commission (SEC) established SEC-34, Public Health and Safety Records under the Privacy Act of 1974. This system of records maintains information collected in response to a public health emergency. Information will be collected from SEC personnel (political appointees, employees, consultants, detailees, interns, and volunteers), contractors, visitors, job applicants, and others who access or seek to access SEC facilities or worksites to assist the SEC with maintaining a safe and healthy workplace and to protect its workforce from risks associated with communicable diseases.

DATES:

The changes will become effective December 2, 2021 to permit public comment on the new and revised routine uses. The Commission will publish a new notice if the effective date is delayed to review comments or if changes are made based on comments received. To assure consideration, comments should be received on or before December 2, 2021.

ADDRESSES:

Comments may be submitted by any of the following methods:

Electronic Comments

• Use the Commission's internet comment form ( http://www.sec.gov/​rules/​other.shtml ); or

• Send an email to rule-comments@sec.gov. Please include File Number S7-14-21 on the subject line.

Paper Comments

Send paper comments to Vanessa A. Countryman, Secretary, U.S. Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549-1090. All submissions should refer to S7-14-21. This file number should be included on the subject line if email is used. To help process and review your comments more efficiently, please use only one method. The Commission will post all comments on the Commission's internet website ( http://www.sec.gov/​rules/​other.shtml ). Comments are also available for website viewing and printing in the Commission's Public Reference Room, 100 F Street NE, Washington, DC 20549, on official business days between the hours of 10 a.m. and 3 p.m. All comments received will be posted without change; we do not edit personal identifying information from submissions. You should submit only information that you wish to make publicly available.

FOR FURTHER INFORMATION CONTACT:

For general and privacy related questions please contact: Ronnette McDaniel, Privacy and Information Assurance Branch Chief, 202-551-7200 or privacyhelp@sec.gov.

SUPPLEMENTARY INFORMATION:

In order to collect and maintain contractor, visitor and job applicant disclosures, the SEC established SEC-34, Public Health and Safety Records, a system of records under the Privacy Act. The SEC is committed to maintaining a safe and healthy workplace and to protect its workforce from risks associated with a public health emergency. To ensure and maintain the safety of all SEC personnel (political appointees, employees, consultants, detailees, interns, and volunteers), contractors, visitors, job applicants, and others who access or seek to access an SEC facility, space, or worksite during a public health emergency, the SEC may develop and institute safety measures that require the collection of personal information. Records may include information on individuals' vaccination status and information to support a request for reasonable accommodation based on disability or sincerely held religious belief. Records also may include information on individuals who have been suspected or confirmed to have contracted a disease or illness, or who have been exposed to an individual who had been suspected or confirmed to have contracted a disease or illness, related to a declared public health emergency. Records may also include information on the individual circumstances surrounding the disease or illness such as dates of suspected exposure, testing results, symptoms, treatments, and other related health status information. Any contact tracing conducted by SEC personnel will involve collecting information about SEC personnel, contractors and visitors who are exhibiting symptoms or who have tested positive for an infectious disease in order to identify and notify other SEC personnel, contractors and visitors with whom they may have come into contact and who may have been exposed. Records may also include information on individuals identified as emergency contacts for SEC personnel.

Information from this system of records will be collected, maintained, and disclosed in accordance with applicable law, regulations, and statutes, including, but not limited to; the Americans with Disabilities Act of 1990 and regulations and guidance published by the U.S. Occupational Safety and Health Administration, the U.S. Equal Employment Opportunity Commission, and the U.S. Centers for Disease Control and Prevention.

SYSTEM NAME AND NUMBER:

SEC-34 Public Health and Safety Records.

SECURITY CLASSIFICATION:

Non-classified.

SYSTEM LOCATION:

Securities and Exchange Commission (SEC), 100 F Street NE, Washington, DC 20549. Files may also be maintained in the following SEC Regional Offices: Atlanta Regional Office (ARO), 950 East Paces Ferry Road NE, Suite 900, Atlanta, GA 30326-1382; Boston Regional Office (BRO), 33 Arch Street, 24th Floor, Boston, MA 02110-1424; Chicago Regional Office (CHRO), 175 W Jackson Boulevard, Suite 1450, Chicago, IL 60604; Denver Regional Office (DRO), Byron Rogers Federal Office Building, Start Printed Page 60497 1961 Stout Street, Suite 1700, Denver, CO 80294-1961; Fort Worth Regional Office (FWRO), Burnett Plaza, 801 Cherry Street, Suite 1900, Unit 18, Fort Worth, TX 76102; Los Angeles Regional Office (LARO), 444 South Flower Street, Suite 900, Los Angeles, CA 90071; Miami Regional Office (MIRO), 801 Brickell Avenue, Suite 1950, Miami, FL 33131; New York Regional Office (NYRO), Brookfield Place, 200 Vesey Street, Suite 400, New York, NY 10281-1022; Philadelphia Regional Office (PLRO), One Penn Center, 1617 John F. Kennedy Boulevard, Suite 520, Philadelphia, PA 19103-1844; Salt Lake Regional Office (SLRO), 351 S West Temple St., Suite 6.100, Salt Lake City, UT 84101; and San Francisco Regional Office (SFRO), 44 Montgomery Street, Suite 2800, San Francisco, CA 94104.

SYSTEM MANAGER(S):

Chief Operating Officer, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

The authority to collect this information derives from General Duty Clause, Sections 5(a)(1) and 19(a) of the Occupational Safety and Health (OSH) Act of 1970 (29 U.S.C. 654(a)(1), 668(a)); Section 319 of the Public Health Service Act (42 U.S.C. 247d); E.O. 12196, Occupational Safety and Health Programs for Federal Employees (Feb. 26, 1980); E.O 13991, Protecting the Federal Workforce and Requiring Mask-Wearing; (Jan. 25, 2021); Executive Order on Ensuring Adequate COVID Safety Protocols for Federal Contractors (September 9, 2021); Executive Order on Requiring Coronavirus Disease 2019 Vaccination for Federal Employees (September 9, 2021); OMB Memorandum M-20-23 Aligning Federal Agency Operations with the National Guidelines for Opening Up America Again (Apr. 20, 2020); and OMB Memorandum M-21-15 COVID-19 Safe Federal Workplace: Agency Model Safety Principles (Jan. 24, 2021). Information will be collected and maintained in accordance with the Americans with Disabilities Act of 1990 (42 U.S.C. 12101 et seq. )

PURPOSE(S) OF THE SYSTEM:

The information in the system is collected to assist the SEC with maintaining a safe and healthy workplace and to protect its workforce from risks associated with communicable diseases that the Secretary of the Department of Health and Human Services has determined to be a public health emergency pursuant to Section 319(a) of the Public Health Service Act (42 U.S.C. 247d(a)) (“Public Health Emergency”). Records in this system may be collected, maintained, and used to: (1) Determine who may be allowed access to SEC facilities or worksites and what testing or medical screening is necessary before a person may enter; (2) respond to a significant risk of harm to SEC personnel, contractors, and visitors, as well as to any others in SEC facilities or worksites; (3) document reports that SEC personnel, contractors, or any persons who have been in SEC facilities or worksites may have or may have been exposed to a communicable disease that is the subject of a Public Health Emergency; (4) perform contact tracing investigations of and notifications to SEC personnel, contractors, and visitors known or suspected of exposure to communicable diseases that are the subject of a Public Health Emergency; (5) inform federal, state, or local public health authorities so that these authorities may act to protect public health as allowed or required by law; (6) implement such actions ( e.g., quarantine or isolation) as necessary to prevent the introduction, transmission, and spread of a communicable disease that is the subject of a Public Health Emergency by SEC personnel, contractors, and persons who have been in SEC facilities or worksites; (7) comply with Occupational Safety and Health Administration Act recordkeeping requirements; and (8) process employee requests for reasonable accommodation based on disability or sincerely held religious belief.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals covered by this system include all SEC personnel (political appointees, employees, consultants, detailees, interns, and volunteers), contractors, visitors, job applicants, and others who access or seek to access SEC facilities or worksites. The system also covers individuals identified as emergency contacts for SEC staff.

CATEGORIES OF RECORDS IN THE SYSTEM:

Information collected and maintained may include, but is not limited to:

—Biographical information: Name and contact information.

—Health information: Body temperature, dates of and symptoms relating to a potential or actual exposure to a pathogen, or immunization and/or vaccination information.

—Information to support a request for reasonable accommodation based on disability or sincerely held religious belief.

—Contact tracing information: Dates of visits to SEC facilities, locations visited within the facility ( e.g., office and cubicle number), the duration of time spent in the facility, dates the SEC was made aware of the exposure, and potential contacts between potentially contagious persons and others in SEC facilities.

—Testing Results: Negative results, confirmed or unconfirmed positive test results, and documents related to the reasons for testing or other aspects of test results.

—Subsequent actions taken by the SEC to address an incident: Identifying and contact information of individuals who have been suspected or confirmed to have contracted a communicable disease that is the subject of a Public Health Emergency, or who have been exposed to an individual who has been suspected or confirmed to have contracted a communicable disease that is the subject of a Public Health Emergency; individual circumstances and dates of suspected exposure; symptoms; and treatments. The SEC uses this information to maintain a safe and healthy workplace and to protect its workforce. Although it is not the intent for the SEC to collect family medical information, an individual may indicate that they were exposed to specific family members who have been diagnosed with, or are suspected to have, the disease in question. To the extent this information may be acquired inadvertently, such information will be kept as a confidential medical record and maintained separately from an employee's SEC personnel file.

RECORD SOURCE CATEGORIES:

The information in this system is collected directly from the individual or from the individual's emergency contact. Information may also be collected from security systems that monitor access to SEC facilities, such as badging systems, video surveillance, human resources systems, emergency notification systems, and federal, state, and local agencies assisting with the response to a Public Health Emergency. Information may also be collected from SEC contractors or from property management companies responsible for managing office buildings that house SEC facilities or worksites, including the General Services Administration (GSA).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records Start Printed Page 60498 or information contained therein may specifically be disclosed outside the Commission as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

1. To appropriate agencies, entities, and persons when (a) it is suspected or confirmed that the security or confidentiality of information in the system of records has been compromised; (b) the SEC has determined that, as a result of the suspected or confirmed compromise, there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the SEC or another agency or entity) that rely upon the compromised information; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the SEC's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

2. To a Federal, State, or local agency to the extent necessary to comply with laws governing reporting of infectious disease.

3. To SEC personnel, contractors, visitors, emergency contacts, or others to notify an individual (1) who has been exposed or may have potentially been exposed to a communicable disease that is the subject of a Public Health Emergency of information regarding the exposure or potential exposure, or (2) who may have reason to know of circumstances that increase the risk of such exposure. To the extent possible, all information will be anonymized.

4. To another Federal agency, to a court, or a party in litigation before a court or in an administrative proceeding being conducted by a Federal agency when the SEC is a party to the judicial or administrative proceeding where the information is relevant and necessary to the proceeding.

5. To employees, grantees, experts, contractors, and others who have been engaged by the Commission to assist in the performance of a service related to this system of records and who need access to the records for the purpose of assisting the Commission in the efficient administration of its programs, including by performing clerical, stenographic, or data analysis functions, or by reproduction of records by electronic or other means. Recipients of these records shall be required to comply with the requirements of the Privacy Act of 1974, as amended, 5 U.S.C. 552a.

6. To produce summary descriptive statistics and analytical studies, as a data source for management information, in support of the function for which the records are collected and maintained or for related personnel management functions or manpower studies; may also be used to respond to general requests for statistical information (without personal identification of individuals) under the Freedom of Information Act.

7. To a Congressional office from the record of an individual in response to an inquiry from the Congressional office made at the request of that individual.

8. To members of Congress, the Government Accountability Office, or others charged with monitoring the work of the Commission or conducting records management inspections.

9. To another Federal agency or Federal entity, when the SEC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records in this system of records are stored electronically or on paper in secure facilities. Electronic records are stored on the SEC's secure network.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Information covered by this system of records notice may be retrieved by the name of the individual, contact information, or by some combination thereof.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

The records will be maintained until they become inactive, at which time they will be retired or destroyed in accordance with records schedules of the United States Securities and Exchange Commission, and as approved by the National Archives and Records Administration.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Access to SEC facilities, data centers, and information or information systems is limited to authorized personnel with official duties requiring access. SEC facilities are equipped with security cameras, and, at certain SEC facilities, 24-hour security guard service. Computerized records are safeguarded in a secured environment. Security protocols meet the promulgating guidance as established by the National Institute of Standards and Technology (NIST) Security Standards from Access Control to Data Encryption and Security Assessment & Authorization (SA&A). Records are maintained in a secure, password-protected electronic system that will utilize commensurate safeguards that may include: Firewalls, intrusion detection and prevention systems, and role-based access controls. Additional safeguards will vary by program. All records are protected from unauthorized access through appropriate administrative, operational, and technical safeguards. These safeguards include: Restricting access to authorized personnel who have a “need to know”; using locks; and password protection identification features. Contractors and other recipients providing services to the Commission shall be required to maintain equivalent safeguards.

RECORD ACCESS PROCEDURES:

Persons wishing to obtain information on the procedures for gaining access to or contesting the contents of these records may contact the FOIA/PA Officer, Securities and Exchange Commission, 100 F Street NE, Mail Stop 5100, Washington, DC 20549-2736.

CONTESTING RECORD PROCEDURES:

See Record Access Procedures above.

NOTIFICATION PROCEDURES:

All requests to determine whether this system of records contains a record pertaining to the requesting individual may be directed to the FOIA/PA Officer, Securities and Exchange Commission, 100 F Street NE, Mail Stop 5100, Washington, DC 20549-2736.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

New SORN.