Privacy Act of 1974; System of Records

Issuing agencies

Abstract

ODNI provides notice that it is establishing a new Privacy Act system of records identified as ODNI-23, "Workforce Health and Safety Records." ODNI proposed to add a new system of records to its inventory of records systems subject to the Privacy Act of 1974, as amended. This action is necessary to meet the requirements of the Privacy Act to publish in the Federal Register the existence and character of records maintained by the agency. This new system of records is titled, "Workforce Health and Safety Records."

Full Text

<html>
<head>
<title>Federal Register, Volume 87 Issue 234 (Wednesday, December 7, 2022)</title>
</head>
<body><pre>
[Federal Register Volume 87, Number 234 (Wednesday, December 7, 2022)]
[Notices]
[Pages 75069-75071]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2022-26593]


=======================================================================
-----------------------------------------------------------------------

OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE


Privacy Act of 1974; System of Records

AGENCY: Office of the Director of National Intelligence.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: ODNI provides notice that it is establishing a new Privacy Act 
system of records identified as ODNI-23, ``Workforce Health and Safety 
Records.'' ODNI proposed to add a new system of records to its 
inventory of records systems subject to the Privacy Act of 1974, as 
amended. This action is necessary to meet the requirements of the 
Privacy Act to publish in the Federal Register the existence and 
character of records maintained by the agency. This new system of 
records is titled, ``Workforce Health and Safety Records.''

DATES: This new System of Records will go into effect on December 7, 
2022, unless comments are received that result in a contrary 
determination. Routine uses applicable to ODNI-23, ``Workforce Health 
and Safety Records,'' will go into effect 30 days after date of 
publication.

ADDRESSES: You many submit comments by any of the following methods: 
Email: <a href="/cdn-cgi/l/email-protection#b9cdcbd8d7cac9d8cbdcd7dac0f9ddd7d097ded6cf"><span class="__cf_email__" data-cfemail="1b6f697a75686b7a697e7578625b7f7572357c746d">[email&#160;protected]</span></a>. Mail: Director, Information Management 
Office, Chief Operating Officer, ODNI, Washington, DC 20511.

SUPPLEMENTARY INFORMATION: Pursuant to the Privacy Act, 5 U.S.C. 552a, 
the ODNI is establishing a new system ofrecords, ODNI-23, ``Workforce 
Health and Safety Records.'' The ODNI is committed to providing all 
ODNI personnel and visitors to and occupants of ODNI spaces or 
facilities with a safe and healthy environment. When necessary, the 
ODNI may develop and institute additional safety measures to protect 
its workforce and those individuals entering ODNI facilities. The ODNI 
will collect and maintain information in accordance with the 
Rehabilitation Act of 1973 and regulations and guidance published by 
the U.S. Occupational Safety and Health Administration, the U.S. Equal 
Employment Opportunity Commission, and the U.S. Centers for Disease 
Control and Prevention.

SYSTEM NAME AND NUMBER:
    Workforce Health and Safety Records (ODNI-23).

SECURITY CLASSIFICATION:
    The classification of records in this system ranges from 
UNCLASSIFIED to TOP SECRET.

SYSTEM LOCATION:
    Office of the Director of National Intelligence, Washington, DC 
20511.

SYSTEM MANAGER(S):
    Chief Operating Officer (COO), ODNI, Washington, DC 20511.

[[Page 75070]]

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The National Security Act of 1947, as amended, 50 U.S.C. 3002-3231; 
Federal workforce safety requirements, including the Occupational 
Safety and Health Act of 1970; Executive Order 12196, ``Occupational 
Safety and Health Programs for Federal Employees;'' 29 U.S.C. 668; 5 
U.S.C. 7902; Americans with Disabilities Act of 1990, as amended; the 
Rehabilitation Act of 1973, as amended; Federal laws related to a 
specific public health emergency or public health threats, including, 
Executive Order 13991, ``Protecting the Federal Workforce and Requiring 
Mask-Wearing,'' Executive Order 13994, ``Ensuring a Data-Driven 
Response to COVID-19 and Future High-Consequence Public Health 
Threats,'' Executive Order 14042, ``Ensuring Adequate COVID Safety 
Protocols for Federal Contractors,'' and Executive Order 14043, 
``Requiring Coronavirus Disease 2019 Vaccination for Federal 
Employees;'' 22 U.S.C. 2680b; National Defense Authorization Act for FY 
2022, Public Law 117-81, Sec. 6603.

PURPOSE(S) OF THE SYSTEM:
    ODNI may use the information collected (1) to facilitate the 
provision and enforcement of health safety protocols to ODNI workforce 
personnel and visitors to and occupants of ODNI spaces and facilities; 
(2) to inform individuals who may have been in proximity of a disease, 
illness, or other public health threat; (3) to identify the medical 
status of individuals to prevent such disease or illness from 
spreading; (4) to facilitate the provision of a reasonable 
accommodation or lawful exception to a public health safety 
requirement; (5) to facilitate reporting or tracking of medical testing 
results or screening results related to a public health or safety 
threat; (6) to determine and report the aggregate number of individuals 
compliant with a public health or safety requirement or the number of 
staff that received a legal exception and accommodation to a 
requirement; and (7) to properly process associated business, security, 
or human resources requirements, to include investigation into the 
facts and circumstances regarding exposure to a disease, illness, or 
other public health threat, reimbursement of approved expenses, claims 
for workers' compensation or other medical care or treatment, 
authorized administrative leave, new hires, and enforcement or 
disciplinary actions.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Current and former ODNI personnel and family members, including 
cadre employees, staff reserve, Highly Qualified Experts, military, 
detailees, Intergovernmental Personnel Act detailees, appointees, and 
interns; applicants for ODNI employment; visitors and assignees to and 
occupants of ODNI spaces and facilities; and contractors providing 
support to ODNI or inside ODNI spaces and facilities.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records maintained in this system may include full name; agency 
identification number (AIN); biographical and contact information; 
worksite and job information; supervisor's name and contact 
information; date(s) and circumstances of the individual's suspected or 
actual exposure to disease, illness, or public health threat, which may 
include medical symptoms, attire, location, and exposure information 
where the individual may have contracted, been exposed to, or spread 
the disease, illness or public health threat; information directly 
related to an individual's potential disease, injury, or illness, e.g., 
vaccination status, testing results/information, previous medical 
symptoms, diagnoses, treatments, source of exposure and study 
participation; vaccination records, including the date, type, and dose 
of vaccine administered and any boosters; information relevant to a 
request for a reasonable accommodation or exception to public health 
safety requirements, e.g., medical or religious exception for 
vaccination; records relating to compliance with health safety 
protocols or policies; information relating to health safety and 
disease mitigation measures, including contact tracing, temperature 
screening, quarantines, and other symptom screening questionnaires or 
records; business records, which may include receipts or insurance 
explanation of benefits, required for reimbursement of authorized 
expenses; human resource data associated with authorized administrative 
leave, workers' compensation claims, new hires, and enforcement or 
disciplinary process.

RECORD SOURCE CATEGORIES:
    Records may be obtained from individuals; personnel at medical 
facilities when written permission is granted by the individual; 
individuals with direct or indirect knowledge about participation in 
public health safety requirements; individuals responsible for 
implementing or enforcing health safety protocols, associated human 
resources processes, to include hiring and disciplinary, mitigation 
measures, or other health safety requirements; security systems 
monitoring access to ODNI facilities, such as video surveillance, 
turnstiles, and access logs; ODNI internal systems; and property 
management companies responsible for managing ODNI facilities.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to the disclosures permitted under subsection (b) of 
the Privacy Act, ODNI may disclose information contained in this system 
of records if the disclosure is compatible with the purpose for which 
the record was collected pursuant to the ``Routine Uses Applicable to 
More Than One ODNI Privacy Act System of Records,'' Subpart C of ODNI's 
Privacy Act Regulation published at 32 CFR part 1701 (73 FR 16531, 
16541) and incorporated by reference (see also <a href="http://www.dni.gov">http://www.dni.gov</a>). 
ODNI may also disclose information contained in this system ofrecords 
if the disclosure is compatible with the purpose for which the record 
was collected under the following additional routine use:
    (i) A record from the Workforce Health and Safety Records system of 
records maintained by ODNI may be disclosed as a routine use to an 
individual's employer to provide information about the individual's 
health status, safety practices, or compliance with health and safety 
protocols when disclosure is necessary to maintain the safety and 
security of USG facilities.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Electronic records are stored in secure file-servers on secure 
private cloud-based systems that are connected only to a government 
network.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    The records in this system are retrieved by name or other unique 
identifier.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Pursuant to 44 U.S.C. 3303a(d) and 36 CFR Chapter 12, Subchapter B-
Records Management, these records are covered by the National Archives 
and Records Administration (NARA) General Records Schedule (ORS) 2.7, 
Workforce Health and Safety Records. All records will be retained and 
disposed of according to the applicable NARA ORS provisions.

[[Page 75071]]

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Information in this system is safeguarded in accordance with 
recommended and/or prescribed administrative, physical, and technical 
safeguards. Records are maintained in secure government-managed 
facilities with access limited to authorized personnel. Physical 
security protections include guards and locked facilities requiring 
badges and passwords for access. Records are accessed only by current 
government-authorized personnel whose official duties require access to 
the records. Electronic authorization and authentication of users is 
required at all points before any system information can be accessed. 
Safeguards are in place to monitor and audit access. System backup is 
maintained separately.

RECORD ACCESS PROCEDURES:
    As specified below, records in this system have been exempted from 
certain notification, access, and amendment procedures. A request for 
access shall be made in writing with the envelope and letter clearly 
marked ``Privacy Act Request.'' Requesters shall provide their full 
name and complete address. The requester must sign the request and have 
it verified by a notary public. Alternately, the request may be 
submitted under 28 U.S.C. 1746, ertifying the requester's identity and 
understanding that obtaining a record under false pretenses constitutes 
a criminal offense. Requests for access to information must be 
addressed to the Director, Information Management Office, Chief 
Operating Officer, Office of the Director of National Intelligence, 
Washington, DC 20511. Regulations governing access to one's records or 
for appealing an initial determination concerning access to records are 
contained in the ODNI regulation implementing the Privacy Act, 32 CFR 
part 1701 (73 FR 16531).

CONTESTING RECORD PROCEDURES:
    As specified below, records in this system are exempt from certain 
notification, access, and amendment procedures. Individuals seeking to 
correct or amend non-exempt records should address their requests to 
ODNI at the address and according to the requirements set forth above 
under the heading ``Record Access Procedures.'' Regulations governing 
access to and amendment of one's records or for appealing an initial 
determination concerning access or amendment of records are contained 
in the ODNI regulation implementing the Privacy Act, 32 CFR part 1701 
(73 FR 16531).

NOTIFICATION PROCEDURES:
    As specified below, records in this system are exempt from certain 
notification, access, and amendment procedures. Individuals seeking to 
learn whether this system contains non-exempt information about them 
should address inquiries to ODNI at the address and according to the 
requirements set forth above under the heading ``Record Access 
Procedures.''

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    The Privacy Act authorizes ODNI to exempt records contained in this 
system of records from the requirements of subsections (c)(3), (d), 
(e)(l), (e)(4)(G), (H), (I), and (f) of the Privacy Act pursuant to 5 
U.S.C. 552a(k)(l) and (k)(5).

HISTORY:
    None.
    In accordance with 5 U.S.C. 552a(r), ODNI has provided a report of 
this revision to the Office of Management and Budget and to Congress.

    Dated: November 30, 2022.
Gregory M. Koch,
Director, Information Management Office, Chief Operating Officer, 
Office of the Director of National Intelligence.
[FR Doc. 2022-26593 Filed 12-6-22; 8:45 am]
BILLING CODE 9500-01-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>