Privacy Act of 1974; System of Records
| Citation | 86 FR 61747 |
| Record Number | 2021-24370 |
| Published date | 08 November 2021 |
| Section | Notices |
| Court | Agriculture Department |
Federal Register, Volume 86 Issue 213 (Monday, November 8, 2021)
[Federal Register Volume 86, Number 213 (Monday, November 8, 2021)]
[Notices]
[Pages 61747-61750]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-24370]
========================================================================
Notices
Federal Register
________________________________________________________________________
This section of the FEDERAL REGISTER contains documents other than rules
or proposed rules that are applicable to the public. Notices of hearings
and investigations, committee meetings, agency decisions and rulings,
delegations of authority, filing of petitions and applications and agency
statements of organization and functions are examples of documents
appearing in this section.
========================================================================
Federal Register / Vol. 86, No. 213 / Monday, November 8, 2021 /
Notices
[[Page 61747]]
DEPARTMENT OF AGRICULTURE
Privacy Act of 1974; System of Records
AGENCY: Office of the Secretary (OSEC), Department of Agriculture.
ACTION: Notice of new system of records.
-----------------------------------------------------------------------
SUMMARY: Pursuant to the Privacy Act of 1974 and Office of Management
and Budget (OMB) Circular No. A-108, notice is hereby given that the
Office of the Secretary (OSEC), a component within the United States
Department of Agriculture (USDA or ``the Department''), proposes to
develop a new system of records notice titled, ``USDA Personnel Public
Health Emergency Records System.'' USDA/OSEC-01 proposes to establish
this system of records to protect the Department's workforce and
respond to Coronavirus Disease 2019 (COVID-19), a declared public
health emergency, and other high-consequence public health threats.
DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this notice is
effective upon publication, subject to a 30-day period in which to
comment on the routine uses, described below.
ADDRESSES: The public, OMB, and Congress are invited to submit any
comments by mail to the United States Department of Agriculture,
Privacy Office, ATTN: Privacy Analyst, 1400 Independence Ave. SW,
Washington, DC 20250; by telephone at 202-384-5026; or by email at
SM.OCIO.CIO.UsdaPrivacy.
FOR FURTHER INFORMATION CONTACT: Sullie Coleman, Chief Privacy Officer,
1400 Independence Ave. SW, Washington, DC 20250, 202-604-0467.
SUPPLEMENTARY INFORMATION: This system of records covers information
necessary and relevant to Department activities responding to and
mitigating COVID-19 and other high-consequence public health threats,
and diseases or illnesses relating to a public health emergency. Such
information may include information on Department personnel, including
employees, interns, contractors, and cooperators, who have contracted
or may have been exposed to a suspected or confirmed disease or illness
that is the subject of a declared public health emergency or who
undergo preventative testing for, or receive a vaccination to prevent,
a disease or illness that is the subject of a declared public health
emergency, in accordance with federal, state, or local public health
orders. The information collected may include identifying and contact
information of individuals who have been suspected or confirmed to have
contracted a disease or illness, or who have been exposed to an
individual who had been suspected or confirmed to have contracted a
disease or illness, related to a declared public health emergency;
individual circumstances and dates of suspected exposure; testing
results, symptoms, and treatments; vaccination records; health status
information; and other information necessary and relevant to Department
activities responding to and mitigating COVID-19 and other high-
consequence public health threats and diseases or illnesses relating to
a public health emergency. The Department maintains this information to
understand the impact of an illness or disease on the Department
workforce, and to assist in reducing the spread of the disease or
illness among Department personnel. In certain instances, depending on
the type of record collected and maintained, records maintained in this
system of records may also be covered by Office of Personnel
Management/Government-10 Employee Medical File System Records, 75 FR
35,099 (June 21, 2010). However, USDA/OSEC-01 covers additional
records--specifically records collected in response to COVID-19, a
high-consequence public health threat, as well as other declared public
health emergencies.
When collecting information on Department employees, there are
several employment laws that govern the collection, dissemination, and
retention of employee medical information. These employment laws
include the Americans with Disability Act (ADA), the Rehabilitation Act
of 1973 (Rehab Act), and the Occupational Safety and Health Act of 1970
(OSH Act). Generally, under federal employment laws, medical
information pertaining to employees is confidential and may be obtained
by an employer only for certain reasons and only at certain points in
the employment relationship. In response to a high-consequence public
health threat such as COVID-19, or relating to other public health
emergencies, an employer may be permitted to collect certain employee
medical information that it would not otherwise be permitted to
collect, depending upon the circumstances. This system of records will
apply if it is determined that the circumstances permit the Department
to legally collect the employee medical information at issue.
Further, this system of records notice (SORN) includes a reference
to the Genetic Information Nondiscrimination Act of 2008 (GINA), 42
U.S.C. 2000ff to ff-11. Title II of GINA prohibits employment
discrimination based on genetic information, including family medical
history; restricts the circumstances under which employers may lawfully
acquire applicants' and employees' genetic information; and prohibits
the disclosure of applicants' and employees' genetic information, with
limited exceptions, including those stated in 42 U.S.C. 2000ff-5(b) and
29 CFR 1635.9(b). The Department may request the circumstances of an
individual's suspected or actual exposure to a disease or illness,
including the source of exposure. Although it is not the intent for the
Department to collect family medical information, an individual may
indicate that they were exposed to specific family members who have
been diagnosed with, or are suspected to have, the disease or illness
in question. To the extent this information may be acquired
inadvertently, such information will be kept as a ``confidential
medical record'' and maintained separately from an employee's general
medical files, pursuant to 42 U.S.C. 2000ff-5(a) and 29 CFR 1635.9(a).
In accordance with 5 U.S.C. 552a(r), the Department has provided a
report to OMB and Congress on this new system of records. Dated:
November 1, 2021. Sullie Coleman, Chief Privacy Officer United States
Department of Agriculture.
[[Page 61748]]
SYSTEM NAME AND NUMBER:
USDA Personnel Public Health Emergency Records System, USDA/OSEC-
01.
SECURITY CLASSIFICATION:
Controlled Unclassified Information.
SYSTEM LOCATION:
Micro-Soft (MS) 365 Multi-Tenant (MT) provides Exchange and
SharePoint Access for USDA Personnel Public Health Emergency Records.
Tenant locations are defaulted to Geo based on the country. In the
United States, these records may be maintained electronically at one or
more of Microsoft Data Centers, including, but not limited to, Boydton,
Virginia and Cheyenne, Wyoming. The agency, US Department of
Agriculture, address is 1400 Independence Ave. SW, Washington, DC 20250
and the address of the third-party service provider is Microsoft, 1
Microsoft Way, Redmond, Washington 98052-6399.
SYSTEM MANAGER:
Contact information of the agency official who is responsible for
this system is USDA OCIO-CEC MS 365 Program Manager, 2312 E Bannister
Road, Mail Stop 9198, Kansas City, MO 64114, 816-926-6860.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Workforce safety federal requirements, including the Occupational
Safety and Health Act of 1970, Executive Order No. 12,196, Occupational
safety and health programs for Federal employees, 5 U.S.C. 7902;
federal laws related to a specific public health emergency or high-
consequence public health threat, including, (1) Executive Order No.
13994, Ensuring a Data-Driven Response to COVID-19 and Future High-
Consequence Public Health Threats, (2) Executive Order 14043, Requiring
Coronavirus Disease 2019 Vaccination for Federal Employees, (3)
Executive Order 12196, Occupational Safety and Health Program for
Federal Employees, (4) 5 U.S.C. chapters 33 and 63, (5) the Soil
Conservation and Domestic Allotment Act (16 U.S.C. 590h) as amended, 5
U.S.C. 8901 implemented at, 7 CFR part 7 and (6) federal laws that
authorize the Attorney General to create and maintain federal records
of agency activities, including 5 U.S.C. 301 and 44 U.S.C. 3101.
PURPOSE(S) OF THE SYSTEM:
The purpose of this system is to maintain records necessary and
relevant to Department activities responding to and mitigating COVID-
19, other high consequence public health threats, or diseases and
illnesses relating to a public health emergency. Such records include
those records needed to understand the impact of an illness or disease
on the Department workforce, and to assist in protecting the
Department's workforce from, and responding to, a declared public
health emergency or other high-consequence public health threats. Among
other things, USDA may use the information collected to facilitate the
provision of vaccines to USDA personnel, including employees, interns,
contractors, and cooperators; to inform individuals who may have been
in proximity of a person possibly infected with the disease or illness
at or on buildings, grounds, and properties that are owned, leased, or
used by the Department; or to confirm which personnel have received
vaccinations to prevent such disease or illness to spread throughout
the Department's workforce.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Department personnel, including employees; non-Federal County
Office (CO) employees in the Farm Service Agency (FSA) and elected or
appointed FSA County and State Committee members; interns; contractors;
and cooperators.
CATEGORIES OF RECORDS IN THE SYSTEM:
Records maintained in this system may include:
A. Full name, telephone number, worksite, email address,
supervisor's name, address, and contact information and/or the
contractor/cooperator's supervisor/contracting officer representative
name, address, and contact information.
B. Date(s) and circumstances of the individual's suspected or
actual exposure to disease or illness including symptoms, as well as
locations within the Department workplace where an individual may have
contracted or been exposed to the disease or illness.
C. Other individual information directly related to the disease or
illness (e.g., testing results/information, symptoms, treatments such
as vaccines, and source of exposure).
D. Appointment scheduling information, including the date, time,
and location of a scheduled appointment.
E. Medical screening information, including the individual's name,
date of birth, age, category of employment, current medical status,
vaccination history, and any relevant medical history.
F. Vaccination records, including the date, type, and dose of
vaccine administered to the individual.
G. Records related to accommodations for exception for medical
treatment or vaccinations.
RECORD SOURCE CATEGORIES:
Records may be obtained from USDA personnel, interns, contractors,
and cooperators who may provide relevant information on a suspected or
confirmed disease or illness, or the prevention of such disease or
illness, which is the subject of a declared public health emergency.
Information may also be sourced from personnel at medical facilities,
or from existing systems of records, including but not limited to OPM/
GOVT-10, Employee Medical File System Records, 75 FR 35,099 (June 21,
2010), and modified at 80 FR 74,815 (Nov. 30, 2015).
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b), all or a portion of the records or information contained in
this system of records may be disclosed as a routine use pursuant to 5
U.S.C. 552a(b)(3) under the circumstances or for the purposes described
below, to the extent such disclosures are compatible with the purposes
for which the information was collected:
A. To appropriate medical facilities, or federal, state, local,
tribal, territorial, or foreign government agencies, to the extent
permitted by law, for the purpose of protecting the vital interests of
individual(s), including to assist the United States Government in
responding to or mitigating high consequence public health threats, or
diseases and illnesses relating to a public health emergency.
B. Where a record, either alone or in conjunction with other
information, indicates a violation or potential violation of law--
criminal, civil, or regulatory in nature--the relevant records may be
referred to the appropriate federal, state, local, territorial, tribal,
or foreign law enforcement authority or other appropriate entity
charged with the responsibility for investigating or prosecuting such
violation or charged with enforcing or implementing such law.
C. In an appropriate proceeding before a court, grand jury, or
administrative or adjudicative body, when the Department determines
that the records are arguably relevant to the proceeding; or in an
appropriate proceeding before an administrative or adjudicative body
when the adjudicator determines the records to be relevant to the
proceeding.
[[Page 61749]]
D. To contractors, cooperators, grantees, experts, consultants,
students, and others performing or working on a contract, service,
grant, cooperative agreement, or other assignment for the Federal
Government, when necessary to accomplish an agency function related to
this system of records.
E. To a former employee of the Department for purposes of:
Responding to an official inquiry by a federal, state, or local
government entity or professional licensing authority, in accordance
with applicable Department regulations; or facilitating communications
with a former employee that may be necessary for personnel-related or
other official purposes where the Department requires information and/
or consultation assistance from the former employee regarding a matter
within that person's former area of responsibility.
F. To Federal, state, local, territorial, tribal, foreign, or
international licensing agencies or associations which require
information concerning the suitability or eligibility of an individual
for a license or permit.
G. To a Member of Congress or staff acting upon the Member's behalf
when the Member or staff requests the information on behalf of, and at
the request of, the individual who is the subject of the record.
H. To the National Archives and Records Administration for purposes
of records management inspections conducted under the authority of 44
U.S.C. 2904 and 2906.
I. To appropriate agencies, entities, and persons when
(1) the Department suspects or has confirmed that there has been a
breach of the system of records.
(2) the Department has determined that as a result of the suspected
or confirmed breach there is a risk of harm to individuals, the
Department (including its information systems, programs, and
operations), the Federal Government, or national security; and
(3) the disclosure made to such agencies, entities, and persons is
reasonably necessary to assist in connection with the Department's
efforts to respond to the suspected or confirmed breach or to prevent,
minimize, or remedy such harm.
J. To another Federal agency or Federal entity, when the Department
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in
(1) responding to a suspected or confirmed breach, or
(2) preventing, minimizing, or remedying the risk of harm to
individuals, the recipient agency or entity (including its information
systems, programs, and operations), the Federal Government, or national
security, resulting from a suspected or confirmed breach.
K. To any agency, organization, or individual for the purpose of
performing authorized audit or oversight operations of the Department
and meeting related reporting requirements.
L. To such recipients and under such circumstances and procedures
as are mandated by Federal statute or treaty.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
All records in this system of records are maintained electronically
and in paper and are in compliance with applicable executive orders,
statutes, and agency implementing recommendations. Electronic records
are stored in databases and/or on hard disks, removable storage
devices, or other electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
The Department will retrieve records by any of the categories of
records, including, but not limited to, name, location, date of
vaccination, or work status.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
To the extent applicable, to ensure compliance with Americans with
Disabilities Act (ADA), the Rehabilitation Act, and the Genetic
Information Nondiscrimination Act of 2008 (GINA), medical information
must be ``maintained on separate forms and in separate medical files
and be treated as a confidential medical record.'' 42 U.S.C.
12112(d)(3)(B); 42 U.S.C. sec 2000ff-5(a); 29 CFR 1630.14(b)(1),
(c)(1), (d)(4)(i); and 29 CFR 1635.9(a). This means that medical
information and documents must be stored separately from other
personnel records. As such, the Department must keep medical records
for at least one year from creation date. 29 CFR 1602.14. Further,
records compiled under this SORN will be maintained in accordance with
NARA General Records Schedule (GRS) 2.7, Items 010, 070 or 080, and
NARA records retention schedules DAA-GRS2017-0010-0001, DAA-GRS2017-
0010-0012, and DAA-GRS2017-0010-0013, to the extent applicable.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
The Department safeguards records in this system according to
applicable rules and polices, including all applicable USDA automated
systems security and access policies. The Department has imposed strict
controls to minimize the risk of compromising the information that is
being stored. Users of individual computers can only gain access to the
data by a valid user identification and password. Paper records are
maintained in a secure, access-controlled room, with access limited to
authorized personnel.
RECORD ACCESS PROCEDURES:
All requests for access to records must be in writing and should be
addressed to the USDA Departmental FOIA Office, ATTN: Departmental FOIA
Officer, 1400 Independence Avenue SW, South Building, Room 4104,
Washington, DC 20250-0706, Email: usda.gov">[email protected]usda.gov. The envelope
and letter should be clearly marked ``Privacy Act Access Request.'' The
request must describe the records sought in sufficient detail to enable
Department personnel to locate them with a reasonable amount of effort.
The request must include a general description of the records sought
and must include the requester's full name, current address, and date
and place of birth. The request must be signed and either notarized or
submitted under penalty of perjury. Additional details on procedures
for access under the Privacy Act can be found in USDA Department
Regulation 3515-002 Privacy Policy and Compliance for Personally
Identifiable Information (PII) or at Privacy Policy and Compliance for
Personally Identifiable Information (PII) (usda.gov).
CONTESTING RECORD PROCEDURES:
Individuals seeking to contest or amend records maintained in this
system of records must direct their requests to the address indicated
in the ``RECORD ACCESS PROCEDURES'' paragraph, above. All requests to
contest or amend records must be in writing and the envelope and letter
should be clearly marked ``Privacy Act Amendment Request.'' All
requests must state clearly and concisely what record is being
contested, the reasons for contesting it, and the proposed amendment to
the record. Additional details on procedures for contesting or amending
records under the Privacy Act can be found in USDA Department
Regulation 3515-002 Privacy Policy and Compliance for Personally
Identifiable Information (PII) or at Privacy Policy and Compliance for
Personally Identifiable Information (PII) (usda.gov).
NOTIFICATION PROCEDURES:
Individuals may be notified if a record in this system of records
pertains to them when the individuals request
[[Page 61750]]
information utilizing the same procedures as those identified in the
``RECORD ACCESS PROCEDURES'' paragraph, above.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
Sullie Coleman,
Chief Privacy Officer, United States Department of Agriculture.
[FR Doc. 2021-24370 Filed 11-5-21; 8:45 am]
BILLING CODE 3410-9R-P
