Privacy Act of 1974; System of Records, 32674-32676 [2021-13087]

Agencies

• FEDERAL COMMUNICATIONS COMMISSION

[Federal Register Volume 86, Number 117 (Tuesday, June 22, 2021)]
[Notices]
[Pages 32674-32676]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-13087]


=======================================================================
-----------------------------------------------------------------------

FEDERAL COMMUNICATIONS COMMISSION

[FR ID 33227]


Privacy Act of 1974; System of Records

AGENCY: Federal Communications Commission.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: The Federal Communications Commission (``FCC'' or 
``Commission'') is establishing OMD-33, Ensuring Workplace Health and 
Safety in Response to a Public Health Emergency, a system of records 
under the Privacy Act of 1974. This system of records maintains 
information collected in response to a public health emergency, such as 
a pandemic or epidemic, from FCC staff (including political appointees, 
employees, detailees, contractors, consultants, interns, and 
volunteers) and visitors to FCC facilities that is necessary to ensure 
a safe and healthy work environment.

DATES: In accordance with 5 U.S.C. 552(e)(4) and (11), this notice will 
go into effect without further notice on June 22, 2021 unless otherwise 
revised pursuant to comments received. New routine uses will go into 
effect on July 22, 2021. Comments must be received on or before July 
22, 2021.

ADDRESSES: You may submit comments identified as pertaining to 
``Ensuring Workplace Health and Safety in Response to a Public Health 
Emergency'' to Margaret Drake at [email protected] or Federal 
Communications Commission (FCC), 45 L Street NE, Washington, DC 20554.

FOR FURTHER INFORMATION CONTACT: Margaret Drake at 202-418-1707 or 
[email protected], Office of the General Counsel, Federal Communications 
Commission, 45 L Street NE, Washington, DC 20554.

SUPPLEMENTARY INFORMATION:

I. OMD-33, Ensuring Workplace Health and Safety in Response to a Public 
Health Emergency

    The FCC is establishing OMD-33, Ensuring Workplace Health and 
Safety in Response to a Public Health Emergency, a system of records 
under the Privacy Act of 1974. The FCC is committed to providing all 
FCC staff with a safe and healthy work environment and to that end it 
may develop and institute additional safety measures in response to a 
public health emergency. These measures may include instituting 
activities such as requiring FCC staff and visitors to provide 
information before being allowed access to an FCC facility, medical 
screening, and contact tracing. Contact tracing conducted by FCC staff 
may involve collecting information about FCC staff and visitors who are 
exhibiting symptoms or who have tested positive for an infectious 
disease in order to identify and notify other FCC staff and visitors 
with whom they may have come into contact and who may have been 
exposed. Moreover, the FCC will use contact tracing data to submit 
required reports to local public health officials, in accordance with 
local public health mandates.
    Information will be collected and maintained in accordance with the 
Rehabilitation Act of 1973 and regulations and guidance published by 
the U.S. Occupational Safety and Health Administration, the U.S. Equal 
Employment Opportunity Commission, and the U.S. Centers for Disease 
Control and Prevention.

II. The Privacy Act

    Under the Privacy Act of 1974, 5 U.S.C. 552a, a ``system of 
records'' is defined as a group of any records under the control of a 
Federal government agency from which information about individuals is 
retrieved by name or by some identifying number, symbol, or other 
identifying particular assigned to the individual. The Privacy Act 
establishes the means by which government agencies must collect, 
maintain, and use information about an individual in a government 
system of records.
    Each government agency is required to publish a notice in the 
Federal Register in which the agency identifies and describes each 
system of records it maintains, the reasons why the agency uses the 
information therein, the routine uses for which the agency will 
disclose such information outside the agency, and how individuals may 
exercise their rights under the Privacy Act.

[[Page 32675]]

    In accordance with 5 U.S.C. 552a(r), the FCC has provided a report 
of this new system of records to the Office of Management and Budget 
and to Congress.

SYSTEM NAME AND NUMBER:
    OMD-33, Ensuring Workplace Health and Safety in Response to a 
Public Health Emergency.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    This system is maintained by the Office of the Managing Director in 
the Commission's Headquarters at 45 L Street NE, Washington, DC 20554.

SYSTEM MANAGER(S):
    The system manager is the Managing Director located in the 
Commission's Headquarters at 45 L Street NE, Washington, DC 20554.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The authority to collect this information derives from General Duty 
Clause, Section 5(a)(1) of the Occupational Safety and Health (OSH) Act 
of 1970 (29 U.S.C. 654), Executive Order 12196, Occupational safety and 
health programs for Federal employees (Feb. 26, 1980), Executive Order 
13991, Protecting the Federal Workforce and Requiring Mask-Wearing, OMB 
Memorandum M 21-15, COVID-19 Safe Federal Workplace: Agency Model 
Safety Principles (Jan. 24, 2021), and the National Defense 
Authorization Act For Fiscal Year 2017 (5 U.S.C. 6329c(b)). Information 
will be collected and maintained in accordance with the Rehabilitation 
Act of 1973 (29 U.S.C. 791 et seq.).

PURPOSE(S) OF THE SYSTEM:
    The information in the system is collected to assist the FCC with 
maintaining a safe and healthy workplace and to protect FCC staff and 
visitors working on-site from risks associated with a public health 
emergency (as defined by the U.S. Department of Health and Human 
Services and declared by its Secretary), such as a pandemic or 
epidemic. To that end, the FCC may develop and institute additional 
safety measures in response to a public health emergency. These 
measures may include instituting activities such as requiring FCC staff 
and visitors to provide information before being allowed access to an 
FCC facility, medical screening, and contact tracing. Contact tracing 
conducted by FCC staff may involve collecting information about FCC 
staff and visitors who are exhibiting symptoms or who have tested 
positive for an infectious disease in order to identify and notify 
other FCC staff and visitors with whom they may have come into contact 
and who may have been exposed within an FCC facility. Moreover, the FCC 
will use contact tracing data to submit required reports to local 
public health officials, in accordance with local public health 
mandates.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by this system include FCC staff (e.g., 
political appointees, employees, detailees, contractors, consultants, 
interns, and volunteers) and visitors to a FCC facility during a public 
health emergency, such as a pandemic or epidemic.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system maintains information collected about FCC staff and 
visitors accessing or requesting access to FCC facilities during a 
public health emergency, including a pandemic or epidemic. It maintains 
biographical information collected about FCC staff and visitors such as 
their name, contact information, whether they are in a high-risk 
category or provide dependent care for individuals in a high-risk 
category, and recent travel. It maintains health information collected 
about FCC staff and visitors to a FCC facility, that may include 
temperature checks, expected or confirmed test results, dates, 
symptoms, potential or actual exposure to a pathogen, immunizations and 
vaccination information, or other medical history related to the 
treatment of a pathogen or communicable disease that is identified as 
part of a public health emergency. It maintains information collected 
about FCC staff and visitors to FCC facilities necessary to conduct 
contact tracing that may include the dates and which facility they 
visited, the locations that they visited within the facility (e.g., 
office and cubicle number), the duration of time spent in the facility, 
whether they may have potentially come into contact with a contagious 
person while visiting the facility, travel dates and locations, and a 
preferred contact number.

RECORD SOURCE CATEGORIES:
    The information in this system is collected in part directly from 
the individual or from FCC management officials requesting access to an 
FCC facility on a person's behalf. Information is also collected from 
security systems monitoring access to FCC facilities, such as video 
surveillance and turnstiles, human resources systems, emergency 
notification systems, and federal, state, and local agencies assisting 
with the response to a public health emergency. Information may also be 
collected from property management companies responsible for managing 
office buildings, including parking garages, that house FCC facilities.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed to authorized 
entities, as is determined to be relevant and necessary, outside the 
FCC as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows.
    (a) To Federal, State, or local public health agencies to the 
extent necessary to comply with laws and regulations governing 
reporting of infectious disease;
    (b) To the FCC staff member's emergency contact for purposes of 
locating a staff member during a public health emergency or to 
communicate that the FCC staff member may have potentially been exposed 
to an infectious disease as the result of a pandemic or epidemic while 
visiting a FCC facility;
    (c) To a court or adjudicative body in a proceeding when: (a) The 
Commission or any component thereof; or (b) any employee of the 
Commission in his or her official capacity; or (c) any employee of the 
Commission in his or her individual capacity where the Commission has 
agreed to represent the employee; or (d) the United States Government 
is a party to litigation or has an interest in such litigation;
    (d) To the appropriate Federal, State, or local authorities where 
there is an indication of a violation or potential violation of a 
statute, regulation, rule, or order either for purposes of obtaining 
additional information relevant to a FCC decision or for referring the 
record for investigation, enforcement, or prosecution by another 
agency;
    (e) To a Congressional office when in response to an inquiry by an 
individual made to the Congressional office for the individual's own 
records;
    (f) To provide information to the Department of Justice (DOJ) to 
obtain that department's advice regarding disclosure obligations under 
the Freedom of Information Act; or to the Office of Management and 
Budget (OMB) to obtain that office's advice regarding obligations under 
the Privacy Act.

[[Page 32676]]

    (g) To appropriate agencies, entities, and persons when (1) the 
Commission suspects or has confirmed that there has been a breach of 
the system of records, (2) the Commission has determined that as a 
result of the suspected or confirmed breach there is a risk of harm to 
individuals, the Commission (including its information systems, 
programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, and 
persons is reasonably necessary to assist in connection with the 
Commission's efforts to respond to the suspected or confirmed breach or 
to prevent, minimize, or remedy such harm; or
    (h) To another Federal agency or Federal entity, when the 
Commission determines that information from this system of records is 
reasonably necessary to assist the recipient agency or entity in (1) 
responding to a suspected or confirmed breach or (2) preventing, 
minimizing, or remedying the risk of harm to Individuals, the recipient 
agency or entity (including its information systems, programs, and 
operations), the Federal Government, or national security, resulting 
from a suspected or confirmed breach.
    (i) To disclose information to third parties, including 
contractors, performing or working on a contract in connection with 
providing services for the Federal Government, who may require access 
to this system of records.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records in this system of records are stored electronically or on 
paper in secure facilities. Electronic records are stored on the 
Commission's secure network.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Information covered by this system of records notice may be 
retrieved by the name of the individual.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    FCC will work with the National Archives and Records Administration 
(NARA) to draft and secure approval of a records disposition schedule 
to cover the records described in this SORN. Until this records 
disposition schedule is approved by NARA, FCC will maintain, and not 
destroy, these records.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records are protected from unauthorized access and improper use 
through administrative, technical, and physical security measures. 
Technical security safeguards within FCC include restrictions on 
computer access to authorized individuals who have a legitimate need to 
know the information; required use of strong passwords that are 
frequently changed; multi-factor authentication for remote access and 
access to many FCC network components; use of encryption for certain 
data types and transfers; firewalls and intrusion detection 
applications; and regular review of security procedures and best 
practices to enhance security. Physical safeguards include restrictions 
on building access to authorized individuals, 24-hour security guard 
service, and maintenance of records in lockable offices and filing 
cabinets.

RECORD ACCESS PROCEDURES:
    Individuals seeking to determine whether this system of records 
contains information about themselves or seeking access to records 
about themselves in this system of records should follow the 
Notification Procedure below.

CONTESTING RECORD PROCEDURES:
    Individuals contesting the content of records about themselves 
contained in this system of records should follow the Notification 
Procedure below.

NOTIFICATION PROCEDURES:
    Individuals seeking notification of any records about themselves 
contained in this system of records should address inquiries to 
Margaret Drake at [email protected] or Federal Communications Commission, 
45 L Street NE, Washington, DC 20554. Individuals requesting access 
must also comply with the FCC's Privacy Act regulations regarding 
verification of identity and access to records (47 CFR part 0, subpart 
E).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

    Issued in Washington, DC, on June 22, 2021, by the Federal 
Communications Commission.
Marlene Dortch,
Secretary.
[FR Doc. 2021-13087 Filed 6-21-21; 8:45 am]
BILLING CODE P