87 FR 19 pgs. 4668-4671 - Privacy Act of 1974; Systems of Records
Type: NOTICEVolume: 87Number: 19Pages: 4668 - 4671
Pages: 4668, 4669, 4670, 4671FR document: [FR Doc. 2022-01799 Filed 1-27-22; 8:45 am]
Agency: Pension Benefit Guaranty Corporation
Official PDF Version: PDF Version
[top]
PENSION BENEFIT GUARANTY CORPORATION
Privacy Act of 1974; Systems of Records
AGENCY:
Pension Benefit Guaranty Corporation.
ACTION:
Notice of new systems of records.
SUMMARY:
Pursuant to the Privacy Act of 1974 the Pension Benefit Guaranty Corporation (PBGC) is proposing to establish two new systems of records: (1) PBGC-27: Ensuring Workplace Health and Safety in Response to a Public Health Emergency; and (2) PBGC-28: Physical Security and Facility Access. PBGC-27 will maintain information collected to assist PBGC with maintaining a safe and healthy workplace and to protect PBGC staff working on-site from risks associated with a public health emergency (as defined by the U.S. Department of Health and Human Services and declared by its Secretary), such as a pandemic or epidemic. PBGC-28 will maintain information collected while providing visitor, employee, and government contractor access control; physical and operational security; and video surveillance for PBGC facilities.
DATES:
The new systems of records described herein will become effective February 28, 2022, without further notice, unless comments result in a contrary determination and a notice is published to that effect. Comments must be received on or before February 28, 2022 to be assured of consideration.
ADDRESSES:
You may submit written comments to PBGC by any of the following methods:
• Federal eRulemaking Portal: http://www.regulations.gov. Follow the website instructions for submitting comments.
• Email: reg.comments@pbgc.gov. Refer to SORN in the subject line.
• Mail or Hand Delivery: Regulatory Affairs Division, Office of the General Counsel, Pension Benefit Guaranty Corporation, 1200 K Street NW, Washington, DC 20005.
Commenters are strongly encouraged to submit public comments electronically. PBGC expects to have limited personnel available to process public comments that are submitted on paper through mail. Until further notice, any comments submitted on paper will be considered to the extent practicable.
All submissions must include the agency's name (Pension Benefit Guaranty Corporation, or PBGC) and reference this notice. Comments received will be posted without change to PBGC's website, http://www.pbgc.gov, including any personal information provided. Do not submit comments that include any personally identifiable information or confidential business information. Copies of comments may also be obtained by writing to Disclosure Division, Office of the General Counsel, Pension Benefit Guaranty Corporation, 1200 K Street NW, Washington, DC 20005, or calling 202-326-4040 during normal business hours. (TTY users may call the Federal relay service toll-free at 1-800-877-8339 and ask to be connected to 202-326-4040.)
FOR FURTHER INFORMATION CONTACT:
Shawn Hartley, Chief Privacy Officer, Pension Benefit Guaranty Corporation, Office of the General Counsel, 1200 K Street NW, Washington, DC 20005, 202-229-6321. For access to any of PBGC's systems of records, contact D. Camilla Perry, Disclosure Officer, Office of the General Counsel, Disclosure Division, 1200 K Street NW, Washington, DC 20005, or by calling 202-229-4040, or go to https://www.pbgc.gov/about/policies/pg/privacy-at-pbgc/system-of-records-notices.
SUPPLEMENTARY INFORMATION:
PBGC is proposing to establish two new Systems of Records:
(1) PBGC-27: Ensuring Workplace Health and Safety in Response to a Public Health Emergency
PBGC is proposing to establish a new system of records titled "Ensuring Workplace Health and Safety in Response to a Public Health Emergency." The purpose of this system is to assist PBGC with maintaining a safe and healthy workplace and to protect PBGC staff working on-site from risks associated with a public health emergency (as defined by the U.S. Department of Health and Human Services and declared by its Secretary), such as a pandemic or epidemic. This system maintains information collected about PBGC staff and visitors accessing PBGC facilities during a public health emergency, including a pandemic or epidemic. It maintains biographical information collected about PBGC staff and visitors.
(2) PBGC-28: Physical Security and Facility Access
PBGC is proposing to establish a new system of records titled "Physical Security and Facility Access." The purpose of this system is to maintain information to allow PBGC to provide for its facilities: Control of access by visitors, employees, and government contractors; physical and operational security; and video surveillance. This system can also be used to maintain information from issuing temporary facility access for employees and contractors who are not in possession of their Personal Identity Verification (PIV) card or office key.
[top] Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to submit
Issued in Washington, DC.
Gordon Hartogensis,
Director, Pension Benefit Guaranty Corporation.
SYSTEM NAME AND NUMBER:
PBGC-27: Ensuring Workplace Health and Safety in Response to a Public Health Emergency-PBGC.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
PBGC, 1200 K Street NW, Washington, DC 20005 (Records may be kept at an additional location as backup for Continuity of Operations).
SYSTEM MANAGER(S) AND ADDRESS:
Workplace Solutions Department/Emergency Management, PBGC, 1200 K Street NW, Washington, DC 20005.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
General Duty Clause, Section 5(a)(1) of the Occupational Safety and Health (OSH) Act of 1970 (29 U.S.C. 627), Executive Order 12196, Occupational safety and health programs for Federal employees (Feb. 26, 1980), Executive Order 14043, Requiring Coronavirus Disease 2019 Vaccination for Federal Employees (Sep. 14, 2021), Executive Order 14042, Executive Order on Ensuring Adequate COVID Safety Protocols for Federal Contractors (Sep. 9, 2021), and the National Defense Authorization Act For Fiscal Year 2017 (5 U.S.C. 6329c(b)). Information will be collected and maintained in accordance with the Americans with Disabilities Act of 1990 (42 U.S.C. 12101 et seq. )
PURPOSE(S):
The information in the system is collected to assist PBGC with maintaining a safe and healthy workplace and to protect PBGC staff working on-site from risks associated with a public health emergency (as defined by the U.S. Department of Health and Human Services and declared by its Secretary), such as a pandemic or epidemic.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals covered by this system include PBGC staff ( e.g., political appointees, employees, detailees, contractors, consultants, interns, and volunteers) and visitors to a PBGC facility during a public health emergency, such as a pandemic or epidemic.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system maintains information collected about PBGC staff and visitors accessing PBGC facilities during a public health emergency, including a pandemic or epidemic. It maintains biographical information collected about PBGC staff and visitors that includes, but is not limited to, their name, contact information, or whether they are in a high-risk category. It maintains health information collected about PBGC staff that includes, but is not limited to, temperature checks, test results, dates, symptoms, and potential or actual exposure to a pathogen. It maintains health information collected about building visitors, that includes, but is not limited to, temperature checks, test results, dates, symptoms, and potential or actual exposure to a pathogen. It maintains information collected about PBGC staff and visitors to a PBGC facility necessary to conduct contact tracing that includes, but is not limited to, the dates when they visited the facility, the locations that they visited within the facility ( e.g., office and cubicle number), the duration of time spent in the facility, whether they may have potentially come into contact with a contagious person while visiting the facility, travel dates and locations, and a preferred contact number. It maintains information about emergency contacts for PBGC staff that includes, but is not limited to, the emergency contact's name, phone number, and email address.
RECORD SOURCE CATEGORIES:
The information in this system is collected in part directly from the individual or from the individual's emergency contact. Information is also collected from human resources systems, emergency notification systems, and Federal, state, and local agencies assisting with the response to a public health emergency. Information may also be collected from property management companies responsible for managing office buildings that house PBGC facilities including security systems monitoring access to PBGC facilities, video surveillance, and access control devices.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
Information about covered individuals may be disclosed without consent as permitted by the Privacy Act of 1974, 5 U.S.C. 522a(b), and:
1. General Routine Uses G1 through G14 apply to this system of records (see Prefatory Statement of General Routine Uses at 83 FR 6247 (Feb. 13, 2018)).
These records and information in these records may also be disclosed:
2. To a Federal, state, or local agency to the extent necessary to comply with laws governing reporting of infectious disease;
3. To PBGC staff member's emergency contact for purposes of locating a staff member during a public health emergency;
4. To federal contractors performing physical security and/or access control duties at PBGC facilities.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Records are maintained manually in paper and/or electronic form, including computer databases, magnetic tapes, and discs. Records are also maintained on PBGC's secure network and back-up tapes.
RETRIEVABILITY:
Records are retrieved by the name of the individual.
RETENTION AND DISPOSAL:
Records are maintained in accordance with the General Records Retention Schedules issued by the National Archives and Records Administration (NARA) or a PBGC records disposition schedule approved by NARA. Records existing on paper are destroyed beyond recognition. Records existing on computer storage media are destroyed according to the applicable PBGC media practice Records of emergency contacts for PBGC staff will be maintained in accordance with General Records Schedule 5.3, Item 020: Employee Emergency Contact Information, which requires that the records be destroyed when superseded or obsolete, or upon separation or transfer of employee. PBGC will work with the National Archives and Records Administration (NARA) to draft and secure approval of a records disposition schedule to cover the remainder of the records described in this SORN. Until this records disposition schedule is approved by NARA, PBGC will maintain, and not destroy, these records.
SAFEGUARDS:
PBGC has adopted appropriate administrative, technical, and physical controls in accordance with PBGC's security program to protect the security, integrity, and availability of the information, and to ensure that records are not disclosed to or accessed by unauthorized individuals.
[top] Paper records are kept in file cabinets in areas of restricted access that are
RECORD ACCESS PROCEDURE:
Individuals, or third parties with written authorization from the individual, wishing to request access to their records in accordance with 29 CFR 4902.4, should submit a written request to the Disclosure Officer, PBGC, 1200 K Street NW, Washington, DC 20005, providing their name, address, date of birth, and verification of their identity in accordance with 29 CFR 4902.3(c).
CONTESTING RECORD PROCEDURE:
Individuals, or third parties with written authorization from the individual, wishing to amend their records must submit a written request, in accordance with 29 CFR 4902.5, identifying the information they wish to correct in their file, in addition to following the requirements of the Record Access Procedure above.
NOTIFICATION PROCEDURE:
Individuals, or third parties with written authorization from the individual, wishing to learn whether this system of records contains information about them should submit a written request to the Disclosure Officer, PBGC, 1200 K Street NW, Washington, DC 20005, providing their name, address, date of birth, and verification of their identity in accordance with 29 CFR 4902.3(c).
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY
None.
SYSTEM NAME AND NUMBER:
PBGC-28: Physical Security and Facility Access.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Pension Benefit Guaranty Corporation (PBGC), 1200 K Street NW, Washington, DC 20005. (Records may be kept at an additional location as backup for continuity of operations.)
SYSTEM MANAGER(S) AND ADDRESS:
Director, Workplace Solutions Department, PBGC, 1200 K Street NW, Washington, DC 20005.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Executive Order 12977; 6 CFR part 37; Homeland Security Presidential Directive (HSPD) 12: Policy for a Common Identification Standard for Federal Employees and Contractors.
PURPOSE(S) OF THE SYSTEM:
The purpose of this system is to maintain information to allow PBGC to provide for its facilities: Control of visitor, employee, and government contractor access; physical and operational security; and video surveillance. It can also be used to maintain information from issuing temporary facility access for employees and contractors who are not in possession of their Personal Identity Verification (PIV) card or office key.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Current PBGC employees, students, interns, government contractors, employees of other agencies, vendors, and other authorized visitors who access PBGC facilities.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system contains records relating to employee and government contractor access, visitor access, and facility security. This includes government Personal Identity Verification (PIV) cards, visitor, contractor, and employee access records, temporary access cards, biometric data, and video surveillance recordings. PIV card records include the following information: Name, type of access, employee affiliation, expiration date, activation date, credential serial number, height, eye color, and hair color. Visitor access records include the following information: Name, reason for visit, organization name, date and time of visit, floor visited, and temporary visitor badge number or barcode. Employee access records include date and time of room or facility access and fingerprint or other biometric data.
RECORD SOURCE CATEGORIES:
Subject individuals, employees, visitors, contractors, vendors, and others visiting PBGC facilities.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
Information about covered individuals may be disclosed without consent as permitted by the Privacy Act of 1974, 5 U.S.C. 552a(b), and:
1. General Routine Uses G1 through G5 and G7 through G12 apply to this system of records (See Prefatory Statement of General Routine Uses at 83 FR 6247 (Feb. 13, 2018)).
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained manually in paper and/or electronic form (including computer databases or discs). Records may also be maintained on back-up tapes, or on a PBGC or a contractor-hosted network.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrieved by any one of the following: Employee or contractor name, PIV card number, temporary access card number, access clearance, key number, key removal date and time, visitor name, date and time of visit, organization, name of PBGC personnel escorting the visitor, visitor badge number, and reason for visit.
RETENTION AND DISPOSAL:
Records are maintained and destroyed in accordance with the National Archives and Record Administration's (NARA) Basic Laws and Authorities (44 U.S.C. 3301, et seq. ) or a PBGC records disposition schedule approved by NARA. Records existing on paper are destroyed beyond recognition. Records existing on computer storage media are destroyed according to the applicable PBGC media practice for physical security and access control systems and will be maintained in accordance with General Records Schedule 5.6 Security Records Items: 010, 021, 100, 111, 120, 121, 130, and 240.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
PBGC has established security and privacy protocols that meet the required security and privacy standards issued by the National Institute of Standards and Technology (NIST). Records are maintained in a secure, password protected electronic system that utilizes security hardware and software to include multiple firewalls, active intruder detection, and role-based access controls. PBGC has adopted appropriate administrative, technical, and physical controls in accordance with PBGC's security program to protect the confidentiality, integrity, and availability of the information, and to ensure that records are not disclosed to or accessed by unauthorized individuals.
[top] Electronic records are stored on computer networks, which may include cloud-based systems, and protected by controlled access with PIV cards, assigning user accounts to individuals needing access to the records and by passwords set by authorized users that must be changed periodically.
RECORD ACCESS PROCEDURES:
Individuals, or third parties with written authorization from the individual, wishing to request access to their records in accordance with 29 CFR 4902.4, should submit a written request to the Disclosure Officer, PBGC, 1200 K Street NW, Washington, DC 20005, providing their name, address, date of birth, and verification of their identity in accordance with 29 CFR 4902.3(c).
CONTESTING RECORD PROCEDURES:
Individuals, or third parties with written authorization from the individual, wishing to amend their records must submit a written request, in accordance with 29 CFR 4902.5, identifying the information they wish to correct in their file, following the requirements of Record Access Procedure above.
NOTIFICATION PROCEDURES:
Individuals, or third parties with written authorization from the individual, wishing to learn whether this system of records contains information about them should submit a written request to the Disclosure Officer, PBGC, 1200 K Street NW, Washington, DC 20005, providing their name, address, date of birth, and verification of their identity in accordance with 29 CFR 4902.3(c).
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
[FR Doc. 2022-01799 Filed 1-27-22; 8:45 am]
BILLING CODE 7709-02-P