Privacy Act of 1974; System of Records, 64472-64475 [2021-25189]

Agencies

• FEDERAL HOUSING FINANCE AGENCY

[Federal Register Volume 86, Number 220 (Thursday, November 18, 2021)]
[Notices]
[Pages 64472-64475]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-25189]



[[Page 64472]]

-----------------------------------------------------------------------

FEDERAL HOUSING FINANCE AGENCY

[No. 2021-N-13]


Privacy Act of 1974; System of Records

AGENCY: Office of Inspector General, Federal Housing Finance Agency 
(FHFA-OIG).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, as amended, (Privacy Act), the Federal Housing Finance Agency 
Office of Inspector General (FHFA-OIG) is establishing FHFA-OIG-8, 
Public Health Emergency Records System, a system of records under the 
Privacy Act. This system of records maintains information collected in 
response to a public health emergency, such as a pandemic or epidemic, 
from contractors and visitors to FHFA-OIG facilities or FHFA-OIG-
sponsored events, that is necessary to ensure a safe and healthy work 
environment. FHFA-OIG may collect these records in response to a 
health-related declaration of a national emergency by the President, a 
public health emergency declared by the Health and Human Services (HHS) 
Secretary or designated federal official, or state or local authority. 
Even in the absence of a declaration of a health-related national 
emergency or public health emergency, FHFA-OIG may collect these 
records if it determines that a significant risk of substantial harm 
exists to the health of FHFA-OIG staff, contractors, and visitors to 
FHFA-OIG facilities or FHFA-OIG-sponsored events.

DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this system of 
records will go into effect without further notice on November 18, 
2021, unless otherwise revised pursuant to comments received. New 
routine uses will go into effect on December 20, 2021. Comments must be 
received on or before December 20, 2021. FHFA-OIG will publish a new 
notice if the effective date is delayed in order for FHFA-OIG to review 
the comments or if changes are made based on comments received.

ADDRESSES: Submit comments to FHFA-OIG, identified by ``FHFA-OIG-
SORN,'' using any one of the following methods:
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments. If you submit your 
comment to the Federal eRulemaking Portal, please also send it by email 
to FHFA-OIG at [email protected] to ensure timely receipt by FHFA-
OIG. Please include ``Comments/FHFA-OIG SORN'' in the subject line of 
the message.
     U.S. Mail, United Parcel Service, Federal Express, or 
Other Mail Service: The mailing address for comments is: Leonard 
DePasquale, Chief Counsel, Attention: Comments/FHFA-OIG SORN, Office of 
Inspector General, Federal Housing Finance Agency, 400 Seventh Street 
SW, Washington, DC 20219. Please note that all mail sent to FHFA-OIG 
via the U.S. Postal Service is routed through a national irradiation 
facility, a process that may delay delivery by approximately two weeks. 
For any time-sensitive correspondence, please plan accordingly. See 
SUPPLEMENTARY INFORMATION for additional information on submission and 
posting of comments.

FOR FURTHER INFORMATION CONTACT: Leonard DePasquale, Chief Counsel, 
[email protected], (202) 730-0880 (not a toll-free number), Office of 
Inspector General, Federal Housing Finance Agency, 400 Seventh Street 
SW, Washington, DC 20219. For TTY/TRS users with hearing and speech 
disabilities, dial 711 and ask to be connected to the contact number 
above.

SUPPLEMENTARY INFORMATION:

I. Comments

    FHFA-OIG seeks public comments on a new system of records and will 
take all comments into consideration. See 5 U.S.C. 552a(e)(4) and (11). 
In addition to referencing ``Comments/FHFA-OIG SORN,'' please reference 
the ``Public Health Emergency Records System'' (FHFA-OIG-8). All 
comments received will be posted without change on the FHFA-OIG website 
at https://www.fhfaoig.gov, and will include any personal information 
provided, such as name, address (mailing and email), telephone numbers, 
and any other information you provide.

II. Introduction

    This notice informs the public of FHFA-OIG's proposal to establish 
a new FHFA-OIG system of records. This notice satisfies the Privacy 
Act's requirement that an agency publish a system of records notice in 
the Federal Register when establishing a new or making a significant 
change to an agency's system of records. Congress has recognized that 
application of all requirements of the Privacy Act to certain 
categories of records may have an undesirable and often unacceptable 
effect upon agencies in the conduct of necessary public business. 
Consequently, Congress established general exemptions and specific 
exemptions that could be used to exempt records from provisions of the 
Privacy Act. Congress also required that exempting records from 
provisions of the Privacy Act would require the head of an agency to 
publish a determination to exempt a record from the Privacy Act as a 
rule in accordance with the Administrative Procedure Act.
    As required by the Privacy Act, 5 U.S.C. 552a(r), and pursuant to 
section 7 of OMB Circular No. A-108, Federal Agency Responsibilities 
for Review, Reporting, and Publication under the Privacy Act (81 FR 
94424 (Dec. 23, 2016)), prior to publication of this notice, FHFA-OIG 
submitted a report describing the system of records covered by this 
notice to the Office of Management and Budget, the Committee on 
Oversight and Reform of the House of Representatives, and the Committee 
on Homeland Security and Governmental Affairs of the Senate.

III. New System of Records

    The purpose of the new Public Health Emergency Records System 
(FHFA-OIG-8) is to assist FHFA-OIG with maintaining a safe and healthy 
workplace and responding to a public health emergency. These measures 
may include instituting activities such as requiring contractors and 
visitors to FHFA-OIG facilities or FHFA-OIG-sponsored events to provide 
information related to medical/health screening, contact tracing, and 
vaccination status before being allowed access to an FHFA-OIG facility 
or FHFA-OIG-sponsored event.
    FHFA-OIG may collect these records in response to a health-related 
declaration of a national emergency by the President, a public health 
emergency declared by the Health and Human Services (HHS) Secretary or 
a designated federal official, or state or local authority. Even in the 
absence of a declaration of a health-related national emergency or 
public health emergency, FHFA-OIG may collect these records if it 
determines that a significant risk of substantial harm exists to the 
health of FHFA-OIG staff, contractors, and visitors to FHFA-OIG 
facilities or FHFA-OIG-sponsored events. FHFA-OIG will collect and 
maintain the records in accordance with the Americans with Disabilities 
Act of 1990 and guidance published by the U.S. Occupational Safety and 
Health Administration, the U.S. Equal Employment Opportunity 
Commission, and the U.S. Centers for Disease Control and Prevention.
    The new system of records is described in detail below.

[[Page 64473]]

SYSTEM NAME AND NUMBER:
    Public Health Emergency Records System, FHFA-OIG-8.

SECURITY CLASSIFICATION:
    Controlled Unclassified Information.

SYSTEM LOCATION:
    Office of Inspector General, Federal Housing Finance Agency, 400 
Seventh Street SW, Washington, DC 20219, and any alternate work site 
used by FHFA-OIG employees, including contractors assisting FHFA-OIG 
employees, FHFA-OIG-authorized cloud service providers, and FHFA-OIG-
authorized contractor networks located within the Continental United 
States.

SYSTEM MANAGER(S):
    Division of Human Resources, (202) 730-4014, Office of Inspector 
General, Federal Housing Finance Agency, 400 Seventh Street SW, 
Washington, DC 20219.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Workforce safety federal requirements, including the Occupational 
Safety and Health Act of 1970, Occupational safety and health programs 
for Federal employees, 5 U.S.C. 7902; the Rehabilitation Act of 1973 
(29 U.S.C. 791 et seq.); Title VII of the Civil Rights Act (42 U.S.C. 
2000e(j)); 29 CFR 1605; the Americans with Disabilities Act, including 
42 U.S.C. 12112(d)(3)(B); Executive Order Nos. 12196, 12148, 12656, 
13991, 13994, 14042 and 14043; and 12 U.S.C. 4517(d) and 5 U.S.C. App. 
3.

PURPOSES OF THE SYSTEM:
    The Public Health Emergency Records System (FHFA-OIG-8) is being 
established by FHFA-OIG to assist the office with maintaining a safe 
and healthy workplace and responding to a public health emergency. 
These measures may include instituting activities such as requiring 
contractors and visitors to FHFA-OIG facilities or FHFA-OIG-sponsored 
events to provide information related to medical/health screening, 
contact tracing, and vaccination status before being allowed access to 
an FHFA-OIG facility or FHFA-OIG-sponsored event, in response to a 
health-related declaration of a national emergency by the President, a 
public health emergency declared by the HHS Secretary or designated 
federal official, or a public health emergency declared by a state or 
local authority. In the absence of a declaration of a health-related 
national emergency or public health emergency, FHFA-OIG may collect 
these records if it determines that a significant risk of substantial 
harm exists to the health of FHFA-OIG staff, contractors, and visitors 
to FHFA-OIG facilities or FHFA-OIG-sponsored events. The system serves 
four main purposes: (1) Assist with medical/health screening for 
individuals requesting entry into FHFA-OIG facilities or FHFA-OIG-
sponsored events; (2) Perform contact tracing to notify individuals who 
may have had exposure to someone who is known or is believed to be 
infected with a contagious or communicable disease that is the subject 
of a public health emergency; and (3) Establish a record collection to 
ensure FHFA-OIG collects medical information pursuant to the 
implementing guidance of applicable federal laws, public health 
mandates, and executive orders.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by this system include contractors and visitors 
to FHFA-OIG facilities and FHFA-OIG-sponsored events during a public 
health emergency, such as a pandemic or epidemic.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records may include name; contact information (i.e., business and 
home addresses; business and personal electronic mail (email) 
addresses; business, home, cellular, and personal telephone numbers); 
and any other information provided.
    The system includes medical/health information collected about 
contractors and visitors who access or attempt to access an FHFA-OIG 
facility or FHFA-OIG-sponsored event, including, but not limited to: 
Temperature checks, expected or confirmed test results for an illness 
that is the subject of a public health emergency in accordance with 
federal, state or local public health orders; symptoms; potential or 
actual exposure to a contagious or communicable disease; immunization 
and vaccination information for contractors; attestation of vaccination 
and/or exposure to a communicable disease status from visitors; medical 
history related to the treatment of a contagious or communicable 
disease that is identified as part of a public health emergency; and 
the dates associated with any of the foregoing information.
    The system also includes information collected from contractors and 
visitors to FHFA-OIG facilities and FHFA-OIG-sponsored events necessary 
to conduct contact tracing that may include the above information.
    This information may include the dates and FHFA-OIG facility 
visited or FHFA-OIG-sponsored event that was attended; the names or 
descriptions (e.g., gender, race, approximate age, and other physical 
descriptors) of individuals they came into contact with; the specific 
locations (e.g., building floor, specific FHFA-OIG office) visited 
within the facility; the duration of time spent in the facility or in 
close proximity to other individuals; whether the individual may have 
potentially come into contact with a contagious person while visiting 
the facility; travel dates and locations; and contact information 
(phone, email address, and mailing address).
    The system also includes medical, vaccination, and immunization 
records from contractors pertaining to any illness that is the subject 
of a public health emergency including, but not limited to, the type 
and dose of vaccinations received, date(s) of vaccination(s), and 
vaccine provider as well as the absence of vaccination information or 
other medical information.

RECORD SOURCE CATEGORIES:
    Information is provided by contractors and visitors who access or 
attempt to access an FHFA-OIG facility or FHFA-OIG-sponsored events. 
For FHFA-OIG contractors or visitors, information may be also provided 
by their employer/or organization the individual is affiliated with for 
purposes of accessing or attempting to access an FHFA-OIG facility or 
FHFA-OIG-sponsored event. For any of the individuals above who are 
minors, the information may be provided by the individual's parent or 
legal custodian. Information may also be sourced from existing 
Government-wide systems of records.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, these records and the information contained 
in them may specifically be disclosed outside of FHFA-OIG as a routine 
use pursuant to 5 U.S.C. 552a(b)(3) as follows, to the extent such 
disclosures are compatible with the purposes for which the information 
was collected:
    1. To a federal, state, or local agency to the extent necessary to 
comply with laws governing reporting of infectious disease.
    2. To emergency contact(s) of FHFA-OIG staff members, contractors, 
or visitors for purposes of locating such individuals during a public 
health emergency or to communicate that an individual may have been 
exposed to a

[[Page 64474]]

contagious or communicable disease as the result of a pandemic or 
epidemic while visiting an FHFA-OIG facility or FHFA-OIG sponsored 
event.
    3. To appropriate agencies, entities, and persons when--(a) FHFA-
OIG suspects or has confirmed that there has been a breach of the 
system of records; (b) FHFA-OIG has determined that as a result of a 
suspected or confirmed breach there is a risk of harm to individuals, 
FHFA-OIG (including its information systems, programs, and operations), 
the Federal Government, or national security; and (c) the disclosure 
made to such agencies, entities, and persons is reasonably necessary to 
assist with FHFA-OIG's efforts to respond to a suspected or confirmed 
breach or to prevent, minimize, or remedy harm.
    4. To another federal agency or federal entity, when FHFA-OIG 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (a) responding to 
a suspected or confirmed breach; or (b) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    5. When there is an indication of a violation or potential 
violation of law, whether civil, criminal, or regulatory in nature, and 
whether arising by general statute or particular program statute, or by 
regulation, rule, or order issued pursuant thereto, the relevant 
records in the system of records may be referred, as a routine use, to 
the appropriate agency, whether federal, state, local, tribal, foreign, 
or a financial regulatory organization charged with the responsibility 
of investigating or prosecuting such violation or charged with 
enforcing or implementing a statute, or rule, regulation, or order 
issued pursuant thereto.
    6. To any individual during the course of any inquiry or 
investigation conducted by FHFA-OIG, or in connection with civil 
litigation, if FHFA-OIG has reason to believe that the individual to 
whom the record is disclosed may have further information about the 
matters related thereto, and those matters appeared to be relevant at 
the time to the subject matter of the inquiry.
    7. To any individual with whom FHFA-OIG contracts to collect, 
store, or maintain, or reproduce by typing, photocopy or other means, 
any record within this system for use by FHFA-OIG and its employees in 
connection with their official duties, or to any individual who is 
engaged by FHFA-OIG to perform clerical or stenographic functions 
relating to the official business of FHFA-OIG.
    8. To a Congressional office from the record of an individual in 
response to an inquiry from the Congressional office made at the 
request of that individual.
    9. To a court, magistrate, or administrative tribunal in the course 
of presenting evidence, including disclosures to opposing counsel or 
witnesses in the course of civil discovery, litigation, or settlement 
negotiations or in connection with criminal law proceedings or in 
response to a subpoena from a court of competent jurisdiction.
    10. To the Office of Management and Budget, Department of Justice 
(DOJ), Department of Labor, Office of Personnel Management, Equal 
Employment Opportunity Commission, Office of Special Counsel, or other 
federal agencies to obtain advice regarding statutory, regulatory, 
policy, and other requirements related to the purpose for which FHFA-
OIG collected the records.
    11. To outside counsel contracted by FHFA-OIG, DOJ (including 
United States Attorney Offices), or other federal agencies conducting 
litigation or in proceedings before any court, adjudicative or 
administrative body, when it is necessary to the litigation and one of 
the following is a party to the litigation or has an interest in such 
litigation--
    (a) FHFA-OIG;
    (b) An employee of FHFA-OIG in his/her official capacity;
    (c) An employee of FHFA-OIG in his/her individual capacity where 
DOJ or FHFA-OIG has agreed to represent the employee; or
    (d) The United States, or an agency thereof, is a party to the 
litigation or has an interest in such litigation, and FHFA-OIG 
determines that the records are both relevant and necessary to the 
litigation and the use of such records is compatible with the purpose 
for which FHFA-OIG collected the records.
    12. To the National Archives and Records Administration or other 
federal agencies pursuant to records management inspections being 
conducted under the authority of 44 U.S.C. 2904 and 2906.
    13. To an agency, organization, or individual for the purpose of 
performing audit or oversight operations as authorized by law, but only 
such information as is necessary and relevant to such audit or 
oversight function.
    14. To another federal Office of the Inspector General, law 
enforcement Task Force, or other federal, state, local, foreign, 
territorial, or tribal unit of government, other public authorities, or 
self-regulatory organizations for the purpose of preventing and/or 
identifying fraud, waste, or abuse related to FHFA's programs or 
operations.
    15. To other federal Offices of Inspector General or other 
entities, during the conduct of internal and external peer reviews of 
FHFA-OIG.
    16. To the public or to the media for release to the public when 
the matter under audit, review, evaluation, investigation, or inquiry 
has become public knowledge, or when the Inspector General determines 
that such disclosure is necessary either to preserve confidence in the 
integrity of FHFA-OIG's audit, review, evaluation, investigative, or 
inquiry processes or is necessary to demonstrate the accountability of 
FHFA-OIG employees, officers or individuals covered by the system, 
unless the Inspector General or his/her delegee determines, after 
consultation with counsel and the Senior Privacy Official, that release 
of the specific information in the context of a particular case would 
constitute an unwarranted invasion of personal privacy.
    17. To Congress, congressional committees, or the staffs thereof, 
once an FHFA-OIG report or management alert has become final and the 
Inspector General determines that its disclosure is necessary to 
fulfill the Inspector General's responsibilities under the Inspector 
General Act of 1978.
    18. To a federal agency or other entity which requires information 
relevant to a decision concerning the hiring, appointment, or retention 
of an employee or contractor; the assignment, detail, or deployment of 
an employee or contractor; the issuance, renewal, suspension, or 
revocation of an employee's or contractor's security clearance; the 
execution of a security or suitability investigation; the adjudication 
of liability; or coverage under FHFA-OIG's liability insurance policy.
    19. To the Council of the Inspectors General on Integrity and 
Efficiency and its committees, another federal Office of Inspector 
General, or other Federal law enforcement office in connection with an 
allegation of wrongdoing by the Inspector General or by designated 
FHFA-OIG staff members.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are maintained in electronic or paper format. Electronic 
records are stored on FHFA-OIG's secured network, FHFA-OIG-authorized 
cloud service

[[Page 64475]]

providers and FHFA-OIG-authorized contractor networks located within 
the Continental United States. Paper records are stored in locked 
offices, locked file rooms and locked file cabinets or safes.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by any of the following: name, contact 
information such as address (home, mailing, and/or business); telephone 
numbers (personal and/or business); electronic mail addresses (personal 
and/or business), photographic identifiers; geospatial and/or 
geolocation data, date of entry into FHFA-OIG facilities; symptoms or 
other medical information reported; offices or floors visited within 
FHFA-OIG facilities; names of individuals reported as being in close 
proximity to another individual; the names of individuals contacted as 
part of contact tracing effort; vaccination status; vaccination 
date(s); vaccination type(s); and work status (full or part time 
contractor, etc.).

POLICIES AND PRACTICIES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are retained and disposed of in accordance with National 
Archives and Records Administration General Records Schedule 2.7, Item 
060 and Item 070.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records are maintained in controlled access areas. Electronic 
records are protected by restricted access procedures, including user 
identifications and passwords. Only FHFA-OIG staff (and FHFA-OIG 
contractors assisting such staff) whose official duties require access 
are allowed to view, administer, and control these records.

RECORD ACCESS PROCEDURES:
    See ``Notification Procedures,'' below.

CONTESTING RECORD PROCEDURES:
    See ``Notification Procedures,'' below.

NOTIFICATION PROCEDURES:
    Individuals seeking notification of any records about themselves 
contained in this system should address their inquiry via email to 
[email protected], or by mail to the Office of Inspector General, 
Federal Housing Finance Agency, 400 Seventh Street SW, 3rd Floor, 
Washington, DC 20219, or in accordance with the procedures set forth in 
12 CFR part 1204. Please note that all mail sent to FHFA-OIG via the 
U.S. Postal Service is routed through a national irradiation facility, 
a process that may delay delivery by approximately two weeks. For any 
time-sensitive correspondence, please plan accordingly.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

Leonard DePasquale,
Chief Counsel, Federal Housing Finance Agency, Office of Inspector 
General.
[FR Doc. 2021-25189 Filed 11-17-21; 8:45 am]
BILLING CODE 8070-01-P