83 FR 44309 - Privacy Act of 1974; System of Records

OCCUPATIONAL SAFETY AND HEALTH REVIEW COMMISSION

Federal Register Volume 83, Issue 169 (August 30, 2018)

In accordance with the Privacy Act of 1974, as amended, the Occupational Safety and Health Review Commission (OSHRC) is revising the notice for Privacy Act system-of-records OSHRC-4.

[Federal Register Volume 83, Number 169 (Thursday, August 30, 2018)]
[Notices]
[Pages 44309-44311]
From the Federal Register Online  [www.thefederalregister.org]
[FR Doc No: 2018-18786]


=======================================================================
-----------------------------------------------------------------------

OCCUPATIONAL SAFETY AND HEALTH REVIEW COMMISSION


Privacy Act of 1974; System of Records

AGENCY: Occupational Safety and Health Review Commission.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, as amended, the 
Occupational Safety and Health Review Commission (OSHRC) is revising 
the notice for Privacy Act system-of-records OSHRC-4.

DATES: Comments must be received by OSHRC on or before October 1, 2018. 
The revised system of records will become effective on that date, 
without any further notice in the Federal Register, unless comments or 
government approval procedures necessitate otherwise.

ADDRESSES: You may submit comments by any of the following methods:
     Email: [email protected]. Include ``PRIVACY ACT SYSTEM OF 
RECORDS'' in the subject line of the message.
     Fax: (202) 606-5417.
     Mail: One Lafayette Centre, 1120 20th Street NW, Ninth 
Floor, Washington, DC 20036-3457.
     Hand Delivery/Courier: Same as mailing address.
    Instructions: All submissions must include your name, return 
address, and email address, if applicable. Please clearly label 
submissions as ``PRIVACY ACT SYSTEM OF RECORDS.''

FOR FURTHER INFORMATION CONTACT: Ron Bailey, Attorney-Advisor, Office 
of the General Counsel, via telephone at (202) 606-5410, or via email 
at [email protected].

SUPPLEMENTARY INFORMATION: The Privacy Act of 1974, 5 U.S.C. 
552a(e)(4), requires federal agencies such as OSHRC to publish in the 
Federal

[[Page 44310]]

Register notice of any new or modified system of records. No 
significant changes have been made to the following system-of-records 
notice. However, the Office of Management and Budget in OMB Circular A-
108, at p. 11, has encouraged agencies not to rely on blanket routine 
uses--uses listed in a separate document that apply to all systems of 
records. OSHRC, therefore, has revised its notice for OSHRC-6 to 
include a full description of the applicable routine uses. This is 
simply a change in format that has not resulted in any substantive 
changes to the routine uses for this system of records.
    The notice for OSHRC-6, provided below in its entirety, is as 
follows.
SYSTEM NAME AND NUMBER
    E-Filing/Case Management System, OSHRC-6.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Electronic records are maintained in a private cloud within an 
Oracle Database, operated by MicroPact at 12901 Worldgate Drive, Suite 
800, Herndon, VA 20170. Paper records are maintained by the Office of 
the Executive Secretary, located at 1120 20th Street NW, Ninth Floor, 
Washington, DC 20036-3457.

SYSTEM MANAGER(S):
    Supervisory Information Technology Specialist (electronic records 
contained in the e-filing/case management system) and the Executive 
Secretary (all other records), OSHRC, 1120 20th Street NW, Ninth Floor, 
Washington, DC 20036-3457; (202) 606-5100.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    29 U.S.C. 661.

PURPOSE(S) OF THE SYSTEM:
    This system of records is maintained for the purpose of processing 
cases that are before OSHRC.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system of records covers (1) ALJs; (2) Commission members and 
their staff; (3) OSHRC employees entering data into the e-filing/case 
management system, or assigned responsibilities with respect to a 
particular case; and (4) parties, the parties' points of contact, and 
the parties' representatives in cases that have been, or presently are, 
before OSHRC.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The electronic records contain the following information: (1) The 
names of those covered by the system of records and, as to parties, 
their points of contact; (2) the telephone and fax numbers, business 
email addresses, and/or business street addresses of those covered by 
the system of records; (3) the names of OSHRC cases, and information 
associated with the cases, such as the inspection number, the docket 
number, the state in which the action arose, the names of the 
representatives, and whether the case involved a fatality; (4) events 
occurring in cases and the dates on which the events occurred; (5) 
documents filed in cases and the dates on which the documents were 
filed; and (6) the names of OSHRC employees entering data into the e-
filing/case management system, or assigned responsibilities with 
respect to a particular case. The paper records are hard copies of the 
electronic records in the e-filing/case management system.

RECORD SOURCE CATEGORIES:
    Information in this system is derived from the individual to whom 
it applies or is derived from case processing records maintained by the 
Office of the Executive Secretary and the Office of the General 
Counsel, or from information provided by the parties who appear before 
OSHRC.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to disclosures generally permitted under 5 U.S.C. 
552a(b), all or a portion of the records or information contained in 
this system of records may be disclosed as a routine use pursuant to 5 
U.S.C. 552a(b)(3) under the circumstances or for the purposes described 
below, to the extent such disclosures are compatible with the purposes 
for which the information was collected:
    (1) To the Department of Justice (DOJ), or to a court or 
adjudicative body before which OSHRC is authorized to appear, when any 
of the following entities or individuals--(a) OSHRC, or any of its 
components; (b) any employee of OSHRC in his or her official capacity; 
(c) any employee of OSHRC in his or her individual capacity where DOJ 
(or OSHRC where it is authorized to do so) has agreed to represent the 
employee; or (d) the United States, where OSHRC determines that 
litigation is likely to affect OSHRC or any of its components--is a 
party to litigation or has an interest in such litigation, and OSHRC 
determines that the use of such records by DOJ, or by a court or other 
tribunal, or another party before such tribunal, is relevant and 
necessary to the litigation.
    (2) To an appropriate agency, whether federal, state, local, or 
foreign, charged with investigating or prosecuting a violation or 
enforcing or implementing a law, rule, regulation, or order, when a 
record, either on its face or in conjunction with other information, 
indicates a violation or potential violation of law, which includes 
civil, criminal or regulatory violations, and such disclosure is proper 
and consistent with the official duties of the person making the 
disclosure.
    (3) To a federal, state, or local agency maintaining civil, 
criminal or other relevant enforcement information, such as current 
licenses, if necessary to obtain information relevant to an OSHRC 
decision concerning the hiring, appointment, or retention of an 
employee; the issuance, renewal, suspension, or revocation of a 
security clearance; the execution of a security or suitability 
investigation; the letting of a contract; or the issuance of a license, 
grant or other benefit.
    (4) To a federal, state, or local agency, in response to that 
agency's request for a record, and only to the extent that the 
information is relevant and necessary to the requesting agency's 
decision in the matter, if the record is sought in connection with the 
hiring, appointment, or retention of an employee; the issuance, 
renewal, suspension, or revocation of a security clearance; the 
execution of a security or suitability investigation; the letting of a 
contract; or the issuance of a license, grant or other benefit by the 
requesting agency.
    (5) To an authorized appeal grievance examiner, formal complaints 
manager, equal employment opportunity investigator, arbitrator, or 
other duly authorized official engaged in investigation or settlement 
of a grievance, complaint, or appeal filed by an employee, only to the 
extent that the information is relevant and necessary to the case or 
matter.
    (6) To OPM in accordance with the agency's responsibilities for 
evaluation and oversight of federal personnel management.
    (7) To officers and employees of a federal agency for the purpose 
of conducting an audit, but only to the extent that the record is 
relevant and necessary to this purpose.
    (8) To OMB in connection with the review of private relief 
legislation at any stage of the legislative coordination and clearance 
process, as set forth in Circular No. A-19.
    (9) To a Member of Congress or to a person on his or her staff 
acting on the Member's behalf when a written request is made on behalf 
and at the behest of

[[Page 44311]]

the individual who is the subject of the record.
    (10) To the National Archives and Records Administration (NARA) for 
records management inspections and such other purposes conducted under 
the authority of 44 U.S.C. 2904 and 2906.
    (11) To appropriate agencies, entities, and persons when: (a) OSHRC 
suspects or has confirmed that there has been a breach of the system of 
records; (b) OSHRC has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, OSHRC, the 
Federal Government, or national security; and (c) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with OSHRC's efforts to respond to the suspected 
or confirmed breach or to prevent, minimize, or remedy such harm.
    (12) To NARA, Office of Government Information Services (OGIS), to 
the extent necessary to fulfill its responsibilities in 5 U.S.C. 
552(h), to review administrative agency policies, procedures and 
compliance with FOIA, and to facilitate OGIS' offering of mediation 
services to resolve disputes between persons making FOIA requests and 
administrative agencies.
    (13) To another federal agency or federal entity, when OSHRC 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (a) responding to 
a suspected or confirmed breach or (b) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    (14) To a bar association or similar federal, state, or local 
licensing authority for a possible disciplinary action.
    (15) To vetted MicroPact employees in order to ensure that the e-
filing/case management system is properly maintained.
    (16) To the public, in accordance with 29 U.S.C. 661(g), for the 
purpose of inspecting and/or copying the records at OSHRC.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    At MicroPact's secure facility, the information is stored in a 
database contained on a separate database server behind the application 
server serving the data. Paper records are stored in the records room 
and in file cabinets.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Electronic records contained in the case e-filing/case management 
system may be retrieved by any of the data items listed under 
``Categories of Records in the System,'' including docket number, 
inspection number, any part of a representative's name or the case 
name, and user. Paper records may be retrieved manually by docket 
number or case name.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Under Records Disposition Schedule N1-455-90-1, paper case files 
may be destroyed 20 years after a case closes. Under Records 
Disposition Schedule N1-455-11-2, electronic records pertaining to 
those paper case files may be deleted when no longer needed for the 
conduct of current business.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Electronic records contained in the e-filing/case management system 
are safeguarded as follows. Data going across the internet is encrypted 
using SSL encryption. Every system is password protected. MicroPact, 
which stores the data in a private cloud within an Oracle Database, 
operates its own datacenter that is protected by physical security 
measures. Only authorized MicroPact employees who have both physical 
key and key card access to the datacenter can physically access the 
sites where data is stored. Only authorized and vetted MicroPact 
employees have access to the servers containing any PII.
    The access of parties and their representatives to electronic 
records in the system is limited to active files pertaining to cases in 
which the parties are named, or the representatives have entered 
appearances. The access of OSHRC employees is limited to personnel 
having a need for access to perform their official functions and is 
additionally restricted through password identification procedures.
    Paper records are maintained in a records room that can only be 
accessed using a smartcard or a key. Some paper records are also 
maintained in file cabinets. During duty hours, these records are under 
surveillance of personnel charged with their custody, and after duty 
hours, the records are secured behind locked doors. Access to the 
cabinets is limited to personnel having a need for access to perform 
their official functions.

RECORD ACCESS PROCEDURES:
    Individuals who wish to gain access to their records should notify: 
Privacy Officer, OSHRC, 1120 20th Street NW, Ninth Floor, Washington, 
DC 20036-3457. For an explanation on how such requests should be 
drafted, refer to 29 CFR 2400.6 (procedures for requesting records).

CONTESTING RECORD PROCEDURES:
    Individuals who wish to contest their records should notify: 
Privacy Officer, OSHRC, 1120 20th Street NW, Ninth Floor, Washington, 
DC 20036-3457. For an explanation on the specific procedures for 
contesting the contents of a record, refer to 29 CFR 2400.8 (Procedures 
for requesting amendment), and 29 CFR 2400.9 (Procedures for 
appealing).

NOTIFICATION PROCEDURES:
    Individuals interested in inquiring about their records should 
notify: Privacy Officer, OSHRC, 1120 20th Street NW, Ninth Floor, 
Washington, DC 20036-3457. For an explanation on how such requests 
should be drafted, refer to 29 CFR 2400.5 (notification), and 29 CFR 
2400.6 (procedures for requesting records).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    July 7, 2016, 81 FR 44335; and September 28, 2017, 82 FR 45324.

    Dated: August 23, 2018.
Nadine N. Mancini,
General Counsel, Senior Agency Official for Privacy.
[FR Doc. 2018-18786 Filed 8-29-18; 8:45 am]
 BILLING CODE 7600-01-P