Privacy Act of 1974; System of Records

AGENCY:

Office of Inspector General, Federal Housing Finance Agency (FHFA-OIG).

ACTION:

Notice of a new system of records.

SUMMARY:

In accordance with the requirements of the Privacy Act of 1974, as amended, (Privacy Act), the Federal Housing Finance Agency Office of Inspector General (FHFA-OIG) is establishing FHFA-OIG-8, Public Health Emergency Records System, a system of records under the Privacy Act. This system of records maintains information collected in response to a public health emergency, such as a pandemic or epidemic, from contractors and visitors to FHFA-OIG facilities or FHFA-OIG-sponsored events, that is necessary to ensure a safe and healthy work environment. FHFA-OIG may collect these records in response to a health-related declaration of a national emergency by the President, a public health emergency declared by the Health and Human Services (HHS) Secretary or designated federal official, or state or local authority. Even in the absence of a declaration of a health-related national emergency or public health emergency, FHFA-OIG may collect these records if it determines that a significant risk of substantial harm exists to the health of FHFA-OIG staff, contractors, and visitors to FHFA-OIG facilities or FHFA-OIG-sponsored events.

DATES:

In accordance with 5 U.S.C. 552a(e)(4) and (11), this system of records will go into effect without further notice on November 18, 2021, unless otherwise revised pursuant to comments received. New routine uses will go into effect on December 20, 2021. Comments must be received on or before December 20, 2021. FHFA-OIG will publish a new notice if the effective date is delayed in order for FHFA-OIG to review the comments or if changes are made based on comments received.

ADDRESSES:

Submit comments to FHFA-OIG, identified by “FHFA-OIG-SORN,” using any one of the following methods:

• Federal eRulemaking Portal: https://www.regulations.gov. Follow the instructions for submitting comments. If you submit your comment to the Federal eRulemaking Portal, please also send it by email to FHFA-OIG at privacy@fhfaoig.gov to ensure timely receipt by FHFA-OIG. Please include “Comments/FHFA-OIG SORN” in the subject line of the message.

• U.S. Mail, United Parcel Service, Federal Express, or Other Mail Service: The mailing address for comments is: Leonard DePasquale, Chief Counsel, Attention: Comments/FHFA-OIG SORN, Office of Inspector General, Federal Housing Finance Agency, 400 Seventh Street SW, Washington, DC 20219. Please note that all mail sent to FHFA-OIG via the U.S. Postal Service is routed through a national irradiation facility, a process that may delay delivery by approximately two weeks. For any time-sensitive correspondence, please plan accordingly. See SUPPLEMENTARY INFORMATION for additional information on submission and posting of comments.

FOR FURTHER INFORMATION CONTACT:

Leonard DePasquale, Chief Counsel, privacy@fhfaoig.gov, (202) 730-0880 (not a toll-free number), Office of Inspector General, Federal Housing Finance Agency, 400 Seventh Street SW, Washington, DC 20219. For TTY/TRS users with hearing and speech disabilities, dial 711 and ask to be connected to the contact number above.

SUPPLEMENTARY INFORMATION:

I. Comments

FHFA-OIG seeks public comments on a new system of records and will take all comments into consideration. See 5 U.S.C. 552a(e)(4) and (11). In addition to referencing “Comments/FHFA-OIG SORN,” please reference the “Public Health Emergency Records System” (FHFA-OIG-8). All comments received will be posted without change on the FHFA-OIG website at https://www.fhfaoig.gov,, and will include any personal information provided, such as name, address (mailing and email), telephone numbers, and any other information you provide.

II. Introduction

This notice informs the public of FHFA-OIG's proposal to establish a new FHFA-OIG system of records. This notice satisfies the Privacy Act's requirement that an agency publish a system of records notice in the Federal Register when establishing a new or making a significant change to an agency's system of records. Congress has recognized that application of all requirements of the Privacy Act to certain categories of records may have an undesirable and often unacceptable effect upon agencies in the conduct of necessary public business. Consequently, Congress established general exemptions and specific exemptions that could be used to exempt records from provisions of the Privacy Act. Congress also required that exempting records from provisions of the Privacy Act would require the head of an agency to publish a determination to exempt a record from the Privacy Act as a rule in accordance with the Administrative Procedure Act.

As required by the Privacy Act, 5 U.S.C. 552a(r), and pursuant to section 7 of OMB Circular No. A-108, Federal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act (81 FR 94424 (Dec. 23, 2016)), prior to publication of this notice, FHFA-OIG submitted a report describing the system of records covered by this notice to the Office of Management and Budget, the Committee on Oversight and Reform of the House of Representatives, and the Committee on Homeland Security and Governmental Affairs of the Senate.

III. New System of Records

The purpose of the new Public Health Emergency Records System (FHFA-OIG-8) is to assist FHFA-OIG with maintaining a safe and healthy workplace and responding to a public health emergency. These measures may include instituting activities such as requiring contractors and visitors to FHFA-OIG facilities or FHFA-OIG-sponsored events to provide information related to medical/health screening, contact tracing, and vaccination status before being allowed access to an FHFA-OIG facility or FHFA-OIG-sponsored event.

FHFA-OIG may collect these records in response to a health-related declaration of a national emergency by the President, a public health emergency declared by the Health and Human Services (HHS) Secretary or a designated federal official, or state or local authority. Even in the absence of a declaration of a health-related national emergency or public health emergency, FHFA-OIG may collect these records if it determines that a significant risk of substantial harm exists to the health of FHFA-OIG staff, contractors, and visitors to FHFA-OIG facilities or FHFA-OIG-sponsored events. FHFA-OIG will collect and maintain the records in accordance with the Americans with Disabilities Act of 1990 and guidance published by the U.S. Occupational Safety and Health Administration, the U.S. Equal Employment Opportunity Commission, and the U.S. Centers for Disease Control and Prevention.

The new system of records is described in detail below.

SYSTEM NAME AND NUMBER:

Public Health Emergency Records System, FHFA-OIG-8.

SECURITY CLASSIFICATION:

Controlled Unclassified Information.

SYSTEM LOCATION:

Office of Inspector General, Federal Housing Finance Agency, 400 Seventh Street SW, Washington, DC 20219, and any alternate work site used by FHFA-OIG employees, including contractors assisting FHFA-OIG employees, FHFA-OIG-authorized cloud service providers, and FHFA-OIG-authorized contractor networks located within the Continental United States.

SYSTEM MANAGER(S):

Division of Human Resources, (202) 730-4014, Office of Inspector General, Federal Housing Finance Agency, 400 Seventh Street SW, Washington, DC 20219.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Workforce safety federal requirements, including the Occupational Safety and Health Act of 1970, Occupational safety and health programs for Federal employees, 5 U.S.C. 7902; the Rehabilitation Act of 1973 (29 U.S.C. 791 et seq. ); Title VII of the Civil Rights Act (42 U.S.C. 2000e(j)); 29 CFR 1605; the Americans with Disabilities Act, including 42 U.S.C. 12112(d)(3)(B); Executive Order Nos. 12196, 12148, 12656, 13991, 13994, 14042 and 14043; and 12 U.S.C. 4517(d) and 5 U.S.C. App. 3.

PURPOSES OF THE SYSTEM:

The Public Health Emergency Records System (FHFA-OIG-8) is being established by FHFA-OIG to assist the office with maintaining a safe and healthy workplace and responding to a public health emergency. These measures may include instituting activities such as requiring contractors and visitors to FHFA-OIG facilities or FHFA-OIG-sponsored events to provide information related to medical/health screening, contact tracing, and vaccination status before being allowed access to an FHFA-OIG facility or FHFA-OIG-sponsored event, in response to a health-related declaration of a national emergency by the President, a public health emergency declared by the HHS Secretary or designated federal official, or a public health emergency declared by a state or local authority. In the absence of a declaration of a health-related national emergency or public health emergency, FHFA-OIG may collect these records if it determines that a significant risk of substantial harm exists to the health of FHFA-OIG staff, contractors, and visitors to FHFA-OIG facilities or FHFA-OIG-sponsored events. The system serves four main purposes: (1) Assist with medical/health screening for individuals requesting entry into FHFA-OIG facilities or FHFA-OIG-sponsored events; (2) Perform contact tracing to notify individuals who may have had exposure to someone who is known or is believed to be infected with a contagious or communicable disease that is the subject of a public health emergency; and (3) Establish a record collection to ensure FHFA-OIG collects medical information pursuant to the implementing guidance of applicable federal laws, public health mandates, and executive orders.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals covered by this system include contractors and visitors to FHFA-OIG facilities and FHFA-OIG-sponsored events during a public health emergency, such as a pandemic or epidemic.

CATEGORIES OF RECORDS IN THE SYSTEM:

Records may include name; contact information ( i.e., business and home addresses; business and personal electronic mail (email) addresses; business, home, cellular, and personal telephone numbers); and any other information provided.

The system includes medical/health information collected about contractors and visitors who access or attempt to access an FHFA-OIG facility or FHFA-OIG-sponsored event, including, but not limited to: Temperature checks, expected or confirmed test results for an illness that is the subject of a public health emergency in accordance with federal, state or local public health orders; symptoms; potential or actual exposure to a contagious or communicable disease; immunization and vaccination information for contractors; attestation of vaccination and/or exposure to a communicable disease status from visitors; medical history related to the treatment of a contagious or communicable disease that is identified as part of a public health emergency; and the dates associated with any of the foregoing information.

The system also includes information collected from contractors and visitors to FHFA-OIG facilities and FHFA-OIG-sponsored events necessary to conduct contact tracing that may include the above information.

This information may include the dates and FHFA-OIG facility visited or FHFA-OIG-sponsored event that was attended; the names or descriptions ( e.g., gender, race, approximate age, and other physical descriptors) of individuals they came into contact with; the specific locations ( e.g., building floor, specific FHFA-OIG office) visited within the facility; the duration of time spent in the facility or in close proximity to other individuals; whether the individual may have potentially come into contact with a contagious person while visiting the facility; travel dates and locations; and contact information (phone, email address, and mailing address).

The system also includes medical, vaccination, and immunization records from contractors pertaining to any illness that is the subject of a public health emergency including, but not limited to, the type and dose of vaccinations received, date(s) of vaccination(s), and vaccine provider as well as the absence of vaccination information or other medical information.

RECORD SOURCE CATEGORIES:

Information is provided by contractors and visitors who access or attempt to access an FHFA-OIG facility or FHFA-OIG-sponsored events. For FHFA-OIG contractors or visitors, information may be also provided by their employer/or organization the individual is affiliated with for purposes of accessing or attempting to access an FHFA-OIG facility or FHFA-OIG-sponsored event. For any of the individuals above who are minors, the information may be provided by the individual's parent or legal custodian. Information may also be sourced from existing Government-wide systems of records.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records and the information contained in them may specifically be disclosed outside of FHFA-OIG as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows, to the extent such disclosures are compatible with the purposes for which the information was collected:

1. To a federal, state, or local agency to the extent necessary to comply with laws governing reporting of infectious disease.

2. To emergency contact(s) of FHFA-OIG staff members, contractors, or visitors for purposes of locating such individuals during a public health emergency or to communicate that an individual may have been exposed to a contagious or communicable disease as the result of a pandemic or epidemic while visiting an FHFA-OIG facility or FHFA-OIG sponsored event.

3. To appropriate agencies, entities, and persons when—(a) FHFA-OIG suspects or has confirmed that there has been a breach of the system of records; (b) FHFA-OIG has determined that as a result of a suspected or confirmed breach there is a risk of harm to individuals, FHFA-OIG (including its information systems, programs, and operations), the Federal Government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist with FHFA-OIG's efforts to respond to a suspected or confirmed breach or to prevent, minimize, or remedy harm.

4. To another federal agency or federal entity, when FHFA-OIG determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach; or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

5. When there is an indication of a violation or potential violation of law, whether civil, criminal, or regulatory in nature, and whether arising by general statute or particular program statute, or by regulation, rule, or order issued pursuant thereto, the relevant records in the system of records may be referred, as a routine use, to the appropriate agency, whether federal, state, local, tribal, foreign, or a financial regulatory organization charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing a statute, or rule, regulation, or order issued pursuant thereto.

6. To any individual during the course of any inquiry or investigation conducted by FHFA-OIG, or in connection with civil litigation, if FHFA-OIG has reason to believe that the individual to whom the record is disclosed may have further information about the matters related thereto, and those matters appeared to be relevant at the time to the subject matter of the inquiry.

7. To any individual with whom FHFA-OIG contracts to collect, store, or maintain, or reproduce by typing, photocopy or other means, any record within this system for use by FHFA-OIG and its employees in connection with their official duties, or to any individual who is engaged by FHFA-OIG to perform clerical or stenographic functions relating to the official business of FHFA-OIG.

8. To a Congressional office from the record of an individual in response to an inquiry from the Congressional office made at the request of that individual.

9. To a court, magistrate, or administrative tribunal in the course of presenting evidence, including disclosures to opposing counsel or witnesses in the course of civil discovery, litigation, or settlement negotiations or in connection with criminal law proceedings or in response to a subpoena from a court of competent jurisdiction.

10. To the Office of Management and Budget, Department of Justice (DOJ), Department of Labor, Office of Personnel Management, Equal Employment Opportunity Commission, Office of Special Counsel, or other federal agencies to obtain advice regarding statutory, regulatory, policy, and other requirements related to the purpose for which FHFA-OIG collected the records.

11. To outside counsel contracted by FHFA-OIG, DOJ (including United States Attorney Offices), or other federal agencies conducting litigation or in proceedings before any court, adjudicative or administrative body, when it is necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation—

(a) FHFA-OIG;

(b) An employee of FHFA-OIG in his/her official capacity;

(c) An employee of FHFA-OIG in his/her individual capacity where DOJ or FHFA-OIG has agreed to represent the employee; or

(d) The United States, or an agency thereof, is a party to the litigation or has an interest in such litigation, and FHFA-OIG determines that the records are both relevant and necessary to the litigation and the use of such records is compatible with the purpose for which FHFA-OIG collected the records.

12. To the National Archives and Records Administration or other federal agencies pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.

13. To an agency, organization, or individual for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.

14. To another federal Office of the Inspector General, law enforcement Task Force, or other federal, state, local, foreign, territorial, or tribal unit of government, other public authorities, or self-regulatory organizations for the purpose of preventing and/or identifying fraud, waste, or abuse related to FHFA's programs or operations.

15. To other federal Offices of Inspector General or other entities, during the conduct of internal and external peer reviews of FHFA-OIG.

16. To the public or to the media for release to the public when the matter under audit, review, evaluation, investigation, or inquiry has become public knowledge, or when the Inspector General determines that such disclosure is necessary either to preserve confidence in the integrity of FHFA-OIG's audit, review, evaluation, investigative, or inquiry processes or is necessary to demonstrate the accountability of FHFA-OIG employees, officers or individuals covered by the system, unless the Inspector General or his/her delegee determines, after consultation with counsel and the Senior Privacy Official, that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.

17. To Congress, congressional committees, or the staffs thereof, once an FHFA-OIG report or management alert has become final and the Inspector General determines that its disclosure is necessary to fulfill the Inspector General's responsibilities under the Inspector General Act of 1978.

18. To a federal agency or other entity which requires information relevant to a decision concerning the hiring, appointment, or retention of an employee or contractor; the assignment, detail, or deployment of an employee or contractor; the issuance, renewal, suspension, or revocation of an employee's or contractor's security clearance; the execution of a security or suitability investigation; the adjudication of liability; or coverage under FHFA-OIG's liability insurance policy.

19. To the Council of the Inspectors General on Integrity and Efficiency and its committees, another federal Office of Inspector General, or other Federal law enforcement office in connection with an allegation of wrongdoing by the Inspector General or by designated FHFA-OIG staff members.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are maintained in electronic or paper format. Electronic records are stored on FHFA-OIG's secured network, FHFA-OIG-authorized cloud service providers and FHFA-OIG-authorized contractor networks located within the Continental United States. Paper records are stored in locked offices, locked file rooms and locked file cabinets or safes.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records may be retrieved by any of the following: name, contact information such as address (home, mailing, and/or business); telephone numbers (personal and/or business); electronic mail addresses (personal and/or business), photographic identifiers; geospatial and/or geolocation data, date of entry into FHFA-OIG facilities; symptoms or other medical information reported; offices or floors visited within FHFA-OIG facilities; names of individuals reported as being in close proximity to another individual; the names of individuals contacted as part of contact tracing effort; vaccination status; vaccination date(s); vaccination type(s); and work status (full or part time contractor, etc.).

POLICIES AND PRACTICIES FOR RETENTION AND DISPOSAL OF RECORDS:

Records are retained and disposed of in accordance with National Archives and Records Administration General Records Schedule 2.7, Item 060 and Item 070.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records are maintained in controlled access areas. Electronic records are protected by restricted access procedures, including user identifications and passwords. Only FHFA-OIG staff (and FHFA-OIG contractors assisting such staff) whose official duties require access are allowed to view, administer, and control these records.

RECORD ACCESS PROCEDURES:

See “Notification Procedures,” below.

CONTESTING RECORD PROCEDURES:

See “Notification Procedures,” below.

NOTIFICATION PROCEDURES:

Individuals seeking notification of any records about themselves contained in this system should address their inquiry via email to privacy@fhfaoig.gov, or by mail to the Office of Inspector General, Federal Housing Finance Agency, 400 Seventh Street SW, 3rd Floor, Washington, DC 20219, or in accordance with the procedures set forth in 12 CFR part 1204. Please note that all mail sent to FHFA-OIG via the U.S. Postal Service is routed through a national irradiation facility, a process that may delay delivery by approximately two weeks. For any time-sensitive correspondence, please plan accordingly.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.