81 FR 73135 (October 24, 2016); Modification published 86 FR 50156 (September 7, 2021)
DEPARTMENT OF THE INTERIOR
Office of the Secretary
Privacy Act of 1974, as Amended; Amendment of an Existing System of Records
AGENCY: Office of the Secretary, Interior.
ACTION: Notice of amendment to an existing system of records.
SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as amended, the Department of the Interior is issuing a public notice of its intent to amend the Department of the Interior Privacy Act system of records, "Safety Management Information System--Interior, DOI-60", to add new routine uses, update existing routine uses, system manager, system location, categories of individuals covered by the system, categories of records in the system, authority for maintenance of the system, storage, safeguards, retention and disposal, system manager and address, notification procedures, records access and contesting procedures, and records source categories.
DATES: Comments must be received by November 23, 2016. This amended system will be effective November 23, 2016.
Any person interested in commenting on this amendment may do so by: Submitting comments in writing to Teri Barnett, Departmental Privacy Officer, U.S. Department of the Interior, 1849 C Street NW., Mail Stop 7456 MIB, Washington, DC 20240; hand-delivering comments to Teri Barnett, Departmental Privacy Officer, U.S. Department of the Interior, 1849 C Street NW., Mail Stop 7456 MIB, Washington, DC 20240; or emailing comments to Privacy@ios.doi.gov
FOR FURTHER INFORMATION CONTACT: Safety Management Information System Program Manager, Office of Occupational Safety and Health, U.S. Department of the Interior, 1849 C Street NW., Mail Stop 5559 MIB, Washington, DC 20240, or by telephone at (202) 208-5549.
The Department of the Interior (DOI) Office of Occupational Safety and Health manages the "Safety Management Information System-Interior, DOI-60'' system of records. The purpose of this system is to document and monitor injuries or illnesses incurred by DOI employees, contractors, volunteers and visitors, in accordance with the Department of Labor Occupational Safety and Health Administration regulations and requirements. The Safety Management Information System (SMIS) was developed in response to the DOI Occupational Safety and Health Strategic Plan as a tool for DOI individuals who are injured or who file claims seeking benefits under the Federal Employees' Compensation Act (FECA), and enables oversight of the DOI Worker's Compensation Program. The FECA establishes the system for processing and adjudicated claims that Federal employees and other covered individuals file with the Department of Labor's Office of Worker's Compensation Program (OWCP), seeking monetary, medical and similar benefits for injuries or deaths sustained while in the performance of duty. SMIS maintains information on accidents, injuries, and illnesses that occur on DOI property, and workers' compensation claims; provides summary data of injury, illness and property loss information to DOI bureaus and offices for analytical purposes to improve accident prevention policies, procedure, regulations, standards, and operations; and provides listings of individual cases to bureaus and offices to ensure that accidents are reported as appropriate. Some records in this system may be covered under government-wide system of records, DOL/GOVT-1, Office of Workers' Compensation Programs, Federal Employees' Compensation Act File, published in the Federal Register on January 11, 2012 (77 FR 1738).
DOI is publishing this amended notice to reflect updated information in the system manager, system location, categories of individuals covered by the system, categories of records in the system, authority for maintenance of the system, storage, retrievability, safeguards, retention and disposal, system manager and address, notification procedures, records access and contesting procedures, and records source categories. Additionally, DOI is modifying existing routine uses to reflect updates consistent with standard DOI routine uses, and adding new routine uses to permit sharing of information with: (1) The Executive Office of the President to respond to an inquiry by the individual to whom that record pertains; (2) the Office of Management and Budget (OMB) in relation to legislative affairs mandates by OMB Circular A-19; (2) the Department of the Treasury to recover debts owed to the United States; (3) the National Archives and Records Administration (NARA) to conduct records management inspections; (4) Federal, state, territorial, local, tribal, or foreign agencies when there is an indication of a violation of law; (5) appropriate government agencies and organizations to provide information in response to court orders or for discovery purposes related to litigation; (6) an expert, consultant, or contractor that performs services on DOI’s behalf to carry out the purposes of the system; (7) another Federal agency to assist that agency in responding to an inquiry by the individual to whom that record pertains; (8) the Department of Labor, Office of Worker’s Compensation Program, to provide injury or illness data to process and adjudicate claims for compensation; (9) the news media and the public, with approval by the Public Affairs Officer and Senior Agency Official for Privacy in consultation with Counsel; (10) to a beneficiary in the event of death following an accident or injury or to an agent in the case of an individual’s disability; and (11) to appropriate government agencies or organizations for the purpose of protecting public health and preventing exposure or transmission of communicable or quarantinable disease. DOI last published a system of records notice for SMIS in the Federal Register on April 7, 1999 (64 FR 16991) and published an amended notice on February 13, 2008 (73 FR 8342).
The amendments to the system will be effective as proposed at the end of the comment period (the comment period will end 30 days after the publication of this notice in the Federal Register), unless comments are received which would require a contrary determination. DOI will publish a revised notice if changes are made based upon a review of the comments received.
II. Privacy Act
The Privacy Act of 1974, as amended, embodies fair information practice principles in a statutory framework governing the means by which Federal agencies collect, maintain, use, and disseminate individuals' personal information. The Privacy Act applies to information about individuals that is maintained in a "system of records." A "system of records" is a group of any records under the control of an agency for which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to the individual. The Privacy Act defines an individual as a U.S. citizen or lawful permanent resident. As a matter of policy, DOI extends administrative Privacy Act protections to all individuals. Individuals may request access to their own records that are maintained in a system of records in the possession or under the control of DOI by complying with DOI Privacy Act regulations, 43 CFR part 2, subpart K.
The Privacy Act requires each agency to publish in the Federal Register a description denoting the type and character of each system of records that the agency maintains, the routine uses of each system to make agency record keeping practices transparent, to notify individuals regarding the uses of their records, and to assist individuals to more easily find such records within the agency. The amended "Safety Management Information System (SMIS), DOI-60" system of records is published in its entirety below.
In accordance with 5 U.S.C. 552a(r), DOI has provided a report of this system of records to the Office of Management and Budget and to Congress.
III. Public Disclosure
Before including your address, phone number, email address, or other personal identifying information in your comment, you should be aware that your entire comment including your personal identifying information, may be made publicly available at any time. While you can ask us in your comment to withhold your personal identifying information from public review, we cannot guarantee that we will be able to do so.
Dated: October 19, 2016.
Departmental Privacy Officer.
Safety Management Information System (SMIS), DOI-60.
Records in this system are centrally managed at the Office of Occupational Safety and Health, U.S. Department of the Interior, 1849 C Street NW., Mail Stop 5559 MIB, Washington, DC 20240. This system is physically located at the National Park Service, National Information Services Center, 12795 West Alameda Parkway, Lakewood, CO 80228.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals covered by the system include DOI employees, contractors, vendors, volunteers, and visitors who have accidents, injuries or illnesses on DOI property, or who file claims seeking benefits under FECA by reason of injuries or illnesses sustained while in the performance of official duty.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system contains records related to accidents, injuries and illnesses that occur on DOI property, to employees during the performance of their official duties, and the accompanying workers' compensation claim files. Records contain information such as name, Social Security number, date of birth, date of injury, date of death, injury code, gender, home address, personal or work email address, summary of accident, injury, or illness, and other information related to claims processing, reports of accidents or investigations, and remedial actions. Information about workplace accidents, workplace injuries or illness, and workers' compensation claims include occupation code, Office of Workers' Compensation Program (OWCP) case number, OWCP adjudication code, OWCP case status codes, OWCP medical costs, OWCP compensation costs, DOI employee salary information, a summary of the accident, injury or illness related to the worker's compensation claim for analytical purposes, and a descriptive narrative about the cause of the accident, injury or illness, and worker's compensation claim information.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
The Occupational Safety and Health Act of 1970, Section 19, 29 U.S.C. 668; Health Service Program, 5 U.S.C. 7901; 31 U.S.C. 3721; Basic Program Elements for Federal Employee Occupational Safety and Health Programs and Related Matters, 29 CFR 1960; and Executive Order 12196, Occupational Safety and Health Programs for Federal Employees.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
The primary purpose of this system is to record and maintain information on accidents, injuries and illnesses incurred by DOI employees, contractors, volunteers, and visitors. SMIS maintains information on workplace injuries, workplace illness, and workers' compensation claims; provides summary data of injury, illness, and property loss information for analytical purposes to improve accident prevention policies, procedure, regulations, standards, and operations; provides listings of individual cases to ensure that accidents are reported as appropriate; and assist OWCP in the adjudication of employee worker's compensation claims.
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DOI as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
- (1) (a) To any of the following entities or individuals, when the circumstances set forth in paragraph (b) are met:
- (i) The U.S. Department of Justice (DOJ);
- (ii) A court or an adjudicative or other administrative body;
- (iii) A party in litigation before a court or an adjudicative or other administrative body; or
- (iv) Any DOI employee acting in his or her individual capacity if DOI or DOJ has agreed to represent that employee or pay for private representation of the employee;
- (b) When:
- (i) One of the following is a party to the proceeding or has an interest in the proceeding:
- (A) DOI or any component of DOI;
- (B) Any other Federal agency appearing before the Office of Hearings and Appeals;
- (C) Any DOI employee acting in his or her official capacity;
- (D) Any DOI employee acting in his or her individual capacity if DOI or DOJ has agreed to represent that employee or pay for private representation of the employee;
- (E) The United States, when DOJ determines that DOI is likely to be affected by the proceeding; and
- (ii) DOI deems the disclosure to be:
- (A) Relevant and necessary to the proceeding; and
- (B) Compatible with the purpose for which the records were compiled.
- (2) To a congressional office in response to a written inquiry that an individual covered by the system, or the heir or such individual if the covered individual is deceased, has made to the office.
- (3) To the Executive Office of the President in response to an inquiry from that office made at the request of the subject of a record or a third party on that person's behalf, or for a purpose compatible for which the records are collected or maintained.
(4) To any criminal, civil, or regulatory law enforcement authority (whether Federal, state, territorial, local, tribal or foreign) when a record, either alone or in conjunction with other information, indicates a violation or potential violation of law--criminal, civil, or regulatory in nature, and the disclosure is compatible with the purpose for which the records were compiled.
(5) To an official of another Federal agency to provide information needed in the performance of official duties related to reconciling or reconstructing data files or to enable that agency to respond to an inquiry by the individual to whom the record pertains.
(6) To Federal, state, territorial, local, tribal, or foreign agencies that have requested information relevant or necessary to the hiring, firing or retention of an employee or contractor, or the issuance of a security clearance, license, contract, grant or other benefit, when the disclosure is compatible with the purpose for which the records were compiled.
(7) To representatives of the National Archives and Records Administration to conduct records management inspections under the authority of 44 U.S.C. 2904 and 2906.
(8) To state, territorial and local governments and tribal organizations to provide information needed in response to court order and/or discovery purposes related to litigation, when the disclosure is compatible with the purpose for which the records were compiled.
(9) To an expert, consultant, grantee, or contractor (including employees of the contractor) of DOI that performs services requiring access to these records on DOI's behalf to carry out the purposes of the system.
- (10) The appropriate agencies, entities, and persons when:
- (a) It is suspected or confirmed that the security or confidentiality of information in the system of records has been compromised; and
- (b) The Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interest, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the Department or another agency or entity) that rely upon the compromised information; and
- (c) The disclosure is made of such agencies, entities, and persons who are reasonably necessary to assist in connection with the Department's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.
- (11) To the Office of Management and Budget during the coordination and clearance process in connection with legislative affairs as mandated by OMB Circular A-19.
- (12) To the Department of Treasury to recover debts owed to the United States.
- (13) To the news media and the public, with the approval of the Public Affairs Officer in consultation with counsel and the Senior Agency Official for Privacy, where there exists a legitimate public interest in the disclosure of the information, except to the extent it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.
- (14) To the Department of Labor to provide injury or illness data for processing and adjudicating claims under the Federal Employee's Compensation Act or workers compensation claims.
(15) To another Federal agency to assist that agency in responding to an inquiry by the individual to whom that record pertains.
(16) To a beneficiary in the event of death following an accident or injury or to an agent in the case of an individual's disability.
(17) To appropriate Federal, State, tribal, or local, governmental agencies or organizations for the purpose of protecting the vital interests of persons, including to assist such agencies or organizations in preventing exposure to, or transmission of a communicable or quarantinable disease, to combat other significant public health threats, or identify any public health threat or risk.
- (18) To another Federal agency or Federal entity, when DOI determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in:
- (a) Responding to a suspected or confirmed breach; or
- (b) Preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
DISCLOSURE TO CONSUMER REPORTING AGENCIES:
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING AND DISPOSING OF RECORDS IN THE SYSTEM:
Records maintained in paper form are stored in file folders in file cabinets at secured DOI facilities. Electronic records are maintained in computer servers, computer hard drives, electronic databases, email, and electronic media such as removable drives, compact disc, magnetic disk, diskette, and computer tapes.
Information is retrieved by name and OWCP case number.
The records contained in this system are safeguarded in accordance with 43 CFR 2.226 and other applicable security and privacy rules and policies. During normal hours of operation, paper records are maintained in locked file cabinets under the control of authorized personnel. Computerized records systems follow the National Institute of Standards and Technology privacy and security standards as developed to comply with the Privacy Act of 1974, 5 U.S.C. 552a; Paperwork Reduction Act of 1995, 44 U.S.C. 3501-3521; Federal Information Security Modernization Act of 2014, 44 U.S.C. 3551-3558; and the Federal Information Processing Standards 199: Standards for Security Categorization of Federal Information and Information Systems. Computer servers on which electronic records are stored are located in secured DOI facilities with physical, technical and administrative levels of security to prevent unauthorized access to the DOI network and information assets. Security controls include encryption, firewalls, audit logs, and network system security monitoring.
Electronic data is protected through user identification, passwords, database permissions and software controls. Access to records in the system is limited to authorized personnel who have a need to access the records in the performance of their official duties, and each user's access is restricted to only the functions and data necessary to perform that person's job responsibilities. System administrators and authorized users are trained and required to follow established internal security protocols and must complete all security, privacy, and records management training and sign the DOI Rules of Behavior. A privacy impact assessment was conducted for SMIS to ensure appropriate controls and safeguards are in place to protect the information within the system.
RETENTION AND DISPOSAL:
Records in this system are maintained under Departmental Records Schedule (DRS) 1.2A--Short-Term Human Resources, which has been approved by NARA (DAA-0048-2013-0001-0004). DRS-1.2A is a Department-wide records schedule that covers human resources or payroll files, including forms, reports, correspondence, and related medical and investigatory records concerning on-the-job injuries. The disposition for these records is temporary and the records are cut-off on termination of compensation or when the deadline for filing a claim has passed. Records are destroyed three years after cut-off.
Records not covered by DRS-1.2A are maintained under DRS-1.1A, Short-Term Administration Records (DAA-0048-2013-0001-0001), and include investigative case files of fires, explosions, and accidents submitted for review and filing in other agencies or organizational elements, and reports and related papers concerning occurrences of such a minor nature that they are settled locally without referral to other organizational elements. The disposition for these records is temporary and the records are cut-off at the end of the fiscal year in which the records are created. Records are destroyed three years after cut-off.
Records may be maintained under DRS-1.1B, Long-Term Administration Records (DAA-0048-2013-0001-0002), and include records related to motor vehicle accidents maintained by transportation offices that may be reported in SMIS. The disposition for these records is temporary and the records are cut-off at the end of the fiscal year in which files are closed. Records are destroyed seven years after cut-off. SMIS hardcopy data containing personal information must be disposed of in a manner that complies with the Privacy Act of 1974.
Paper records are disposed of by shredding or pulping, and records contained on electronic media are degaussed or erased in accordance with the applicable records retention schedule, DOI 384 Departmental Manual 1 and NARA guidelines.
SYSTEM MANAGER AND ADDRESS:
SMIS Program Manager, Office of Occupational Safety and Health, U.S. Department of the Interior, 1849 C Street NW., Mail Stop 5559, Washington, DC 20240.
An individual requesting notification of the existence of records on himself or herself should send a signed, written inquiry to the System Manager identified above. The request envelope and letter should both be clearly marked "PRIVACY ACT INQUIRY." A request for notification must meet the requirements of 43 CFR 2.235.
RECORDS ACCESS PROCEDURES:
An individual who is requesting records about himself or herself should send a signed, written inquiry to the System Manager identified above. The request should describe the records sought as specifically as possible. The request envelope and letter should both be clearly marked "PRIVACY ACT REQUEST FOR ACCESS." A request for access must meet the requirements of 43 CFR 2.238.
CONTESTING RECORDS PROCEDURES:
An individual requesting corrections or the removal of material from his or her records should send a signed, written request to the System Manager identified above. A request for corrections or removal must meet the requirements of 43 CFR 2.246.
RECORD SOURCE CATEGORIES:
Information is provided by an employee, contractor, volunteer, or visitor who have been injured while performing official duties or while on DOI property, supervisors of injured employees, DOI safety managers, family members of an injured party, personnel records from the DOI Federal Personnel Payroll System, and the Department of Labor during the course of processing workers' compensation claims.
EXEMPTIONS CLAIMED FOR THE SYSTEM: