Privacy Act of 1974; System of Records

AGENCY:

Federal Deposit Insurance Corporation (FDIC).

ACTION:

Notice of New System of Records.

SUMMARY:

Pursuant to the provisions of the Privacy Act of 1974, as amended, the FDIC is establishing FDIC-036 Ensuring Workplace Health and Safety in Response to a Public Health Emergency. This system of records maintains information collected in response to a public health emergency, such as a pandemic or epidemic, from FDIC personnel (including political appointees, onboarding employees, employees, detailees, contractors, consultants, interns, and volunteers), and visitors to FDIC facilities.

DATES:

This action will become effective on November 16, 2021 The routine uses in this action will become effective on December 16, 2021 unless the FDIC makes changes based on comments received. Written comments should be submitted on or before December 16, 2021.

ADDRESSES:

Interested parties are invited to submit written comments identified by Privacy Act Systems of Records by any of the following methods:

• Federal eRulemaking Portal: http://regulations.gov. Follow the instructions for submitting comments.

• Agency website: https://www.fdic.gov/resources/regulations/federal-register-publications/. Follow the instructions for submitting comments on the FDIC website.

• Email: Comments@fdic.gov.

• Mail: Shannon Dahn, Chief, Privacy Program, Federal Deposit Insurance Corporation, 550 17th Street NW, Washington, DC 20429.

• Hand Delivery: Comments may be hand-delivered to the guard station at the rear of the 17th Street NW building (located on F Street), on business days between 7:00 a.m. and 5:00 p.m.

FOR FURTHER INFORMATION CONTACT:

Shannon Dahn, Chief, Privacy Program, 703-516-5500, privacy@fdic.gov.

SUPPLEMENTARY INFORMATION:

Pursuant to the Privacy Act, 5 U.S.C. 552a, FDIC is establishing a new system of records, FDIC-036 Ensuring Workplace Health and Safety in Response to a Public Health Emergency. FDIC is committed to providing all FDIC personnel with a safe and healthy work environment. When the Secretary of Health and Human Services declares a public health emergency under Section 319 of the Public Health Act, FDIC may develop and institute additional safety measures to protect the workforce and those individuals entering FDIC facilities. These measures may include instituting activities such as requiring FDIC personnel and visitors to provide information before being allowed access to a FDIC facility, medical screening, and contact tracing. FDIC personnel may also need to provide information before being authorized to travel.FDIC will collect and maintain information in accordance with the Americans with Disabilities Act of 1990 and regulations and guidance published by the U.S. Occupational Safety and Health Administration, the U.S. Equal Employment Opportunity Commission, and the U.S. Centers for Disease Control and Prevention.

SYSTEM NAME AND NUMBER:

Ensuring Workplace Health and Safety in Response to a Public Health Emergency, FDIC-036.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Records are maintained at FDIC facilities in Arlington, Virginia and regional offices. Original and duplicate systems may exist, in whole or in part, at secure sites and on secure servers maintained by third-party service providers for the FDIC.

SYSTEM MANAGER(S):

Special Advisor to FDIC's Chief Operating Officer, 3501 Fairfax Drive, Arlington, VA 22226, healthandsafety@fdic.gov.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Sections 9, 11, and 12 of the Federal Deposit Insurance Act (12 U.S.C. 1819, 1821, and 1822); American with Disabilities Act, including 42 U.S.C. 12112(d)(3)(B), 29 CFR 1630.2(r), 1630.14(b), (c), (d)(4); Title VII of the Civil Rights Act, 42 U.S.C. 2000e; 29 U.S.C. 791; Workforce safety federal requirements, including the Occupational Safety and Health Act of 1970, 5 U.S.C. 7902; 29 U.S.C. Chapter 15 ( e.g., 29 U.S.C. 668), 29 CFR part 1904, 29 CFR 1910.1020, and 29 CFR 1960.66; Executive Order 13164; Executive Order 12196; Executive Order on Requiring Coronavirus Disease 2019 Vaccination for Federal Employees dated September 9, 2021; Executive Order 14042, Ensuring Adequate COVID Safety Protocols for Federal Contractors.

PURPOSE(S) OF THE SYSTEM:

The information in the system is collected to assist the FDIC with maintaining a safe and healthy workplace and respond to a public health emergency (as defined by the U.S. Department of Health and Human Services and declared by its Secretary), such as a pandemic or epidemic. These measures may include instituting activities such as requiring FDIC personnel to provide information before being allowed access to a FDIC facility, medical screening, contact tracing, to provide information before being authorized to travel, and to comply with applicable mandates related to a public health emergency. These measures may also include requiring visitor information to determine whether to admit an individual to an FDIC facility and to conduct contract tracing when necessary for those who have visited.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals covered by this system include FDIC personnel (including political appointees, onboarding employees, employees, detailees, contractors, consultants, interns, and volunteers) and visitors to a FDIC facility during a public health emergency, such as a pandemic or epidemic. FDIC may also maintain information on FDIC personnel's emergency contacts.

CATEGORIES OF RECORDS IN THE SYSTEM:

FDIC personnel information may include:

• Name;

• Contact information ( e.g., email address, phone number);

• Recent travel history;
• Whether they provide dependent care for an individual in a high-risk category;
• Health information, including:

○ Body temperature,

○ Confirmation of pathogen or communicable disease test,

○ Test results,

○ Dates, symptoms, potential or actual exposure to a pathogen or communicable disease,

○ Immunization or vaccination information, and

○ Information to support a request for exemption from a vaccination ( e.g., medical diagnosis or religious beliefs);

• Contact tracing information, including:

○ Dates when they visited the FDIC facility,

○ Locations that they visited within the facility ( e.g., office and cubicle number),

○ Duration of time spent in the facility, and

○ Whether they may have potentially come into contact with a contagious person while visiting the facility.

Information about visitors to FDIC facilities may include:

• Name;
• Contact information;
• Recent travel history;
• Health information, including:

○ Body temperature,

○ Confirmation of pathogen or communicable disease test,

○ Test results,

○ Dates, symptoms, potential or actual exposure to a pathogen or communicable disease, and

○ Attestation of vaccine status;

• Contact tracing information, including:

○ Dates when they visited the FDIC facility,

○ Locations that they visited within the facility ( e.g., office and cubicle number),

○ Duration of time spent in the facility, and

○ Whether they may have potentially come into contact with a contagious person while visiting the facility.

Information about emergency contacts may include:

• Name,
• Phone number, and
• Email addresses.

RECORD SOURCE CATEGORIES:

The information in this system is collected in part directly from the individual or from the individual's emergency contact. Information is also collected from security systems monitoring access to FDIC facilities, such as video surveillance and turnstiles, human resources systems, emergency notification systems, and federal, state, and local agencies assisting with the response to a public health emergency. Information may also be collected from property management companies responsible for managing office buildings that house FDIC facilities.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside the FDIC as a routine use as follows:

(1) To appropriate Federal, State, local and foreign authorities responsible for investigating or prosecuting a violation of, or for enforcing or implementing a statute, rule, regulation, or order issued, when the information indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature, and whether arising by general statute or particular program statute, or by regulation, rule, or order issued pursuant thereto;

(2) To a court, magistrate, or other administrative body in the course of presenting evidence, including disclosures to counsel or witnesses in the course of civil discovery, litigation, or settlement negotiations or in connection with criminal proceedings, when the FDIC is a party to the proceeding or has a significant interest in the proceeding, to the extent that the information is determined to be relevant and necessary;

(3) To a congressional office in response to an inquiry made by the congressional office at the request of the individual who is the subject of the record;

(4) To appropriate agencies, entities, and persons when (a) the FDIC suspects or has confirmed that there has been a breach of the system of records; (b) the FDIC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the FDIC (including its information systems, programs, and operations), the Federal Government, or national security; the FDIC and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the FDIC's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm;

(5) To another Federal agency or Federal entity, when the FDIC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach;

(6) To contractors, grantees, volunteers, and others performing or working on a contract, service, grant, cooperative agreement, or project for the FDIC, the Office of Inspector General for the purpose of assisting FDIC respond to a public health emergency;

(7) To a Federal, State, or local agency to the extent necessary to comply with laws governing reporting of infectious disease; and

(8) To the FDIC personnel member's emergency contact for purposes of locating a personnel member during a public health emergency or to communicate that the FDIC personnel member may have potentially been exposed to a virus as the result of a pandemic or epidemic while visiting a FDIC facility.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are stored in electronic media and in paper format within individual file folders.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Electronic media and paper format are indexed and retrieved by employee name, employee identification number, office location, or office/division name.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

FDIC is in the process of creating a new records schedule for declared public health emergencies. FDIC maintains emergency contact information until superseded or obsolete, or upon separation or transfer of employee.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Electronic records are password-protected and accessible only by authorized personnel. Paper records are maintained in lockable file cabinets accessible only to authorized personnel.

RECORD ACCESS PROCEDURES:

Individuals wishing to request access to records about them in this system of records must submit their request in writing to the FDIC FOIA & Privacy Act Group, 550 17th Street NW, Washington, DC 20429, or email efoia@fdic.gov. Requests must include full name, address, and verification of identity in accordance with FDIC regulations at 12 CFR part 310.

CONTESTING RECORD PROCEDURES:

Individuals wishing to contest or request an amendment to their records in this system of records must submit their request in writing to the FDIC FOIA & Privacy Act Group, 550 17th Street NW, Washington, DC 20429, or email efoia@fdic.gov. Requests must specify the information being contested, the reasons for contesting it, and the proposed amendment to such information in accordance with FDIC regulations at 12 CFR part 310.

NOTIFICATION PROCEDURES:

Individuals wishing to know whether this system contains information about them must submit their request in writing to the FDIC FOIA & Privacy Act Group, 550 17th Street NW, Washington, DC 20429, or email efoia@fdic.gov. Requests must include full name, address, and verification of identity in accordance with FDIC regulations at 12 CFR part 310.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.