Privacy Act of 1974; System of Records

AGENCY:

Occupational Safety and Health Review Commission.

ACTION:

Notice of a modified system of records.

SUMMARY:

In accordance with the Privacy Act of 1974, as amended, the Occupational Safety and Health Review Commission (OSHRC) is revising the notice for Privacy Act system-of-records OSHRC-7.

DATES:

Comments must be received by OSHRC on or before November 12, 2021. The revised system of records will become effective on November 29, 2021, without any further notice in the Federal Register , unless comments or government approval procedures necessitate otherwise.

ADDRESSES:

You may submit comments by any of the following methods:

• Email: rbailey@oshrc.gov. Include “PRIVACY ACT SYSTEM OF RECORDS” in the subject line of the message.

• Fax: (202) 606-5417.

• Mail: One Lafayette Centre, 1120 20th Street NW, Ninth Floor, Washington, DC 20036-3457.

• Hand Delivery/Courier: same as mailing address.

Instructions: All submissions must include your name, return address, and email address, if applicable. Please clearly label submissions as “PRIVACY ACT SYSTEM OF RECORDS.”

FOR FURTHER INFORMATION CONTACT:

Ron Bailey, Attorney-Advisor, Office of the General Counsel, via telephone at (202) 606-5410, or via email at rbailey@oshrc.gov.

SUPPLEMENTARY INFORMATION:

The Privacy Act of 1974, 5 U.S.C. 552a(e)(4), requires federal agencies such as OSHRC to publish in the Federal Register notice of any new or modified system of records.

In accordance Executive Order 13869, “Executive Order on Transferring Responsibility for Background Investigations to the Department of Defense” (April 24, 2019), the Department of Defense's Defense Counterintelligence and Security Agency will conduct personnel background investigations for OSHRC. This function was previously performed by the Office of Personnel Management. The system-of-records notice, OSHRC-7, has been revised to account for this change.

In addition, OSHRC recently revised its Privacy Act regulations, 29 CFR part 2400, which resulted in the renumbering of its regulatory provisions. 85 FR 65222 (Oct. 15, 2020). OSHRC is therefore revising the following elements in this system-of-records notice to reference the correct sections of the agency's Privacy Act regulations: Record Access Procedures, Contesting Record Procedures, and Notification Procedures.

The notice for OSHRC-7, provided below in its entirety, is as follows.

SYSTEM NAME AND NUMBER:

Personnel Security Records, OSHRC-7.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

The Office of the Executive Director maintains the records in this system. The office is located at 1120 20th Street NW, Ninth Floor, Washington, DC 20036-3457.

SYSTEM MANAGER(S):

Human Resources Specialist, 1120 20th Street NW, Ninth Floor, Washington, DC 20036-3457; (202) 606-5100.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

E.O. 13467, as amended; E.O. 13488, as amended; E.O. 13764; E.O. 13869; Homeland Security Presidential Directive (HSPD) 12; and Federal Information Processing Standard (FIPS) 201.

PURPOSE(S) OF THE SYSTEM:

The information collected by OSHRC allows the Department of Defense's Defense Counterintelligence and Security Agency (DCSA) and, previously, the Office of Personnel Management (OPM), to conduct background investigations on those individuals being credentialed, assist in verifying the identity of those for whom credentials have been requested, and provide the necessary information for issuance of identification and access cards.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

This system of records covers current OSHRC employees, contractors, and Commission members, and, as to records concerning office access cards, also former employees, contractors, and Commission members.

CATEGORIES OF RECORDS IN THE SYSTEM:

This system of records may include an individual's name and former names; signature; date and place of birth; social security number; citizenship information; residential history; education; employment history; criminal history and police records; names of associates and references, and their contact information; military history and selective service record; illegal drug activities; telephone numbers; hair and eye color, weight, and height; gender; financial records; investigative records; foreign countries visited; marital status and name, date and place of birth, address, and social security number of spouse; names of certain relatives who work for the government; names, addresses, dates and countries of birth, and citizenship of certain relatives. As to office access cards, the records include only the individual's name, and the date that the access card was activated, deactivated, and turned in. Most of the records concerning background investigations conducted by OPM, before this function was transferred to DCSA, are decentralized copies from OPM and remain subject to the practices and policies set forth in system-of-records notice OPM/CENTRAL-9 (Personnel Investigations Records). Copies of records from DCSA that are maintained in OSHRC's files are covered only by system-of-records notice OSHRC-7.

RECORD SOURCE CATEGORIES:

Information contained in the system is obtained from individuals subject to the credentialing process, OSHRC employees involved in the credentialing process, and investigative record materials furnished by DCSA or OPM.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to disclosures generally permitted under 5 U.S.C. 552a(b), all or a portion of the records or information contained in this system of records may be disclosed as a routine use pursuant to 5 U.S.C. 552a(b)(3) under the circumstances or for the purposes described below, to the extent such disclosures are compatible with the purposes for which the information was collected:

(1) To the Department of Justice (DOJ), or to a court or adjudicative body before which OSHRC is authorized to appear, when any of the following entities or individuals—(a) OSHRC, or any of its components; (b) any employee of OSHRC in his or her official capacity; (c) any employee of OSHRC in his or her individual capacity where DOJ (or OSHRC where it is authorized to do so) has agreed to represent the employee; or (d) the United States, where OSHRC determines that litigation is likely to affect OSHRC or any of its components—is a party to litigation or has an interest in such litigation, and OSHRC determines that the use of such records by DOJ, or by a court or other tribunal, or another party before such tribunal, is relevant and necessary to the litigation.

(2) To an appropriate agency, whether federal, state, local, or foreign, charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, when a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes civil, criminal or regulatory violations, and such disclosure is proper and consistent with the official duties of the person making the disclosure.

(3) To a federal, state, or local agency maintaining civil, criminal or other relevant enforcement information, such as current licenses, if necessary to obtain information relevant to an OSHRC decision concerning the hiring, appointment, or retention of an employee; the issuance, renewal, suspension, or revocation of a security clearance; the execution of a security or suitability investigation; the letting of a contract; or the issuance of a license, grant or other benefit.

(4) To a federal, state, or local agency, in response to that agency's request for a record, and only to the extent that the information is relevant and necessary to the requesting agency's decision in the matter, if the record is sought in connection with the hiring, appointment, or retention of an employee; the issuance, renewal, suspension, or revocation of a security clearance; the execution of a security or suitability investigation; the letting of a contract; or the issuance of a license, grant or other benefit by the requesting agency.

(5) To an authorized appeal grievance examiner, formal complaints manager, equal employment opportunity investigator, arbitrator, or other duly authorized official engaged in investigation or settlement of a grievance, complaint, or appeal filed by an employee, only to the extent that the information is relevant and necessary to the case or matter.

(6) To OPM in accordance with the agency's responsibilities for evaluation and oversight of federal personnel management.

(7) To officers and employees of a federal agency for the purpose of conducting an audit, but only to the extent that the record is relevant and necessary to this purpose.

(8) To OMB in connection with the review of private relief legislation at any stage of the legislative coordination and clearance process, as set forth in Circular No. A-19.

(9) To a Member of Congress or to a person on his or her staff acting on the Member's behalf when a written request is made on behalf and at the behest of the individual who is the subject of the record.

(10) To the National Archives and Records Administration (NARA) for records management inspections and such other purposes conducted under the authority of 44 U.S.C. 2904 and 2906.

(11) To appropriate agencies, entities, and persons when: (a) OSHRC suspects or has confirmed that there has been a breach of the system of records; (b) OSHRC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, OSHRC, the Federal Government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with OSHRC's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

(12) To NARA, Office of Government Information Services (OGIS), to the extent necessary to fulfill its responsibilities in 5 U.S.C. 552(h), to review administrative agency policies, procedures and compliance with FOIA, and to facilitate OGIS' offering of mediation services to resolve disputes between persons making FOIA requests and administrative agencies.

(13) To another federal agency or federal entity, when OSHRC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are stored on paper in locked file cabinets.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are retrieved by an individual's name.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Office access card records are retained and disposed of in accordance with NARA's General Records Schedule 5.6, Item 21. However, paper copies of personnel security records from DCSA or OPM are shredded once an employee, contractor, or Commission member no longer works at OSHRC.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records are maintained in a locked file cabinet. Access to the cabinet is limited to personnel having a need for access to perform their official functions.

RECORD ACCESS PROCEDURES:

Individuals who wish to gain access to their records should notify: Privacy Officer, OSHRC, 1120 20th Street NW, Ninth Floor, Washington, DC 20036-3457. For an explanation on how such requests should be drafted, refer to 29 CFR 2400.4 (procedures for requesting notification of and access to personal records).

CONTESTING RECORD PROCEDURES:

Individuals who wish to contest their records should notify: Privacy Officer, OSHRC, 1120 20th Street NW, Ninth Floor, Washington, DC 20036-3457. For an explanation on the specific procedures for contesting the contents of a record, refer to 29 CFR 2400.6 (procedures for amending personal records), and 29 CFR 2400.7 (procedures for appealing).

NOTIFICATION PROCEDURES:

Individuals interested in inquiring about their records should notify: Privacy Officer, OSHRC, 1120 20th Street NW, Ninth Floor, Washington, DC 20036-3457. For an explanation on how such requests should be drafted, refer to 29 CFR 2400.4 (procedures for requesting notification of and access to personal records).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

April 14, 2006, 71 FR 19556; August 4, 2008, 73 FR 45256; October 5, 2015, 80 FR 60182; September 28, 2017, 82 FR 45324; and August 30, 2018, 83 FR 44309.