AGENCY:

Office of Assistant Secretary for Administration and Management, DOL.

ACTION:

Notice of a new system of records.

SUMMARY:

As required by the Privacy Act of 1974, and Office of Management and Budget (OMB) Circular No. A-108, this notice is a new Privacy Act System of Records titled Contractor and Visitor Public Health Emergency Records DOL/OASAM-38, which include information on contractor employees, special government employees and student volunteers who work in, as well as visitors to, Department of Labor (DOL) facilities during declared public health emergencies. The system contains information provided by the contractor's employees including such information as their applicable vaccination or medical countermeasure status and whether they are experiencing symptoms associated with the public health emergency. Each contractor with employees who will work in DOL facilities (regardless of whether the contract is with DOL or another Federal agency such as GSA) will be asked to confirm if its employees have been vaccinated or have received appropriate medical countermeasures, in addition, the contractor will be required to ensure that its employees follow the guidelines specified for working in DOL facilities, for example, to mitigate the spread of COVID-19, not fully vaccinated employees are required to wear masks and maintain physical distancing. Visitors to DOL facilities will also be asked to provide information about their vaccination or medical countermeasure status and information about whether they are experiencing any symptoms associated with the public health emergency. Contractors, special government employees and student volunteers may also be asked to provide proof of their vaccination status.

DATES:

Comment Dates: We will consider comments that we receive on or before April 25, 2022.

Applicable date: This notice is applicable upon publication, subject to a 30-day review and comment period for the routine uses.

ADDRESSES:

We invite you to submit comments on this notice. You may submit comments by any of the following methods:

• Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.

• Mail, hand delivery, or courier: 200 Constitution Avenue NW, N-1301, Washington, DC. In your comment, specify Docket ID DOL-2021-00##.

• Federal mailbox: https://dol.gov/​privacy .

All comments will be made public by DOL and will be posted without change to http://www.regulations.gov, including any personal information provided.

FOR FURTHER INFORMATION CONTACT:

To submit general questions about the system, contact Rick Kryger, at telephone 202-693-4158, or email kryger.rick.j@dol.gov .

SUPPLEMENTARY INFORMATION:

DOL is establishing a system of records, DOL/OASAM-38, subject to the Privacy Act of 1974, 5 U.S.C. 552a. The purpose of this new system of records is to house information provided by contractors, subcontractors, their employees, special government employees, student volunteers, and visitors needed for DOL to take appropriate actions during a public health emergency. This system supports DOL's COVID-19 safety protocols as required by Executive Order 13991; Office of Management and Budget (OMB) Memorandums M-21-15 and M-21-25; COVID-19 Workplace Safety: Agency Model Safety Principles issued by the Federal Safer Federal Workforce Task Force; and other applicable law and policy. Federal labor, employment and workforce health and safety laws that govern the collection, dissemination, and retention of DOL employees' medical information include the Americans with Disability Act (ADA), the Rehabilitation Act of 1973 (Rehab Act), and the Occupational Safety and Health Act of 1970. The Department of Health and Human Services (HHS) Secretary may, under section 319 of the Public Health Service (PHS) Act codified at 42 U.S.C. 247d, declare that: (a) A disease or disorder presents a public health emergency; or (b) that a public health emergency, including significant outbreaks of infectious disease or bioterrorist attacks, otherwise exists.

The Occupational Safety and Health Act (OSHA) of 1970, Public Law 91-596, 29 U.S.C. 668, Section 19(a) requires the head of each Federal agency to establish and maintain an effective and comprehensive occupational safety and health program and safe and healthful places and conditions of employment, and to keep adequate records of all occupational accidents and illnesses for proper evaluation and necessary corrective action. OSHA also requires that Federal agencies maintain an injury and illness prevention program, which is a proactive process designed to reduce injuries, illnesses, and fatalities.

This OASAM-38 notice covers DOL employees and individuals that do not fall under Title 5 and OPM's personnel recordkeeping authority and thus are not covered by the OPM/GOVT-10 SORN. Federal civilian employee medical records are covered by a government-wide Privacy Act SORN published by the Office of Personnel Management (OPM), OPM/GOVT-10, Employee Medical File System Records (75 FR 35099, June 21, 2010; modification published at 80 FR 74815, November 30, 2015). These Federal employee confidential medical records are managed in accordance with OPM regulations at 5 CFR part 293, the OPM/GOVT-10 SORN, and its published routine uses. The OPM/GOVT-10 SORN covers Federal civilians that are identified under Title 5 U.S.C. chapter 21. The majority of DOL Federal employees fall under Title 5 and their medical records are covered by the OPM/GOVT-10 SORN and must be managed in accordance with that SORN and applicable OPM regulations.

Any collection of records in DOL/OASAM-38 is only permitted during a time of a public health emergency or similar health and safety incident. During such an emergency or incident, DOL will only collect the minimum information necessary to respond to the emergency or incident, and comply with Federal workforce safety requirements, when DOL determines that a significant risk of substantial harm exists to individuals working at or visiting a DOL controlled facility, or attending a DOL sponsored event in a non-DOL controlled facility. DOL's responsibilities for ensuring a safe workforce and secure buildings and workspaces depend on the nature and circumstances of the public health emergency.

In order to meet requirements for workforce safety during a public health emergency or similar incident, DOL may collect records that could include medical countermeasures, such as vaccinations, diagnostic test results, whether the individual is experiencing relevant symptoms, and any other information necessary to assist DOL with determining appropriate mitigation measures to take with respect to contractor employees, special government employees, student volunteers and visitors in DOL facilities or in the performance of duties associated with the Department.

In general, the information will be used to confirm that contractors, their employees, special government employees, student volunteers and visitors to DOL facilities are aware of and complying with requirements necessitated by the public health emergency, such as those to wear masks and maintain physical distancing while working onsite or visiting a DOL Start Printed Page 16768 facility. For onsite contractor employees, the information will be used to make decisions such as office space planning and assigning office space, assigning tasks that require individuals to work in close physical proximity, as well for operational staffing requirements for carrying out work in field operations.

DOL may also collect location and dates of potential exposure, information related to employee requests for reasonable accommodation, and other information that may be relevant or required for DOL to comply with Federal guidelines and prevent or slow the spread of the COVID-19 disease and mitigate health impacts to DOL personnel, visitors, and other individuals at DOL controlled facilities and sponsored events.

This notice also adds required breach routine uses to ensure that the Department can disclose information necessary to respond to a DOL breach and to assist another agency in responding to a confirmed or suspected breach, as appropriate, pursuant to OMB M-17-12.

SYSTEM NAME AND NUMBER:

Contractor and Visitor Public Health Emergency Records DOL/OASAM-38.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

The U.S. Department of Labor (DOL) Office of Assistant Secretary and Administration and Management owns the Contractor and Visitor Public Health Emergency Records System, which is housed in secure datacenters in the continental United States. Each DOL agency that has contractors working in a DOL facility has custody of the records pertaining to its own contracts. Contact the system manager for additional information.

SYSTEM MANAGER(S):

Rick Kryger, Deputy Chief Information Officer, Office of the Assistant Secretary for Administration and Management, U.S. Department of Labor, 200 Constitution Avenue NW, N-1301, Washington, DC 20210.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

National Emergencies Act (50 U.S.C. 1601-1651); the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5121, 5192(1)); Section 319 of the Public Health Service (PHS) Act (42 U.S.C. 247d); 5 U.S.C. 301, 7901, 7902, and 7903; the Occupational Safety and Health Act (29 U.S.C. 668), Executive Order 12196 “Occupational safety and health programs for Federal employees”; Workforce Innovation and Opportunity Act (WIOA) WIOA 159(g) ((29 U.S.C. 3209(g)) and WIOA 147(a)(3)(J) ((29 U.S.C. 3197(a)(3)(J)).

PURPOSE(S) OF THE SYSTEM:

To capture and report health and safety-related information during public health emergencies. Such reporting will be provided to DOL contracting officers and other authorized officials in DOL to enable the agency to use the data from the system to review submissions for compliance with applicable mitigation requirements, and, in the case of contractor employees, with contractual terms and conditions for contracts for which they are responsible.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The Contractor and Visitor Public Health Emergency Records System contains records related to employees of prime and subcontractors who are performing work on federal contract awards at any DOL facility, or in shared operations. An owner, agent, or employee of a prime or subcontractor may enter or certify information, as applicable.

The Contractor and Visitor Public Health Emergency Records System will also contain records related to contractors, subcontractors, their employees, special government employees, student volunteers, visitors, individuals from outside the DOL workforce on detail to DOL, experts/consultants, and grantees.

CATEGORIES OF RECORDS IN THE SYSTEM:

The information in the system of records consists of electronic or hard copy records, including records of vaccination status or other medical countermeasures (such as diagnostic test results), status of employees or visitors, and other health and safety information related to the public health emergency. The information in the system of records includes the name of the person entering, and as applicable, certifying, information on behalf of the prime or subcontractor, their position within the company, phone number, and email address. Categories of records include, but are not limited to: Name, unique identifier assigned by the prime or subcontractor, medical countermeasure (vaccination or diagnostic test) status, symptom questionnaires and other information relevant and necessary for mitigation purposes. Optional records that may be required for certain contracts or in certain geographic areas include: Name, position, work phone number, email address, DOL facility, lands, or shared operations at which the employee will be working on-site, and other similar records related to their official responsibilities.

RECORDS SOURCE CATEGORIES:

Contract employee records are created, reviewed and, as appropriate, certified by the prime or subcontractor. Records pertaining to the individual entering and certifying data in the system may be created by the individual, by a contracting officer, or in the case of a subcontractor by the prime contractor or another subcontractor. Visitor records are created, reviewed and, as appropriate, certified by the appropriate Agency Official receiving the visitor to the DOL facility.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act of 1974, and all universal routine uses listed at 81 FR 25765, 25775 (April 29, 2016) and https://www.dol.gov/​agencies/​sol/​privacy/​intro, information in this system may disclosed as follows:

1. The information in this system may be disclosed to state and local public health officials for purposed related to the public health emergency, such as contract tracing.

2. To appropriate agencies, entities, and persons when (1) the DOL suspects or confirms a breach of the System of Records; (2) the DOL determines as a result of the suspected or confirmed breach there is a risk of harm to individuals, the DOL (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the DOL's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

3. To another Federal agency or Federal entity, when the DOL determines that information from this System of Records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. Start Printed Page 16769

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Electronic records in this system of records are stored on security measure protected (for example, e-authentication, password, restricted access protocol, etc.) databases, electronically on e-media devices (computer hard drive, magnetic disc, tape, digital media, CD, DVD, etc.). Paper copies of records are stored within secured or locked facilities.

POLICIES AND PRACTICES FOR RETRIEVEAL OF RECORDS:

Records may be retrieved by the individual's name, unique identifier assigned by the prime or subcontractor, vaccination status, position, or facility at which the employee will be working on-site.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records are maintained in file folders and DOL computer systems at applicable locations as set out above under the heading “System Location.” System records will be retained and disposed of according to DOL's records maintenance and disposition schedules as well as any applicable General Records Schedules.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records in this system of records are safeguarded in accordance with applicable rules and policies, including all applicable DOL automated systems security and access policies. Strict controls have been imposed to minimize the risk of compromising the information that is being stored. Access to the computer systems containing the records in this system of records is limited to those individuals who have a need to know the information for the performance of their official duties and who have appropriate clearances or permissions.

Records in the system are protected from unauthorized access and misuse through a combination of administrative, technical, and physical security measures. Administrative measures include but are not limited to policies that limit system access to individuals within an agency with a legitimate business need, and regular review of security procedures and best practices to enhance security. Technical measures include but are not limited to system design that allows prime contractor and subcontractor employees access only to data for which they are responsible; role-based access controls that allow government employees access only to data regarding contracts awarded by their agency or reporting unit; required use of strong passwords that are frequently changed; and use of encryption for certain data transfers. Physical security measures include but are not limited to the use of data centers which meet government requirements for storage of sensitive data.

RECORDS ACCESS PROCEDURES:

Prime and subcontractors enter and review their own data in the system and are responsible for ensuring that those data are correct. If an individual wishes to access their own data in the system after it has been submitted, that individual should consult the System Manager.

CONTESTING RECORD PROCEDURES:

Individuals desiring to contest or amend information maintained in the system should direct their request to the above listed System Manager and should include the reason for contesting it and the proposed amendment to the information with supporting information to show how the record is inaccurate. A request for contesting records pertaining to an individual should contain:

• Name, and
• Any other pertinent information to help identify the file.

NOTIFICATION PROCEDURES:

An individual may request information regarding this system of records or information as to whether the system contains records pertaining to the individual from the System Manager above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.