Privacy Act of 1974; System of Records

AGENCY:

Occupational Safety and Health Review Commission.

ACTION:

Notice of a modified system of records.

SUMMARY:

In accordance with the Privacy Act of 1974, the Occupational Safety and Health Review Commission (OSHRC) is revising the notice for Privacy Act system-of-records OSHRC-4.

DATES:

Comments must be received by OSHRC on or before December 13, 2018. The revised system of records will become effective on that date, without any further notice in the Federal Register, unless comments or government approval procedures necessitate otherwise.

ADDRESSES:

You may submit comments by any of the following methods:

• Email: rbailey@oshrc.gov. Include “PRIVACY ACT SYSTEM OF RECORDS” in the subject line of the message.
• Fax: (202) 606-5417.
• Mail: One Lafayette Centre, 1120 20th Street NW, Ninth Floor, Washington, DC 20036-3457.
• Hand Delivery/Courier: Same as mailing address.

Instructions: All submissions must include your name, return address, and email address, if applicable. Please clearly label submissions as “PRIVACY ACT SYSTEM OF RECORDS.”

FOR FURTHER INFORMATION CONTACT:

Ron Bailey, Attorney-Advisor, Office of the General Counsel, via telephone at (202) 606-5410, or via email at rbailey@oshrc.gov.

SUPPLEMENTARY INFORMATION:

The Privacy Act of 1974, 5 U.S.C. 552a(e)(4), requires federal agencies such as OSHRC to publish in the Federal Register notice of any new or modified system of records. As detailed below, OSHRC is revising Payroll and Related Records, OSHRC-4, to (1) eliminate the agency's regional offices in Denver, CO and Atlanta, GA as system locations; (2) account for changes in the names of the pertinent office and positions within the agency; (3) account for changes in how time and attendance records are processed (paper records are no longer maintained); (4) revise the category of records to more accurately reflect the types of information maintained; (5) revise the method by which records are retrieved (folders are organized only by name, and not social security number), stored, and safeguarded; and (6) update the reference to the applicable General Records Schedule for disposal of records. In addition, OSHRC has previously relied on blanket routine uses to describe the circumstances under which records may be disclosed. Going forward, as revised notices are published for new and modified systems of records, a full description of the routine uses—rather than a reference to blanket routine uses—will be included in each notice. This is simply a change in format that has not resulted in any substantive changes to the routine uses for this system of records.

The notice for OSHRC-4, provided below in its entirety, is as follows.

SYSTEM NAME AND NUMBER:

Payroll and Related Records, OSHRC-4.

SECURITY CLASSIFICATION:

None.

SYSTEM LOCATION:

(1) Paper and electronic files are maintained by the Office of the Executive Director, OSHRC, 1120 20th Street NW, Ninth Floor, Washington, DC 20036-3457; (2) pursuant to an interagency agreement, payroll records are stored electronically by the U.S. Department of Agriculture, National Finance Center (NFC), P.O. Box 60000, New Orleans, LA 70160-0001.

SYSTEM MANAGER(S):

Human Resources Specialist, OSHRC, 1120 20th Street NW, Ninth Floor, Washington, DC 20036-3457; (202) 606-5100.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S.C. 301, 5516, 5517, 5520; 26 U.S.C. 6011, 6109; 29 U.S.C. 661; 44 U.S.C. 3101.

PURPOSE(S) OF THE SYSTEM:

Records are used by OSHRC and NFC employees to maintain adequate payroll information for OSHRC employees and Commission members.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

This system of records covers current and former employees of OSHRC and Commission members.

CATEGORIES OF RECORDS IN THE SYSTEM:

The records maintained in this system, and the categories of records referenced therein, are as follows. (1) direct deposit records that include the employee's name and signature, address, and telephone number; the type of depositor account selected for direct deposit, and the account and routing numbers; and a voided check; (2) tax records that include the employee's name and signature, social security number, marital status, and home address; the number of allowances for which the employee qualifies; and further information which may be required on state, county, or city withholding certificates; (3) employee retirement estimates that include the employee's name and social security number; (4) records maintained pursuant to the Family Medical Leave Act that include the employee's name, signature, and job description; identity of certain family members and, if a child, date of birth; and medical information pertinent to leave requests; and (5) records necessary for payroll processing by NFC, including those pertaining to time and attendance and leave records, that may include some or all of the information specified above, as well as additional information concerning deductions, salary and benefits.

RECORD SOURCE CATEGORIES:

Information in this system either comes from the individual to whom it applies or is derived from information compiled by OSHRC employees performing administrative duties.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to disclosures generally permitted under 5 U.S.C. 552a(b), all or a portion of the records or information contained in this system of records may be disclosed as a routine use pursuant to 5 U.S.C. 552a(b)(3) under the circumstances or for the purposes described below, to the extent such disclosures are compatible with the purposes for which the information was collected:

(1) To the Department of Justice (DOJ), or to a court or adjudicative body before which OSHRC is authorized to appear, when any of the following entities or individuals—(a) OSHRC, or any of its components; (b) any employee of OSHRC in his or her official capacity; (c) any employee of OSHRC in his or her individual capacity where DOJ (or OSHRC where it is authorized to do so) has agreed to represent the employee; or (d) the United States, where OSHRC determines that litigation is likely to affect OSHRC or any of its components—is a party to litigation or has an interest in such litigation, and OSHRC determines that the use of such records by DOJ, or by a court or other tribunal, or another party before such tribunal, is relevant and necessary to the litigation.

(2) To an appropriate agency, whether federal, state, local, or foreign, charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, when a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes civil, criminal or regulatory violations, and such disclosure is proper and consistent with the official duties of the person making the disclosure.

(3) To a federal, state, or local agency maintaining civil, criminal or other relevant enforcement information, such as current licenses, if necessary to obtain information relevant to an OSHRC decision concerning the hiring, appointment, or retention of an employee; the issuance, renewal, suspension, or revocation of a security clearance; the execution of a security or suitability investigation; the letting of a contract; or the issuance of a license, grant or other benefit.

(4) To a federal, state, or local agency, in response to that agency's request for a record, and only to the extent that the information is relevant and necessary to the requesting agency's decision in the matter, if the record is sought in connection with the hiring, appointment, or retention of an employee; the issuance, renewal, suspension, or revocation of a security clearance; the execution of a security or suitability investigation; the letting of a contract; or the issuance of a license, grant or other benefit by the requesting agency.

(5) To an authorized appeal grievance examiner, formal complaints manager, equal employment opportunity investigator, arbitrator, or other duly authorized official engaged in investigation or settlement of a grievance, complaint, or appeal filed by an employee, only to the extent that the information is relevant and necessary to the case or matter.

(6) To OPM in accordance with the agency's responsibilities for evaluation and oversight of federal personnel management.

(7) To officers and employees of a federal agency for the purpose of conducting an audit, but only to the extent that the record is relevant and necessary to this purpose.

(8) To OMB in connection with the review of private relief legislation at any stage of the legislative coordination and clearance process, as set forth in Circular No. A-19.

(9) To a Member of Congress or to a person on his or her staff acting on the Member's behalf when a written request is made on behalf and at the behest of the individual who is the subject of the record.

(10) To the National Archives and Records Administration (NARA) for records management inspections and such other purposes conducted under the authority of 44 U.S.C. 2904 and 2906.

(11) To appropriate agencies, entities, and persons when: (a) OSHRC suspects or has confirmed that there has been a breach of the system of records; (b) OSHRC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, OSHRC, the Federal Government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with OSHRC's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

(12) To NARA, Office of Government Information Services (OGIS), to the extent necessary to fulfill its responsibilities in 5 U.S.C. 552(h), to review administrative agency policies, procedures and compliance with FOIA, and to facilitate OGIS' offering of mediation services to resolve disputes between persons making FOIA requests and administrative agencies.

(13) To another federal agency or federal entity, when OSHRC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

(14) To the Internal Revenue Service (IRS) for investigation, and to private attorneys, pursuant to a power of attorney.

(15) To the IRS, a copy of an employee's Department of the Treasury Form W-2, Wage and Tax Statement.

(16) To state, city, or other local jurisdictions which are authorized to tax the employee's compensation, a copy of an employee's Form W-2. The record will be provided in accordance with a withholding agreement between the state, city, or other local jurisdiction and the Department of the Treasury pursuant to 5 U.S.C. 5516, 5517, and 5520, or in response to a written request from an appropriate official of the taxing jurisdiction. The request must include a copy of the applicable statute or ordinance authorizing the taxation of compensation and should indicate whether the authority of the jurisdiction to tax the employee is based on place of residence, place of employment, or both.

(17) To a city, copies of executed city tax withholding certifications, pursuant to a withholding agreement between the city and the Department of the Treasury (5 U.S.C. 5520), and in response to written requests from an appropriate city official to OSHRC's Office of the Executive Director.

(18) To NFC to effect issuance of paychecks via electronic fund transfers (EFT) to employees, and distribution of allotments and deductions to financial and other institutions, and for other authorized purposes.

(19) To the Federal Retirement Thrift Investment Board to update Section 401K type records and benefits; to the Social Security Administration to establish social security records and benefits; to the Department of Labor, Office of Worker's Compensation to process compensation claims; to the Department of Defense to adjust military retirement; to health insurance carriers to process insurance claims; and to the Department of Veterans Affairs for the purpose of evaluating veteran's benefits to which the individual may be entitled.

(20) To other federal agencies to effect salary or administrative offsets, or for other purposes connected with the collection of debts owed to the United States, pursuant to sections 5 and 10 of the Debt Collection Act of 1982, as amended by the Debt Collection Improvement Act of 1996.

(21) To other federal, state, local or foreign agencies conducting computer matching programs to help eliminate fraud and abuse and to detect unauthorized overpayments made to individuals. When disclosures are made as part of computer matching programs, OSHRC will comply with the Computer Matching and Privacy Protection Act of 1988, and the Computer Matching and Privacy Protections Amendments of 1990.

(22) To the Office of Child Support Enforcement, Administration for Children and Families, Department of Health and Human Services, the names, social security numbers, home addresses, dates of birth, dates of hire, quarterly earnings, employer identifying information, and state of hire of employees for the purpose of locating individuals to establish paternity, identifying sources of income, and for other child support enforcement actions as required by the Personal Responsibility and Work Opportunity Reconciliation Act of 1996, 42 U.S.C. 653(n).

(23) To “consumer reporting agencies” as defined in the Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1966 (31 U.S.C. 3701(a)(3)) in accordance with 31 U.S.C. 3711(f).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are stored on paper in file cabinets at OSHRC's National Office in Washington, DC, and electronically on an access-restricted shared OSHRC drive. Records are also stored electronically on the NFC's personnel/payroll system.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are retrieved manually and electronically by name.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records are retained and disposed of in accordance with NARA's General Records Schedule 2.4.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Paper records are maintained in locked file cabinets, and access is limited to personnel who require access to perform their official functions. Access to electronic records maintained on an OSHRC shared drive is restricted to personnel who require access to perform their official functions.

OSHRC records electronically transmitted to its contractor, NFC, are stored on servers in a secured federal complex with access codes, security codes, and/or security guards. Access to networks and data requires a valid username and password and is further restricted to personnel who have the need to know the information for the performance of their official duties.

RECORD ACCESS PROCEDURES:

Individuals who wish to gain access to their records should notify: Privacy Officer, OSHRC, 1120 20th Street NW, Ninth Floor, Washington, DC 20036-3457. For an explanation on how such requests should be drafted, refer to 29 CFR 2400.6 (procedures for requesting records).

CONTESTING RECORD PROCEDURES:

Individuals who wish to contest their records should notify: Privacy Officer, OSHRC, 1120 20th Street NW, Ninth Floor, Washington, DC 20036-3457. For an explanation on the specific procedures for contesting the contents of a record, refer to 29 CFR 2400.8 (Procedures for requesting amendment), and 29 CFR 2400.9 (Procedures for appealing).

NOTIFICATION PROCEDURES:

Individuals interested in inquiring about their records should notify: Privacy Officer, OSHRC, 1120 20th Street NW, Ninth Floor, Washington, DC 20036-3457. For an explanation on how such requests should be drafted, refer to 29 CFR 2400.5 (notification), and 29 CFR 2400.6 (procedures for requesting records).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

April 14, 2006, 71 FR 19556; August 4, 2008, 73 FR 45256; October 5, 2015, 80 FR 60182; and September 28, 2017, 82 FR 45324.