Privacy Act of 1974; System of Records

AGENCY:

Occupational Safety and Health Administration (OSHA), Department of Labor.

ACTION:

Notice of a modified system of records.

SUMMARY:

The Privacy Act of 1974 and Office of Management and Budget (OMB) Circular No. A-108 requires that each agency publish notice of a new or modified system of records that it maintains. This notice proposes to modify an existing system of records to add three additional statutes to the “Authority” section of the system, and to add two new routine uses and revise one routine use for the Department of Labor (DOL), Occupational Safety and Health Administration (OSHA), Retaliation Complaint File, DOL/OSHA-1, as well as to make general updates to provide more detail and clarity regarding OSHA's practices for disclosing, storing, retaining, and disposing of records in this system and the technical, physical, and administrative safeguards that OSHA relies on to protect records in this system from unauthorized disclosure.

DATES:

Comments must be received no later than May 20, 2024. This modification is effective upon publication of this Notice. If no public comments are received, the new routine uses will be effective beginning May 20, 2024. If DOL receives public comments, DOL will review the comments to determine whether any changes to the notice are necessary.

ADDRESSES:

We invite you to submit comments on this notice. You may submit comments by any of the following methods:

• Federal e-Rulemaking Portal: https://www.regulations.gov or https://www.federalregister.gov. Follow the instructions for submitting comments.

• Mail, Hand Delivery, or Courier: 200 Constitution Avenue NW, Room N-3653, Washington, DC 20210. In your comment, specify “Retaliation Complaint File, DOL/OSHA-1.”

All comments will be made public and will be posted without change to https://www.regulations.gov, including any personal information provided.

FOR FURTHER INFORMATION CONTACT:

To submit general questions about the system, contact Lee Martin by telephone at 202-693-2199 or by email at osha.dwpp@dol.gov. Please include “Retaliation Complaint File, DOL/OSHA-1” in the submission.

SUPPLEMENTARY INFORMATION:

The Retaliation Complaint File, DOL/OSHA-1 modified system of records includes three additional OSHA statutes and two new routine uses. The new statutes to be added are: The Taxpayer First Act (26 U.S.C. 7623(d)); The Criminal Antitrust Anti-Retaliation Act (15 U.S.C. 7a-3); and The Anti-Money Laundering Act (31 U.S.C. 5323(a)(5), (g) & (j)). DOL is adding routine uses e. and f. regarding disclosure of records, as needed, to address a suspected breach of DOL's or another agency's records systems. DOL has also revised routine use c. to note that disclosure of appropriate, relevant, necessary, and compatible investigative records may be made to OSHA-approved occupational safety and health State Plan agencies (State Plans), as well as Federal agencies, responsible for investigating, prosecuting, enforcing, or implementing laws related to one or more of the statutes listed under AUTHORITY FOR MAINTENANCE OF THE SYSTEM where OSHA deems such disclosure compatible with the purpose for which the records were collected. Former routine use e. (permitting disclosure of statistical reports containing aggregated results of program activities and outcomes to the media, researchers, or other interested parties) is being re-designated as routine use g. Additionally, DOL is making general updates to provide more detail and clarity regarding OSHA's practices for storing, retaining, and disposing of records in this system and the technical, physical, and administrative safeguards that OSHA relies on to protect records in this system from unauthorized disclosure.

SYSTEM NAME AND NUMBER:

Retaliation Complaint File, DOL/OSHA-1.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

The system resides in a secure cloud service environment provided through Amazon Web Services (AWS). Records from the secure cloud service are accessed by DOL personnel located at the Occupational Safety and Health Administration (OSHA)'s national, regional, and area offices. Address information for regional and area offices can be found at: https://www.osha.gov/contactus/bystate. Pursuant to DOL's Flexiplace Programs (also known as “telework” pursuant to the Telework Enhancement Act), copies of records may be temporarily located at alternative worksites, including employees' homes or at geographically convenient satellite offices for periods of time. All appropriate safeguards are taken at these sites.

SYSTEM MANAGER(S):

Lee Martin, Director of the Directorate of Whistleblower Protection Programs, Occupational Safety and Health Administration, U.S. Department of Labor, 200 Constitution Avenue NW, Room N-3647, Washington, DC 20210.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

a. The Occupational Safety and Health Act (29 U.S.C. 660(c));

b. The Surface Transportation Assistance Act (49 U.S.C. 31105);

c. The Asbestos Hazard Emergency Response Act (15 U.S.C. 2651);

d. The International Safe Container Act (46 U.S.C. 80507);

e. The Safe Drinking Water Act (42 U.S.C. 300j-9(i));

f. The Federal Water Pollution Control Act (33 U.S.C. 1367);

g. The Toxic Substances Control Act (15 U.S.C. 2622);

h. The Wendell H. Ford Aviation Investment and Reform Act for the 21st Century (49 U.S.C. 42121);

i. The Solid Waste Disposal Act (42 U.S.C. 6971);

j. The Clean Air Act (42 U.S.C. 7622);

k. The Comprehensive Environmental Response, Compensation and Liability Act of 1980 (42 U.S.C. 9610);

l. The Energy Reorganization Act of 1978 (42 U.S.C. 5851);

m. The Pipeline Safety Improvement Act of 2002 (49 U.S.C. 60129);

n. The Corporate and Criminal Fraud Accountability Act of 2002, Title VIII of the Sarbanes-Oxley Act of 2002 (18 U.S.C. 1514A);

o. The Federal Railroad Safety Act (49 U.S.C. 20109);

p. The National Transit Systems Security Act (6 U.S.C. 1142);

q. The Consumer Product Safety Improvement Act (15 U.S.C. 2087);

r. The Affordable Care Act (29 U.S.C. 218C);

s. The Consumer Financial Protection Act of 2010 (12 U.S.C. 5567);

t. The Seaman's Protection Act (46 U.S.C. 2114);

u. The FDA Food Safety Modernization Act (21 U.S.C. 399d);

v. The Moving Ahead for Progress in the 21st Century Act (49 U.S.C. 30171);

w. The Taxpayer First Act (26 U.S.C. 7623(d));

x. The Criminal Antitrust Anti-Retaliation Act (15 U.S.C. 7a-3); and

y. The Anti-Money Laundering Act (31 U.S.C. 5323(a)(5), (g) & (j)).

PURPOSE(S) OF THE SYSTEM:

The records are used to support a determination by OSHA on the merits of a complaint alleging violation of the employee protection provisions of one or more of the statutes listed under AUTHORITY FOR MAINTENANCE OF THE SYSTEM. The records also are used as the basis of statistical reports on such activity by the system manager, national office administrators, regional administrators, investigators, and their supervisors in OSHA. The reports may be released to the public. The reports do not contain any identifying information and are generally used for statistical purposes.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals who have filed complaints alleging retaliation against them by their employers, or by others, for engaging in activities protected under the various statutes set forth below, popularly referenced as whistleblower protection statutes are covered by the system. Complainants may file such claims with OSHA pursuant to the following statutes: The Occupational Safety and Health Act (29 U.S.C. 660(c)); the Surface Transportation Assistance Act (49 U.S.C. 31105); the Asbestos Hazard Emergency Response Act (15 U.S.C. 2651); the International Safe Container Act (46 U.S.C. 80507); the Safe Drinking Water Act (42 U.S.C. 300j-9(i)); the Federal Water Pollution Control Act (33 U.S.C. 1367); the Toxic Substances Control Act (15 U.S.C. 2622); the Wendell H. Ford Aviation Investment and Reform Act for the 21st Century (49 U.S.C. 42121); the Solid Waste Disposal Act (42 U.S.C. 6971); the Clean Air Act (42 U.S.C. 7622); the Comprehensive Environmental Response, Compensation and Liability Act of 1980 (42 U.S.C. 9610); the Energy Reorganization Act of 1978 (42 U.S.C. 5851); the Pipeline Safety Improvement Act of 2002 (49 U.S.C. 60129); the Corporate and Criminal Fraud Accountability Act of 2002, Title VIII of the Sarbanes-Oxley Act of 2002 (18 U.S.C. 1514A); the Federal Railroad Safety Act (49 U.S.C. 20109); the National Transit Systems Security Act (6 U.S.C. 1142); the Consumer Product Safety Improvement Act (15 U.S.C. 2087); the Affordable Care Act (29 U.S.C. 218C); the Consumer Financial Protection Act of 2010 (12 U.S.C. 5567); the Seaman's Protection Act (46 U.S.C. 2114); the FDA Food Safety Modernization Act (21 U.S.C. 399d); the Moving Ahead for Progress in the 21st Century Act (49 U.S.C. 30171); the Taxpayer First Act (26 U.S.C. 7623(d)); the Criminal Antitrust Anti-Retaliation Act (15 U.S.C. 7a-3); and the Anti-Money Laundering Act (31 U.S.C. 5323(a)(5), (g) & (j)).

CATEGORIES OF RECORDS IN THE SYSTEM:

Records in the system include the complainant's name, address, telephone numbers, occupation, place of employment, and other identifying data along with the allegation, OSHA forms, and evidence offered in the allegation's proof. Records in the system also includes the respondent's name, address, telephone numbers, response to notification of the complaint, statements, and any other evidence or background material submitted as evidence. This material includes records of interviews and other data gathered by the investigator.

RECORD SOURCE CATEGORIES:

Records contained in this system are obtained from individual complainants who filed allegation(s) of retaliation by employer(s) against employee(s) or persons who have engaged in protected activities. OSHA uses the OSHA Online Whistleblower Complaint Form (OSHA 8-60.1) approved under OMB Control No. 1218-0236 to collect initial complainant information. Records contained in this system are also obtained from employers, employees other than an individual complainant, and other witnesses.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to the disclosures permitted under 5 U.S.C. 552a(b), as well as those contained in DOL's Universal Routine Uses of Records, a record from this system of records may be disclosed as follows:

a. Disclosure of the complaint, as well as the identity of the complainant, and any interviews, statements, or other information provided by the complainant, or information about the complainant given to OSHA, may be made to the respondent, so that the complaint can proceed to a resolution.

Note:

Personal information about other employees that is contained in the complainant's file, such as statements taken by OSHA or information for use as comparative data, such as wages, bonuses, the substance of promotion recommendations, supervisory assessments of professional conduct and ability, or disciplinary actions generally may be withheld from the respondent when it could violate the other employee's privacy rights, cause intimidation or harassment to the other employee, or impair future investigations by making it more difficult to collect similar information from other employees.

b. Disclosure of the respondent's responses to the complaint and any other evidence it submits may be shared with the complainant so that the complaint can proceed to a resolution.

c. Disclosure of appropriate, relevant, necessary, and compatible investigative records may be made to other Federal agencies and State Plans responsible for investigating, prosecuting, enforcing, or implementing laws related to the statutes listed under AUTHORITY FOR MAINTENANCE OF THE SYSTEM where OSHA deems such disclosure compatible with the purpose for which the records were collected.

d. Disclosure of appropriate, relevant, necessary, and compatible investigative records may be made to another agency or instrumentality of any governmental jurisdiction within or under the control of the United States, for a civil or criminal law enforcement activity, if the activity is authorized by law, and if that agency or instrumentality has made a written request to OSHA, specifying the particular portion desired and the law enforcement activity for which the record is sought.

e. Disclosure of information contained in this system of records may be made to appropriate agencies, entities, and persons when (1) DOL suspects or confirms a breach of the system of records; (2) DOL determines as a result of the suspected or confirmed breach, there is a risk of harm to individuals, DOL (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DOL's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

f. Disclosure of information contained in this system of records may be made to another Federal agency or Federal entity, when DOL determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

g. Statistical reports containing aggregated results of program activities and outcomes may be disclosed to the media, researchers, or other interested parties. Disclosure may be in response to requests made by telephone, email, fax, or letter, by a mutually convenient method. Statistical data may also be posted by the system manager on the OSHA web page.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Electronic records in this system of records are stored on AWS, in a self-contained system. Limited paper case files may be used on a temporary basis and kept in locked offices. The system is contained behind the DOL firewall. Users access the system via their personal identity verification (PIV) card for internal federal users or through login.gov for State Plan users.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are retrieved by complainant's name, respondent's name, or case number. The system is contained behind the DOL firewall. Users access the system via their personal identity verification (PIV) card for internal federal users or through login.gov for State Plan users.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records are maintained primarily in the DOL IT system on the AWS server. Limited paper case files may be maintained at applicable locations as set out above under the heading SYSTEM LOCATION. System records are destroyed five years after a case is closed, in accordance with Records Schedule Number DAA-0100-2018-0002-0009. Paper copies of case files that are not scanned are retained on-site until the five-year retention period has been met and then destroyed.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records in this system are safeguarded in accordance with applicable rules and policies, including all applicable DOL automated systems security and access policies. Access to the system containing the records is limited to those individuals deemed as authorized personnel. Records in the system are protected from unauthorized access and misuse through a combination of administrative, technical, and physical security measures. Administrative measures include policies that limit system access to individuals within an agency with a legitimate business need and regular review of security procedures and best practices to enhance security. Technical measures include system design that allows individuals within an agency access only to data for which they are responsible; role-based access controls that allow individuals access only to data for their agency or reporting unit; multi-factor authentication to access the system; and use of encryption for certain data transfers. Physical security measures include the use of DOL cloud data centers which meet government requirements for storage of sensitive data.

RECORD ACCESS PROCEDURES:

If an individual wishes to access their own data in the system, the individual should contact OSHA directly and follow the instructions for making a Privacy Act Request on DOL's web page at: https://www.dol.gov/general/privacy/instructions. DOL also describes its process for requesting records under the Privacy Act in regulations at 29 CFR 71.2. Individuals who need additional assistance may also reach out to DOL's Privacy Office by email at privacy@dol.gov.

CONTESTING RECORD PROCEDURES:

If an individual wishes to request a correction or amendment of a record, the individual should direct their request to OSHA directly. The request must be in writing and must identify:

• The name of the individual making the request,
• The particular record in question,
• The correction or amendment sought,
• The justification for the change, and
• Any other pertinent information to help identify the file.

Additional information can be found on DOL's web page at: https://www.dol.gov/general/privacy/instructions. DOL also describes its process for requesting a correction or amendment at 29 CFR 71.9. Individuals who need additional assistance may also reach out to DOL's Privacy Office by email at privacy@dol.gov.

NOTIFICATION PROCEDURES:

If an individual wishes to know if a system contains their information, the individual should contact OSHA directly and follow the instructions for making a Privacy Act Request on DOL's web page at: https://www.dol.gov/general/privacy/instructions. DOL also describes its process for requesting records under the Privacy Act in regulations at 29 CFR 71.2. Individuals who need additional assistance may also reach out to DOL's Privacy Office by email at privacy@dol.gov.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

In accordance with 5 U.S.C. 552a(k)(2), investigatory material in this system of records compiled for law enforcement purposes is exempt from subsections (c)(3); (d); (e)(1); (e)(4)(G), (H), and (I); and (f) of 5 U.S.C. 552a.

However, if any individual is denied any right, privilege, or benefit that the individual would otherwise be entitled to by Federal law or for which the they would otherwise be eligible, such material shall be provided. To the extent that the disclosure of such material would reveal the identity of a source who furnished information to the Government under an express promise that the identity of the source would be held in confidence, DOL will not furnish such records to the individual.

HISTORY:

This is a full publication of the modified SORN in its entirety that replaces the previously published SORN found at 81 FR 25765, 25853-54 (April 29, 2016).